urlscan.io logo urlscan.io
SecurityTrails logo

www.metropoles.com Open in urlscan Pro
179.191.182.65  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Effective URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-din...
Submission: On June 15 via manual from BR — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 100 IPs in 15 countries across 82 domains to perform 724 HTTP transactions. The main IP is 179.191.182.65, located in Offenbach, Germany and belongs to Azion Technologies Ltda., BR. The main domain is www.metropoles.com. The Cisco Umbrella rank of the primary domain is 166884.
TLS certificate: Issued by R3 on May 9th 2023. Valid for: 3 months.
This is the only time www.metropoles.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2001:4860:480... 15169 (GOOGLE)
65 179.191.182.65 52580 (Azion Tec...)
7 2a00:1450:400... 15169 (GOOGLE)
2 4 2600:9000:201... 16509 (AMAZON-02)
4 2a04:4e42:200... 54113 (FASTLY)
2 2a00:1450:400... 15169 (GOOGLE)
5 2606:4700::68... 13335 (CLOUDFLAR...)
3 2606:4700::68... 13335 (CLOUDFLAR...)
12 20 2600:9000:225... 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
26 2a04:4e42:200... 54113 (FASTLY)
2 2a04:4e42:400... 54113 (FASTLY)
6 2a00:1450:400... 15169 (GOOGLE)
5 2600:9000:249... 16509 (AMAZON-02)
3 2a00:1450:400... 15169 (GOOGLE)
1 88.221.169.49 16625 (AKAMAI-AS)
38 151.101.1.44 54113 (FASTLY)
1 5 54.230.206.115 16509 (AMAZON-02)
9 2606:4700::68... 13335 (CLOUDFLAR...)
13 52.1.252.251 14618 (AMAZON-AES)
2 2a00:1450:400... 15169 (GOOGLE)
78 2a00:1450:400... 15169 (GOOGLE)
8 2a00:1450:400... 15169 (GOOGLE)
2 52.222.181.100 16509 (AMAZON-02)
2 104.102.35.84 16625 (AKAMAI-AS)
1 2001:4860:480... 15169 (GOOGLE)
3 2a02:2638:d::d 44788 (ASN-CRITE...)
34 2a00:1450:400... 15169 (GOOGLE)
12 34.192.67.210 14618 (AMAZON-AES)
2 2620:116:800d... 16509 (AMAZON-02)
1 2600:9000:223... 16509 (AMAZON-02)
2 2602:803:c003... 26667 (RUBICONPR...)
2 51.89.9.254 16276 (OVH)
7 19 185.89.210.141 29990 (ASN-APPNEX)
2 89.149.192.65 60781 (LEASEWEB-...)
2 77.245.57.72 36057 (WEBAIR-IN...)
10 104.22.69.131 13335 (CLOUDFLAR...)
1 185.184.10.30 203690 (RTB-HOUSE...)
1 18.155.146.78 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a02:2638:d::4 44788 (ASN-CRITE...)
12 23.201.255.110 16625 (AKAMAI-AS)
1 2602:803:c003... 26667 (RUBICONPR...)
13 2a00:1450:400... 15169 (GOOGLE)
10 2a00:1450:400... 15169 (GOOGLE)
1 2a02:2638:d::c 44788 (ASN-CRITE...)
22 141.226.228.48 200478 (TABOOLA-AS)
2 34.254.143.3 16509 (AMAZON-02)
13 2a02:2638:d::2 44788 (ASN-CRITE...)
2 178.250.7.9 44788 (ASN-CRITE...)
1 178.250.7.11 44788 (ASN-CRITE...)
4 2606:4700::68... 13335 (CLOUDFLAR...)
3 3 69.173.144.138 26667 (RUBICONPR...)
19 41 172.217.18.98 15169 (GOOGLE)
6 15.197.193.217 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
21 2a02:2638:3::10 44788 (ASN-CRITE...)
2 2a02:2638:3::1a 44788 (ASN-CRITE...)
1 34.234.140.75 14618 (AMAZON-AES)
11 23 185.80.39.216 27381 (CASALE-MEDIA)
1 7 2606:4700:10:... 13335 (CLOUDFLAR...)
4 8 54.220.86.224 16509 (AMAZON-02)
31 2a00:1450:400... 15169 (GOOGLE)
7 2606:4700:20:... 13335 (CLOUDFLAR...)
16 2600:9000:223... 16509 (AMAZON-02)
16 172.217.16.130 15169 (GOOGLE)
16 2600:1f18:1ac... 14618 (AMAZON-AES)
1 142.250.186.98 15169 (GOOGLE)
4 4 2a05:d018:d29... 16509 (AMAZON-02)
4 8 3.120.73.159 16509 (AMAZON-02)
5 3.75.62.37 16509 (AMAZON-02)
2 151.101.65.44 54113 (FASTLY)
1 8.43.72.98 26667 (RUBICONPR...)
1 2 185.29.132.241 30419 (MEDIAMATH...)
1 1 64.227.64.62 14061 (DIGITALOC...)
2 2 139.162.78.222 63949 (AKAMAI-LI...)
2 2 213.155.156.169 1299 (TWELVE99 ...)
2 2 37.157.3.28 198622 (ADFORM)
2 2 50.31.142.63 23352 (SERVERCEN...)
1 1 34.200.89.174 14618 (AMAZON-AES)
2 2 35.210.53.219 15169 (GOOGLE)
2 2 54.211.72.252 14618 (AMAZON-AES)
2 2 76.223.111.18 16509 (AMAZON-02)
2 18.195.130.194 16509 (AMAZON-02)
1 2606:4700:1::... 13335 (CLOUDFLAR...)
3 184.30.20.207 16625 (AKAMAI-AS)
2 4 34.111.113.62 396982 (GOOGLE-CL...)
1 23.192.153.172 16625 (AKAMAI-AS)
1 98.98.134.242 21859 (ZEN-ECN)
1 1 185.89.211.132 29990 (ASN-APPNEX)
2 2 198.47.127.19 3257 (GTT-BACKB...)
1 63.32.67.140 16509 (AMAZON-02)
2 2 185.86.138.153 201081 (SMARTADSE...)
1 2a02:fa8:8806... 41041 (VCLK-EU-SE)
2 2 54.195.20.254 16509 (AMAZON-02)
4 69.173.144.139 26667 (RUBICONPR...)
1 1 3.228.34.13 14618 (AMAZON-AES)
1 192.132.33.46 18568 (BIDTELLECT)
1 1 178.250.1.9 44788 (ASN-CRITE...)
2 2a03:2880:f08... 32934 (FACEBOOK)
2 2a03:2880:f17... 32934 (FACEBOOK)
1 141.226.224.32 200478 (TABOOLA-AS)
1 2 104.102.45.165 16625 (AKAMAI-AS)
1 87.118.116.9 31103 (KEYWEB-AS)
1 142.250.186.134 15169 (GOOGLE)
1 34.120.133.55 396982 (GOOGLE-CL...)
2 23.218.208.187 16625 (AKAMAI-AS)
1 216.52.2.30 32475 (SINGLEHOP...)
1 2 157.90.211.246 24940 (HETZNER-AS)
4 4 46.228.174.117 56396 (AMOBEE)
1 1 2001:678:cb4:... 56396 (AMOBEE)
2 2 188.42.34.65 7979 (SERVERS-COM)
2 8.2.108.194 46636 (NATCOWEB)
1 1 37.157.4.23 198622 (ADFORM)
1 1 23.32.238.145 20940 (AKAMAI-ASN1)
2 2 185.184.8.90 204995 (RTB-HOUSE...)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
3 35.201.123.184 396982 (GOOGLE-CL...)
5 34.102.185.99 396982 (GOOGLE-CL...)
13 142.250.185.226 15169 (GOOGLE)
724 100
1    2001:4860:4802:36::36 (United States)

ASN15169 (GOOGLE, US)
us-central1-decisive-plasma-381522.cloudfunctions.net
65    179.191.182.65 (Offenbach, Germany)

ASN52580 (Azion Technologies Ltda., BR)
www.metropoles.com
files.metropoles.com
7    2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
securepubads.g.doubleclick.net
4    2600:9000:2016:6a00:1:a3fa:7cc0:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.jwplayer.com
4    2a04:4e42:200::307 (United States)

ASN54113 (FASTLY, US)
stellate.metropoles.com
2    2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
5    2606:4700::6812:d73b (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.onesignal.com
onesignal.com
3    2606:4700::6812:18f6 (United States)

ASN13335 (CLOUDFLARENET, US)
scripts.cleverwebserver.com
ui.cleverwebserver.com
call.cleverwebserver.com
20    2600:9000:225e:3600:1:a3fa:7cc0:93a1 (United States)

ASN16509 (AMAZON-02, US)
content.jwplatform.com
2    2a00:1450:400c:c07::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
5    2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
3    2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
26    2a04:4e42:200::626 (United States)

ASN54113 (FASTLY, US)
ssl.p.jwpcdn.com
assets-jpcust.jwpsrv.com
prd.jwpltx.com
2    2a04:4e42:400::626 (United States)

ASN54113 (FASTLY, US)
assets-jpcust.jwpsrv.com
6    2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
5    2600:9000:2491:3e00:2:cecb:23c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
videos-cloudfront-usp.jwpsrv.com
3    2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    88.221.169.49 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a88-221-169-49.deploy.static.akamaitechnologies.com
a.teads.tv
38    151.101.1.44 (United States)

ASN54113 (FASTLY, US)
cdn.taboola.com
pm-widget.taboola.com
trc.taboola.com
15.taboola.com
vidstat.taboola.com
images.taboola.com
imprammp.taboola.com
wf.taboola.com
vidstatb.taboola.com
c2.taboola.com
5    54.230.206.115 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-206-115.ham50.r.cloudfront.net
sb.scorecardresearch.com
9    2606:4700::6812:170e (United States)

ASN13335 (CLOUDFLARENET, US)
tags.denakop.com
13    52.1.252.251 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-1-252-251.compute-1.amazonaws.com
wfpscripts.webspectator.com
2    2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
78    2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
8    2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
2    52.222.181.100 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-181-100.ham50.r.cloudfront.net
c.amazon-adsystem.com
2    104.102.35.84 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-102-35-84.deploy.static.akamaitechnologies.com
at.teads.tv
sync.teads.tv
1    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
3    2a02:2638:d::d (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
34    2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
12    34.192.67.210 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-192-67-210.compute-1.amazonaws.com
webservices.webspectator.com
2    2620:116:800d:21:7eb1:3826:be7e:d981 (United States)

ASN16509 (AMAZON-02, US)
secure.quantserve.com
pixel.quantserve.com
1    2600:9000:223c:6800:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rules.quantcount.com
2    2602:803:c003:200::51 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
2    51.89.9.254 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip254.ip-51-89-9.eu
onetag-sys.com
19    185.89.210.141 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
ib.adnxs.com
2    89.149.192.65 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
prg.smartadserver.com
2    77.245.57.72 (United States)

ASN36057 (WEBAIR-INTERNET-MTL, US)
cpm.denakop.com
10    104.22.69.131 (None, )

ASN13335 (CLOUDFLARENET, US)
prebid.smilewanted.com
csync.smilewanted.com
static.smilewanted.com
1    185.184.10.30 (Poland)

ASN203690 (RTB-HOUSE-ASH, PL)
PTR: ip-185-184-10-30.rtbhouse.net
prebid-us.creativecdn.com
1    18.155.146.78 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-155-146-78.ham50.r.cloudfront.net
aax.amazon-adsystem.com
2    2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
2    2a02:2638:d::4 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
ads.eu.criteo.com
12    23.201.255.110 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-201-255-110.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
1    2602:803:c003:200::57 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)
beacon-ams3.rubiconproject.com
13    2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
10    2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
1    2a02:2638:d::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
rtb.fr3.eu.criteo.com
22    141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)
am-trc-events.taboola.com
am-vid-events.taboola.com
am-match.taboola.com
sync.taboola.com
am-wf.taboola.com
2    34.254.143.3 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-143-3.eu-west-1.compute.amazonaws.com
loadus.exelator.com
13    2a02:2638:d::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
static.criteo.net
2    178.250.7.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
cat.fr3.eu.criteo.com
1    178.250.7.11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
widget.fr3.eu.criteo.com
4    2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
3    69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
token.rubiconproject.com
41    172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f2.1e100.net
cm.g.doubleclick.net
6    15.197.193.217 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
match.adsrvr.org
1    2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
21    2a02:2638:3::10 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
imageproxy.eu.criteo.net
2    2a02:2638:3::1a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
csm.eu.criteo.net
1    34.234.140.75 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-234-140-75.compute-1.amazonaws.com
msgws.webspectator.com
23    185.80.39.216 (Canada)

ASN27381 (CASALE-MEDIA, CA)
dsum-sec.casalemedia.com
ssum-sec.casalemedia.com
7    2606:4700:10::6816:118d (United States)

ASN13335 (CLOUDFLARENET, US)
api.retargetly.com
app.retargetly.com
8    54.220.86.224 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-220-86-224.eu-west-1.compute.amazonaws.com
fw.adsafeprotected.com
31    2a00:1450:4001:80e::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
7    2606:4700:20::ac43:4a81 (United States)

ASN13335 (CLOUDFLARENET, US)
ad4m.at
as.ad4m.at
16    2600:9000:223f:7a00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
static.adsafeprotected.com
16    172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f2.1e100.net
googleads4.g.doubleclick.net
16    2600:1f18:1aca:4280:6c5d:d5e1:5b59:447 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
dt.adsafeprotected.com
1    142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net
www.googleadservices.com
4    2a05:d018:d29:3602:caa5:9f17:65ef:189f (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
pr-bh.ybp.yahoo.com
8    3.120.73.159 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-73-159.eu-central-1.compute.amazonaws.com
x.bidswitch.net
5    3.75.62.37 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-62-37.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
2    151.101.65.44 (United States)

ASN54113 (FASTLY, US)
vidstat.taboola.com
pips.taboola.com
1    8.43.72.98 (United States)

ASN26667 (RUBICONPROJECT, US)
pixel-us-east.rubiconproject.com
2    185.29.132.241 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
1    64.227.64.62 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)
match.adsby.bidtheatre.com
2    139.162.78.222 (Tokyo, Japan)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: li1558-222.members.linode.com
a.c.appier.net
2    213.155.156.169 (Sweden)

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)
d5p.de17a.com
2    37.157.3.28 (Denmark)

ASN198622 (ADFORM, DK)
c1.adform.net
2    50.31.142.63 (Itasca, United States)

ASN23352 (SERVERCENTRAL, US)
PTR: chi.outbrain.com
b1sync.zemanta.com
1    34.200.89.174 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-200-89-174.compute-1.amazonaws.com
fksnk.com
2    35.210.53.219 (Brussels, Belgium)

ASN15169 (GOOGLE, US)
PTR: 219.53.210.35.bc.googleusercontent.com
pool.admedo.com
2    54.211.72.252 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-211-72-252.compute-1.amazonaws.com
sync.srv.stackadapt.com
2    76.223.111.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com
eb2.3lift.com
2    18.195.130.194 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-130-194.eu-central-1.compute.amazonaws.com
match.sharethrough.com
1    2606:4700:1::6813:884e (United States)

ASN13335 (CLOUDFLARENET, US)
cm.mgid.com
3    184.30.20.207 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-20-207.deploy.static.akamaitechnologies.com
pixel.mathtag.com
4    34.111.113.62 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com
pixel.tapad.com
1    23.192.153.172 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-192-153-172.deploy.static.akamaitechnologies.com
tags.bluekai.com
1    98.98.134.242 (United States)

ASN21859 (ZEN-ECN, US)
pixel-sync.sitescout.com
1    185.89.211.132 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 961.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
secure.adnxs.com
2    198.47.127.19 (United States)

ASN3257 (GTT-BACKBONE GTT, US)
image6.pubmatic.com
1    63.32.67.140 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-67-140.eu-west-1.compute.amazonaws.com
bcp.crwdcntrl.net
2    185.86.138.153 (France)

ASN201081 (SMARTADSERVER, FR)
sync.smartadserver.com
1    2a02:fa8:8806:16::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)
retargetly-match.dotomi.com
2    54.195.20.254 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-195-20-254.eu-west-1.compute.amazonaws.com
match.prod.bidr.io
4    69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
1    3.228.34.13 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-228-34-13.compute-1.amazonaws.com
sync.ipredictive.com
1    192.132.33.46 (United States)

ASN18568 (BIDTELLECT, US)
PTR: 46.bidtellect.com
bttrack.com
1    178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
dis.criteo.com
2    2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    141.226.224.32 (United States)

ASN200478 (TABOOLA-AS, IL)
cds.taboola.com
2    104.102.45.165 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-102-45-165.deploy.static.akamaitechnologies.com
www.awin1.com
1    87.118.116.9 (Germany)

ASN31103 (KEYWEB-AS, DE)
PTR: km36617.keymachine.de
banner.congstar.de
1    142.250.186.134 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f6.1e100.net
ad.doubleclick.net
1    34.120.133.55 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 55.133.120.34.bc.googleusercontent.com
api.rlcdn.com
2    23.218.208.187 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-208-187.deploy.static.akamaitechnologies.com
acdn.adnxs.com
1    216.52.2.30 (United States)

ASN32475 (SINGLEHOP-LLC, US)
ap.lijit.com
2    157.90.211.246 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.246.211.90.157.clients.your-server.de
sync.richaudience.com
4    46.228.174.117 (United Kingdom)

ASN56396 (AMOBEE, GB)
sync.1rx.io
sync.targeting.unrulymedia.com
1    2001:678:cb4:bbbb::11 (United Kingdom)

ASN56396 (AMOBEE, GB)
ad.turn.com
2    188.42.34.65 (Luxembourg)

ASN7979 (SERVERS-COM, US)
ads.betweendigital.com
2    8.2.108.194 (United States)

ASN46636 (NATCOWEB, US)
us.ck-ie.com
1    37.157.4.23 (Denmark)

ASN198622 (ADFORM, DK)
cm.adform.net
1    23.32.238.145 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-32-238-145.deploy.static.akamaitechnologies.com
ads.stickyadstv.com
2    185.184.8.90 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net
creativecdn.com
2    2606:4700:20::681a:1e8 (United States)

ASN13335 (CLOUDFLARENET, US)
tag.goadopt.io
disclaimer-api.goadopt.io
3    35.201.123.184 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 184.123.201.35.bc.googleusercontent.com
tags.t.tailtarget.com
d.tailtarget.com
5    34.102.185.99 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 99.185.102.34.bc.googleusercontent.com
tt-11749-8.seg.t.tailtarget.com
b.t.tailtarget.com
t.tailtarget.com
13    142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net
ade.googlesyndication.com
Apex Domain
Subdomains		 Transfer
133 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 133
e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 155
ade.googlesyndication.com — Cisco Umbrella Rank: 321
704 KB
80 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 219
stats.g.doubleclick.net — Cisco Umbrella Rank: 124
googleads.g.doubleclick.net — Cisco Umbrella Rank: 57
cm.g.doubleclick.net — Cisco Umbrella Rank: 244
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 359
ad.doubleclick.net — Cisco Umbrella Rank: 184
484 KB
69 metropoles.com
www.metropoles.com — Cisco Umbrella Rank: 166884
files.metropoles.com
stellate.metropoles.com
629 KB
63 taboola.com
cdn.taboola.com — Cisco Umbrella Rank: 949
pm-widget.taboola.com — Cisco Umbrella Rank: 4879
trc.taboola.com — Cisco Umbrella Rank: 650
15.taboola.com — Cisco Umbrella Rank: 10988
am-trc-events.taboola.com — Cisco Umbrella Rank: 12637
vidstat.taboola.com — Cisco Umbrella Rank: 2894
images.taboola.com — Cisco Umbrella Rank: 2011
imprammp.taboola.com — Cisco Umbrella Rank: 12368
am-vid-events.taboola.com — Cisco Umbrella Rank: 11638
am-match.taboola.com — Cisco Umbrella Rank: 12411
sync.taboola.com — Cisco Umbrella Rank: 1088
wf.taboola.com — Cisco Umbrella Rank: 2926
vidstatb.taboola.com — Cisco Umbrella Rank: 5236
pips.taboola.com — Cisco Umbrella Rank: 1621
cds.taboola.com — Cisco Umbrella Rank: 1928
c2.taboola.com — Cisco Umbrella Rank: 9232
am-wf.taboola.com — Cisco Umbrella Rank: 13661
2 MB
40 adsafeprotected.com
fw.adsafeprotected.com — Cisco Umbrella Rank: 957
static.adsafeprotected.com — Cisco Umbrella Rank: 628
dt.adsafeprotected.com — Cisco Umbrella Rank: 557
494 KB
36 criteo.net
static.criteo.net — Cisco Umbrella Rank: 583
imageproxy.eu.criteo.net — Cisco Umbrella Rank: 9160
csm.eu.criteo.net — Cisco Umbrella Rank: 8989
245 KB
31 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 338
1 MB
26 webspectator.com
wfpscripts.webspectator.com — Cisco Umbrella Rank: 181576
webservices.webspectator.com — Cisco Umbrella Rank: 157658
msgws.webspectator.com — Cisco Umbrella Rank: 269956
126 KB
23 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 621
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 486
16 KB
23 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 543
eus.rubiconproject.com — Cisco Umbrella Rank: 639
beacon-ams3.rubiconproject.com — Cisco Umbrella Rank: 9057
pixel.rubiconproject.com — Cisco Umbrella Rank: 381 Failed
token.rubiconproject.com — Cisco Umbrella Rank: 656
pixel-us-east.rubiconproject.com — Cisco Umbrella Rank: 1178
76 KB
22 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 249
secure.adnxs.com — Cisco Umbrella Rank: 476
acdn.adnxs.com — Cisco Umbrella Rank: 611
54 KB
20 jwplatform.com
content.jwplatform.com — Cisco Umbrella Rank: 3990
104 KB
19 jwpsrv.com
assets-jpcust.jwpsrv.com — Cisco Umbrella Rank: 3861
videos-cloudfront-usp.jwpsrv.com — Cisco Umbrella Rank: 5760
1 MB
11 denakop.com
tags.denakop.com — Cisco Umbrella Rank: 210147
cpm.denakop.com — Cisco Umbrella Rank: 228867
137 KB
10 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 207
473 KB
10 smilewanted.com
prebid.smilewanted.com — Cisco Umbrella Rank: 6641
csync.smilewanted.com — Cisco Umbrella Rank: 3226
static.smilewanted.com — Cisco Umbrella Rank: 12179
17 KB
10 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 407
ads.eu.criteo.com — Cisco Umbrella Rank: 8915
rtb.fr3.eu.criteo.com — Cisco Umbrella Rank: 25981
cat.fr3.eu.criteo.com — Cisco Umbrella Rank: 9800
widget.fr3.eu.criteo.com — Cisco Umbrella Rank: 16742
dis.criteo.com — Cisco Umbrella Rank: 601
90 KB
10 jwpcdn.com
ssl.p.jwpcdn.com — Cisco Umbrella Rank: 2785
519 KB
9 yahoo.com
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 468 Failed
ups.analytics.yahoo.com — Cisco Umbrella Rank: 340
3 KB
8 tailtarget.com
tags.t.tailtarget.com — Cisco Umbrella Rank: 70940
d.tailtarget.com — Cisco Umbrella Rank: 82769
tt-11749-8.seg.t.tailtarget.com
b.t.tailtarget.com — Cisco Umbrella Rank: 50198
t.tailtarget.com — Cisco Umbrella Rank: 8461
32 KB
8 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 361
3 KB
8 google.com
www.google.com — Cisco Umbrella Rank: 3
adservice.google.com — Cisco Umbrella Rank: 107
region1.analytics.google.com — Cisco Umbrella Rank: 2890
2 KB
7 ad4m.at
ad4m.at — Cisco Umbrella Rank: 9747
as.ad4m.at — Cisco Umbrella Rank: 29450
38 KB
7 retargetly.com
api.retargetly.com — Cisco Umbrella Rank: 6661
app.retargetly.com — Cisco Umbrella Rank: 23344
9 KB
6 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 375
2 KB
6 gstatic.com
www.gstatic.com
59 KB
5 mathtag.com
sync.mathtag.com — Cisco Umbrella Rank: 566
pixel.mathtag.com — Cisco Umbrella Rank: 1145
3 KB
5 scorecardresearch.com
sb.scorecardresearch.com — Cisco Umbrella Rank: 160
4 KB
5 onesignal.com
cdn.onesignal.com — Cisco Umbrella Rank: 3657
onesignal.com — Cisco Umbrella Rank: 1235
83 KB
4 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 513
2 KB
4 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 263
167 KB
4 smartadserver.com
prg.smartadserver.com — Cisco Umbrella Rank: 1488
sync.smartadserver.com — Cisco Umbrella Rank: 1588
2 KB
4 jwpltx.com
prd.jwpltx.com — Cisco Umbrella Rank: 3122
209 B
4 jwplayer.com
cdn.jwplayer.com — Cisco Umbrella Rank: 2864
4 KB
3 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 618
2 KB
3 adform.net
c1.adform.net — Cisco Umbrella Rank: 635
cm.adform.net — Cisco Umbrella Rank: 1254
2 KB
3 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 422
fonts.googleapis.com — Cisco Umbrella Rank: 80
11 KB
3 creativecdn.com
prebid-us.creativecdn.com — Cisco Umbrella Rank: 30377
creativecdn.com — Cisco Umbrella Rank: 498
909 B
3 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 357
aax.amazon-adsystem.com — Cisco Umbrella Rank: 444
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1032 Failed
s.amazon-adsystem.com Failed
61 KB
3 teads.tv
a.teads.tv — Cisco Umbrella Rank: 1495
at.teads.tv — Cisco Umbrella Rank: 4724
sync.teads.tv — Cisco Umbrella Rank: 1404
4 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 82
211 KB
3 google.de
www.google.de — Cisco Umbrella Rank: 4835
580 B
3 cleverwebserver.com
scripts.cleverwebserver.com — Cisco Umbrella Rank: 26373
ui.cleverwebserver.com — Cisco Umbrella Rank: 27025
call.cleverwebserver.com — Cisco Umbrella Rank: 28100
48 KB
2 goadopt.io
tag.goadopt.io — Cisco Umbrella Rank: 156545
disclaimer-api.goadopt.io — Cisco Umbrella Rank: 167736
89 KB
2 ck-ie.com
us.ck-ie.com — Cisco Umbrella Rank: 3354
2 betweendigital.com
ads.betweendigital.com — Cisco Umbrella Rank: 1846
1 KB
2 richaudience.com
sync.richaudience.com — Cisco Umbrella Rank: 2090
424 B
2 awin1.com
www.awin1.com — Cisco Umbrella Rank: 16217
3 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 101
241 B
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 176
137 KB
2 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 602
1 KB
2 pubmatic.com
image6.pubmatic.com — Cisco Umbrella Rank: 822
516 B
2 sharethrough.com
match.sharethrough.com — Cisco Umbrella Rank: 572
360 B
2 3lift.com
eb2.3lift.com — Cisco Umbrella Rank: 421
1 KB
2 stackadapt.com
sync.srv.stackadapt.com — Cisco Umbrella Rank: 792
2 KB
2 admedo.com
pool.admedo.com — Cisco Umbrella Rank: 6081
754 B
2 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 560
1 KB
2 de17a.com
d5p.de17a.com — Cisco Umbrella Rank: 4988
647 B
2 appier.net
a.c.appier.net — Cisco Umbrella Rank: 16506
1 KB
2 exelator.com
loadus.exelator.com — Cisco Umbrella Rank: 1428
648 B
2 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 874
366 B
2 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 1215
pixel.quantserve.com — Cisco Umbrella Rank: 977
10 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 60
21 KB
1 stickyadstv.com
ads.stickyadstv.com — Cisco Umbrella Rank: 617
593 B
1 unrulymedia.com
sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1281
481 B
1 turn.com
ad.turn.com — Cisco Umbrella Rank: 1039
434 B
1 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 772
1 rlcdn.com
api.rlcdn.com — Cisco Umbrella Rank: 1090
256 B
1 congstar.de
banner.congstar.de — Cisco Umbrella Rank: 116386
550 B
1 bttrack.com
bttrack.com — Cisco Umbrella Rank: 963
164 B
1 ipredictive.com
sync.ipredictive.com — Cisco Umbrella Rank: 1069
516 B
1 dotomi.com
retargetly-match.dotomi.com — Cisco Umbrella Rank: 29658
105 B
1 crwdcntrl.net
bcp.crwdcntrl.net — Cisco Umbrella Rank: 952
1 sitescout.com
pixel-sync.sitescout.com — Cisco Umbrella Rank: 756
187 B
1 bluekai.com
tags.bluekai.com — Cisco Umbrella Rank: 653
219 B
1 mgid.com
cm.mgid.com — Cisco Umbrella Rank: 1359
434 B
1 fksnk.com
fksnk.com — Cisco Umbrella Rank: 5707
611 B
1 bidtheatre.com
match.adsby.bidtheatre.com — Cisco Umbrella Rank: 2846
550 B
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 172
18 KB
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 1141
632 B
1 cloudfunctions.net
us-central1-decisive-plasma-381522.cloudfunctions.net
323 B
0 linkedin.com Failed
px.ads.linkedin.com Failed
724 82
Domain Requested by
78 pagead2.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
pagead2.googlesyndication.com
googleads.g.doubleclick.net
us-central1-decisive-plasma-381522.cloudfunctions.net
www.googletagservices.com
s0.2mdn.net
ad.doubleclick.net
59 www.metropoles.com us-central1-decisive-plasma-381522.cloudfunctions.net
www.metropoles.com
41 cm.g.doubleclick.net 19 redirects www.metropoles.com
googleads.g.doubleclick.net
e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
34 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
us-central1-decisive-plasma-381522.cloudfunctions.net
googleads.g.doubleclick.net
s0.2mdn.net
31 s0.2mdn.net us-central1-decisive-plasma-381522.cloudfunctions.net
s0.2mdn.net
cdnjs.cloudflare.com
22 dsum-sec.casalemedia.com 10 redirects googleads.g.doubleclick.net
21 imageproxy.eu.criteo.net ads.eu.criteo.com
20 content.jwplatform.com 12 redirects cdn.jwplayer.com
content.jwplatform.com
ssl.p.jwpcdn.com
19 ib.adnxs.com 7 redirects tags.denakop.com
googleads.g.doubleclick.net
acdn.adnxs.com
16 dt.adsafeprotected.com e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
16 googleads4.g.doubleclick.net us-central1-decisive-plasma-381522.cloudfunctions.net
16 static.adsafeprotected.com e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
srcdoc
static.adsafeprotected.com
14 assets-jpcust.jwpsrv.com www.metropoles.com
13 ade.googlesyndication.com
13 static.criteo.net ads.eu.criteo.com
13 googleads.g.doubleclick.net e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
pagead2.googlesyndication.com
www.googleadservices.com
13 wfpscripts.webspectator.com www.googletagmanager.com
webservices.webspectator.com
12 images.taboola.com
12 eus.rubiconproject.com us-central1-decisive-plasma-381522.cloudfunctions.net
eus.rubiconproject.com
imprammp.taboola.com
am-match.taboola.com
tags.denakop.com
12 webservices.webspectator.com wfpscripts.webspectator.com
webservices.webspectator.com
11 cdn.taboola.com us-central1-decisive-plasma-381522.cloudfunctions.net
cdn.taboola.com
10 www.googletagservices.com e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
www.awin1.com
www.googletagservices.com
s0.2mdn.net
10 ssl.p.jwpcdn.com content.jwplatform.com
9 am-trc-events.taboola.com
9 tags.denakop.com us-central1-decisive-plasma-381522.cloudfunctions.net
tags.denakop.com
8 x.bidswitch.net 4 redirects imprammp.taboola.com
am-match.taboola.com
8 fw.adsafeprotected.com 4 redirects us-central1-decisive-plasma-381522.cloudfunctions.net
8 e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com securepubads.g.doubleclick.net
7 csync.smilewanted.com tags.denakop.com
csync.smilewanted.com
7 securepubads.g.doubleclick.net www.metropoles.com
securepubads.g.doubleclick.net
tags.denakop.com
us-central1-decisive-plasma-381522.cloudfunctions.net
6 match.adsrvr.org www.metropoles.com
imprammp.taboola.com
am-match.taboola.com
api.retargetly.com
6 www.gstatic.com content.jwplatform.com
www.gstatic.com
6 files.metropoles.com www.metropoles.com
5 ups.analytics.yahoo.com imprammp.taboola.com
am-match.taboola.com
eus.rubiconproject.com
5 ad4m.at e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
ad4m.at
5 vidstat.taboola.com cdn.taboola.com
vidstat.taboola.com
5 sb.scorecardresearch.com 1 redirects cdn.taboola.com
5 videos-cloudfront-usp.jwpsrv.com ssl.p.jwpcdn.com
5 www.google.com www.metropoles.com
tpc.googlesyndication.com
e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
4 am-wf.taboola.com vidstat.taboola.com
4 pixel.tapad.com 2 redirects api.retargetly.com
eus.rubiconproject.com
4 app.retargetly.com api.retargetly.com
4 sync.taboola.com imprammp.taboola.com
am-match.taboola.com
4 pr-bh.ybp.yahoo.com www.metropoles.com
4 pixel.rubiconproject.com www.metropoles.com
eus.rubiconproject.com
4 cdnjs.cloudflare.com ads.eu.criteo.com
s0.2mdn.net
4 prd.jwpltx.com www.metropoles.com
4 stellate.metropoles.com www.metropoles.com
4 cdn.jwplayer.com 2 redirects www.metropoles.com
3 sync.1rx.io 3 redirects
3 pixel.mathtag.com api.retargetly.com
3 am-match.taboola.com vidstat.taboola.com
3 api.retargetly.com 1 redirects wfpscripts.webspectator.com
api.retargetly.com
3 token.rubiconproject.com 3 redirects
3 trc.taboola.com cdn.taboola.com
3 gum.criteo.com cdn.taboola.com
tags.denakop.com
3 www.googletagmanager.com us-central1-decisive-plasma-381522.cloudfunctions.net
www.googletagmanager.com
tags.denakop.com
3 www.google.de www.metropoles.com
3 onesignal.com cdn.onesignal.com
2 b.t.tailtarget.com d.tailtarget.com
2 tt-11749-8.seg.t.tailtarget.com d.tailtarget.com
2 d.tailtarget.com us-central1-decisive-plasma-381522.cloudfunctions.net
d.tailtarget.com
2 creativecdn.com 2 redirects
2 us.ck-ie.com csync.smilewanted.com
2 ads.betweendigital.com 2 redirects
2 sync.richaudience.com 1 redirects csync.smilewanted.com
2 acdn.adnxs.com tags.denakop.com
2 www.awin1.com 1 redirects as.ad4m.at
2 as.ad4m.at ad4m.at
as.ad4m.at
2 www.facebook.com api.retargetly.com
2 connect.facebook.net api.retargetly.com
connect.facebook.net
2 match.prod.bidr.io 2 redirects
2 sync.smartadserver.com 2 redirects
2 image6.pubmatic.com 2 redirects
2 match.sharethrough.com e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
csync.smilewanted.com
2 eb2.3lift.com 2 redirects
2 sync.srv.stackadapt.com 2 redirects
2 pool.admedo.com 2 redirects
2 b1sync.zemanta.com 2 redirects
2 c1.adform.net 2 redirects
2 d5p.de17a.com 2 redirects
2 a.c.appier.net 2 redirects
2 sync.mathtag.com 1 redirects eus.rubiconproject.com
2 wf.taboola.com vidstat.taboola.com
2 am-vid-events.taboola.com
2 csm.eu.criteo.net ads.eu.criteo.com
2 cat.fr3.eu.criteo.com ads.eu.criteo.com
2 loadus.exelator.com
2 ads.eu.criteo.com us-central1-decisive-plasma-381522.cloudfunctions.net
e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
2 ajax.googleapis.com webservices.webspectator.com
s0.2mdn.net
2 prebid.smilewanted.com tags.denakop.com
2 cpm.denakop.com tags.denakop.com
2 prg.smartadserver.com tags.denakop.com
2 onetag-sys.com tags.denakop.com
2 fastlane.rubiconproject.com tags.denakop.com
2 pm-widget.taboola.com cdn.taboola.com
pm-widget.taboola.com
2 c.amazon-adsystem.com tags.denakop.com
c.amazon-adsystem.com
2 adservice.google.com securepubads.g.doubleclick.net
2 stats.g.doubleclick.net www.google-analytics.com
www.googletagmanager.com
2 cdn.onesignal.com www.metropoles.com
cdn.onesignal.com
2 www.google-analytics.com www.metropoles.com
www.google-analytics.com
1 t.tailtarget.com
1 disclaimer-api.goadopt.io us-central1-decisive-plasma-381522.cloudfunctions.net
1 tags.t.tailtarget.com us-central1-decisive-plasma-381522.cloudfunctions.net
1 tag.goadopt.io us-central1-decisive-plasma-381522.cloudfunctions.net
1 ads.stickyadstv.com 1 redirects
1 cm.adform.net 1 redirects
1 sync.targeting.unrulymedia.com 1 redirects
1 ad.turn.com 1 redirects
1 ap.lijit.com csync.smilewanted.com
1 static.smilewanted.com csync.smilewanted.com
1 api.rlcdn.com tags.denakop.com
1 c2.taboola.com us-central1-decisive-plasma-381522.cloudfunctions.net
1 ad.doubleclick.net www.googletagservices.com
1 banner.congstar.de as.ad4m.at
1 cds.taboola.com cdn.taboola.com
1 pips.taboola.com cdn.taboola.com
1 vidstatb.taboola.com
1 dis.criteo.com 1 redirects
1 bttrack.com eus.rubiconproject.com
1 sync.ipredictive.com 1 redirects
1 retargetly-match.dotomi.com api.retargetly.com
1 sync.teads.tv api.retargetly.com
1 bcp.crwdcntrl.net api.retargetly.com
1 secure.adnxs.com 1 redirects
1 pixel-sync.sitescout.com api.retargetly.com
1 tags.bluekai.com api.retargetly.com
1 cm.mgid.com api.retargetly.com
1 ssum-sec.casalemedia.com 1 redirects
1 fksnk.com 1 redirects
1 match.adsby.bidtheatre.com 1 redirects
1 pixel-us-east.rubiconproject.com eus.rubiconproject.com
1 imprammp.taboola.com vidstat.taboola.com
1 www.googleadservices.com us-central1-decisive-plasma-381522.cloudfunctions.net
1 msgws.webspectator.com wfpscripts.webspectator.com
1 fonts.googleapis.com cdn.taboola.com
1 widget.fr3.eu.criteo.com ads.eu.criteo.com
1 15.taboola.com cdn.taboola.com
1 rtb.fr3.eu.criteo.com us-central1-decisive-plasma-381522.cloudfunctions.net
1 beacon-ams3.rubiconproject.com www.metropoles.com
1 aax.amazon-adsystem.com c.amazon-adsystem.com
1 prebid-us.creativecdn.com tags.denakop.com
1 pixel.quantserve.com
1 rules.quantcount.com secure.quantserve.com
1 secure.quantserve.com wfpscripts.webspectator.com
1 region1.analytics.google.com www.googletagmanager.com
1 at.teads.tv a.teads.tv
1 a.teads.tv www.googletagmanager.com
1 call.cleverwebserver.com www.metropoles.com
1 ui.cleverwebserver.com us-central1-decisive-plasma-381522.cloudfunctions.net
1 scripts.cleverwebserver.com www.metropoles.com
1 us-central1-decisive-plasma-381522.cloudfunctions.net
0 px.ads.linkedin.com Failed www.metropoles.com
0 s.amazon-adsystem.com Failed www.metropoles.com
0 aax-eu.amazon-adsystem.com Failed www.metropoles.com
724 155
Subject Issuer Validity Valid
misc.google.com
GTS CA 1C3		 2023-05-22 -
2023-08-14		 3 months crt.sh
metropoles.com
R3		 2023-05-09 -
2023-08-07		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-05-22 -
2023-08-14		 3 months crt.sh
*.metropoles.com
R3		 2023-04-08 -
2023-07-07		 3 months crt.sh
jwplayer.com
Amazon RSA 2048 M02		 2023-03-01 -
2023-12-25		 10 months crt.sh
stellate.metropoles.com
R3		 2023-06-12 -
2023-09-10		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-05-22 -
2023-08-14		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-03 -
2024-05-02		 a year crt.sh
cleverwebserver.com
Cloudflare Inc ECC CA-3		 2022-09-06 -
2023-09-05		 a year crt.sh
www.google.com
GTS CA 1C3		 2023-05-22 -
2023-08-14		 3 months crt.sh
www.google.de
GTS CA 1C3		 2023-05-22 -
2023-08-14		 3 months crt.sh
*.jwplayer.com
GlobalSign Atlas R3 DV TLS CA 2022 Q4		 2022-11-26 -
2023-12-28		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2023-05-22 -
2023-08-14		 3 months crt.sh
jwpsrv.com
Amazon RSA 2048 M02		 2023-03-20 -
2024-04-16		 a year crt.sh
teads.tv
R3		 2023-05-11 -
2023-08-09		 3 months crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-12-08 -
2023-12-31		 a year crt.sh
*.scorecardresearch.com
Sectigo RSA Domain Validation Secure Server CA		 2022-12-15 -
2023-12-28		 a year crt.sh
denakop.com
Cloudflare Inc ECC CA-3		 2023-02-17 -
2024-02-16		 a year crt.sh
*.webspectator.com
Go Daddy Secure Certificate Authority - G2		 2023-06-12 -
2024-07-11		 a year crt.sh
*.google.com
GTS CA 1C3		 2023-05-22 -
2023-08-14		 3 months crt.sh
c.amazon-adsystem.com
Amazon RSA 2048 M01		 2023-02-28 -
2024-02-17		 a year crt.sh
*.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-05-12 -
2023-08-10		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2023-05-22 -
2023-08-14		 3 months crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-08-09 -
2023-09-09		 a year crt.sh
quantserve.com
R3		 2023-06-13 -
2023-09-11		 3 months crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-03-05 -
2024-04-03		 a year crt.sh
*.onetag-sys.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-12-28 -
2024-01-28		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2023-02-13 -
2024-03-15		 a year crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-01-21 -
2024-01-23		 a year crt.sh
*.creativecdn.com
RapidSSL TLS RSA CA G1		 2023-03-29 -
2024-04-28		 a year crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com
Amazon RSA 2048 M01		 2023-03-16 -
2024-03-08		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-05-22 -
2023-08-14		 3 months crt.sh
*.eu.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-05-13 -
2023-08-10		 3 months crt.sh
*.fr3.eu.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-06-03 -
2023-08-27		 3 months crt.sh
*.exelator.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-05-29 -
2024-06-11		 a year crt.sh
*.criteo.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-05-27 -
2023-08-27		 3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2023-04-12 -
2024-05-13		 a year crt.sh
*.eu.criteo.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-06-07 -
2023-08-30		 3 months crt.sh
*.retargetly.com
Sectigo RSA Domain Validation Secure Server CA		 2022-11-30 -
2023-12-23		 a year crt.sh
fw.adsafeprotected.com
Amazon RSA 2048 M02		 2023-03-29 -
2024-04-27		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2023-05-22 -
2023-08-14		 3 months crt.sh
static.adsafeprotected.com
Amazon RSA 2048 M01		 2023-02-24 -
2023-09-04		 6 months crt.sh
dt.adsafeprotected.com
Amazon RSA 2048 M02		 2023-05-09 -
2024-06-07		 a year crt.sh
www.googleadservices.com
GTS CA 1C3		 2023-05-22 -
2023-08-14		 3 months crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2023-03-23 -
2024-03-23		 a year crt.sh
ups.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2023-02-21 -
2023-08-16		 6 months crt.sh
*.sharethrough.com
Amazon RSA 2048 M01		 2023-06-14 -
2024-07-12		 a year crt.sh
pixel.mathtag.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-07-05 -
2023-07-05		 a year crt.sh
odc-pixel-prod-01.oracle.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-02-07 -
2024-02-08		 a year crt.sh
*.sitescout.com
GeoTrust Global TLS RSA4096 SHA256 2022 CA1		 2023-01-09 -
2024-02-02		 a year crt.sh
*.crwdcntrl.net
Amazon RSA 2048 M01		 2022-11-07 -
2023-12-06		 a year crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2022-08-09 -
2023-09-10		 a year crt.sh
*.mathtag.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-03-30 -
2024-04-29		 a year crt.sh
*.bttrack.com
Sectigo RSA Domain Validation Secure Server CA		 2023-04-04 -
2024-04-21		 a year crt.sh
*.google.de
GTS CA 1C3		 2023-05-22 -
2023-08-14		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-03-25 -
2023-06-23		 3 months crt.sh
www.awin1.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-03-10 -
2024-03-09		 a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2023-02-02 -
2024-03-03		 a year crt.sh
cdn.adnxs.com
GeoTrust RSA CA 2018		 2022-10-21 -
2023-10-22		 a year crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2		 2023-05-06 -
2024-05-04		 a year crt.sh
*.richaudience.com
RapidSSL Global TLS RSA4096 SHA256 2022 CA1		 2023-02-27 -
2024-02-26		 a year crt.sh
ck-ie.com
Go Daddy Secure Certificate Authority - G2		 2022-11-12 -
2023-12-14		 a year crt.sh
*.tailtarget.com
Sectigo RSA Domain Validation Secure Server CA		 2022-06-10 -
2023-07-10		 a year crt.sh

This page contains 85 frames:

Primary Page: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Frame ID: 7615126F499A6EB56D7920A08D2C9F68
Requests: 226 HTTP requests in this frame

Frame: https://cdn.jwplayer.com/players/YM5sDNF6-HdA8q6gX.html
Frame ID: 0BA1BB71C1A2737D5C5B22FBC76AF393
Requests: 23 HTTP requests in this frame

Frame: https://cdn.jwplayer.com/players/GLdb5qhK-HdA8q6gX.html
Frame ID: 26853ED777630951781D411F682C934A
Requests: 28 HTTP requests in this frame

Frame: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 2C1443215CB7A68A1AC44C1AC95DD674
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: F60234C127B700495228BB5E5FECCFEF
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C3E16AEA760A13685DBEA0C7A34BE0A4
Requests: 2 HTTP requests in this frame

Frame: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 395B6AABA81AA6F70D7AE032C521FFC2
Requests: 28 HTTP requests in this frame

Frame: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: B23044F1BEAC2BCB58C3080AA326AC59
Requests: 27 HTTP requests in this frame

Frame: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: A0857C7C09C431ABAACE3D74B7A18BF8
Requests: 28 HTTP requests in this frame

Frame: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: E8F611EAABB7833A0B8D76AC1229ADEC
Requests: 8 HTTP requests in this frame

Frame: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: E2DB5465548232B506C8312F556AC645
Requests: 28 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Frame ID: C5182FA3B1791F0D63FE0E81B5080E1F
Requests: 30 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Frame ID: 9FFA04DA111FDC36C6010F5C4109A2A0
Requests: 10 HTTP requests in this frame

Frame: https://beacon-ams3.rubiconproject.com/beacon/d/c0c57a1a-a3e7-4a15-ac2b-082e3ea47181?oo=0&accountId=23648&siteId=427988&zoneId=2448788&sizeId=55&e=6A1E40E384DA563BE2FB992A7E5C703890946C6C41EA6ADC44E14C2FE9E841DBC84D666D322B1D7C82041C1387EFEDCA9F0BE1F8337FD75D1DA7E4EE376ACCF914C5EC3C177C93FDD608CC76597A2B9385480D01CD81A0D22387705EDFE53F5D72DC65F0EE7BD8A5C2A65A20B94EE356049EE29C7CD00629E298B6C167B6699A737BE402DC7D2817D6E2E36FAC3898D4A3A2F21B102E167BAB74E6A7FE1E3887330DA9769E8A53FC8F410080ECA5FE108B6587CA012C6ED9BBFCB0375A11E6E4ED510C8BE497B34C07FCB18A8C324AD7A6C8308537FD3D86840537513E39649E0581CD636C2A8D84A1888FE29B60B3ED5C1BBE5AE76FA7AAFDF96945F136E6420D6D8A19566A6F72D00E363161C0674BC790441208EC9D9E7A476BE5CD9798AE68B553F214C28995424CE3E2211D4C46B3FB061234DFB3494D452B92A1BFB17887FF60ADBB7514BCF951E1E0F39512E4EC6D0EB321B7721663BFBE7325A3F97E73A0979AC1D132CC10EF91C610F05A648F45A5EB5FFCDE0861CAEB1B00F16E468303D5E8645857FC861F690506C5E1D2D51E5942125D117F7A60482061BB8F128BB4EFD0AB8E3D4FC732503E3ECEE5684793BD4F9CB9D8E9FDA9EC2C110A41BC8DFD5C1A05387769C7A474D9570A7F04BEF04EA6090698CD87B0BB9741B21FAE32A9D76A35962FF1AA51140074F5247E8DBEF03035826A2846E97868444954F4857D41B6B315452811B53CEF57A9697750B14DB4C830F1433C0F77FADF7761D6C94985A3E35D3AE97057965431D481A3E0C995A9E623324F6C07B143EE5131B6A146DA0E7116D5FAAF585EED5B7B2E5EAEE33B698A12759D3140A4A477A0507B7412488F93E023DE9F66F171FEA4EC1C2D924CB34A29CB85E9A5FF72D6936A754A85A61C60AF2952E522D8EFA55E3A1FB377ED8952DF1CB9CEB451469439DC5AABDF62BB29A1A8DD5FE8D56693642F536C3E5362319F30294F9690BA31D017F508BE3A57C51E939A061973D0E8E20D1B761E51B0CB62700583CF0E886F34BBF1C8E4A80ADC387F21B9FBE64E90B3D97E2882CB6ADA03789502F0A88C24FE7536500C0D50531815A80DCEC1D0ED62931B28FC0A4ED6543EC8DE3E240348E47B21D3BF4FC8EEF9815069A8906358651F33A92835837041E2A418F30CB366CEB4CF94AE8138ECDC72D532902E9CF10A481D611BE82D163FB011C65BBAD99EB724F3
Frame ID: 8D2AA027548F90F824C592B05704911F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO_4sqYCELfrruECGLmExucBMAE&v=APEucNW2FhAMEoOmFP7smabVkVZ_VKYEqVXmBnbNx4UJ2hq_wErvLCV3qpp5VPmIO3iZC6uS_mg7Xo7DsBcZt0w97kNJu6TUBDifjYA50SdBQbzmVb35fb_PbveuiDdijW7Q10JXFMasFxB8S3l89AXvb522DIh6cAFZRWuhWx0cySDk4uE3Jx8
Frame ID: 5A7ABE1A7AF0C754582A8CCD71D64CFD
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO_4sqYCELfrruECGK2ExucBMAE&v=APEucNUxbgt38fHP7BQ13I1VsYSr8YC0a1qTPkp_ZPIR-2aK7sGeUATvdiZHOQ_zSEF0cxhItO6ijgdyNUYmk05sT5SnuouOpYB4iC-YFLm-RpsAwE31Mg3oIthyiiJ4ovTrYgnYcWzlhc_jJ7mR26FwAuI_8BZL7ss0wwEF1nB61IT0RwTCx2E
Frame ID: 12F53812130E6354948283F42248349B
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO_4sqYCELfrruECGK2ExucBMAE&v=APEucNUl4ET4oqQnxIMUvxPD9tubicP8vokOomrJPD4d06e_750Fc12ctwTu1eUE4jSTYEwzzMXpUfN9MlhvLnT-oaYjHI_MBfnKqtb-jQh-sx2x3pJ6g4rw1-m5OB9cdcfV2nNKm-NGMuVmt66qc-rsNdgTDfP8B29z6d1v4lj3T3P8e5Gnn7w
Frame ID: FE20711E4C8B3F87A400F361C5FD87F7
Requests: 5 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZIs9wQAEm4AK1cxBAAF-ZrVkpOfWratDRGYHTg&u=%7CDlrcQWLrv9TXhrzKEF4YFDoYjksUWNkjab8%2BSSjv9O8%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYOn9dvnzewo0NswcNHMySYBexoFFu_CKHv257-HeW_pQ75m60X5ph5PIEPrEdLhKkiUpxoxSBvElcLibnflQu9PGzoiYqjzjGzC597P4bh_KebBqvV1wmagXwyGVn1nPo30FgP1loWgFWL3nwuQRvASPPkGblL1JLS3oi1dfdIXq6mREyTsrMmqyCgO6g8HK5MYEe6gY6lMBe-ROxoRNG8ix2anB9E5gsrmNVZ3oJEzK7B5lj9neHdQgcTTzKJnW2G0tVbdd1ofwAr_bVCrbe4ZRHDNVsS1swph6v06VONYBqwH4ljQasGl-ploE1l4bMOIz7IUVdljuQO3WzNm2SY7Ye-IRS8huTOEgJBntlRX4_tJ44NsWZKagOrHJVqZUaPoU1h_9s9s9wKUF0BalHhwig7T1nOrzdw7vf3Fjn41vrGHMpPfsvz6JhlGGqopTxS4j3PsENkbcmvfLQ2wTLvlBCH8W9fmOkWlQdfyJvwrUXryY_yAaQeEnn6rlrXZNXh5tAnhr1U3XgMsP5h93RQifyM-gh-1lj0VKykFIdzAlbTm96cyT8Pb67Uv5pbssc0qwhwPavopk-Zb_fBa08ux4KISdhdSFZU&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7ER_wT2LZIC3EsGY1wbm_IXgC8me0rFc9ZHevrEBwI23ARABIABgleKQgqAHggEXY2EtcHViLTg0NDYxMzg5OTE4MjEwMjXIAQmpAvENXVuMMLI-4AIAqAMBqgTaAk_Qon2OsarbI1wGxbCH_kHvCNsWvUl8okzQKz9oj0ZTLtlZbAxh6c2qubhcO5UNFCEEp7lfzx0EQ0Z5jIaZt6mnszUpz5HIiYUWw6VWEbP3FlA-bI4jDpGKhxJ8bHMEJCcAhwCx2fAuAO0iHCpy5j7IPCh80MwtBZe36Yh1v-EC4HB3a8yGum3VeehY1IVzAScLMjSMUQKdAqZ3nN3a_anLby7DiQTp24eHgQXKI3ylmkVChQpDoBbTMp4ZXnmjlGGSF3ZjL2i4NfeMhVZ15OUfrP6_1A4-Ubr53YPPYG1giteyj9boiYSwqaKTDe0w73hGPCwJ5OuLV3Uy30lqaNFy8Cthd2VZBqU8gcZSDleUtshov9cBsj5O4lhrRpefe9XBhPxk9TklKwwKFM1yz_WIvSB-ERfI3opWXzXpJFGwsxu-p1Rxew0EwBJ9RTD3fRxY2BY9Bzb3Y43gBAGABpLA1aul1aqDNaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3AiSNTErOoSuf9-GNU3lVIRdBM5w%26client%3Dca-pub-8446138991821025%26adurl%3D
Frame ID: 6DD4B151BFC3CFB04D1595300E9C2DE4
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO_4sqYCELfrruECGLGExucBMAE&v=APEucNXyBIMfC2UusOfWzhD7gbx0ePGtvSE1890wfsIpzgerjySHqZ5glnKgXCvPvYR6hCmyQCI2XRBnxBlT3zy_i_6laiTNMpIJ_gvy8OSqAp4r5fExCHOFVnr53KsGEg3qvGFxeydjoBccZYWacnvh_ixf017yNMGBeLTw8lV-_FTzquyD9ZM
Frame ID: C17F4C050E2308AD4D77430104F28561
Requests: 5 HTTP requests in this frame

Frame: https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=648b3dc10a76ef70fac61cb7071bb9b1&r=https%3a%2f%2fwww.metropoles.com%2f&crossorigin=false
Frame ID: DBA631C03D8234D67FDB66FC648E544C
Requests: 1 HTTP requests in this frame

Frame: https://webservices.webspectator.com/adunitMapping?appId=2779&eaup=/123935210/tag-nsc&eolid=null&eci=null&ct=%7B%22refresh%22%3A%5B%22true%22%5D%2C%22refreshed_slot%22%3A%5B%22false%22%5D%7D&w=120&h=50&wsRotSlot=&isda=1
Frame ID: 727970F38CFF7201B60392F8BE3C6FB6
Requests: 2 HTTP requests in this frame

Frame: https://webservices.webspectator.com/adunitMapping?appId=2779&eaup=/123935210/distrito-federal-na-mira-quadrado-sidebar-1&eolid=null&eci=null&ct=%7B%22refresh%22%3A%5B%22true%22%5D%2C%22refreshed_slot%22%3A%5B%22false%22%5D%7D&w=300&h=600&wsRotSlot=&isda=1
Frame ID: 60766DEE6F92A0E694C79CC162FF757A
Requests: 2 HTTP requests in this frame

Frame: https://webservices.webspectator.com/adunitMapping?appId=2779&eaup=/123935210/distrito-federal-na-mira-quadrado-4&eolid=null&eci=null&ct=%7B%22refresh%22%3A%5B%22true%22%5D%2C%22refreshed_slot%22%3A%5B%22false%22%5D%7D&w=336&h=280&wsRotSlot=&isda=1
Frame ID: E6DD8F2736C4BA918DC94ED06376A775
Requests: 2 HTTP requests in this frame

Frame: https://webservices.webspectator.com/adunitMapping?appId=2779&eaup=/123935210/distrito-federal-na-mira-quadrado-2&eolid=null&eci=null&ct=%7B%22refresh%22%3A%5B%22true%22%5D%2C%22refreshed_slot%22%3A%5B%22false%22%5D%7D&w=300&h=250&wsRotSlot=&isda=1
Frame ID: A5C3C6E78745AAA17E4823BD0B4F46B0
Requests: 2 HTTP requests in this frame

Frame: https://webservices.webspectator.com/adunitMapping?appId=2779&eaup=/123935210/distrito-federal-na-mira-quadrado-1&eolid=null&eci=null&ct=%7B%22refresh%22%3A%5B%22true%22%5D%2C%22refreshed_slot%22%3A%5B%22false%22%5D%7D&w=300&h=250&wsRotSlot=&isda=1
Frame ID: 924B872468E412103BD2599700D4C4E2
Requests: 2 HTTP requests in this frame

Frame: https://webservices.webspectator.com/adunitMapping?appId=2779&eaup=/123935210/distrito-federal-na-mira-horizontal-1&eolid=null&eci=null&ct=%7B%22refresh%22%3A%5B%22true%22%5D%2C%22refreshed_slot%22%3A%5B%22false%22%5D%7D&w=728&h=90&wsRotSlot=&isda=1
Frame ID: D17B326DC3AE059F153CAFFA85F149DB
Requests: 2 HTTP requests in this frame

Frame: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: EBF44042581C784E6863B91CB06AB2A0
Requests: 19 HTTP requests in this frame

Frame: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 644D8979A733B17CDEAD029FAA50DEC2
Requests: 22 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICHEhDygCQYzszhczAB&v=APEucNVI8-tVjDXV5NAA0yOc7J1xWNmCLxDS9iY6H1B2d-r_dLTERg_hjNqOMtGCdKGkrINrH0jCoDjnzEIXIAqTUBj6BZrB1rzxb9FOnUDGSXpifEHECtz30aiwnKMrTwnK5mIyOVWeUBb4lehyjcgrrNpd-VP_eGO3lXiH33hihI_57IxZ6wEgzdUvx6FiFK5zswt9MflHYcDkFg11o2ahQcscYeQpDA
Frame ID: 4A56C85D2CC08E49155EDFA01D0DC981
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARiC1bLlATAB&v=APEucNU8VlRBn37uw2fDmdM2a0U1QimjaPil80Jg_6K5SOrmrQ5nvcyKw1xA_ceUMblv_9vgY2XsOP64OLR0j4iqFHoofNU7Xh2B470UZ2ZEd3KSUmAhlg5b2aBdJc2JMEGuxgIKRpJnZk-dX3kQcUisrOdJ-bgQk6n5V-2GcEIPdMjrgG-nD02W6Ty1VK1gJ01jRHa83Fgp3BEuHfD0j0I3DrYErUjZzg
Frame ID: F6CC5543A6F05E712F267399CAE6A4E0
Requests: 5 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 96111904215964B11C1A43D353EE5710
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/877621449291039494/CbV_MY24_DE_Generic_970x250/index.html?ev=01_250
Frame ID: 9388EC7FAD13E7FE92AE8C0D38A2CAF8
Requests: 2 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: ED9888B4AB216895DD7D1BF9C352078C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 9861F8518969052B4B939DEDE4FEF43C
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/9774328433567174441/CbV_EX90_DE_300x250/index.html?ev=01_250
Frame ID: 0B29B38956746DD91FA937F18655333D
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/9774328433567174441/CbV_EX90_DE_300x250/index.html?ev=01_250
Frame ID: 55A4572E75C8B3C0EA4539B7B7A0A8E2
Requests: 3 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: FE16447DF863EEAC2BACAAB86F1B232A
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 47185C0866ACACC45BE3B7154F01FD7B
Requests: 1 HTTP requests in this frame

Frame: https://api.retargetly.com/api?id=3368&src=0&url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&browserUrl=undefined&ref=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&utmz=&n=V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai%20%7C%20Metr%C3%B3poles&md=Investigados%20responder%C3%A3o%20por%20furto%20qualificado%2C%20pelo%20uso%20de%20recursos%20cibern%C3%A9tico%2C%20al%C3%A9m%20de%20lavagem%20de%20dinheiro%20e%20organiza%C3%A7%C3%A3o%20criminosa&mk=&il=0&limit_drop=&userid=9567dbfe-41e5-499b-a379-99d6a8d82255&idx=&fullVersionList=&platform=&_rlid=9567dbfe-41e5-499b-a379-99d6a8d82255
Frame ID: 08F7B3F18CF27D24072F1E2019BDA956
Requests: 20 HTTP requests in this frame

Frame: https://webservices.webspectator.com/adunitMapping?appId=2779&eaup=/21715141650,123935210/metropoles.com/desktop_under&eolid=null&eci=null&ct=%7B%22dk_refresh%22%3A%5B%22true%22%5D%2C%22index%22%3A%5B%221%22%5D%2C%22hostname%22%3A%5B%22www%22%2C%22metropoles%22%2C%22com%22%2C%22www.metropoles.com%22%5D%2C%22pathname%22%3A%5B%220%3Adistrito-federal%22%2C%221%3Ana-mira%22%2C%222%3Ahacker-ostentacao-deu-golpe-de-r-15-mi%22%2C%22%2Fdistrito-federal%2Fna-mira%2Fhacker-ostenta%22%5D%2C%22placement_name%22%3A%5B%22under%22%5D%2C%22keyword%22%3A%5B%22distrito%22%2C%22federal%22%2C%22mira%22%2C%22hacker%22%2C%22ostentacao%22%2C%22deu%22%2C%22golpe%22%2C%22atacadista%22%2C%22torrou%22%2C%22dinheiro%22%2C%22dubai%22%5D%2C%22secom%22%3A%5B%221%22%5D%2C%22tier%22%3A%5B%221%22%5D%2C%22bl%22%3A%5B%22secom%22%5D%2C%22amznbid%22%3A%5B%222%22%5D%2C%22amznp%22%3A%5B%222%22%5D%2C%22hb_adomain%22%3A%5B%5D%2C%22hb_format%22%3A%5B%22banner%22%5D%2C%22hb_source%22%3A%5B%5D%2C%22hb_size%22%3A%5B%22970x90%22%5D%2C%22hb_pb%22%3A%5B%220.00%22%5D%2C%22hb_adid%22%3A%5B%2225399c5fdf2bd89%22%5D%2C%22hb_bidder%22%3A%5B%22rubicon%22%5D%2C%22requested%22%3A%5B%22true%22%5D%7D&w=728&h=90&wsRotSlot=&isda=1
Frame ID: B51A26CAE16BFA840242895DB507C780
Requests: 2 HTTP requests in this frame

Frame: https://webservices.webspectator.com/adunitMapping?appId=2779&eaup=/21715141650,123935210/metropoles.com/desktop_side&eolid=null&eci=null&ct=%7B%22dk_refresh%22%3A%5B%22true%22%5D%2C%22index%22%3A%5B%221%22%5D%2C%22hostname%22%3A%5B%22www%22%2C%22metropoles%22%2C%22com%22%2C%22www.metropoles.com%22%5D%2C%22pathname%22%3A%5B%220%3Adistrito-federal%22%2C%221%3Ana-mira%22%2C%222%3Ahacker-ostentacao-deu-golpe-de-r-15-mi%22%2C%22%2Fdistrito-federal%2Fna-mira%2Fhacker-ostenta%22%5D%2C%22placement_name%22%3A%5B%22side%22%5D%2C%22keyword%22%3A%5B%22distrito%22%2C%22federal%22%2C%22mira%22%2C%22hacker%22%2C%22ostentacao%22%2C%22deu%22%2C%22golpe%22%2C%22atacadista%22%2C%22torrou%22%2C%22dinheiro%22%2C%22dubai%22%5D%2C%22secom%22%3A%5B%221%22%5D%2C%22tier%22%3A%5B%221%22%5D%2C%22bl%22%3A%5B%22secom%22%5D%2C%22amznbid%22%3A%5B%222%22%5D%2C%22amznp%22%3A%5B%222%22%5D%2C%22hb_adomain%22%3A%5B%5D%2C%22hb_format%22%3A%5B%22banner%22%5D%2C%22hb_source%22%3A%5B%5D%2C%22hb_size%22%3A%5B%22120x600%22%5D%2C%22hb_pb%22%3A%5B%220.01%22%5D%2C%22hb_adid%22%3A%5B%2226026df82c0695e%22%5D%2C%22hb_bidder%22%3A%5B%22rubicon%22%5D%2C%22requested%22%3A%5B%22true%22%5D%7D&w=120&h=600&wsRotSlot=&isda=1
Frame ID: 0AF095A23F400308C0B1B2670A4BFCC0
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 747DBB56EC98B98833BD9A455DC4EB53
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: FA06FD896859D0091CBB9C3410C640FE
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: E21C5ED5D0124D942F12AABB5B7BDF79
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/8330602074580042046/CBV_MY24_Interactive_DE_300x600/index.html?ev=01_250
Frame ID: AB59CCB210420FF692CF8C019952C615
Requests: 4 HTTP requests in this frame

Frame: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66370435&crid=5669305&dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&cmcv=&pix=undefined&cb=1686846915175&uv=3288&tms=1686846915175&abt=esv_vA!nonrv_vA!pl134314-482_vB!tbt_unit!ufm_vD&ru=https://us-central1-decisive-plasma-381522.cloudfunctions.net/&ft=0&su=3&unm=FEED_MANAGER&aure=false&agl=1&cirid=3e127f55-d02b-4eb1-9ad9-7cea141ae321&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Frame ID: 920B9FDE0EF9B5A2298978134AA502AD
Requests: 5 HTTP requests in this frame

Frame: https://am-match.taboola.com/sync?dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&excid=22&docw=0&cijs=1&nlb=true
Frame ID: 67C5C22380C9BFA6D7A4C54AB0529F84
Requests: 5 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=16698&endpoint=us-east&gdpr=1&us_privacy=1---
Frame ID: 895E1141FDF9B7394E028DED2DB4A271
Requests: 11 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/passback_970x250.js
Frame ID: 7A286EB3225A10F3284C9B85C8B22A88
Requests: 2 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=16698&endpoint=us-east&gdpr=1&us_privacy=1---
Frame ID: F891E8BAF2098A2557FD95214909E2D0
Requests: 2 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/passback_300x600.js
Frame ID: 83FA5013990A8366673C396048116D71
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 594E188AFB3670276BACF20D40242DC4
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 7FA56602AE144D48EE98E95FC70C0951
Requests: 9 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/passback_300x250.js
Frame ID: 1DA098BCBD91CF8F03403932633A8C50
Requests: 2 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/passback_300x250.js
Frame ID: CBCF0114BD1FB2B666EE747F467CCAB0
Requests: 2 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 918D911743D678A5046B38AB6947CF2C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D409EC7F1E6C4EE9D513F39CF06C1CB4
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 1699BF8359D7D6DECFADFA03B828C211
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/9170381621892120779/index.html?e=69&leftOffset=0&topOffset=0&c=TyK1T8CvsJ&t=1&renderingType=2&ev=01_250
Frame ID: EC83BE79D4757EC345A9E4321BC3994B
Requests: 12 HTTP requests in this frame

Frame: https://am-match.taboola.com/sync?dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&excid=22&docw=0&cijs=1&nlb=true
Frame ID: 747665A4F793C54F4C90D85FE2F047D5
Requests: 5 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=16698&endpoint=us-east&gdpr=1&us_privacy=1---
Frame ID: C5CA4D9C3DD1ABEBF30F2848035D2B52
Requests: 2 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=200349&b=wAkUdfRR55UQdr9cEH7CwuXtxZ8UKTATzDF5&f=gVWH8fBBwwaY5P8fPH5CmuxCz8GudTQT7mhe&c=120&d=600&e=&g=2c799f5a5d7a376de4f2dba11d33f951%2F10989457752402410445&i=25174&j=16&k=0&l=0&m=0&n=&p=&q=&o=dbmRTXL_desktop&r=1686846916256&h=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DCP9Ejwj2LZOyhB5TX1gbU14jQBKOgpo5xpdbKkJYM8C4QASCq04xoYJXikIKgB6ABkJPOxgPIAQmpAvENXVuMMLI-qAMBqgT2AU_QMzovio4qVobe-NxR-hUjChPQ2r5e7lwp_xuS-KMf7QC5M76KI0bZXwLQ-cbbpKSV4MAcbyem-UDHT8ZSf_nfKmVktcEdpu033RuKNuxfhCY8wQzv8inxIYzd5W5aQ5zvmYWrCnSnGSrRx7deL-5bELpc65esjYz7kTPVtUsTSfv-dWWKnDXNCJ5NuBK_xB-FStp3kd8hLmFatWgNNX_McK1KHRcpjxCh6FiAaxseBEtXipqr1S2BVtCUVfoFoW0A_9qacjbqY-nBs4la79YJuaOyV9N8kHNgcc71guKQH5cWFnW-_xApIVkfSKvFE05uwYSFK8AEz9aT_ZED4AQDkAYBoAZNgAfY7LE5qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTg4OTkxNTk0NjMwMTExNjeACgOYCwHICwGADAGwE9Wx-BLQEwDYEwPYFAHQFQH4FgGAFwE%2526ae%253D1%2526num%253D1%2526cid%253DCAQSPABygQiDOitSGR7Q1DWnSPJ23cMlMcRCkjX2sSDAc1OZbV52PW38ilSj4qC24J3kHDnhrjAaIjhaVRgJUxgB%2526sig%253DAOD64_1C1IhyHLWxEZbr32fZ4y_fBqqdtA%2526client%253Dca-pub-8170966538152543%2526dbm_c%253DAKAmf-AHEgK8BJ0ztX0w2P7i2NEp3XT0WSEK_QHYWTdQS1bCYRCQ3iw-sO3Uh9peqsr1anVtE6BB_n-GDXhUIa4JgbID6o5fxI577cz3ftLAeSa_iNrUAk4lIlb1GX79tm4lDWwSqQD8xpuCtt0RbkTl0uX6hKC01didvxqhCuYGDvaFbTvOa7c%2526cry%253D1%2526dbm_d%253DAKAmf-BmT0htdcTXnfEC6gjvo1taWVqzBNRxKVsyCTyHhJxZciaq2LcGPQ0_nFEpV_k58wJzne3qR3h2IJbkYFtBcmTOfo52x1Ts98d1cHMXryo0HAEyusmOVHjbJyPvp7wRnIPbjUFBSak5QrH088q4MDmOTOT79yoJFsdBifBYnfUDXoaL7muktsA1X8_v8_ajwEdPu3OxL4X-sSgkPo2rcLhQpOjdl2y4eh6XazV1Z3pPsjzRXzHyRdPvxBATHdXoJsUxyI6xR5qBmB0E6EZCzvz-IQmlqRj222K3bliKKBTayMVP6zD0Wpp-rDsHfGblV9wgyAQkic5h4mHSm0615JcVhjl4_OKXV8E20mXS72lp1_kQ0K2SBJvUlJ3UjfhuHfMECFdsHCV-ee1P9l_NAwaCGYieGyjTDMDFPyXwIYvVwrDJbk5ZcUy1EpWiftxymisa4Z-D7pu17J2hviJZtv1povAOComrspzy6Q-dFkTVc0R_pXW5eVU29ei70HxoEQlgkvjJh7S7LpHtfXeKoEP_8q91OwFgb4kIIQCeVnZVUOGa4yZoynpCgbVQYUEBiCPtxPCN2RTq0F6JhIB4zOPM1bV-nu4YAO5vPBLhcIZxPI9i3BSPzWHyiPrEm02ygLu69MEmfhqyJBQAB2mF7QdcsrkhGtchF-UuhMMbAh9VKpQLGa_K1XleM8O4paVf43XNKPwr%2526adurl%253D&y=1&s=&z=0
Frame ID: 63953C51B0901730355A5E571FBE9AA2
Requests: 17 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js
Frame ID: 4F26F92D7A76513064BB431FC339E77A
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: C3BC80C021BB774B8798ED1483AD82FA
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/276555277389937048/index.html?e=69&leftOffset=0&topOffset=0&c=xxjgY8lJhG&t=1&renderingType=2&ev=01_250
Frame ID: 436F00074E0F5EED8C604061CEFA79A8
Requests: 14 HTTP requests in this frame

Frame: https://csync.smilewanted.com/
Frame ID: 183ACB38F599AF24E720B12E3C60F6C2
Requests: 2 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1686846913679
Frame ID: 6B6776CB838749DEDFCF609D24FE12A3
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: A1EEB5B0028C993895F5DA741455F9B8
Requests: 3 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 27F1B40334E7DEE93050BDB2AFF9E9E8
Requests: 2 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 203B2942E4C6C150E21294F2AF125D9B
Requests: 3 HTTP requests in this frame

Frame: https://csync.smilewanted.com/drop_cookie_sw.php
Frame ID: CEBF8CE1EF223545FE97CC95DF525237
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/pixel?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fcsync.smilewanted.com%2Fset_partner_userid_get%2Fsovrn%2F%24UID
Frame ID: A0E3E19D9548CA58549D5B63F3E48A5A
Requests: 1 HTTP requests in this frame

Frame: https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fcsync.smilewanted.com%2F
Frame ID: 510B32D74ADF71F0819F6F03C2370954
Requests: 1 HTTP requests in this frame

Frame: https://csync.smilewanted.com/set_partner_userid_get/unruly/RX-344c46db-0904-4152-a98e-a01be2142fa8-003
Frame ID: B604E6B43D39A036F7B29D7C727D2553
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js
Frame ID: 9F540CA046AF181043AB804F4A94CC43
Requests: 1 HTTP requests in this frame

Frame: https://csync.smilewanted.com/set_partner_userid_get/betweenx/bac365e9-1492-52a6-80b7-2640e43c1b85
Frame ID: 1E1F60141CE0F458703D578DE7A1218A
Requests: 1 HTTP requests in this frame

Frame: https://us.ck-ie.com/smwt256.gif?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fcsync.smilewanted.com%2Fset_partner_userid_get%2Fbizzclick%2F%7B%24PARTNER_UID%7D
Frame ID: D3BE94B2F1AFD9FD7FFA2F2D14B844E5
Requests: 1 HTTP requests in this frame

Frame: https://csync.smilewanted.com/set_partner_userid_get/adform/8196798280612704842
Frame ID: C4B9D6702BFCF19F67E2105593DA28C0
Requests: 1 HTTP requests in this frame

Frame: https://csync.smilewanted.com/set_partner_userid_get/freewheel/702b5873a612f85ce8a9eff1811697cd?gdpr_consent=&gdpr=0
Frame ID: 401EFD694CB6D3AAAF32636944D99A9F
Requests: 1 HTTP requests in this frame

Frame: https://match.sharethrough.com/universal/v1?supply_id=GmfSCHMu&gdpr=0&gdpr_consent=
Frame ID: A9B874991CDB557CDA19335B25430239
Requests: 1 HTTP requests in this frame

Frame: https://us.ck-ie.com/smw888.gif?gdpr=0&gdpr_consent=&us_privacy={$USPrivacy}&coppa={$COPPA}&puid={$PARTNER_UID}
Frame ID: 0F257AC109E10BC77C2E46B68E025514
Requests: 1 HTTP requests in this frame

Frame: https://csync.smilewanted.com/set_partner_userid_get/rtbhouse/rUyfr0rfrd01P2dB7jsx?pi=smilewanted&tc=1
Frame ID: 0170BACF08BBFBFB821D9925F61D547F
Requests: 1 HTTP requests in this frame

Frame: https://webservices.webspectator.com/ad?auid=1457537&sz=%5B%5B728%2C90%5D%5D&pl=%7B%7D&dm=2&ci=0&is=1&piv=100&ts=1686846930432&cc=DE&rc=HE&sid=30A0B7F38F84E171&ct=%7B%22refresh%22%3A%5B%22true%22%5D%2C%22refreshed_slot%22%3A%5B%22false%22%5D%7D&s=4898
Frame ID: 270E52F6F9A98238FD353EF7B4785943
Requests: 1 HTTP requests in this frame

Frame: https://am-match.taboola.com/sync?dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&excid=22&docw=0&cijs=1&nlb=true
Frame ID: 58874F3975B3BB62C69C2BB8505990B9
Requests: 5 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=16698&endpoint=us-east&gdpr=1&us_privacy=1---
Frame ID: 1D301CC4ABB6A09FFD60BB222276A79F
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Vídeos: hacker ostentação deu golpe de R$ 1,5 mi em atacadista do DF e torrou dinheiro em Dubai | Metrópolesmetropoles.commetropoles.commetropoles.comGroup 3Group 3Group 3Group 3metropoles.commetropoles.commetropoles.com

Page URL History Show full URLs

  1. https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp Page URL
  2. https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadist... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link rel="amphtml"
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • tpc\.googlesyndication\.com/safeframe
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
  • googleapis\.com/.+webfont
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • cdn\.onesignal\.com
Overall confidence: 100%
Detected patterns
  • /prebid\.js
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • swfobject.*\.js
Overall confidence: 100%
Detected patterns
  • <iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
  • \.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

Page Statistics

724
Requests

87 %
HTTPS

40 %
IPv6

82
Domains

155
Subdomains

100
IPs

15
Countries

9707 kB
Transfer

23605 kB
Size

104
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp Page URL
  2. https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 97
  • https://content.jwplatform.com/strips/GLdb5qhK-120.vtt HTTP 301
  • https://assets-jpcust.jwpsrv.com/strips/GLdb5qhK-120.vtt
Request Chain 101
  • https://content.jwplatform.com/v2/media/GLdb5qhK/poster.jpg?width=720 HTTP 302
  • https://assets-jpcust.jwpsrv.com/thumbnails/2rl5m4sf-720.jpg
Request Chain 106
  • https://content.jwplatform.com/strips/YM5sDNF6-120.vtt HTTP 301
  • https://assets-jpcust.jwpsrv.com/strips/YM5sDNF6-120.vtt
Request Chain 110
  • https://content.jwplatform.com/v2/media/YM5sDNF6/poster.jpg?width=720 HTTP 302
  • https://assets-jpcust.jwpsrv.com/thumbnails/6jpw3l60-720.jpg
Request Chain 115
  • https://content.jwplatform.com/strips/GLdb5qhK-120.jpg HTTP 301
  • https://assets-jpcust.jwpsrv.com/strips/GLdb5qhK-120.jpg
Request Chain 123
  • https://content.jwplatform.com/strips/YM5sDNF6-120.jpg HTTP 301
  • https://assets-jpcust.jwpsrv.com/strips/YM5sDNF6-120.jpg
Request Chain 127
  • https://content.jwplatform.com/v2/media/dzDgy0yC/poster.jpg?width=720 HTTP 302
  • https://assets-jpcust.jwpsrv.com/thumbnails/qb9ey5up-720.jpg
Request Chain 128
  • https://content.jwplatform.com/v2/media/chywiA5K/poster.jpg?width=720 HTTP 302
  • https://assets-jpcust.jwpsrv.com/thumbnails/28jj0mog-720.jpg
Request Chain 129
  • https://content.jwplatform.com/v2/media/u60PY54j/poster.jpg?width=720 HTTP 302
  • https://assets-jpcust.jwpsrv.com/thumbnails/uj0l8sf7-720.jpg
Request Chain 130
  • https://content.jwplatform.com/v2/media/bZMM4KXi/poster.jpg?width=720 HTTP 302
  • https://assets-jpcust.jwpsrv.com/thumbnails/qisyshib-720.jpg
Request Chain 131
  • https://content.jwplatform.com/v2/media/my8TAPW2/poster.jpg?width=720 HTTP 302
  • https://assets-jpcust.jwpsrv.com/thumbnails/bhj92l13-720.jpg
Request Chain 132
  • https://content.jwplatform.com/v2/media/cSuYdB0J/poster.jpg?width=720 HTTP 302
  • https://assets-jpcust.jwpsrv.com/thumbnails/z6eqe8w1-720.jpg
Request Chain 146
  • https://sb.scorecardresearch.com/c2/20966896/cs.js HTTP 302
  • https://sb.scorecardresearch.com/internal-c2/default/cs.js
Request Chain 147
  • https://cdn.jwplayer.com/v2/media/dzDgy0yC/poster.jpg?width=120 HTTP 302
  • https://assets-jpcust.jwpsrv.com/thumbnails/qb9ey5up-120.jpg
Request Chain 168
  • https://cdn.jwplayer.com/v2/media/chywiA5K/poster.jpg?width=120 HTTP 302
  • https://assets-jpcust.jwpsrv.com/thumbnails/28jj0mog-120.jpg
Request Chain 282
  • https://token.rubiconproject.com/token?pid=25470 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TElYRDNLUUYtTC1BVjZQ HTTP 302
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJvWI-rEml3vRu5sUE49s90&google_cver=1
Request Chain 283
  • https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YjY2ZGVjMzZkY2UyMTEyMTM3ODcyMDg0OGEwNzU5ZTZhNGRiN2MzNQ
Request Chain 285
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
Request Chain 286
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/9RGvM21E7Pkw2IdleeGWAA?csrc=
Request Chain 288
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEAndXHZ705D4iVw9MbDpj5s&google_cver=1
Request Chain 289
  • https://token.rubiconproject.com/token?pid=36584 HTTP 302
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LIXD3KQF-L-AV6P
Request Chain 336
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKC2s5f-3g-dbMIoEoRPX9M&google_cver=1
Request Chain 337
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZIs9wmfzYpvegbKk6y3eUwAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
Request Chain 338
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESENiGRItncm-TkR7vZ6-hjPw&google_cver=1
Request Chain 339
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY4MDIwMDM1OTMyNTM5OTQ0OQ%3D%3D
Request Chain 340
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKC2s5f-3g-dbMIoEoRPX9M&google_cver=1
Request Chain 341
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZIs9wmfzYpvegbKk6y3eUwAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
Request Chain 342
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEHoBgXrReFgSZtK4404COQ8&google_cver=1
Request Chain 343
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY4MDIwMDM1OTMyNTM5OTQ0OQ%3D%3D
Request Chain 344
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKC2s5f-3g-dbMIoEoRPX9M&google_cver=1
Request Chain 345
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZIs9wmfzYpvegbKk6y3eUwAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
Request Chain 346
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEHoBgXrReFgSZtK4404COQ8&google_cver=1
Request Chain 347
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY4MDIwMDM1OTMyNTM5OTQ0OQ%3D%3D
Request Chain 348
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKC2s5f-3g-dbMIoEoRPX9M&google_cver=1
Request Chain 349
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZIs9wmfzYpvegbKk6y3eUwAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
Request Chain 350
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEHoBgXrReFgSZtK4404COQ8&google_cver=1
Request Chain 351
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY4MDIwMDM1OTMyNTM5OTQ0OQ%3D%3D
Request Chain 415
  • https://fw.adsafeprotected.com/rfw/st/1431402/70901275/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1011798148&ias_pubId=pub-8446138991821025&ias_chanId=1&ias_placementId=20014135090&bidurl=https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0h1haP490NR0oP6oi_pl4Rf&adContainerId=brand_safety_wj2LZIq-EJC39u8PsMaEuAs&cbFunctionName=goog_wrapCb_wj2LZIq-EJC39u8PsMaEuAs&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_970x250.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fwww.metropoles.com&adsafe_type=y&adsafe_url=https%3A%2F%2Fwww.metropoles.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fe0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fe0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:e2bd2d95-91a4-35d4-cd95-594460564c44,c:fCPhow,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-6c5d9cf586-nc4d8,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,mu:10000,br:c,bru:c,an:n,oam:0,mtim:4,mot:0,app:0,maw:0,fm:tHgFKnw+11%7C12%7C13%7C14%7C15*.1431402-70901275%7C151%7C161%7C171%7C181%7C191%7C1a%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g1%7C1h1,idMap:15*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:svg.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:27,oid:9adbd00c-0b9a-11ee-a12c-3aeb18b5b984,v:19.8.417,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
  • https://static.adsafeprotected.com/4a.js
Request Chain 419
  • https://fw.adsafeprotected.com/rfw/st/1431402/70901175/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1011798148&ias_pubId=pub-8446138991821025&ias_chanId=1&ias_placementId=20014135090&bidurl=https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0g9zCpG3Y9ayI1yFrM02_w8&adContainerId=brand_safety_wj2LZJaBFfOn9u8P--6WiAc&cbFunctionName=goog_wrapCb_wj2LZJaBFfOn9u8P--6WiAc&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_300x250.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fwww.metropoles.com&adsafe_type=y&adsafe_url=https%3A%2F%2Fwww.metropoles.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fe0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fe0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:96b94ce7-a4b8-1036-3562-26144c501009,c:fCPhpm,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-6c5d9cf586-lxwhl,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,mu:10000,br:c,bru:c,an:n,oam:0,mtim:3,mot:0,app:0,maw:0,fm:tHgFKos+11%7C12%7C13%7C14%7C151%7C152%7C153%7C16*.1431402-70901175%7C161%7C171%7C181%7C191%7C1a%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g1%7C1h1,idMap:16*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:svg.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:21,oid:9adc1e65-0b9a-11ee-8e4b-76f678202a4f,v:19.8.417,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
  • https://static.adsafeprotected.com/4a.js
Request Chain 427
  • https://fw.adsafeprotected.com/rfw/st/1431402/70901273/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1011798148&ias_pubId=pub-8446138991821025&ias_chanId=1&ias_placementId=20014135090&bidurl=https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0j0VX9fhC8qj7k8Pfr-WKX1&adContainerId=brand_safety_wj2LZLyBGv279u8Pnruj4A0&cbFunctionName=goog_wrapCb_wj2LZLyBGv279u8Pnruj4A0&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_300x600.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fwww.metropoles.com&adsafe_type=y&adsafe_url=https%3A%2F%2Fwww.metropoles.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fe0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fe0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:99468511-56ec-5d85-be60-f52d2985961a,c:fCPhqv,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-6c5d9cf586-7d7f7,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,mu:10000,br:c,bru:c,an:n,oam:0,mtim:2,mot:0,app:0,maw:0,fm:tHgFKps+11%7C12%7C13%7C14%7C151%7C152%7C153%7C154%7C161%7C162%7C163%7C171%7C172%7C181%7C19*.1431402-70901273%7C191%7C1a%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g1%7C1h1,idMap:19*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:svg.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:30,oid:9ae3bf35-0b9a-11ee-aa39-eaa6b587a086,v:19.8.417,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
  • https://static.adsafeprotected.com/4a.js
Request Chain 429
  • https://fw.adsafeprotected.com/rfw/st/1431402/70901175/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1011798148&ias_pubId=pub-8446138991821025&ias_chanId=1&ias_placementId=20014135090&bidurl=https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0gaHfrXB6ZwbOCeRr0mT7nQ&adContainerId=brand_safety_wj2LZO3BGcel9u8PuNaV6Ao&cbFunctionName=goog_wrapCb_wj2LZO3BGcel9u8PuNaV6Ao&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_300x250.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fwww.metropoles.com&adsafe_type=y&adsafe_url=https%3A%2F%2Fwww.metropoles.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fe0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fe0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:c2d0b6e2-6e86-9160-8826-c76856bace0a,c:fCPhr5,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-6c5d9cf586-7clnd,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:2,mot:0,app:0,maw:0,fm:tHgFKqf+11%7C12%7C13%7C14%7C151%7C152%7C153%7C154%7C161%7C162%7C163%7C17*.1431402-70901175%7C171%7C172%7C181%7C191%7C192%7C1a%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g1%7C1h1,idMap:17*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:DIV,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:17,oid:9ade4108-0b9a-11ee-8f35-02b82ecb441d,v:19.8.417,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
  • https://static.adsafeprotected.com/4a.js
Request Chain 431
  • https://api.retargetly.com/api?id=3368&src=0&url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&browserUrl=undefined&ref=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&utmz=&n=V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai%20%7C%20Metr%C3%B3poles&md=Investigados%20responder%C3%A3o%20por%20furto%20qualificado%2C%20pelo%20uso%20de%20recursos%20cibern%C3%A9tico%2C%20al%C3%A9m%20de%20lavagem%20de%20dinheiro%20e%20organiza%C3%A7%C3%A3o%20criminosa&mk=&il=0&limit_drop=&userid=9567dbfe-41e5-499b-a379-99d6a8d82255&idx=&fullVersionList=&platform= HTTP 302
  • https://api.retargetly.com/api?id=3368&src=0&url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&browserUrl=undefined&ref=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&utmz=&n=V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai%20%7C%20Metr%C3%B3poles&md=Investigados%20responder%C3%A3o%20por%20furto%20qualificado%2C%20pelo%20uso%20de%20recursos%20cibern%C3%A9tico%2C%20al%C3%A9m%20de%20lavagem%20de%20dinheiro%20e%20organiza%C3%A7%C3%A3o%20criminosa&mk=&il=0&limit_drop=&userid=9567dbfe-41e5-499b-a379-99d6a8d82255&idx=&fullVersionList=&platform=&_rlid=9567dbfe-41e5-499b-a379-99d6a8d82255
Request Chain 436
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
Request Chain 437
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZIs9wmfzYpvegbKk6y3eUwAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
Request Chain 438
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEHoBgXrReFgSZtK4404COQ8&google_cver=1
Request Chain 439
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY4MDIwMDM1OTMyNTM5OTQ0OQ%3D%3D
Request Chain 440
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
Request Chain 441
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZIs9wmfzYpvegbKk6y3eUwAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
Request Chain 442
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEHoBgXrReFgSZtK4404COQ8&google_cver=1
Request Chain 443
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY4MDIwMDM1OTMyNTM5OTQ0OQ%3D%3D
Request Chain 483
  • https://pr-bh.ybp.yahoo.com/sync/taboola/1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341?gdpr=1&us_privacy=1--- HTTP 302
  • https://sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/?taboola_hm=y-DRBsniRE2oSDK_CkBz47SDb3kwucMn4KlebJXg--~A
Request Chain 491
  • https://pr-bh.ybp.yahoo.com/sync/taboola/1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341?gdpr=1&us_privacy=1--- HTTP 302
  • https://sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/?taboola_hm=y-DRBsniRE2oSDK_CkBz47SDb3kwucMn4KlebJXg--~A
Request Chain 533
  • https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEGRXelbiRLzcUY27NLSVGQQ&google_cver=1&google_push=ATf1kGOSBO-WwRj6TK0ikqk6r7bGfkhCTSQlbry8w1D_e4ezQWYzshaIlSOxlmDCQFoF4Cd7C6cWpREu-f-xoKYacFTowVnZcWnU HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGOSBO-WwRj6TK0ikqk6r7bGfkhCTSQlbry8w1D_e4ezQWYzshaIlSOxlmDCQFoF4Cd7C6cWpREu-f-xoKYacFTowVnZcWnU
Request Chain 534
  • https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESEMNdTz-rE9yZ3Egx99TAQ38&google_cver=1&google_push=ATf1kGOtKELHlIGL0-FcMh3omy_IlClPNpGnVukh--qY1Hu0-I01TWTj-V1NfAKI9rPZ0nlWs6rTc2XIy4dD3SdlOZIhOK5VlUsW HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=ATf1kGOtKELHlIGL0-FcMh3omy_IlClPNpGnVukh--qY1Hu0-I01TWTj-V1NfAKI9rPZ0nlWs6rTc2XIy4dD3SdlOZIhOK5VlUsW
Request Chain 535
  • https://a.c.appier.net/gcm?google_gid=CAESELp6r9qp75U7Iue9sFP3v64&google_cver=1&google_push=ATf1kGMVbT1mjso8pcYPtvddS4tpRB-3Q6oCmVfFQFSz7Z_-ks-T4SIhZbQFfiMFjyTR2JRiVcaHqBvBg1HXHR2oXZAEBVt33qah HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=Rzh0dnFneTRCQnlHcnR6RHhEMkxaQQ%3D%3D&google_push=ATf1kGMVbT1mjso8pcYPtvddS4tpRB-3Q6oCmVfFQFSz7Z_-ks-T4SIhZbQFfiMFjyTR2JRiVcaHqBvBg1HXHR2oXZAEBVt33qah
Request Chain 536
  • https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEBCRdquU7Pv3PNwLxF2DWvo&google_cver=1&google_push=ATf1kGNGXb1B8PPKNGKrwwvdnuqJXQlQkkbgni7tifEjMaAPebhsaW1jHA40pYV1wkZD_Sg66z6CnPlsY7YLowiXLdWFsdjtVY8 HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEBCRdquU7Pv3PNwLxF2DWvo&google_cver=1&google_push=ATf1kGNGXb1B8PPKNGKrwwvdnuqJXQlQkkbgni7tifEjMaAPebhsaW1jHA40pYV1wkZD_Sg66z6CnPlsY7YLowiXLdWFsdjtVY8 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGNGXb1B8PPKNGKrwwvdnuqJXQlQkkbgni7tifEjMaAPebhsaW1jHA40pYV1wkZD_Sg66z6CnPlsY7YLowiXLdWFsdjtVY8&google_hm=o4Y_h9PYShaLn181Xhtfbw==
Request Chain 537
  • https://d5p.de17a.com/cookies/google?google_gid=CAESEAdyVoMSsJrR0uf9qnSyjkI&google_cver=1&google_push=ATf1kGO81CM6pzc61tDIivXFOWfpjOC2utZlrIkAB1-Kw4OT0es_lbnToMPsbY5DKP4NjRAnkyV5gfxFF9sSowSeItvz3JDFb-fe HTTP 302
  • https://d5p.de17a.com/cookies/google;c?google_gid=CAESEAdyVoMSsJrR0uf9qnSyjkI&google_cver=1&google_push=ATf1kGO81CM6pzc61tDIivXFOWfpjOC2utZlrIkAB1-Kw4OT0es_lbnToMPsbY5DKP4NjRAnkyV5gfxFF9sSowSeItvz3JDFb-fe HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGO81CM6pzc61tDIivXFOWfpjOC2utZlrIkAB1-Kw4OT0es_lbnToMPsbY5DKP4NjRAnkyV5gfxFF9sSowSeItvz3JDFb-fe
Request Chain 538
  • https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEG7fA3AO1k0nI-2xjav0QTk&google_cver=1&google_push=ATf1kGPLh1SaFXc1Qc6Zch47gfl5DaiYr4-eATvloQl9SB8ZppKYz6xZAkmQs2vpCnYIqnBywlRuRq9r3hWGpYXaMlsz3z_5yfqG HTTP 302
  • https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEG7fA3AO1k0nI-2xjav0QTk&google_cver=1&google_push=ATf1kGPLh1SaFXc1Qc6Zch47gfl5DaiYr4-eATvloQl9SB8ZppKYz6xZAkmQs2vpCnYIqnBywlRuRq9r3hWGpYXaMlsz3z_5yfqG HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODE5Njc5ODI4MDYxMjcwNDg0Mg&google_push=ATf1kGPLh1SaFXc1Qc6Zch47gfl5DaiYr4-eATvloQl9SB8ZppKYz6xZAkmQs2vpCnYIqnBywlRuRq9r3hWGpYXaMlsz3z_5yfqG
Request Chain 539
  • https://b1sync.zemanta.com/usersync/googleopenbidding/?google_gid=CAESEJ-1_x9YGZ4OL-wJApVptcw&google_cver=1&google_push=ATf1kGP_oq4jRrvCB_NJxmXlvp2EKz2GJkWyw2zN11jKJtqNmJkuLxZYJ9iXUyuQ0kuWpLzpmLydOsQk9MRRZnYC6M7z7gcFhpHd HTTP 302
  • https://b1sync.zemanta.com/usersync/googleopenbidding/?google_cver=1&google_gid=CAESEJ-1_x9YGZ4OL-wJApVptcw&google_push=ATf1kGP_oq4jRrvCB_NJxmXlvp2EKz2GJkWyw2zN11jKJtqNmJkuLxZYJ9iXUyuQ0kuWpLzpmLydOsQk9MRRZnYC6M7z7gcFhpHd&s=2 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=outbrain_eb&google_push=ATf1kGP_oq4jRrvCB_NJxmXlvp2EKz2GJkWyw2zN11jKJtqNmJkuLxZYJ9iXUyuQ0kuWpLzpmLydOsQk9MRRZnYC6M7z7gcFhpHd&google_hm=c01mMEJvOEVDZDM1enFIN1g5My0=
Request Chain 544
  • https://fksnk.com/cs/google?google_gid=CAESEPiz8cTRhil9ra73L9MNtMA&google_cver=1&google_push=ATf1kGN-Chlj_MqzDTbWS7xP-LjivNGc_UUdqkpouquwQb7LV2nbU8Lbg8AKTD0-lI6a5VgK0Qr8aBdZ3e16_Q_b29629rsgQMxwDfXzGttcWTtp1rbWfIjV5pCBjkJPsH_5Z9LRB4nA8yYS HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=QjIyQkYyODIzQjhBQzdFMQ==
Request Chain 545
  • https://a.c.appier.net/gcm?google_gid=CAESELp6r9qp75U7Iue9sFP3v64&google_cver=1&google_push=ATf1kGPbnzjERDXUDHgriMo0uCKOylsShg20f0nzYgDN61CLW-TH7GXFgSxmuP2pghaD9rFgGgY8r4dDkBAtYPt7Rm-NIb5a90GV0jHJnthiwBDxjr9sBK3xbOsLjnDhhIt1pCYQY1Fl4vHO HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=Q2lHd0xrQk9Eb21VZDNNMHhEMkxaQQ%3D%3D&google_push=ATf1kGPbnzjERDXUDHgriMo0uCKOylsShg20f0nzYgDN61CLW-TH7GXFgSxmuP2pghaD9rFgGgY8r4dDkBAtYPt7Rm-NIb5a90GV0jHJnthiwBDxjr9sBK3xbOsLjnDhhIt1pCYQY1Fl4vHO
Request Chain 546
  • https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEBCRdquU7Pv3PNwLxF2DWvo&google_cver=1&google_push=ATf1kGPA-siLFcPDuaZkX0eZEILZ1NO5Tzu2WEVKYsrOUe7Wbrgaupl5aQ5DEpmYMTPHR-riwYIw29IIBOsbpY1qwz1VyHYWAbEjPwqi-KgPmYDos4pNXLT5XL6pSZ3lVBzJVoD7twrwcbRL HTTP 302
  • https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=google&bsw_custom_parameter=a3863f87-d3d8-4a16-8b9f-5f355e1b5f6f HTTP 302
  • https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=google&bsw_custom_parameter=a3863f87-d3d8-4a16-8b9f-5f355e1b5f6f HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=d9ebacb1-dc79-4b7a-898d-f62177c41ce6&user_group=1&ssp=google&bsw_param=a3863f87-d3d8-4a16-8b9f-5f355e1b5f6f HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGNGXb1B8PPKNGKrwwvdnuqJXQlQkkbgni7tifEjMaAPebhsaW1jHA40pYV1wkZD_Sg66z6CnPlsY7YLowiXLdWFsdjtVY8&google_hm=o4Y_h9PYShaLn181Xhtfbw==
Request Chain 547
  • https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESELPfcnLPIfizE4VjyPgZMxc&google_cver=1&google_push=ATf1kGOW91Dkna4iCYbggyL1JkuxIBVtvp07Ocdp3GnLeJ2TjC1LnlgTc7oDmx8b6b2B5PxqzxLYKFQWO4UsN5KgzRtgT7_7rKiLU4Lj3wOO3ekV1t9zx8n5SyHNFt6Uv2jj2fD_PL-YVKW8 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=nDLHiWVDVPJlvqBFltsLG7nVm7E&google_push=ATf1kGOW91Dkna4iCYbggyL1JkuxIBVtvp07Ocdp3GnLeJ2TjC1LnlgTc7oDmx8b6b2B5PxqzxLYKFQWO4UsN5KgzRtgT7_7rKiLU4Lj3wOO3ekV1t9zx8n5SyHNFt6Uv2jj2fD_PL-YVKW8
Request Chain 548
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEIvT60W1o3S7C9a82hIGAD0&google_cver=1&google_push=ATf1kGPoimV0TxLACdOPzqlVWPx9ebR3qDP-qyJXprigDSoOCys6hkK7yOM-jAekKO_yhNxF6NL5cW32ggvmDFG_WeUOcyK_jhr6gkPSPjIIzE5SACb-s_R0b5ND-BLNPYu-8ipS59kGfoPS HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEIvT60W1o3S7C9a82hIGAD0&google_hm=ZIs9wmfzYpvegbKk6y3eUwAACJgAAAAB&google_nid=index&google_push=ATf1kGPoimV0TxLACdOPzqlVWPx9ebR3qDP-qyJXprigDSoOCys6hkK7yOM-jAekKO_yhNxF6NL5cW32ggvmDFG_WeUOcyK_jhr6gkPSPjIIzE5SACb-s_R0b5ND-BLNPYu-8ipS59kGfoPS
Request Chain 549
  • https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEDFu-saPazDad-nDT6ui9LQ&google_cver=1&google_push=ATf1kGNPsT-vV5nYjN-Gv_s8aWYW9y_xDUkUDlnZ1Ko3i6GmVAzsqQQKJOQcCbUqxFlCpRUorPOdxxBLWowBeXF_MHgjrFMWOWoemf6P9gGFNFakUZR4cO8Mil05StprvM1aS4gt6mhEqvW- HTTP 302
  • https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=ATf1kGNPsT-vV5nYjN-Gv_s8aWYW9y_xDUkUDlnZ1Ko3i6GmVAzsqQQKJOQcCbUqxFlCpRUorPOdxxBLWowBeXF_MHgjrFMWOWoemf6P9gGFNFakUZR4cO8Mil05StprvM1aS4gt6mhEqvW-&google_gid=CAESEDFu-saPazDad-nDT6ui9LQ HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDAzMDk5NTc1NTQzMDQwMzAxNDYzNA%3D%3D&google_push=ATf1kGNPsT-vV5nYjN-Gv_s8aWYW9y_xDUkUDlnZ1Ko3i6GmVAzsqQQKJOQcCbUqxFlCpRUorPOdxxBLWowBeXF_MHgjrFMWOWoemf6P9gGFNFakUZR4cO8Mil05StprvM1aS4gt6mhEqvW-
Request Chain 553
  • https://cm.g.doubleclick.net/pixel?google_nid=retargetly_ddp&google_hm=OTU2N2RiZmUtNDFlNS00OTliLWEzNzktOTlkNmE4ZDgyMjU1&google_cm HTTP 302
  • https://app.retargetly.com/sync?pid=11&google_gid=CAESEFWf3TfrJFQ1HoZvyDuCQ7M&google_cver=1
Request Chain 556
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3012&partner_device_id=9567dbfe-41e5-499b-a379-99d6a8d82255&_rand=1686846915486 HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3012&partner_device_id=9567dbfe-41e5-499b-a379-99d6a8d82255&_rand=1686846915486
Request Chain 560
  • https://secure.adnxs.com/getuid?https://app.retargetly.com/sync?sid=$UID&pid=2 HTTP 302
  • https://app.retargetly.com/sync?sid=4680200359325399449&pid=2
Request Chain 561
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3a%2f%2fapp.retargetly.com%2fsync%3fpid%3d14%26sid%3d%23PM_USER_ID HTTP 302
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3a%2f%2fapp.retargetly.com%2fsync%3fpid%3d14%26sid%3d%23PM_USER_ID&rdf=1 HTTP 302
  • https://app.retargetly.com/sync?pid=14&sid=C92F18E6-8F70-4B94-9A72-5AD9E80057A9
Request Chain 564
  • https://sync.smartadserver.com/getuid?gdpr=0&url=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%5Bsas_uid%5D%26pid%3D63 HTTP 302
  • https://sync.smartadserver.com/getuid?gdpr=0&url=https://app.retargetly.com/sync?sid=[sas_uid]&pid=63&cklb=1 HTTP 302
  • https://app.retargetly.com/sync?sid=394514084000236299
Request Chain 566
  • https://match.prod.bidr.io/cookie-sync/rp?bee_sync_partners=rp&gdpr=1&us_privacy=1--- HTTP 303
  • https://match.prod.bidr.io/cookie-sync/rp?bee_sync_partners=rp&gdpr=1&us_privacy=1---&_bee_ppp=1 HTTP 303
  • https://pixel.rubiconproject.com/tap.php?v=183462&nid=4114&put=AABIpU7JFnwAACCD0sUPmw&expires=30&gdpr=1
Request Chain 567
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=${ADELPHIC_CUID}&expires=30&gdpr=1&us_privacy=1--- HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=57f74d17-7129-4222-b766-dbb645ce37a0&expires=30&gdpr=1&us_privacy=1---
Request Chain 568
  • https://token.rubiconproject.com/token?pid=37556&a=1&gdpr=1&us_privacy=1--- HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3355&partner_device_id=LIXD3KQF-L-AV6P&gdpr=1&us_privacy=1--- HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3355&partner_device_id=LIXD3KQF-L-AV6P&gdpr=1&us_privacy=1---
Request Chain 570
  • https://token.rubiconproject.com/token?pid=26594&gdpr=1&us_privacy=1--- HTTP 302
  • https://ups.analytics.yahoo.com/ups/58160/sync?_origin=1&uid=LIXD3KQF-L-AV6P&gdpr=1&us_privacy=1---
Request Chain 571
  • https://sync.srv.stackadapt.com/sync?nid=14&gdpr=1&us_privacy=1--- HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=731524&nid=3858&put=nDLHiWVDVPJlvqBFltsLG7nVm7E
Request Chain 573
  • https://dis.criteo.com/dis/usersync.aspx?r=6&p=70&cp=Rubicon&cu=1&url=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D6434%26nid%3D2149%26put%3D%40%40CRITEO_USERID%40%40&gdpr=1&us_privacy=1--- HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=eea43453-97d9-48ce-aef8-82b708b00aa7&gdpr=1&us_privacy=1---
Request Chain 592
  • https://pr-bh.ybp.yahoo.com/sync/taboola/1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341?gdpr=1&us_privacy=1--- HTTP 302
  • https://sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/?taboola_hm=y-DRBsniRE2oSDK_CkBz47SDb3kwucMn4KlebJXg--~A
Request Chain 626
  • https://www.awin1.com/cawshow.php?v=11938&s=2542096&q=373618&r=412863&pv=1&pref3=oneidwAkUdfRR55UQdr9cEH7CwuXtxZ8UKTATzDF5oneid__dbmRTXL_desktop&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
  • https://banner.congstar.de/cookie/?sp=awin&spfr=412863&awc=11938_412863_1686846916_9bfa10f0-0b9a-11ee-87f6-2265f034cf4c
Request Chain 678
  • https://sync.richaudience.com/f7872c90c5d3791e2b51f7edce1a0a5d/?p=ns9qrKJLKD&consentString=&r=https%3A%2F%2Fcsync.smilewanted.com%2Fset_partner_userid_get%2Frichaudience%2F%5BPDID%5D HTTP 302
  • https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fcsync.smilewanted.com%2F
Request Chain 682
  • https://sync.1rx.io/usersync2/rmpssp?sub=smilewanted HTTP 302
  • https://sync.1rx.io/usersync2/rmpssp?sub=smilewanted&zcc=1&cb=1686846917392 HTTP 302
  • https://ad.turn.com/r/cs?pid=45&rndcb=2414923286 HTTP 302
  • https://sync.1rx.io/usersync/turn/7108919932890832803?dspret=1&gdpr=&gdpr_consent=&us_privacy= HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-344c46db-0904-4152-a98e-a01be2142fa8-003?redir=https%3A%2F%2Fcsync.smilewanted.com%2Fset_partner_userid_get%2Funruly%2FRX-344c46db-0904-4152-a98e-a01be2142fa8-003 HTTP 302
  • https://csync.smilewanted.com/set_partner_userid_get/unruly/RX-344c46db-0904-4152-a98e-a01be2142fa8-003
Request Chain 684
  • https://ads.betweendigital.com/match?bidder_id=45128&callback_url=https%3A%2F%2Fcsync.smilewanted.com%2Fset_partner_userid_get%2Fbetweenx%2F${USER_ID} HTTP 302
  • https://ads.betweendigital.com/match?bidder_id=45128&callback_url=https%3A%2F%2Fcsync.smilewanted.com%2Fset_partner_userid_get%2Fbetweenx%2F${USER_ID}&crf=1 HTTP 302
  • https://csync.smilewanted.com/set_partner_userid_get/betweenx/bac365e9-1492-52a6-80b7-2640e43c1b85
Request Chain 687
  • https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fcsync.smilewanted.com%2Fset_partner_userid_get%2Fadform%2F%24UID HTTP 303
  • https://csync.smilewanted.com/set_partner_userid_get/adform/8196798280612704842
Request Chain 688
  • https://ads.stickyadstv.com/user-matching?id=3602&gdpr=0&gdpr_consent= HTTP 302
  • https://csync.smilewanted.com/set_partner_userid_get/freewheel/702b5873a612f85ce8a9eff1811697cd?gdpr_consent=&gdpr=0
Request Chain 691
  • https://creativecdn.com/cm-notify?pi=smilewanted HTTP 302
  • https://creativecdn.com/cm-notify?pi=smilewanted&tc=1 HTTP 302
  • https://csync.smilewanted.com/set_partner_userid_get/rtbhouse/rUyfr0rfrd01P2dB7jsx?pi=smilewanted&tc=1
Request Chain 728
  • https://pr-bh.ybp.yahoo.com/sync/taboola/1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341?gdpr=1&us_privacy=1--- HTTP 302
  • https://sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/?taboola_hm=y-DRBsniRE2oSDK_CkBz47SDb3kwucMn4KlebJXg--~A

724 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
function-mp
us-central1-decisive-plasma-381522.cloudfunctions.net/ 		184 B
323 B 		Document
General
Check archive.org
Download Go to
Full URL
https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 15 Jun 2023 16:35:09 GMT
server
Google Frontend
vary
Accept-Encoding
Primary Request hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
www.metropoles.com/distrito-federal/na-mira/ 		219 KB
34 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
f594f7a4e2b35179b7762129c5595c22ec799cc453d771ac5ecfca191e67d5c8

Request headers

Referer
https://us-central1-decisive-plasma-381522.cloudfunctions.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
max-age=180
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Thu, 15 Jun 2023 16:35:10 GMT
etag
"11sx7ty70ks4sua"
expires
Thu, 15 Jun 2023 16:38:10 GMT
server
Google Frontend
vary
Accept-Encoding
via
1.1 google
image
www.metropoles.com/_next/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.metropoles.com/_next/image?url=https%3A%2F%2Fuploads.metropoles.com%2Fwp-content%2Fuploads%2F2023%2F06%2F13093242%2Foperacao-pcdf-atacadista-desvio-1.jpeg&w=640&q=75
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Azion IMS /
Resource Hash
fc184f57404301ea36f79a308de02beeca8008901d6ccc526d4ba02437b59d06

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
server
Azion IMS
x-original-image-size
15254
etag
"b6f1b0ee48c58e231b5bda080f5c0585e1e3b875"
vary
Accept
content-type
image/webp
x-ims
Enabled
cache-control
max-age=31536000
content-length
17638
expires
Fri, 14 Jun 2024 16:35:11 GMT
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		79 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4e3898a24b84308e26ba9f145eac650e4374a973aa29151a172230c92e4b062a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
26441
x-xss-protection
0
server
cafe
etag
250 / 19523 / 31075333 / config-hash: 17480437215513226996
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Thu, 15 Jun 2023 16:35:11 GMT
merriweather-heavy.woff2
files.metropoles.com/fonts/v2/merriweather/ 		26 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://files.metropoles.com/fonts/v2/merriweather/merriweather-heavy.woff2
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
UploadServer /
Resource Hash
ff94f227fcb352a183e351da7c4d86159a8a5876f03b9043606b23c3a5adf021

Request headers

Referer
https://www.metropoles.com/
Origin
https://www.metropoles.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
x-guploader-uploadid
ADPycdvjIJ2ApvczlEdiTNnpUzgMd_jJGoP-KxfM9ERb7ekdJoDJH0XOn3XHHTn1XWB6ZZm-cTMDoToGvHPY7mJsoK7WiVGd-uy2
x-goog-storage-class
STANDARD
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
26464
last-modified
Wed, 10 Jun 2020 17:44:59 GMT
x-goog-meta-version-id
8MArsqySO4o6LbQO3VQPYySXxkBx1.fW
server
UploadServer
etag
"6de914d0c88198f23dc0332907ac8cd9"
x-goog-generation
1591811099997325
content-type
application/octet-stream
access-control-allow-origin
*
x-goog-hash
crc32c=MtlEMA==, md5=bekU0MiBmPI9wDMpB6yM2Q==
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
max-age=2330060
access-control-allow-credentials
true
x-goog-stored-content-length
26464
accept-ranges
bytes
expires
Wed, 12 Jul 2023 15:49:32 GMT
merriweather-regular.woff2
files.metropoles.com/fonts/v2/merriweather/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://files.metropoles.com/fonts/v2/merriweather/merriweather-regular.woff2
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
UploadServer /
Resource Hash
bffc97c082a190580fc19619aa579e7e38324433271793d96409ca1ad431762e

Request headers

Referer
https://www.metropoles.com/
Origin
https://www.metropoles.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
x-guploader-uploadid
ADPycdtNlycPemA5GoH_JpJb8AEQmNbm-91lfFfUrwuyEZ5TM_xcoaZAAedOi23sAW-uJMHI7hoaf6H9kAE5sjntJ0Ex1Q
x-goog-storage-class
STANDARD
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
25116
last-modified
Wed, 10 Jun 2020 17:45:14 GMT
x-goog-meta-version-id
dJzexDgVGVIua31wGCCWcIwdds8bVbr0
server
UploadServer
etag
"d62120c6fcef24827123c78bc9ce9ee9"
x-goog-generation
1591811114151016
content-type
application/octet-stream
access-control-allow-origin
*
x-goog-hash
crc32c=0C1hTQ==, md5=1iEgxvzvJIJxI8eLyc6e6Q==
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
max-age=2330060
access-control-allow-credentials
true
x-goog-stored-content-length
25116
accept-ranges
bytes
expires
Wed, 12 Jul 2023 15:49:32 GMT
470114e640c91131.css
www.metropoles.com/_next/static/css/ 		991 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/css/470114e640c91131.css
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
aa35b2979996d48708eafcc43f3f7d75cc20c85bc8568d9b57eae2f8626729a5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
via
1.1 google
last-modified
Sun, 28 May 2023 15:42:59 GMT
server
Google Frontend
etag
W/"3df-1886306efb8"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
x-cloud-trace-context
e14d6e5cb2e482e6dd2c2b5564603866;o=1
cache-control
max-age=2330060
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
991
expires
Wed, 12 Jul 2023 15:49:31 GMT
webpack-6e6ed2f452657b39.js
www.metropoles.com/_next/static/chunks/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/webpack-6e6ed2f452657b39.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
8495ac4c0be8e7c0e1e2a6cf85a940c4a98957f8845f489e0e9071a781024ee1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Thu, 15 Jun 2023 05:03:02 GMT
server
Google Frontend
etag
W/"1794-188bd6f8370"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
framework-f1b0d75bc92442f5.js
www.metropoles.com/_next/static/chunks/ 		138 KB
138 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/framework-f1b0d75bc92442f5.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
7391fee577ec6bf54475282ac2ff39002ff108e7295a6639e74782a1b11e6312

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
via
1.1 google
last-modified
Sun, 28 May 2023 15:42:59 GMT
server
Google Frontend
etag
W/"22734-1886306efb8"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
x-cloud-trace-context
1a35c1430bd36fe128dbba78d5ddfe5a
cache-control
max-age=2330060
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
141108
expires
Wed, 12 Jul 2023 15:49:31 GMT
main-b7e884d1c069a91e.js
www.metropoles.com/_next/static/chunks/ 		112 KB
113 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/main-b7e884d1c069a91e.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
e2fa28116fcf72b7e715acea1e25b02e57f6ea4bc8f7bab0e085d41e7206dbfb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
via
1.1 google
last-modified
Sun, 28 May 2023 15:42:59 GMT
server
Google Frontend
etag
W/"1c03d-1886306efb8"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
x-cloud-trace-context
d56eb0bfebd02789417a7bceaeeace01
cache-control
max-age=2330060
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
114749
expires
Wed, 12 Jul 2023 15:49:31 GMT
_app-9ba152a8f66ef6c7.js
www.metropoles.com/_next/static/chunks/pages/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/pages/_app-9ba152a8f66ef6c7.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
322311b2d9fac84a664c24e804550b5d41a41e08d33d07d2664f32c4aa0d5a80

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Thu, 15 Jun 2023 02:43:24 GMT
server
Google Frontend
etag
W/"46e1-188bceface0"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
29107295-3799f78690eba16d.js
www.metropoles.com/_next/static/chunks/ 		68 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/29107295-3799f78690eba16d.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
64680226855164ec50e2c4c3d244ba6ac3cce887fb1851ebdf9297173202f8b5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Tue, 30 May 2023 01:53:11 GMT
server
Google Frontend
etag
W/"1109f-1886a5bf358"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
4141-45d6b05bb92d2007.js
www.metropoles.com/_next/static/chunks/ 		137 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/4141-45d6b05bb92d2007.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
0e1d3284159d3494debc46074128c0495f18132229cf34d9e8258a51aa6fde54

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Wed, 07 Jun 2023 01:48:37 GMT
server
Google Frontend
etag
W/"224a0-188938aa508"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
2320-4afe00473202106d.js
www.metropoles.com/_next/static/chunks/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/2320-4afe00473202106d.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
7d68170c1de20585ef2e1f030171d4994ab6a9100e03d414c94cf8325f5e4dcd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Thu, 15 Jun 2023 02:43:24 GMT
server
Google Frontend
etag
W/"1573-188bceface0"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
4219-b1a9b101e53c819f.js
www.metropoles.com/_next/static/chunks/ 		30 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/4219-b1a9b101e53c819f.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
cef7d8ff89751c9f94678ad0542a696ce4362afa424a1aca1a1fa4221e54f266

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Thu, 15 Jun 2023 03:20:25 GMT
server
Google Frontend
etag
W/"78fc-188bd1190a8"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
3626-403e77d8a0f7f4ad.js
www.metropoles.com/_next/static/chunks/ 		93 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/3626-403e77d8a0f7f4ad.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
01fd323bc78f3a95c389d4216d8cd4fc84cd9ca0053ea4db0ae05b248430164b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Thu, 15 Jun 2023 02:43:24 GMT
server
Google Frontend
etag
W/"175c8-188bceface0"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
8219-d226ab4942139ebd.js
www.metropoles.com/_next/static/chunks/ 		38 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/8219-d226ab4942139ebd.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
2839bdf53a85b753ed2723ccc640f8b43bcf238708166fa0cd303f14f7290356

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Thu, 15 Jun 2023 05:03:02 GMT
server
Google Frontend
etag
W/"96ad-188bd6f8370"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
6401-3735f91e2a98354a.js
www.metropoles.com/_next/static/chunks/ 		11 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/6401-3735f91e2a98354a.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
c9ce890fe0752d8bda1d254ad7a11b237066f5ea8508704c5a8e9a2c2e182ef6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Thu, 15 Jun 2023 02:43:24 GMT
server
Google Frontend
etag
W/"2d70-188bceface0"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
8571-984f159bbbaebdec.js
www.metropoles.com/_next/static/chunks/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/8571-984f159bbbaebdec.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
64ca6eb167d8f82ec776f994a2e550e07518bb6a6ee1894cd26db5de641b6fde

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Thu, 15 Jun 2023 02:43:24 GMT
server
Google Frontend
etag
W/"47e4-188bceface0"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
5636-03c87a140a77804b.js
www.metropoles.com/_next/static/chunks/ 		44 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/5636-03c87a140a77804b.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
c7be5651c0df1ec99238edd07e6127e84b563dac7463d46576c0461b791c1fbd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Thu, 15 Jun 2023 05:03:02 GMT
server
Google Frontend
etag
W/"b1bf-188bd6f8370"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
%5Bn3%5D-a81cd5db874c9f79.js
www.metropoles.com/_next/static/chunks/pages/%5Bn1%5D/%5Bn2%5D/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/pages/%5Bn1%5D/%5Bn2%5D/%5Bn3%5D-a81cd5db874c9f79.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
efcf6788a2145832c38407e559036d7ddd13715ffc8f6699e2eff442c2aba5ba

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Thu, 15 Jun 2023 02:43:24 GMT
server
Google Frontend
etag
W/"d26-188bceface0"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
_buildManifest.js
www.metropoles.com/_next/static/SDMWoRO0DeCqH7hXMn-Dw/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/SDMWoRO0DeCqH7hXMn-Dw/_buildManifest.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
15d2650c96e82112376b6f01b3a0c038674ccea6254d2d1ea0c28b517a0655cd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Thu, 15 Jun 2023 05:03:02 GMT
server
Google Frontend
etag
W/"e16-188bd6f8370"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
_ssgManifest.js
www.metropoles.com/_next/static/SDMWoRO0DeCqH7hXMn-Dw/ 		122 B
458 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/SDMWoRO0DeCqH7hXMn-Dw/_ssgManifest.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
f6c4fec29005ff8b4a4520fd5c1b5f3e71bd59df7ce4d3823e974c598abb2b40

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
via
1.1 google
last-modified
Thu, 15 Jun 2023 05:03:41 GMT
server
Google Frontend
etag
W/"7a-188bd701bc8"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
x-cloud-trace-context
0ab48179c74db943bb3f61676470b974
cache-control
max-age=2330060
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
122
expires
Wed, 12 Jul 2023 15:49:31 GMT
thumb-poster-3x2.webp
files.metropoles.com/assets/images/icons/ 		44 B
622 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://files.metropoles.com/assets/images/icons/thumb-poster-3x2.webp
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
UploadServer /
Resource Hash
b048643a95803a09ed7e10c58d99be616a4bef6e91f1b814d64675461a294fe2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
x-guploader-uploadid
ADPycduGpjInYjqUblIGYdgFAvtLNgARiwW-7YUbOza-i8OOx0NtVvDjJ5SISbhcY7xcCxahb-MdeVoT4ZVedfe16HBoRQ
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
44
last-modified
Tue, 09 Aug 2022 20:09:58 GMT
server
UploadServer
etag
"6a87ad06a0ae664c61c2f46eb47e3114"
x-goog-generation
1660075798800511
content-type
image/webp
access-control-allow-origin
*
x-goog-hash
crc32c=a3EzDQ==, md5=aoetBqCuZkxhwvRutH4xFA==
cache-control
max-age=2330060
access-control-allow-credentials
true
x-goog-stored-content-length
44
accept-ranges
bytes
expires
Wed, 12 Jul 2023 15:49:32 GMT
thumb-poster-3x2.jpg
files.metropoles.com/assets/images/icons/ 		44 B
303 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://files.metropoles.com/assets/images/icons/thumb-poster-3x2.jpg
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Azion IMS /
Resource Hash
b443dc9a16e5fb4a1599e3998996e6b826c1b52df81d32d3e2dd2bb55168ab25

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
server
Azion IMS
x-original-image-size
338
etag
"7dbfa42a02b4210f3da7da05c8d17460ee9fa8d0"
vary
Accept
content-type
image/webp
x-ims
Enabled
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
content-length
44
expires
Fri, 14 Jun 2024 16:35:12 GMT
bell.svg
www.metropoles.com/images/ 		432 B
750 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.metropoles.com/images/bell.svg
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
3937bd3b6d39a57c9e39d56af4a13e15470b9ac4b983e045b99de83f90e7fc66

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
via
1.1 google
last-modified
Thu, 15 Jun 2023 04:58:26 GMT
server
Google Frontend
etag
W/"1b0-188bd6b4d50"
vary
Accept-Encoding
content-type
image/svg+xml
x-cloud-trace-context
5f3fb94970e08434b1aad59e791f017d
cache-control
max-age=180
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
432
expires
Thu, 15 Jun 2023 16:38:11 GMT
truncated
/ 		286 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a31c6b29a73145e63f924efee0c9f319232d43a8d0757985e61c5365de7f84ff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/ 		286 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ad91b2ebeb345c527884b7c5b093f1438d4208e7ee00dcf05ee9c9460e8a3f4d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
icon-camera-credito.svg
www.metropoles.com/images/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.metropoles.com/images/icon-camera-credito.svg
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
793cc66df9ca07785b94137c6087da7015cafb8ea95bf26b3c3928ce42dd8670

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Thu, 15 Jun 2023 04:58:26 GMT
server
Google Frontend
etag
W/"867-188bd6b4d50"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=180
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 15 Jun 2023 16:38:11 GMT
truncated
/ 		286 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
47070d88979341b3cbad691197a0ca89ad0a6ae0f89f95b7668c68fca406ca5c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
icon-seta-new-carousel-left.svg
www.metropoles.com/images/ 		1 KB
831 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.metropoles.com/images/icon-seta-new-carousel-left.svg
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
2fbfd4f7347d990ac60cd28a6c3b6a7ba964d0f34ae068538957ee5973b78e77

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Thu, 15 Jun 2023 04:58:26 GMT
server
Google Frontend
etag
W/"45f-188bd6b4d50"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=180
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 15 Jun 2023 16:38:11 GMT
icon-seta-new-carousel-right.svg
www.metropoles.com/images/ 		1 KB
809 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.metropoles.com/images/icon-seta-new-carousel-right.svg
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
90419d182258893b115173da18508f01fc90e90a2d9a37949babb308fdeb2b1f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Thu, 15 Jun 2023 04:58:26 GMT
server
Google Frontend
etag
W/"42c-188bd6b4d50"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=180
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 15 Jun 2023 16:38:11 GMT
icon-camera-carousel.svg
www.metropoles.com/images/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.metropoles.com/images/icon-camera-carousel.svg
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
666ed954d184142daaaee80a4c956f3fb83655dc69b2f947cae3597b7b911efc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Thu, 15 Jun 2023 04:58:26 GMT
server
Google Frontend
etag
W/"7ee-188bd6b4d50"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=180
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 15 Jun 2023 16:38:11 GMT
bell-modal.svg
www.metropoles.com/images/ 		1 KB
859 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.metropoles.com/images/bell-modal.svg
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
4524715accc5a67085b31f40423939c8464bd826dade79d8ec0b5f7b2dfffcb4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Thu, 15 Jun 2023 04:58:26 GMT
server
Google Frontend
etag
W/"404-188bd6b4d50"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=180
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 15 Jun 2023 16:38:11 GMT
icon-checked.svg
www.metropoles.com/images/ 		212 B
531 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.metropoles.com/images/icon-checked.svg
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
25bc421e63cd8139de0d4ec8e7c4a15026eed4f3e6a431608e148a0891b2ec15

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
via
1.1 google
last-modified
Thu, 15 Jun 2023 04:58:26 GMT
server
Google Frontend
etag
W/"d4-188bd6b4d50"
vary
Accept-Encoding
content-type
image/svg+xml
x-cloud-trace-context
f551c69c8df275bbf5e9b8460a798474
cache-control
max-age=180
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
212
expires
Thu, 15 Jun 2023 16:38:11 GMT
merriweather-bold.woff2
files.metropoles.com/fonts/v2/merriweather/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://files.metropoles.com/fonts/v2/merriweather/merriweather-bold.woff2
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
UploadServer /
Resource Hash
8a21d4b2e1d5f5d627fbc88a8e6d6e164ac73510555d16483936eaa36fe9f061

Request headers

Referer
https://www.metropoles.com/
Origin
https://www.metropoles.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
x-guploader-uploadid
ADPycdsXiC3cf4z5c63vt9_83YIGRs_jyrTfNuYWEUye5EY36JY8GOl9Qb5pXOoTTSKWwS2u9OBJSnWIXGRaHyBR4qW7iw
x-goog-storage-class
STANDARD
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
27200
last-modified
Wed, 10 Jun 2020 17:44:57 GMT
x-goog-meta-version-id
qj4IXwIFM2tb77ykJlU4UoDauKkkR7mM
server
UploadServer
etag
"1fe866f80bddf7a3231bbfba3fe46d72"
x-goog-generation
1591811097522671
content-type
application/octet-stream
access-control-allow-origin
*
x-goog-hash
crc32c=8rpWtw==, md5=H+hm+Avd96MjG7+6P+Rtcg==
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
max-age=2330060
access-control-allow-credentials
true
x-goog-stored-content-length
27200
accept-ranges
bytes
expires
Wed, 12 Jul 2023 15:49:32 GMT
YM5sDNF6-HdA8q6gX.html
cdn.jwplayer.com/players/ Frame 0BA1 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.jwplayer.com/players/YM5sDNF6-HdA8q6gX.html
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2016:6a00:1:a3fa:7cc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
f5fc7531d692927d1adfd994a87620d662b5bdce296926c11eee646351de671e

Request headers

Referer
https://www.metropoles.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
content-encoding
gzip
content-length
1457
content-type
text/html; charset=utf-8
date
Thu, 15 Jun 2023 16:35:11 GMT
server
openresty
via
1.1 8f9305e858931aa6ae96c1310e7ea596.cloudfront.net (CloudFront)
x-amz-cf-id
4Kog-5XnKyqEIucQFotXc4hmO-6QJ4kErHcTvOZBQl6VHl9rZ7p39Q==
x-amz-cf-pop
HAM50-C2
x-cache
Miss from cloudfront
x-robots-tag
noindex, indexifembedded
GLdb5qhK-HdA8q6gX.html
cdn.jwplayer.com/players/ Frame 2685 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.jwplayer.com/players/GLdb5qhK-HdA8q6gX.html
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2016:6a00:1:a3fa:7cc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
4759c04be21010c0a609acd82bde588376a5bcd65919afe236f59e1d66d6946f

Request headers

Referer
https://www.metropoles.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
content-encoding
gzip
content-length
1435
content-type
text/html; charset=utf-8
date
Thu, 15 Jun 2023 16:35:11 GMT
server
openresty
via
1.1 8f9305e858931aa6ae96c1310e7ea596.cloudfront.net (CloudFront)
x-amz-cf-id
e7ZZmFJAvb-rEYpZANEQ2ssmg3Dalo27vabi8GAjFznXkaRMcpK2pw==
x-amz-cf-pop
HAM50-C2
x-cache
Miss from cloudfront
x-robots-tag
noindex, indexifembedded
image
www.metropoles.com/_next/ 		810 B
1019 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.metropoles.com/_next/image?url=https%3A%2F%2Fuploads.metropoles.com%2Fwp-content%2Fuploads%2F2022%2F11%2F30143050%2Fwhatsapp-3.png&w=32&q=75
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Azion IMS /
Resource Hash
4db31dada697b81f2385be1162feb04c445470040603572595b6a483ce858323

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
server
Azion IMS
x-original-image-size
692
etag
"1fd55937554cc06c7ad2f66fdf3029b2c4ac1bba"
vary
Accept
content-type
image/webp
x-ims
Enabled
cache-control
max-age=31536000
content-length
810
expires
Fri, 14 Jun 2024 16:35:11 GMT
image
www.metropoles.com/_next/ 		720 B
929 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.metropoles.com/_next/image?url=https%3A%2F%2Fuploads.metropoles.com%2Fwp-content%2Fuploads%2F2022%2F11%2F30143225%2Ftelegram-3.png&w=32&q=75
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Azion IMS /
Resource Hash
d19d678f9c4a6a3c9e93d2c4292c415fcdc6935f6b56610148c8520421c89c7d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
server
Azion IMS
x-original-image-size
568
etag
"cb282f9cc04bd3710337b5d8a788504038104597"
vary
Accept
content-type
image/webp
x-ims
Enabled
cache-control
max-age=31536000
content-length
720
expires
Fri, 14 Jun 2024 16:35:11 GMT
image
www.metropoles.com/_next/ 		736 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.metropoles.com/_next/image?url=https%3A%2F%2Fuploads.metropoles.com%2Fwp-content%2Fuploads%2F2022%2F03%2F04170052%2Ffacebook.png&w=32&q=75
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Azion IMS /
Resource Hash
2c8aad4f3c43f2e3f7af9f03fdbaaf3f9d26a8b210cfaefae44b88cd9acfae74

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
server
Azion IMS
x-original-image-size
684
etag
"2c408b88d7406e7bdfb074fc5434e3d072c72b3a"
vary
Accept
content-type
image/webp
x-ims
Enabled
cache-control
max-age=31536000
content-length
736
expires
Fri, 14 Jun 2024 16:35:11 GMT
image
www.metropoles.com/_next/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.metropoles.com/_next/image?url=https%3A%2F%2Fuploads.metropoles.com%2Fwp-content%2Fuploads%2F2022%2F03%2F04170206%2Finstagram-2.png&w=32&q=75
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Azion IMS /
Resource Hash
257081b25e641b3403d9506219095a7124257ecbda59f750ab3f41a646b1e1c8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
server
Azion IMS
x-original-image-size
960
etag
"12301bffa68cabffc50883ef73609fe54196e028"
vary
Accept
content-type
image/webp
x-ims
Enabled
cache-control
max-age=31536000
content-length
1080
expires
Fri, 14 Jun 2024 16:35:11 GMT
image
www.metropoles.com/_next/ 		692 B
901 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.metropoles.com/_next/image?url=https%3A%2F%2Fuploads.metropoles.com%2Fwp-content%2Fuploads%2F2022%2F03%2F04170226%2Ftwitter-15.png&w=32&q=75
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Azion IMS /
Resource Hash
90af636b9c12932ae90b74eb18c08cc6c3a9d345807400d3ada31b54e5ef5a42

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
server
Azion IMS
x-original-image-size
580
etag
"59295fdeedf882cd51edb5249159d14aa322dc5d"
vary
Accept
content-type
image/webp
x-ims
Enabled
cache-control
max-age=31536000
content-length
692
expires
Fri, 14 Jun 2024 16:35:11 GMT
image
www.metropoles.com/_next/ 		658 B
867 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.metropoles.com/_next/image?url=https%3A%2F%2Fuploads.metropoles.com%2Fwp-content%2Fuploads%2F2022%2F03%2F04170244%2Fyoutube.png&w=32&q=75
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Azion IMS /
Resource Hash
fc1c7704a38dc5aa12ae2faf7f4627fcf5bcbdffb0e1223729e5d9779f786927

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
server
Azion IMS
x-original-image-size
540
etag
"a3b562bf79bed6c9fe82d2e720baf8e287167719"
vary
Accept
content-type
image/webp
x-ims
Enabled
cache-control
max-age=31536000
content-length
658
expires
Fri, 14 Jun 2024 16:35:11 GMT
image
www.metropoles.com/_next/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.metropoles.com/_next/image?url=https%3A%2F%2Fuploads.metropoles.com%2Fwp-content%2Fuploads%2F2022%2F03%2F04170259%2Ftiktok.png&w=32&q=75
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Azion IMS /
Resource Hash
e05fce47c4a1da4e49ae9d65d38483e99c62cd42be06980e9413ca0bd7e57cae

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
server
Azion IMS
x-original-image-size
904
etag
"184a2a9b9e0b0cc58705424d760c7cad82f9c539"
vary
Accept
content-type
image/webp
x-ims
Enabled
cache-control
max-age=31536000
content-length
1088
expires
Fri, 14 Jun 2024 16:35:11 GMT
image
www.metropoles.com/_next/ 		984 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.metropoles.com/_next/image?url=https%3A%2F%2Fuploads.metropoles.com%2Fwp-content%2Fuploads%2F2022%2F03%2F04170316%2Fkwai.png&w=32&q=75
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Azion IMS /
Resource Hash
fe1ea235ce11303facc38f4b079a0dba5fa7780e276849b5af683a7f943d624d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
server
Azion IMS
x-original-image-size
846
etag
"e7e83e0552dfb0af0008d6302a7401b0e3efb659"
vary
Accept
content-type
image/webp
x-ims
Enabled
cache-control
max-age=31536000
content-length
984
expires
Fri, 14 Jun 2024 16:35:11 GMT
image
www.metropoles.com/_next/ 		906 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.metropoles.com/_next/image?url=https%3A%2F%2Fuploads.metropoles.com%2Fwp-content%2Fuploads%2F2022%2F11%2F30143349%2Fhelo.png&w=32&q=75
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Azion IMS /
Resource Hash
d22fa8b0877fbf5e485b5e414a22856b86782a57c10f8b60e91e07803161323c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
server
Azion IMS
x-original-image-size
734
etag
"aeee88c4863f3e707fd5a482f406030f4c1fa928"
vary
Accept
content-type
image/webp
x-ims
Enabled
cache-control
max-age=31536000
content-length
906
expires
Fri, 14 Jun 2024 16:35:11 GMT
image
www.metropoles.com/_next/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.metropoles.com/_next/image?url=https%3A%2F%2Fuploads.metropoles.com%2Fwp-content%2Fuploads%2F2023%2F02%2F10151820%2Favatar-os2-min-1.png&w=256&q=75
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Azion IMS /
Resource Hash
38362fe321dc5e8b30bb5fc3d0b4f9b7179246d26df7d879779c908a5a96e930

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
server
Azion IMS
x-original-image-size
9252
etag
"b6ccb82cae7c6252503501b5a148a065bc12db0e"
vary
Accept
content-type
image/webp
x-ims
Enabled
cache-control
max-age=31536000
content-length
10370
expires
Fri, 14 Jun 2024 16:35:11 GMT
image
www.metropoles.com/_next/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.metropoles.com/_next/image?url=https%3A%2F%2Fuploads.metropoles.com%2Fwp-content%2Fuploads%2F2023%2F02%2F10151842%2Flogonamira-min-1.png&w=640&q=75
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Azion IMS /
Resource Hash
bb480fc2b6b92ce87e4a8d90319f2c96bb294212eee70d2666a66d07ad4df6a2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
server
Azion IMS
x-original-image-size
8374
etag
"ff41f0db3f3cf29f91393079c222ffe468d424e6"
vary
Accept
content-type
image/webp
x-ims
Enabled
cache-control
max-age=31536000
content-length
9546
expires
Fri, 14 Jun 2024 16:35:11 GMT
/
stellate.metropoles.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://stellate.metropoles.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:200::307 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/ Stellate
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.metropoles.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST, GET, HEAD, OPTIONS
access-control-allow-origin
https://www.metropoles.com
access-control-expose-headers
*
access-control-max-age
600
cache-control
s-maxage=0, no-cache, no-store, must-revalidate
content-length
0
date
Thu, 15 Jun 2023 16:35:11 GMT
gcdn-cache
PASS
gcdn-passed-through-request
http-method:OPTIONS
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-powered-by
Stellate
x-served-by
cache-fra-eddf8230096-FRA
x-timer
S1686846911.465634,VS0,VE25
analytics.js
www.google-analytics.com/ 		51 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/_next/static/chunks/main-b7e884d1c069a91e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 15 Jun 2023 14:35:26 GMT
last-modified
Mon, 17 Apr 2023 22:36:01 GMT
server
Golfe2
age
7185
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20737
expires
Thu, 15 Jun 2023 16:35:26 GMT
OneSignalSDK.js
cdn.onesignal.com/sdks/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/_next/static/chunks/main-b7e884d1c069a91e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d73b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
194addf8fd862999286b33cf83116babe8c700ba3a28111777f49ca72c429970
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
age
601
etag
W/"06f50014011c1fcd9e21b6b0481979de"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
7d7c398bbbc98fe6-FRA
access-control-allow-headers
OneSignal-Subscription-Id
alt-svc
h3=":443"; ma=86400
expires
Sun, 18 Jun 2023 16:35:11 GMT
/
stellate.metropoles.com/ 		21 KB
5 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://stellate.metropoles.com/
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/_next/static/chunks/8219-d226ab4942139ebd.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:200::307 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/ Stellate
Resource Hash
6e0fd6c55c9b8abee388831c0d3a6894d811e84843b770a6b0c3d228d66296cd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json
Referer
https://www.metropoles.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
application/json

Response headers

expires
Thu, 15 Jun 2023 16:40:21 GMT
date
Thu, 15 Jun 2023 16:35:11 GMT
x-graphql-url
https://www.metropoles.com/d310a15df0e8e6911afb6d07e814e6b181f1a530
x-content-type-options
nosniff
gcdn-cache
HIT
via
1.1 varnish
x-graphql-query-id
40b6b387efc0675fcf6e1a7ceadf875173b58cf11260a6bc6b737a593ef41b78
age
50
x-powered-by
Stellate
content-encoding
gzip
x-cache
HIT
x-graphql-keys
40b6b387efc0675fcf6e1a7ceadf875173b58cf11260a6bc6b737a593ef41b78 graphql:Query operation:ultimasNoticias list:post list:category cG9zdDoyNzM2ODQ4 cG9zdDoyNzM2ODI2 cG9zdDoyNzM2ODY3 cG9zdDoyNzM2NTgx cG9zdDoyNzM2ODMx cG9zdDoyNzM2ODQw cG9zdDoyNzM2ODcw cG9zdDoyNzM2NTg5 cG9zdDoyNzM2ODQx cG9zdDoyNzM2NTAz cG9zdDoyNzM2NDcz dGVybToxODI= cG9zdDoyNzM2ODQ3 dGVybToxNDA= cG9zdDoyMzkwNzQ0 cG9zdDoyNzM2NzIy dGVybTo0Mzk1Nw== cG9zdDoyNzM2ODY0 dGVybTozMjQzNTg= cG9zdDoyNzM2ODQ2 dGVybTozMTI1 cG9zdDoyNzM2ODc0 dGVybTozMDc5MjM= cG9zdDoyNzM0NTUx dGVybTozMDc5Nzg= cG9zdDoyNzM2ODU2 dGVybToxNTI0OQ== cG9zdDoxODk5MjA4 dGVybToxMzA4 dGVybTozMTIz dGVybToxNTI=
content-length
3885
x-served-by
cache-fra-eddf8230096-FRA
x-timer
S1686846912.532219,VS0,VE2
vary
Accept-Encoding
access-control-allow-methods
POST, GET, HEAD, OPTIONS
content-type
application/json; charset=UTF-8
access-control-max-age
600
access-control-allow-origin
https://www.metropoles.com
access-control-expose-headers
*
cache-control
public, s-maxage=60, stale-while-revalidate=60
access-control-allow-credentials
true
accept-ranges
bytes
x-robots-tag
noindex
access-control-allow-headers
*
x-cache-hits
1
index.js
www.metropoles.com/clever/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/clever/index.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/_next/static/chunks/main-b7e884d1c069a91e.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
09e39e25dc749ba9e27d76d3319de217829603957482477eb9db3870e9c7e551

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Tue, 30 May 2023 01:48:37 GMT
server
Google Frontend
etag
W/"1105-1886a57c508"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/ 		408 KB
126 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075333
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1e190fdf47cb7389e127605fc34bfb1bfc74281d5264501b79f2779008a2ae73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 19:36:38 GMT
content-encoding
br
x-content-type-options
nosniff
age
75513
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
128933
x-xss-protection
0
server
cafe
etag
1396361306703029922
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Thu, 13 Jun 2024 19:36:38 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		1 KB
555 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.metropoles.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
10e3ba7504cb8478833cc3fe8f453135b12a1b3227decdff73b59d61f8fec64a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
530
x-xss-protection
0
expires
Thu, 15 Jun 2023 16:35:11 GMT
1282.1a3ab5fe50c93eb8.js
www.metropoles.com/_next/static/chunks/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/1282.1a3ab5fe50c93eb8.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/_next/static/chunks/webpack-6e6ed2f452657b39.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
02effa75ffbd92260504eee3ada9e43c2809b911c792a1d1a1dedd1bb24dde70

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Tue, 06 Jun 2023 03:38:07 GMT
server
Google Frontend
etag
W/"6ff-1888ec88918"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
2277.509d08337854b3b9.js
www.metropoles.com/_next/static/chunks/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/2277.509d08337854b3b9.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/_next/static/chunks/webpack-6e6ed2f452657b39.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
2dd9d00ddd9e410ff8c268ede0a7fac54c759917ac4b5bd307c0b7296e102c5f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Thu, 15 Jun 2023 05:03:02 GMT
server
Google Frontend
etag
W/"1e18-188bd6f8370"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
5617.3c447ecd4b75830b.js
www.metropoles.com/_next/static/chunks/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/5617.3c447ecd4b75830b.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/_next/static/chunks/webpack-6e6ed2f452657b39.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
4102bc2506f4aae98d2da3c29da2bd550a9e61cc39310c07f1d2f949159a87c6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Thu, 15 Jun 2023 02:43:24 GMT
server
Google Frontend
etag
W/"2222-188bceface0"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
9855-4c1c546d2bd40743.js
www.metropoles.com/_next/static/chunks/ 		0
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/9855-4c1c546d2bd40743.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/_next/static/chunks/main-b7e884d1c069a91e.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Tue, 30 May 2023 01:53:11 GMT
server
Google Frontend
etag
W/"1c6d-1886a5bf358"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
index-d1f144e19a815cf4.js
www.metropoles.com/_next/static/chunks/pages/ 		0
656 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/pages/index-d1f144e19a815cf4.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/_next/static/chunks/main-b7e884d1c069a91e.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
via
1.1 google
last-modified
Thu, 08 Jun 2023 15:18:14 GMT
server
Google Frontend
etag
W/"140-1889b963af0"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
x-cloud-trace-context
a36344c6f426d50aab639d96f3ce1794
cache-control
max-age=2330060
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
320
expires
Wed, 12 Jul 2023 15:49:31 GMT
8196-73b8df5ebcf682c0.js
www.metropoles.com/_next/static/chunks/ 		0
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/8196-73b8df5ebcf682c0.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/_next/static/chunks/main-b7e884d1c069a91e.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Tue, 30 May 2023 01:53:11 GMT
server
Google Frontend
etag
W/"1ed7-1886a5bf358"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
5455-5e790daf4c52a8ca.js
www.metropoles.com/_next/static/chunks/ 		0
5 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/5455-5e790daf4c52a8ca.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/_next/static/chunks/main-b7e884d1c069a91e.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Thu, 15 Jun 2023 05:03:02 GMT
server
Google Frontend
etag
W/"49fe-188bd6f8370"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
5979-a1eda570c18efd9c.js
www.metropoles.com/_next/static/chunks/ 		0
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/5979-a1eda570c18efd9c.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/_next/static/chunks/main-b7e884d1c069a91e.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Thu, 15 Jun 2023 05:03:02 GMT
server
Google Frontend
etag
W/"21bf-188bd6f8370"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
ultimas-noticias-6d6284216a7eb30a.js
www.metropoles.com/_next/static/chunks/pages/ 		0
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/pages/ultimas-noticias-6d6284216a7eb30a.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/_next/static/chunks/main-b7e884d1c069a91e.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Wed, 07 Jun 2023 22:17:37 GMT
server
Google Frontend
etag
W/"b6d-18897efd3e8"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
%5Bn1%5D-b8e9833c3211523d.js
www.metropoles.com/_next/static/chunks/pages/ 		0
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/pages/%5Bn1%5D-b8e9833c3211523d.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/_next/static/chunks/main-b7e884d1c069a91e.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Thu, 15 Jun 2023 02:43:24 GMT
server
Google Frontend
etag
W/"21ae-188bceface0"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
%5Bn2%5D-055992f4fdcab8f5.js
www.metropoles.com/_next/static/chunks/pages/%5Bn1%5D/ 		0
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/pages/%5Bn1%5D/%5Bn2%5D-055992f4fdcab8f5.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/_next/static/chunks/main-b7e884d1c069a91e.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Thu, 15 Jun 2023 02:43:24 GMT
server
Google Frontend
etag
W/"d5d-188bceface0"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
5455-5e790daf4c52a8ca.js
www.metropoles.com/_next/static/chunks/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/5455-5e790daf4c52a8ca.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/_next/static/chunks/webpack-6e6ed2f452657b39.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
7263a0e2d68f88a165e4cc82eba90af7187b959796279c91eb8bdeed290d704e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Thu, 15 Jun 2023 05:03:02 GMT
server
Google Frontend
etag
W/"49fe-188bd6f8370"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
5979-a1eda570c18efd9c.js
www.metropoles.com/_next/static/chunks/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/5979-a1eda570c18efd9c.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/_next/static/chunks/webpack-6e6ed2f452657b39.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
8304a89d62a7f1c5a5de370c062a3cdb3100a70af7d5365c2d4907b1220b5743

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Thu, 15 Jun 2023 05:03:02 GMT
server
Google Frontend
etag
W/"21bf-188bd6f8370"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
8109.628ccd211d5639e0.js
www.metropoles.com/_next/static/chunks/ 		725 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/8109.628ccd211d5639e0.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/_next/static/chunks/webpack-6e6ed2f452657b39.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
bc4e88b845a119ff781ce75e4f649aada39938ddd548bfc288f362696e31abff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
via
1.1 google
last-modified
Tue, 30 May 2023 01:53:11 GMT
server
Google Frontend
etag
W/"2d5-1886a5bf358"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
x-cloud-trace-context
95aa7fa897ea71f98efaca779e5da0f4
cache-control
max-age=2330060
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
725
expires
Wed, 12 Jul 2023 15:49:31 GMT
3308.6d363179f7bba718.js
www.metropoles.com/_next/static/chunks/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/3308.6d363179f7bba718.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/_next/static/chunks/webpack-6e6ed2f452657b39.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
0330769787f19bd8926207d4131f89c824fe154735845b0db526e37031a8bdc0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Tue, 30 May 2023 01:53:11 GMT
server
Google Frontend
etag
W/"a6e-1886a5bf358"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
OneSignalPageSDKES6.js
cdn.onesignal.com/sdks/ 		284 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151601
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d73b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c868ebeb22a6d2945834c14da4641969a62e35a6cfa434a974339df068324b6e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
age
601
etag
W/"2cf94922e2d551e8dc7c38c022a9a3ca"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
7d7c398c1c2d8fe6-FRA
access-control-allow-headers
OneSignal-Subscription-Id
alt-svc
h3=":443"; ma=86400
expires
Sun, 18 Jun 2023 16:35:11 GMT
69f6ffd71cf2dc9146e752ec559a9b06.js
scripts.cleverwebserver.com/ 		131 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://scripts.cleverwebserver.com/69f6ffd71cf2dc9146e752ec559a9b06.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/clever/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:18f6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f5db49e2595c5452cb40d7681c1ad390d13d99d2f65a3e0ce46af5ef41ec3314

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
x-amz-version-id
WfznibtMIlVAy1f_AcchWBsN9vMOnZ3o
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 15 Jun 2023 15:05:28 GMT
server
cloudflare
x-amz-request-id
QK99ZPHEC7H6GRNF
age
1397
etag
W/"58ebcff627944f175fa4ffa7f7aedfd8"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=1800
cf-ray
7d7c398c5dbf91e7-FRA
x-amz-id-2
QVkCE68DmQivcUkanmAO3d1Ijrekkw94wQT0bJ/oia8Lljz6OEUB5Kmv2rsJxulYznI0dFMpCXk=
expires
Thu, 15 Jun 2023 17:05:11 GMT
%5Bn2%5D-055992f4fdcab8f5.js
www.metropoles.com/_next/static/chunks/pages/%5Bn1%5D/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/pages/%5Bn1%5D/%5Bn2%5D-055992f4fdcab8f5.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/_next/static/chunks/main-b7e884d1c069a91e.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
2de63893ef586ebcc4e7376f9a0e1935850c91b3061425d34dd3e1da2d13af4d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Thu, 15 Jun 2023 02:43:24 GMT
server
Google Frontend
etag
W/"d5d-188bceface0"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
%5Bn1%5D-b8e9833c3211523d.js
www.metropoles.com/_next/static/chunks/pages/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/pages/%5Bn1%5D-b8e9833c3211523d.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/_next/static/chunks/main-b7e884d1c069a91e.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
90339854e267b9a75ab65ffce0c7e8f3a9f1e50a889058ad1969cdd293618960

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Thu, 15 Jun 2023 02:43:24 GMT
server
Google Frontend
etag
W/"21ae-188bceface0"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
web
onesignal.com/api/v1/sync/759c7003-d177-4bb0-a963-17f076743060/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://onesignal.com/api/v1/sync/759c7003-d177-4bb0-a963-17f076743060/web?callback=__jp0
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151601
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d73b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4301a1706636dd80a56016b4381ae823e6b5bb4f85dc3d03a81651eba00738a0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
via
1.1 google
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=15552000; includeSubDomains
age
1662
cf-polished
origSize=3394
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
9277ddf5-a395-4e90-b30a-639bc4093a0c
x-runtime
0.069721
referrer-policy
strict-origin-when-cross-origin
cf-bgj
minify
server
cloudflare
etag
W/"1e89e2ed2102f514f8ad8678b54bc964"
x-download-options
noopen
vary
Origin, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=3600
cf-ray
7d7c398c9cb68fe6-FRA
access-control-allow-headers
SDK-Version
expires
Thu, 15 Jun 2023 17:35:11 GMT
collect
www.google-analytics.com/j/ 		4 B
211 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j100&a=963000094&t=pageview&_s=1&dl=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&dr=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&ul=en-us&de=UTF-8&dt=V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai%20%7C%20Metr%C3%B3poles&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=KEBAAEABAAAAACAAI~&jid=52433950&gjid=679954981&cid=221450224.1686846911&tid=UA-66850008-1&_gid=990935115.1686846911&_r=1&_slc=1&z=477359518
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.metropoles.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:11 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.metropoles.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
GLdb5qhK-HdA8q6gX.js
content.jwplatform.com/players/ Frame 2685 		109 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://content.jwplatform.com/players/GLdb5qhK-HdA8q6gX.js
Requested by
Host: cdn.jwplayer.com
URL: https://cdn.jwplayer.com/players/GLdb5qhK-HdA8q6gX.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:3600:1:a3fa:7cc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
f8ced6bf9bea05abdaab670066b148ff7bd7676adefd009a7d2fda0a5883398a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 760a29e891ec10bba1274911260e1fc8.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
FRA60-P4
x-cache
Miss from cloudfront
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=180
x-robots-tag
noindex, indexifembedded
content-length
41691
x-amz-cf-id
C0p-o3GmMu_7xXRMSM7qrWhD_dYpFQF3sd4sg8Se2pV8xFhE2Xa-3A==
YM5sDNF6-HdA8q6gX.js
content.jwplatform.com/players/ Frame 0BA1 		109 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://content.jwplatform.com/players/YM5sDNF6-HdA8q6gX.js
Requested by
Host: cdn.jwplayer.com
URL: https://cdn.jwplayer.com/players/YM5sDNF6-HdA8q6gX.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:3600:1:a3fa:7cc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
950cddb695c8a695d9a84a88e15cc354e7f91c03a129abccda06c4e1a45ab133

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 760a29e891ec10bba1274911260e1fc8.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
FRA60-P4
x-cache
Miss from cloudfront
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=180
x-robots-tag
noindex, indexifembedded
content-length
41690
x-amz-cf-id
EFVFru6YnspZq5o5Oz9_TvXEPWgfKb2AnPRVlwo9zgDZDOdfYHfVIw==
/
ui.cleverwebserver.com/ 		160 B
196 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ui.cleverwebserver.com/
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:18f6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3fe5e35320efbd889c8a2fad22b066d3c91c081807be9d824295679494419df1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
7d7c398cee8191e7-FRA
content-type
application/javascript
9855-4c1c546d2bd40743.js
www.metropoles.com/_next/static/chunks/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/9855-4c1c546d2bd40743.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/_next/static/chunks/main-b7e884d1c069a91e.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
a2cd80e826b6b78335a0fb260f1730057198f7ab1808ca8524c173012ea734c2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Tue, 30 May 2023 01:53:11 GMT
server
Google Frontend
etag
W/"1c6d-1886a5bf358"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
index-d1f144e19a815cf4.js
www.metropoles.com/_next/static/chunks/pages/ 		320 B
656 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/pages/index-d1f144e19a815cf4.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/_next/static/chunks/main-b7e884d1c069a91e.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
175749763f6cfa6aae37b431df19aa32508fd91eb8126b7faeb43ea0d4a21e33

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
via
1.1 google
last-modified
Thu, 08 Jun 2023 15:18:14 GMT
server
Google Frontend
etag
W/"140-1889b963af0"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
x-cloud-trace-context
a36344c6f426d50aab639d96f3ce1794
cache-control
max-age=2330060
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
320
expires
Wed, 12 Jul 2023 15:49:31 GMT
8196-73b8df5ebcf682c0.js
www.metropoles.com/_next/static/chunks/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/8196-73b8df5ebcf682c0.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/_next/static/chunks/main-b7e884d1c069a91e.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
5bd999e3ad2d6b8131d2bc8cf733a1a642eb203543c0e8667ad6d12601c3e475

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Tue, 30 May 2023 01:53:11 GMT
server
Google Frontend
etag
W/"1ed7-1886a5bf358"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
ultimas-noticias-6d6284216a7eb30a.js
www.metropoles.com/_next/static/chunks/pages/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.metropoles.com/_next/static/chunks/pages/ultimas-noticias-6d6284216a7eb30a.js
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/_next/static/chunks/main-b7e884d1c069a91e.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Google Frontend /
Resource Hash
bea83e2dad4e3628c69f6ffc70931ad8f9001b7795858d3911ef9a1f77827c8f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 google
last-modified
Wed, 07 Jun 2023 22:17:37 GMT
server
Google Frontend
etag
W/"b6d-18897efd3e8"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=2330060
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 12 Jul 2023 15:49:31 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
351 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-66850008-1&cid=221450224.1686846911&jid=52433950&gjid=679954981&_gid=990935115.1686846911&_u=KEBAAEAAAAAAACAAI~&z=1314778059
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c07::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.metropoles.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Thu, 15 Jun 2023 16:35:11 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.metropoles.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
stellate.metropoles.com/ 		8 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://stellate.metropoles.com/
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/_next/static/chunks/8219-d226ab4942139ebd.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:200::307 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/ Stellate
Resource Hash
f7e9d71d2e8404b4f0f6abeffeb9526df91a2bfe2c2af1be317d658e5ce561dc
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json
Referer
https://www.metropoles.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
application/json

Response headers

x-cache-hits
1
date
Thu, 15 Jun 2023 16:35:11 GMT
x-graphql-url
https://www.metropoles.com/d310a15df0e8e6911afb6d07e814e6b181f1a530
via
1.1 varnish
gcdn-cache
HIT
content-encoding
gzip
x-content-type-options
nosniff
x-graphql-query-id
e68095ca4a9abb7378502194de2f71d68030d69f42c5f5e5a5f204f457904aad
age
15
x-powered-by
Stellate
x-cache
HIT
x-graphql-keys
e68095ca4a9abb7378502194de2f71d68030d69f42c5f5e5a5f204f457904aad graphql:Query operation:obterNoticiasMaisLidas list:category dGVybToxNTg= cG9zdDoxNTU2NDgw dGVybToxOTM= cG9zdDoyNzM0MDY5 dGVybToxODI= cG9zdDoyNzM0MzMw dGVybToxNTI0OQ== cG9zdDoyNzM1NjQw dGVybTo5MjM0OA== cG9zdDoyNzIyNjAz
content-length
1532
x-served-by
cache-fra-eddf8230096-FRA
x-timer
S1686846912.645697,VS0,VE2
vary
Origin, Accept-Encoding
access-control-max-age
600
access-control-allow-methods
POST, GET, HEAD, OPTIONS
access-control-allow-origin
https://www.metropoles.com
access-control-expose-headers
*
cache-control
public, s-maxage=60, stale-while-revalidate=60
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
accept-ranges
bytes
x-robots-tag
noindex
access-control-allow-headers
*
expires
Thu, 15 Jun 2023 16:40:56 GMT
/
stellate.metropoles.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://stellate.metropoles.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a04:4e42:200::307 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/ Stellate
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.metropoles.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST, GET, HEAD, OPTIONS
access-control-allow-origin
https://www.metropoles.com
access-control-expose-headers
*
access-control-max-age
600
cache-control
s-maxage=0, no-cache, no-store, must-revalidate
content-length
0
date
Thu, 15 Jun 2023 16:35:11 GMT
gcdn-cache
PASS
gcdn-passed-through-request
http-method:OPTIONS
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-powered-by
Stellate
x-served-by
cache-fra-eddf8230096-FRA
x-timer
S1686846912.569533,VS0,VE35
/
call.cleverwebserver.com/ 		43 B
105 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://call.cleverwebserver.com/?id=41487&c=DE&r=HE&l=59&b=Chrome&os=Win10&mob=0&v=1.42.1&ref=aHR0cHM6Ly93d3cubWV0cm9wb2xlcy5jb20vZGlzdHJpdG8tZmVkZXJhbC9uYS1taXJhL2hhY2tlci1vc3RlbnRhY2FvLWRldS1nb2xwZS1kZS1yLTE1LW1pLWVtLWF0YWNhZGlzdGEtZG8tZGYtZS10b3Jyb3UtZGluaGVpcm8tZW0tZHViYWk%3D&ruri=aHR0cHM6Ly91cy1jZW50cmFsMS1kZWNpc2l2ZS1wbGFzbWEtMzgxNTIyLmNsb3VkZnVuY3Rpb25zLm5ldC8%3D&iv=-1&ctr=DE&sz=1200
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:18f6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
7d7c398d5eef91e7-FRA
content-length
43
content-type
image/gif
ga-audiences
www.google.com/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-66850008-1&cid=221450224.1686846911&jid=52433950&_u=KEBAAEAAAAAAACAAI~&z=278151148
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:11 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-66850008-1&cid=221450224.1686846911&jid=52433950&_u=KEBAAEAAAAAAACAAI~&z=278151148
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:11 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/ 		179 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8ab9485219619bff17be8fb8c668c892c44df0e58538ef29b86941cd4f59a8cc

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
jwpsrv.js
ssl.p.jwpcdn.com/player/v/8.27.1/ Frame 2685 		62 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.p.jwpcdn.com/player/v/8.27.1/jwpsrv.js
Requested by
Host: content.jwplatform.com
URL: https://content.jwplatform.com/players/GLdb5qhK-HdA8q6gX.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
adcc812e959337ea806767e296146eae68f9abbb9f196cdb732626bb943a1c27

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 varnish
age
790
x-cache
HIT
content-length
19101
x-served-by
cache-fra-eddf8230048-FRA
last-modified
Mon, 22 May 2023 06:27:36 GMT
server
AmazonS3
x-timer
S1686846912.764583,VS0,VE0
etag
"091cf336ba8e3328147ba88e7a9ff40c"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=900, immutable
accept-ranges
bytes
x-cache-hits
501
jwplayer.core.controls.js
ssl.p.jwpcdn.com/player/v/8.27.1/ Frame 2685 		317 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.p.jwpcdn.com/player/v/8.27.1/jwplayer.core.controls.js
Requested by
Host: content.jwplatform.com
URL: https://content.jwplatform.com/players/GLdb5qhK-HdA8q6gX.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f25b68cae995caaaaea17d890f255f8863419c6126a53322bb4469053acfc4c8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 varnish
age
1890674
x-cache
HIT
content-length
84863
x-served-by
cache-fra-eddf8230048-FRA
last-modified
Mon, 22 May 2023 06:27:29 GMT
server
AmazonS3
x-timer
S1686846912.764534,VS0,VE0
etag
"3141cfbc04d2f12e7e4047ffd289780c"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000, immutable
accept-ranges
bytes
x-cache-hits
9495
GLdb5qhK
content.jwplatform.com/v2/media/ Frame 2685 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://content.jwplatform.com/v2/media/GLdb5qhK?recommendations_playlist_id=EXBgzmjj
Requested by
Host: content.jwplatform.com
URL: https://content.jwplatform.com/players/GLdb5qhK-HdA8q6gX.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:3600:1:a3fa:7cc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
6f92bd8f3688bd588732c4880b1cfb3adab2b21a5aea75767a0a9790fccf14f6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 87fae571c6ea0d7d1101b71cc2131bba.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
FRA60-P4
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=180, max-stale=180
x-robots-tag
noindex, indexifembedded
content-length
716
x-amz-cf-id
ytXakZlnIx6yxF5-RF_hjyw42CsI8rlGRm-b1C1hv9u7TDsoBZjSiw==
expires
Thu, 15 Jun 2023 16:38:11
jwpsrv.js
ssl.p.jwpcdn.com/player/v/8.27.1/ Frame 0BA1 		62 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.p.jwpcdn.com/player/v/8.27.1/jwpsrv.js
Requested by
Host: content.jwplatform.com
URL: https://content.jwplatform.com/players/YM5sDNF6-HdA8q6gX.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
adcc812e959337ea806767e296146eae68f9abbb9f196cdb732626bb943a1c27

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 varnish
age
790
x-cache
HIT
content-length
19101
x-served-by
cache-fra-eddf8230048-FRA
last-modified
Mon, 22 May 2023 06:27:36 GMT
server
AmazonS3
x-timer
S1686846912.764517,VS0,VE0
etag
"091cf336ba8e3328147ba88e7a9ff40c"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=900, immutable
accept-ranges
bytes
x-cache-hits
500
jwplayer.core.controls.js
ssl.p.jwpcdn.com/player/v/8.27.1/ Frame 0BA1 		317 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.p.jwpcdn.com/player/v/8.27.1/jwplayer.core.controls.js
Requested by
Host: content.jwplatform.com
URL: https://content.jwplatform.com/players/YM5sDNF6-HdA8q6gX.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f25b68cae995caaaaea17d890f255f8863419c6126a53322bb4469053acfc4c8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 varnish
age
1890674
x-cache
HIT
content-length
84863
x-served-by
cache-fra-eddf8230048-FRA
last-modified
Mon, 22 May 2023 06:27:29 GMT
server
AmazonS3
x-timer
S1686846912.764515,VS0,VE0
etag
"3141cfbc04d2f12e7e4047ffd289780c"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000, immutable
accept-ranges
bytes
x-cache-hits
9495
YM5sDNF6
content.jwplatform.com/v2/media/ Frame 0BA1 		3 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://content.jwplatform.com/v2/media/YM5sDNF6?recommendations_playlist_id=EXBgzmjj
Requested by
Host: content.jwplatform.com
URL: https://content.jwplatform.com/players/YM5sDNF6-HdA8q6gX.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:3600:1:a3fa:7cc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
448d7484e8a92dd88a2c7aa446110bd530fd5390f599660dde3c003a6d80d0ff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
gzip
via
1.1 87fae571c6ea0d7d1101b71cc2131bba.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
FRA60-P4
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=180, max-stale=180
x-robots-tag
noindex, indexifembedded
content-length
802
x-amz-cf-id
4BRQhJjsL9_XfXq_eGLxTnvif71tWY0AHf5gs7hD7ygfRysfzCgBJw==
expires
Thu, 15 Jun 2023 16:38:12
provider.hlsjs.js
ssl.p.jwpcdn.com/player/v/8.27.1/ Frame 2685 		412 KB
123 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.p.jwpcdn.com/player/v/8.27.1/provider.hlsjs.js
Requested by
Host: content.jwplatform.com
URL: https://content.jwplatform.com/players/GLdb5qhK-HdA8q6gX.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5172dcf83f6d622751ea688d1ba4b507d54e3eeed9e933ac38f87ada5ecc87fd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:11 GMT
content-encoding
gzip
via
1.1 varnish
age
1890565
x-cache
HIT
content-length
125992
x-served-by
cache-fra-eddf8230048-FRA
last-modified
Mon, 22 May 2023 06:27:32 GMT
server
AmazonS3
x-timer
S1686846912.929678,VS0,VE0
etag
"4f4459c52455c57a5490992cac29595d"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000, immutable
accept-ranges
bytes
x-cache-hits
8496
GLdb5qhK-120.vtt
assets-jpcust.jwpsrv.com/strips/ Frame 2685
Redirect Chain
  • https://content.jwplatform.com/strips/GLdb5qhK-120.vtt
  • https://assets-jpcust.jwpsrv.com/strips/GLdb5qhK-120.vtt
937 B
576 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://assets-jpcust.jwpsrv.com/strips/GLdb5qhK-120.vtt
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Server
2a04:4e42:400::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fa911279e7ca3e2b0ee16c612930499e5611888ebecd24271c62adbd32f20f43

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
0
x-amz-server-side-encryption
AES256
x-cache
HIT, MISS
content-length
205
x-served-by
cache-iad-kjyo7100035-IAD, cache-fra-eddf8230072-FRA
last-modified
Tue, 13 Jun 2023 13:21:29 GMT
server
nginx
x-timer
S1686846912.186906,VS0,VE88
etag
"0f55642854d851e59ec2f2b549e3392b"
vary
Accept-Encoding
content-type
text/vtt
access-control-allow-origin
*
accept-ranges
bytes
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
x-cache-hits
1001, 0

Redirect headers

date
Thu, 15 Jun 2023 16:35:12 GMT
via
1.1 87fae571c6ea0d7d1101b71cc2131bba.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
FRA60-P4
x-cache
Miss from cloudfront
content-type
text/html
location
https://assets-jpcust.jwpsrv.com/strips/GLdb5qhK-120.vtt
access-control-allow-origin
*
x-robots-tag
noindex, indexifembedded
content-length
166
x-amz-cf-id
D37OsVMQl0Eg--1iBw69eHcg75akUTZ6qLfXRye9Q_rhy84_fwsXzA==
provider.cast.js
ssl.p.jwpcdn.com/player/v/8.27.1/ Frame 2685 		30 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.p.jwpcdn.com/player/v/8.27.1/provider.cast.js
Requested by
Host: content.jwplatform.com
URL: https://content.jwplatform.com/players/GLdb5qhK-HdA8q6gX.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1738256e6238da9bd89af13598c4534fbffd2f5f0fbe9f4af072785bdedba4b0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
gzip
via
1.1 varnish
age
1890518
x-cache
HIT
content-length
10036
x-served-by
cache-fra-eddf8230048-FRA
last-modified
Mon, 22 May 2023 06:27:32 GMT
server
AmazonS3
x-timer
S1686846912.009736,VS0,VE0
etag
"e03a21ffb3c63b4a9468a0391bbe8d1e"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000, immutable
accept-ranges
bytes
x-cache-hits
3968
related.js
ssl.p.jwpcdn.com/player/v/8.27.1/ Frame 2685 		102 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.p.jwpcdn.com/player/v/8.27.1/related.js
Requested by
Host: content.jwplatform.com
URL: https://content.jwplatform.com/players/GLdb5qhK-HdA8q6gX.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0292c490af46fed8c95fb0d728a9db44f964cd7f997af76f9bc95daf7b5f7259

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
gzip
via
1.1 varnish
age
1890699
x-cache
HIT
content-length
24956
x-served-by
cache-fra-eddf8230048-FRA
last-modified
Mon, 22 May 2023 06:27:33 GMT
server
AmazonS3
x-timer
S1686846912.009877,VS0,VE0
etag
"8852a3bfeb824346f0798be2a04f58d1"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000, immutable
accept-ranges
bytes
x-cache-hits
9556
GLdb5qhK.m3u8
content.jwplatform.com/manifests/ Frame 2685 		2 KB
738 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://content.jwplatform.com/manifests/GLdb5qhK.m3u8
Requested by
Host: ssl.p.jwpcdn.com
URL: https://ssl.p.jwpcdn.com/player/v/8.27.1/provider.hlsjs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:3600:1:a3fa:7cc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
4afefe738b9f01d24b8e0574b6b0a6dafb1f7e7260c2425a4501e85057338951

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
gzip
via
1.1 87fae571c6ea0d7d1101b71cc2131bba.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
FRA60-P4
x-cache
Miss from cloudfront
content-type
application/vnd.apple.mpegurl; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=180
x-robots-tag
noindex, indexifembedded
content-length
387
x-amz-cf-id
6hinRQoPH24CC0auT7wvxhETFmC1yTNnfl8ROpM3khEsT0kpEuoubw==
2rl5m4sf-720.jpg
assets-jpcust.jwpsrv.com/thumbnails/ Frame 2685
Redirect Chain
  • https://content.jwplatform.com/v2/media/GLdb5qhK/poster.jpg?width=720
  • https://assets-jpcust.jwpsrv.com/thumbnails/2rl5m4sf-720.jpg
49 KB
49 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets-jpcust.jwpsrv.com/thumbnails/2rl5m4sf-720.jpg
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Server
2a04:4e42:200::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e8c0ca3ede5b9060523d1bc8167001e2a1ada06568908f92e7114fed37b29443

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
87
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
49337
x-served-by
cache-iad-kjyo7100060-IAD, cache-fra-eddf8230048-FRA
last-modified
Tue, 13 Jun 2023 13:21:39 GMT
server
nginx
x-timer
S1686846912.134245,VS0,VE90
etag
"e6afd05d32a0ea3e20d4cfbf92b3372d"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=900
accept-ranges
bytes
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
x-cache-hits
1123, 1

Redirect headers

date
Thu, 15 Jun 2023 16:35:12 GMT
via
1.1 760a29e891ec10bba1274911260e1fc8.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
FRA60-P4
access-control-allow-methods
GET
content-type
image/jpeg
location
https://assets-jpcust.jwpsrv.com/thumbnails/2rl5m4sf-720.jpg
access-control-allow-origin
*
cache-control
max-age=180, max-stale=180
x-cache
Miss from cloudfront
x-robots-tag
noindex, indexifembedded
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
content-length
0
x-amz-cf-id
ZDKStTlGTidmWy3Gwj6M90QCXxJUVXL7byJaT2BnnIjBbTMirHdV_A==
ping.gif
prd.jwpltx.com/v1/jwplayer6/ Frame 2685 		0
45 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prd.jwpltx.com/v1/jwplayer6/ping.gif?h=-1578668984&e=e&n=0740594534147927&aid=1rK4IprxEeqWcLomdtlmUQ&amp=0&at=1&c=-1&ccp=0&cp=0&d=0&eb=0&ed=6&emi=vt826jqo3ntr&i=1&id=GLdb5qhK&lid=1f0bg6czldzb&lsa=set&mt=0&pbd=1&pbr=1&pgi=1vv7txa14upv&ph=3&pid=HdA8q6gX&pii=0&pl=338&plc=1&pli=1ybhg3q116ng&pp=hlsjs&ppm=VOD&prc=1&ps=4&pss=1&pt=Hacker%20preso%20em%20Bras%C3%ADlia%20por%20golpe%20de%20R%24%201%2C5%20mi%20ostentava%20em%20Dubai&pu=https%3A%2F%2Fwww.metropoles.com%2F&pv=8.27.1&pyc=0&s=1&sdk=0&stc=1&stpe=0&t=Hacker%20preso%20em%20Bras%C3%ADlia%20por%20golpe%20de%20R%24%201%2C5%20mi%20ostentava%20em%20Dubai&tv=3.42.2&vb=0&vi=0&vl=90&wd=600&ab=1&cae=0&cb=1&cdid=botr_GLdb5qhK_HdA8q6gX_div&cme=0&dd=1&flc=1&fv=&ga=0&mk=hls&mu=https%3A%2F%2Fcontent.jwplatform.com%2Fmanifests%2FGLdb5qhK.m3u8&pbc=0&pd=2&plng=en-US&plt=250&pni=0&po=0&pogt=Hacker%20preso%20em%20Bras%C3%ADlia%20por%20golpe%20de%20R%24%201%2C5%20mi%20ostentava%20em%20Dubai&sp=0&st=280&sa=1686846912010
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-served-by
cache-fra-eddf8230048-FRA
date
Thu, 15 Jun 2023 16:35:12 GMT
via
1.1 varnish
server
nginx
accept-ranges
bytes
x-cache
MISS
x-cache-hits
0
provider.hlsjs.js
ssl.p.jwpcdn.com/player/v/8.27.1/ Frame 0BA1 		412 KB
123 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.p.jwpcdn.com/player/v/8.27.1/provider.hlsjs.js
Requested by
Host: content.jwplatform.com
URL: https://content.jwplatform.com/players/YM5sDNF6-HdA8q6gX.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5172dcf83f6d622751ea688d1ba4b507d54e3eeed9e933ac38f87ada5ecc87fd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
gzip
via
1.1 varnish
age
1890565
x-cache
HIT
content-length
125992
x-served-by
cache-fra-eddf8230048-FRA
last-modified
Mon, 22 May 2023 06:27:32 GMT
server
AmazonS3
x-timer
S1686846912.068568,VS0,VE0
etag
"4f4459c52455c57a5490992cac29595d"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000, immutable
accept-ranges
bytes
x-cache-hits
8497
cast_sender.js
www.gstatic.com/cv/js/sender/v1/ Frame 2685 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/cv/js/sender/v1/cast_sender.js?loadCastFramework=1
Requested by
Host: content.jwplatform.com
URL: https://content.jwplatform.com/players/GLdb5qhK-HdA8q6gX.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2007
x-xss-protection
0
last-modified
Tue, 16 Feb 2021 23:57:06 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview"
vary
Accept-Encoding
report-to
{"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 15 Jun 2023 16:35:12 GMT
EXBgzmjj
content.jwplatform.com/v2/playlists/ Frame 2685 		62 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://content.jwplatform.com/v2/playlists/EXBgzmjj?related_media_id=GLdb5qhK
Requested by
Host: content.jwplatform.com
URL: https://content.jwplatform.com/players/GLdb5qhK-HdA8q6gX.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:3600:1:a3fa:7cc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
969fb04786dc33d254497857525ded1dda0c8b93fcc418c1f1afec73cf1c1b67

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
gzip
via
1.1 87fae571c6ea0d7d1101b71cc2131bba.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
FRA60-P4
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=180, max-stale=180
x-robots-tag
noindex, indexifembedded
content-length
6420
x-amz-cf-id
1reu9J3sZ-6ehcArT0kITgKJ79Jk92gx3anfRPWMr_l0FxMJ5EYt1Q==
expires
Thu, 15 Jun 2023 16:38:12
YM5sDNF6-120.vtt
assets-jpcust.jwpsrv.com/strips/ Frame 0BA1
Redirect Chain
  • https://content.jwplatform.com/strips/YM5sDNF6-120.vtt
  • https://assets-jpcust.jwpsrv.com/strips/YM5sDNF6-120.vtt
794 B
355 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://assets-jpcust.jwpsrv.com/strips/YM5sDNF6-120.vtt
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Server
2a04:4e42:400::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f25c57b722ea4e3492f872995c0a4aa8998e64c947691be5dc592b8f16ffdb64

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
0
x-amz-server-side-encryption
AES256
x-cache
HIT, MISS
content-length
194
x-served-by
cache-iad-kjyo7100117-IAD, cache-fra-eddf8230072-FRA
last-modified
Tue, 13 Jun 2023 12:07:21 GMT
server
nginx
x-timer
S1686846912.314067,VS0,VE90
etag
"d1d30145f51fe62f0a539a49e02a2a88"
vary
Accept-Encoding
content-type
text/vtt
access-control-allow-origin
*
accept-ranges
bytes
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
x-cache-hits
1112, 0

Redirect headers

date
Thu, 15 Jun 2023 16:35:12 GMT
via
1.1 87fae571c6ea0d7d1101b71cc2131bba.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
FRA60-P4
x-cache
Miss from cloudfront
content-type
text/html
location
https://assets-jpcust.jwpsrv.com/strips/YM5sDNF6-120.vtt
access-control-allow-origin
*
x-robots-tag
noindex, indexifembedded
content-length
166
x-amz-cf-id
7kHKjdj0nrdl-tHLg6w3J8jW24n5ELiOb0puglf7kImxgZDnmaudQw==
provider.cast.js
ssl.p.jwpcdn.com/player/v/8.27.1/ Frame 0BA1 		30 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.p.jwpcdn.com/player/v/8.27.1/provider.cast.js
Requested by
Host: content.jwplatform.com
URL: https://content.jwplatform.com/players/YM5sDNF6-HdA8q6gX.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1738256e6238da9bd89af13598c4534fbffd2f5f0fbe9f4af072785bdedba4b0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
gzip
via
1.1 varnish
age
1890518
x-cache
HIT
content-length
10036
x-served-by
cache-fra-eddf8230048-FRA
last-modified
Mon, 22 May 2023 06:27:32 GMT
server
AmazonS3
x-timer
S1686846912.218923,VS0,VE0
etag
"e03a21ffb3c63b4a9468a0391bbe8d1e"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000, immutable
accept-ranges
bytes
x-cache-hits
3969
related.js
ssl.p.jwpcdn.com/player/v/8.27.1/ Frame 0BA1 		102 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.p.jwpcdn.com/player/v/8.27.1/related.js
Requested by
Host: content.jwplatform.com
URL: https://content.jwplatform.com/players/YM5sDNF6-HdA8q6gX.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0292c490af46fed8c95fb0d728a9db44f964cd7f997af76f9bc95daf7b5f7259

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
gzip
via
1.1 varnish
age
1890699
x-cache
HIT
content-length
24956
x-served-by
cache-fra-eddf8230048-FRA
last-modified
Mon, 22 May 2023 06:27:33 GMT
server
AmazonS3
x-timer
S1686846912.218933,VS0,VE0
etag
"8852a3bfeb824346f0798be2a04f58d1"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000, immutable
accept-ranges
bytes
x-cache-hits
9557
YM5sDNF6.m3u8
content.jwplatform.com/manifests/ Frame 0BA1 		2 KB
781 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://content.jwplatform.com/manifests/YM5sDNF6.m3u8
Requested by
Host: ssl.p.jwpcdn.com
URL: https://ssl.p.jwpcdn.com/player/v/8.27.1/provider.hlsjs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:3600:1:a3fa:7cc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
73a873d46190c84ebd26f7bc8d967d1585f37fb85175aee0f4d02d5ef57da45c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
gzip
via
1.1 87fae571c6ea0d7d1101b71cc2131bba.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
FRA60-P4
x-cache
Miss from cloudfront
content-type
application/vnd.apple.mpegurl; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=180
x-robots-tag
noindex, indexifembedded
content-length
429
x-amz-cf-id
D9pQCy3NaE4k6s5ONJujSphbiumIzLhyOLgEYsQZEaVndCgJWrSbwQ==
6jpw3l60-720.jpg
assets-jpcust.jwpsrv.com/thumbnails/ Frame 0BA1
Redirect Chain
  • https://content.jwplatform.com/v2/media/YM5sDNF6/poster.jpg?width=720
  • https://assets-jpcust.jwpsrv.com/thumbnails/6jpw3l60-720.jpg
86 KB
86 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets-jpcust.jwpsrv.com/thumbnails/6jpw3l60-720.jpg
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Server
2a04:4e42:200::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
61a30ba605cd572141496bec6c595968010bd1fc033a50f4357f219fff6eb939

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
552
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
87758
x-served-by
cache-iad-kjyo7100045-IAD, cache-fra-eddf8230048-FRA
last-modified
Tue, 13 Jun 2023 12:07:35 GMT
server
nginx
x-timer
S1686846912.342371,VS0,VE96
etag
"7aaf2b0660a0da9ffbfb0c2af5633d70"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=900
accept-ranges
bytes
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
x-cache-hits
1191, 1

Redirect headers

date
Thu, 15 Jun 2023 16:35:12 GMT
via
1.1 760a29e891ec10bba1274911260e1fc8.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
FRA60-P4
access-control-allow-methods
GET
content-type
image/jpeg
location
https://assets-jpcust.jwpsrv.com/thumbnails/6jpw3l60-720.jpg
access-control-allow-origin
*
cache-control
max-age=180, max-stale=180
x-cache
Miss from cloudfront
x-robots-tag
noindex, indexifembedded
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
content-length
0
x-amz-cf-id
hhUjylMamE7idsrx6EDcfvm_SwGqSa8_w03Z2tHhHap4l7fydvsXQQ==
ping.gif
prd.jwpltx.com/v1/jwplayer6/ Frame 0BA1 		0
26 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prd.jwpltx.com/v1/jwplayer6/ping.gif?h=701113702&e=e&n=2523077741757731&aid=1rK4IprxEeqWcLomdtlmUQ&amp=0&at=1&c=-1&ccp=0&cp=0&d=0&eb=0&ed=6&emi=17lpx2ihi87s&i=1&id=YM5sDNF6&lid=1f0bg6czldzb&lsa=read&mt=0&pbd=1&pbr=1&pgi=1m9cydtbq97o&ph=3&pid=HdA8q6gX&pii=0&pl=338&plc=1&pli=1yiimy21luw4&pp=hlsjs&ppm=VOD&prc=1&ps=4&pss=1&pt=Hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20milh%C3%A3o%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai&pu=https%3A%2F%2Fwww.metropoles.com%2F&pv=8.27.1&pyc=0&s=1&sdk=0&stc=1&stpe=0&t=Hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20milh%C3%A3o%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai&tv=3.42.2&vb=0&vi=0&vl=90&wd=600&ab=1&cae=0&cb=1&cdid=botr_YM5sDNF6_HdA8q6gX_div&cme=0&dd=1&flc=1&fv=&ga=0&mk=hls&mu=https%3A%2F%2Fcontent.jwplatform.com%2Fmanifests%2FYM5sDNF6.m3u8&pbc=0&pd=2&plng=en-US&plt=250&pni=0&po=0&pogt=Hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20milh%C3%A3o%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai&sp=0&st=460&sa=1686846912217
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-served-by
cache-fra-eddf8230048-FRA
date
Thu, 15 Jun 2023 16:35:12 GMT
via
1.1 varnish
server
nginx
accept-ranges
bytes
x-cache
MISS
x-cache-hits
0
manifest-audio_eng=112001-video_eng=379146.m3u8
videos-cloudfront-usp.jwpsrv.com/648be680_4710e806e51185def172fd0f30e7b5161a2f8d5c/site/X9hFlV9M/media/GLdb5qhK/version/GLdb5qhK/manifest.ism/ Frame 2685 		753 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://videos-cloudfront-usp.jwpsrv.com/648be680_4710e806e51185def172fd0f30e7b5161a2f8d5c/site/X9hFlV9M/media/GLdb5qhK/version/GLdb5qhK/manifest.ism/manifest-audio_eng=112001-video_eng=379146.m3u8
Requested by
Host: ssl.p.jwpcdn.com
URL: https://ssl.p.jwpcdn.com/player/v/8.27.1/provider.hlsjs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:3e00:2:cecb:23c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
6548665e8e3bf999235deae3d370a96ecfbe9999490eadc4f073824123942b69

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Tue, 13 Jun 2023 13:23:55 GMT
via
1.1 4dd80d99fd5d0f6baaaf5179cd921f72.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P7
age
184277
x-cache
Hit from cloudfront
content-length
753
last-modified
Mon, 10 Jun 1974 09:02:35 GMT
server
Apache
etag
"usp-BD4744A5"
content-type
application/vnd.apple.mpegurl
access-control-allow-origin
*
access-control-expose-headers
server,range,date,x-cdn-forward
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
origin, range, x-cdn-forward
x-amz-cf-id
sTZZpaGUpvFgGsBNmtQyopOu0p6W2XSx4eMHxpfHM_etg21qUH0wtw==
cast_sender.js
www.gstatic.com/cv/js/sender/v1/ Frame 0BA1 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/cv/js/sender/v1/cast_sender.js?loadCastFramework=1
Requested by
Host: content.jwplatform.com
URL: https://content.jwplatform.com/players/YM5sDNF6-HdA8q6gX.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2007
x-xss-protection
0
last-modified
Tue, 16 Feb 2021 23:57:06 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview"
vary
Accept-Encoding
report-to
{"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 15 Jun 2023 16:35:12 GMT
EXBgzmjj
content.jwplatform.com/v2/playlists/ Frame 0BA1 		59 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://content.jwplatform.com/v2/playlists/EXBgzmjj?related_media_id=YM5sDNF6
Requested by
Host: content.jwplatform.com
URL: https://content.jwplatform.com/players/YM5sDNF6-HdA8q6gX.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:3600:1:a3fa:7cc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
1d09545877f64ffb246a18d5d234787f37a28ccdd9ceef0a33d2d2670f3f7661

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
gzip
via
1.1 87fae571c6ea0d7d1101b71cc2131bba.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
FRA60-P4
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=180, max-stale=180
x-robots-tag
noindex, indexifembedded
content-length
6084
x-amz-cf-id
lJKOELn-gDmieJxh4yHEppgp76LUDBe3r85ynQ4SmzHmoI4Us3PAOw==
expires
Thu, 15 Jun 2023 16:38:12
GLdb5qhK-120.jpg
assets-jpcust.jwpsrv.com/strips/ Frame 2685
Redirect Chain
  • https://content.jwplatform.com/strips/GLdb5qhK-120.jpg
  • https://assets-jpcust.jwpsrv.com/strips/GLdb5qhK-120.jpg
70 KB
69 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets-jpcust.jwpsrv.com/strips/GLdb5qhK-120.jpg
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Server
2a04:4e42:200::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
94cc862831420dedacfa0e156cfd33fd5248ed2402e4cdfe86e5b313ab002322

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
292
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
70806
x-served-by
cache-iad-kcgs7200177-IAD, cache-fra-eddf8230048-FRA
last-modified
Tue, 13 Jun 2023 13:21:29 GMT
server
nginx
x-timer
S1686846912.399050,VS0,VE90
etag
"fc2fde8fe069e95274b1e6e34436cb08"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=900
accept-ranges
bytes
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
x-cache-hits
595, 1

Redirect headers

date
Thu, 15 Jun 2023 16:35:12 GMT
via
1.1 760a29e891ec10bba1274911260e1fc8.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
FRA60-P4
x-cache
Miss from cloudfront
content-type
text/html
location
https://assets-jpcust.jwpsrv.com/strips/GLdb5qhK-120.jpg
access-control-allow-origin
*
x-robots-tag
noindex, indexifembedded
content-length
166
x-amz-cf-id
m5lyjGEGazspK1Vz-R1MZhNCZ55gqeK3Uom2Tai1fd_1Vi6sVX6g9Q==
manifest-audio_eng=112001-video_eng=379146-1.ts
videos-cloudfront-usp.jwpsrv.com/648be680_4710e806e51185def172fd0f30e7b5161a2f8d5c/site/X9hFlV9M/media/GLdb5qhK/version/GLdb5qhK/manifest.ism/ Frame 2685 		297 KB
298 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://videos-cloudfront-usp.jwpsrv.com/648be680_4710e806e51185def172fd0f30e7b5161a2f8d5c/site/X9hFlV9M/media/GLdb5qhK/version/GLdb5qhK/manifest.ism/manifest-audio_eng=112001-video_eng=379146-1.ts
Requested by
Host: ssl.p.jwpcdn.com
URL: https://ssl.p.jwpcdn.com/player/v/8.27.1/provider.hlsjs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:3e00:2:cecb:23c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
7a0cc021bfac139cea40b1866f33d12e1d379605f8ffd65346206848b9e0b998

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Tue, 13 Jun 2023 13:23:55 GMT
via
1.1 4dd80d99fd5d0f6baaaf5179cd921f72.cloudfront.net (CloudFront)
x-usp-info1
t=1970-01-01T00:00:00Z lookahead=2
x-amz-cf-pop
FRA56-P7
age
184277
x-cache
Hit from cloudfront
content-length
304184
server
Apache
etag
"usp-105353CA"
content-type
video/MP2T
access-control-allow-origin
*
access-control-expose-headers
server,range,date,x-cdn-forward
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
link
<manifest-audio_eng=112001-video_eng=379146-2.ts>; rel="next"
access-control-allow-headers
origin, range, x-cdn-forward
x-amz-cf-id
DtxzyT5VvZbBhz6UNt55UhL0uD3ryEBNt5B62SqUiSkhxYMqpeDW5w==
49d0d99f-e88e-49ae-9fee-3ef491e29c27
https://cdn.jwplayer.com/ Frame 2685 		365 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://cdn.jwplayer.com/49d0d99f-e88e-49ae-9fee-3ef491e29c27
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3778b11054daa02477c738ed3bf2ba3b0ef7c5d57eae266b9f4199fe3c65917e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Length
373268
Content-Type
text/javascript
cast_framework.js
www.gstatic.com/cast/sdk/libs/sender/1.0/ Frame 2685 		35 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/cast/sdk/libs/sender/1.0/cast_framework.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js?loadCastFramework=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a2bdd8cb01353d4ed2a9ab4c7d7c263225f6908aa875614d015a2f39956d9d73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12197
x-xss-protection
0
last-modified
Mon, 14 Nov 2022 23:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="chrome-dongle"
vary
Accept-Encoding
report-to
{"group":"chrome-dongle","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/chrome-dongle"}]}
content-type
text/javascript
cache-control
private, max-age=0
accept-ranges
bytes
expires
Thu, 15 Jun 2023 16:35:12 GMT
cast_sender.js
www.gstatic.com/eureka/clank/114/ Frame 2685 		51 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/eureka/clank/114/cast_sender.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js?loadCastFramework=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
184de53a881ec8e4e218974c548e2fc8e0da4b8ddaff2e7bdc6267c6e70a8636
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 11:13:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
19283
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15225
x-xss-protection
0
last-modified
Mon, 17 Apr 2023 15:04:47 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview-release"
vary
Accept-Encoding
report-to
{"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type
text/javascript
cache-control
public, max-age=86400
accept-ranges
bytes
expires
Fri, 16 Jun 2023 11:13:49 GMT
cast_framework.js
www.gstatic.com/cast/sdk/libs/sender/1.0/ Frame 0BA1 		35 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/cast/sdk/libs/sender/1.0/cast_framework.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js?loadCastFramework=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a2bdd8cb01353d4ed2a9ab4c7d7c263225f6908aa875614d015a2f39956d9d73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12197
x-xss-protection
0
last-modified
Mon, 14 Nov 2022 23:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="chrome-dongle"
vary
Accept-Encoding
report-to
{"group":"chrome-dongle","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/chrome-dongle"}]}
content-type
text/javascript
cache-control
private, max-age=0
accept-ranges
bytes
expires
Thu, 15 Jun 2023 16:35:12 GMT
cast_sender.js
www.gstatic.com/eureka/clank/114/ Frame 0BA1 		51 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/eureka/clank/114/cast_sender.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js?loadCastFramework=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
184de53a881ec8e4e218974c548e2fc8e0da4b8ddaff2e7bdc6267c6e70a8636
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 11:13:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
19283
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15225
x-xss-protection
0
last-modified
Mon, 17 Apr 2023 15:04:47 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview-release"
vary
Accept-Encoding
report-to
{"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type
text/javascript
cache-control
public, max-age=86400
accept-ranges
bytes
expires
Fri, 16 Jun 2023 11:13:49 GMT
manifest-audio_eng=112055-video_eng=333966.m3u8
videos-cloudfront-usp.jwpsrv.com/648be680_8d474011461d4179fd3bde19a0ee0f042d51ec1f/site/X9hFlV9M/media/YM5sDNF6/version/YM5sDNF6/manifest.ism/ Frame 0BA1 		686 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://videos-cloudfront-usp.jwpsrv.com/648be680_8d474011461d4179fd3bde19a0ee0f042d51ec1f/site/X9hFlV9M/media/YM5sDNF6/version/YM5sDNF6/manifest.ism/manifest-audio_eng=112055-video_eng=333966.m3u8
Requested by
Host: ssl.p.jwpcdn.com
URL: https://ssl.p.jwpcdn.com/player/v/8.27.1/provider.hlsjs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:3e00:2:cecb:23c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
a03a47acd1ef56125530db1d3e0f27dd74cf59a7a183a2e9df637a0f8a785e41

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Tue, 13 Jun 2023 12:14:30 GMT
via
1.1 4dd80d99fd5d0f6baaaf5179cd921f72.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P7
age
188442
x-cache
Hit from cloudfront
content-length
686
server
Apache
etag
"usp-CFA89748"
content-type
application/vnd.apple.mpegurl
access-control-allow-origin
*
access-control-expose-headers
server,range,date,x-cdn-forward
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
origin, range, x-cdn-forward
x-amz-cf-id
6DK2Aot4VOfUMEHMJ4D1yA7Yiyiyp_ejjLwI54gFmDBR3_zL2HWTgw==
YM5sDNF6-120.jpg
assets-jpcust.jwpsrv.com/strips/ Frame 0BA1
Redirect Chain
  • https://content.jwplatform.com/strips/YM5sDNF6-120.jpg
  • https://assets-jpcust.jwpsrv.com/strips/YM5sDNF6-120.jpg
41 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets-jpcust.jwpsrv.com/strips/YM5sDNF6-120.jpg
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Server
2a04:4e42:200::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
18492a6a32b0e3127a3a8d6203e9de7197a51400baa4095663f137cc4b1edd13

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
55
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
41808
x-served-by
cache-iad-kcgs7200119-IAD, cache-fra-eddf8230048-FRA
last-modified
Tue, 13 Jun 2023 12:07:22 GMT
server
nginx
x-timer
S1686846913.524767,VS0,VE87
etag
"e74d9dea3fcae72b3d168fda8cb2b4c1"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=900
accept-ranges
bytes
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
x-cache-hits
635, 1

Redirect headers

date
Thu, 15 Jun 2023 16:35:12 GMT
via
1.1 760a29e891ec10bba1274911260e1fc8.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
FRA60-P4
x-cache
Miss from cloudfront
content-type
text/html
location
https://assets-jpcust.jwpsrv.com/strips/YM5sDNF6-120.jpg
access-control-allow-origin
*
x-robots-tag
noindex, indexifembedded
content-length
166
x-amz-cf-id
748uj5-7Oo6yYO-6ZirqCSsPpOLQjhL-Kbx2cb-SC-a1cvT8H376TA==
manifest-audio_eng=112055-video_eng=333966-1.ts
videos-cloudfront-usp.jwpsrv.com/648be680_8d474011461d4179fd3bde19a0ee0f042d51ec1f/site/X9hFlV9M/media/YM5sDNF6/version/YM5sDNF6/manifest.ism/ Frame 0BA1 		282 KB
283 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://videos-cloudfront-usp.jwpsrv.com/648be680_8d474011461d4179fd3bde19a0ee0f042d51ec1f/site/X9hFlV9M/media/YM5sDNF6/version/YM5sDNF6/manifest.ism/manifest-audio_eng=112055-video_eng=333966-1.ts
Requested by
Host: ssl.p.jwpcdn.com
URL: https://ssl.p.jwpcdn.com/player/v/8.27.1/provider.hlsjs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:3e00:2:cecb:23c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
c6394c90bac1eec523b108b0efe10e57d83b544b72b596712db2e6864fb901e7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Tue, 13 Jun 2023 12:16:02 GMT
via
1.1 4dd80d99fd5d0f6baaaf5179cd921f72.cloudfront.net (CloudFront)
x-usp-info1
t=1970-01-01T00:00:00Z lookahead=2
x-amz-cf-pop
FRA56-P7
age
188349
x-cache
Hit from cloudfront
content-length
289144
server
Apache
etag
"usp-5362446B"
content-type
video/MP2T
access-control-allow-origin
*
access-control-expose-headers
server,range,date,x-cdn-forward
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
link
<manifest-audio_eng=112055-video_eng=333966-2.ts>; rel="next"
access-control-allow-headers
origin, range, x-cdn-forward
x-amz-cf-id
Ukg8w523esgEbbUek7rzufXm25_Pz2n83MSSIpIKCz-t1cl5Id0j2A==
4bd07a20-1378-43eb-a985-12e19a019132
https://cdn.jwplayer.com/ Frame 0BA1 		365 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://cdn.jwplayer.com/4bd07a20-1378-43eb-a985-12e19a019132
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3778b11054daa02477c738ed3bf2ba3b0ef7c5d57eae266b9f4199fe3c65917e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Length
373268
Content-Type
text/javascript
ping.gif
prd.jwpltx.com/v1/jwplayer6/ Frame 2685 		0
69 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prd.jwpltx.com/v1/jwplayer6/ping.gif?h=408468830&e=bs&n=4098655404533216&aid=1rK4IprxEeqWcLomdtlmUQ&amp=0&at=1&c=-1&ccp=0&cp=0&d=0&eb=0&ed=6&emi=vt826jqo3ntr&i=1&id=GLdb5qhK&lid=1f0bg6czldzb&lsa=set&mt=0&pbd=1&pbr=1&pgi=1vv7txa14upv&ph=3&pid=HdA8q6gX&pii=0&pl=338&plc=1&pli=1ybhg3q116ng&pp=hlsjs&ppm=VOD&prc=1&ps=4&pss=1&pt=Hacker%20preso%20em%20Bras%C3%ADlia%20por%20golpe%20de%20R%24%201%2C5%20mi%20ostentava%20em%20Dubai&pu=https%3A%2F%2Fwww.metropoles.com%2F&pv=8.27.1&pyc=0&s=1&sdk=0&stc=1&stpe=0&t=Hacker%20preso%20em%20Bras%C3%ADlia%20por%20golpe%20de%20R%24%201%2C5%20mi%20ostentava%20em%20Dubai&tv=3.42.2&vb=0&vi=0&vl=90&wd=600&fed=EXBgzmjj&fid=8004c13d-a32a-4420-b0b4-4723004074b6&ft=FEED&mu=https%3A%2F%2Fcontent.jwplatform.com%2Fmanifests%2FGLdb5qhK.m3u8&os=1&sa=1686846912480
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-served-by
cache-fra-eddf8230048-FRA
date
Thu, 15 Jun 2023 16:35:12 GMT
via
1.1 varnish
server
nginx
accept-ranges
bytes
x-cache
MISS
x-cache-hits
0
qb9ey5up-720.jpg
assets-jpcust.jwpsrv.com/thumbnails/ Frame 2685
Redirect Chain
  • https://content.jwplatform.com/v2/media/dzDgy0yC/poster.jpg?width=720
  • https://assets-jpcust.jwpsrv.com/thumbnails/qb9ey5up-720.jpg
111 KB
111 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets-jpcust.jwpsrv.com/thumbnails/qb9ey5up-720.jpg
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Server
2a04:4e42:200::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
da88cf1c6fd5e4fe7de4e231290836f539e2b0b5f3726b659cb0a12d8191d41b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
41
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
113408
x-served-by
cache-iad-kjyo7100118-IAD, cache-fra-eddf8230048-FRA
last-modified
Wed, 14 Jun 2023 01:35:13 GMT
server
nginx
x-timer
S1686846913.605864,VS0,VE89
etag
"6874eb8e78335a6450e4f6f414ce33cd"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=900
accept-ranges
bytes
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
x-cache-hits
13, 1

Redirect headers

date
Thu, 15 Jun 2023 16:35:12 GMT
via
1.1 760a29e891ec10bba1274911260e1fc8.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
FRA60-P4
access-control-allow-methods
GET
content-type
image/jpeg
location
https://assets-jpcust.jwpsrv.com/thumbnails/qb9ey5up-720.jpg
access-control-allow-origin
*
cache-control
max-age=180, max-stale=180
x-cache
Miss from cloudfront
x-robots-tag
noindex, indexifembedded
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
content-length
0
x-amz-cf-id
pYwMu9OPPIiQ8LRB9v0uWFPdhdvO7MM5Q04E7Qlonxd1XIrrilCBnA==
28jj0mog-720.jpg
assets-jpcust.jwpsrv.com/thumbnails/ Frame 2685
Redirect Chain
  • https://content.jwplatform.com/v2/media/chywiA5K/poster.jpg?width=720
  • https://assets-jpcust.jwpsrv.com/thumbnails/28jj0mog-720.jpg
49 KB
49 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets-jpcust.jwpsrv.com/thumbnails/28jj0mog-720.jpg
Protocol
H2
Server
2a04:4e42:200::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
88c6eb62b2fc627212af2d2ee367851de43f093ad64d7e7264773b4a3e349d74

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
506
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
49963
x-served-by
cache-iad-kjyo7100172-IAD, cache-fra-eddf8230048-FRA
last-modified
Tue, 13 Jun 2023 17:38:14 GMT
server
nginx
x-timer
S1686846913.629193,VS0,VE94
etag
"917f18b8ae98c92dc7a94e254509433f"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=900
accept-ranges
bytes
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
x-cache-hits
2946, 1

Redirect headers

date
Thu, 15 Jun 2023 16:35:12 GMT
via
1.1 760a29e891ec10bba1274911260e1fc8.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
FRA60-P4
access-control-allow-methods
GET
content-type
image/jpeg
location
https://assets-jpcust.jwpsrv.com/thumbnails/28jj0mog-720.jpg
access-control-allow-origin
*
cache-control
max-age=180, max-stale=180
x-cache
Miss from cloudfront
x-robots-tag
noindex, indexifembedded
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
content-length
0
x-amz-cf-id
NEHBwQZWVYOSy6X70GzpwHiQ5IXXkDVWojtcx9SUIQDbHjr2nXYE0A==
uj0l8sf7-720.jpg
assets-jpcust.jwpsrv.com/thumbnails/ Frame 2685
Redirect Chain
  • https://content.jwplatform.com/v2/media/u60PY54j/poster.jpg?width=720
  • https://assets-jpcust.jwpsrv.com/thumbnails/uj0l8sf7-720.jpg
37 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets-jpcust.jwpsrv.com/thumbnails/uj0l8sf7-720.jpg
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Server
2a04:4e42:200::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e45e318be7db86cf3fab5f433edd0f731a207cb48c18ae55d5f22dc758b2c0fc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
233
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
37437
x-served-by
cache-iad-kjyo7100091-IAD, cache-fra-eddf8230048-FRA
last-modified
Fri, 09 Jun 2023 19:14:13 GMT
server
nginx
x-timer
S1686846913.507751,VS0,VE1
etag
"ad99fd784029dcdf031f30cf35d8bd0d"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=900
accept-ranges
bytes
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
x-cache-hits
2251, 1

Redirect headers

date
Thu, 15 Jun 2023 16:32:40 GMT
via
1.1 760a29e891ec10bba1274911260e1fc8.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
FRA60-P4
age
152
access-control-allow-methods
GET
content-type
image/jpeg
location
https://assets-jpcust.jwpsrv.com/thumbnails/uj0l8sf7-720.jpg
access-control-allow-origin
*
cache-control
max-age=180, max-stale=180
x-cache
Hit from cloudfront
x-robots-tag
noindex, indexifembedded
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
content-length
0
x-amz-cf-id
31G4v2VJVMpVjW2IS48LK6RmCbeOIaL_EPYLuGoG2J8eGpPijzH4gA==
qisyshib-720.jpg
assets-jpcust.jwpsrv.com/thumbnails/ Frame 2685
Redirect Chain
  • https://content.jwplatform.com/v2/media/bZMM4KXi/poster.jpg?width=720
  • https://assets-jpcust.jwpsrv.com/thumbnails/qisyshib-720.jpg
125 KB
121 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets-jpcust.jwpsrv.com/thumbnails/qisyshib-720.jpg
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Server
2a04:4e42:200::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
011eb3c29fe07b13273df5b880cd06da5f72b07b71ac083d9a61a813cc74dbb7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
538
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
124034
x-served-by
cache-iad-kcgs7200150-IAD, cache-fra-eddf8230048-FRA
last-modified
Fri, 09 Jun 2023 13:32:59 GMT
server
nginx
x-timer
S1686846913.606253,VS0,VE90
etag
"d34834015dd5c1c3c2722806a698940e"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=900
accept-ranges
bytes
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
x-cache-hits
6250, 1

Redirect headers

date
Thu, 15 Jun 2023 16:35:12 GMT
via
1.1 760a29e891ec10bba1274911260e1fc8.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
FRA60-P4
access-control-allow-methods
GET
content-type
image/jpeg
location
https://assets-jpcust.jwpsrv.com/thumbnails/qisyshib-720.jpg
access-control-allow-origin
*
cache-control
max-age=180, max-stale=180
x-cache
Miss from cloudfront
x-robots-tag
noindex, indexifembedded
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
content-length
0
x-amz-cf-id
XbwNDXGARv7EShd3or2tE-8nrewtfi4q3VTPLCPnyet40Lm-jr-8QA==
bhj92l13-720.jpg
assets-jpcust.jwpsrv.com/thumbnails/ Frame 2685
Redirect Chain
  • https://content.jwplatform.com/v2/media/my8TAPW2/poster.jpg?width=720
  • https://assets-jpcust.jwpsrv.com/thumbnails/bhj92l13-720.jpg
15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets-jpcust.jwpsrv.com/thumbnails/bhj92l13-720.jpg
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Server
2a04:4e42:200::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ed6d34b5f56ad9506a0f30257f4c10eae35a18d9796fcc4b2517b946614af519

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
614
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
14801
x-served-by
cache-iad-kcgs7200132-IAD, cache-fra-eddf8230048-FRA
last-modified
Tue, 13 Jun 2023 14:08:31 GMT
server
nginx
x-timer
S1686846913.606051,VS0,VE1
etag
"36b7244caeb0089fe6040fcfa24028ff"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=900
accept-ranges
bytes
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
x-cache-hits
77, 1

Redirect headers

date
Thu, 15 Jun 2023 16:35:12 GMT
via
1.1 760a29e891ec10bba1274911260e1fc8.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
FRA60-P4
access-control-allow-methods
GET
content-type
image/jpeg
location
https://assets-jpcust.jwpsrv.com/thumbnails/bhj92l13-720.jpg
access-control-allow-origin
*
cache-control
max-age=180, max-stale=180
x-cache
Miss from cloudfront
x-robots-tag
noindex, indexifembedded
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
content-length
0
x-amz-cf-id
RcILU1_IAPZlPGPvu58Lzp-iC3LkzaavuoGqy6jR5AGZhY0jg-DVQw==
z6eqe8w1-720.jpg
assets-jpcust.jwpsrv.com/thumbnails/ Frame 2685
Redirect Chain
  • https://content.jwplatform.com/v2/media/cSuYdB0J/poster.jpg?width=720
  • https://assets-jpcust.jwpsrv.com/thumbnails/z6eqe8w1-720.jpg
64 KB
64 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets-jpcust.jwpsrv.com/thumbnails/z6eqe8w1-720.jpg
Protocol
H2
Server
2a04:4e42:200::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
545677c38e1191871ded7ed368ea454cb9500cd1c2afe85a2d95f61032088ade

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
306
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
64729
x-served-by
cache-iad-kcgs7200109-IAD, cache-fra-eddf8230048-FRA
last-modified
Fri, 09 Jun 2023 22:55:40 GMT
server
nginx
x-timer
S1686846913.629558,VS0,VE92
etag
"7ab1843a7e0badb0f2f07c12144b8b04"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=900
accept-ranges
bytes
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
x-cache-hits
2172, 1

Redirect headers

date
Thu, 15 Jun 2023 16:35:12 GMT
via
1.1 760a29e891ec10bba1274911260e1fc8.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
FRA60-P4
access-control-allow-methods
GET
content-type
image/jpeg
location
https://assets-jpcust.jwpsrv.com/thumbnails/z6eqe8w1-720.jpg
access-control-allow-origin
*
cache-control
max-age=180, max-stale=180
x-cache
Miss from cloudfront
x-robots-tag
noindex, indexifembedded
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
content-length
0
x-amz-cf-id
r8t_4hLJ383wCzc5X1VqnclBI1Ftbm9q2m77-B_0AWa6e6zzKghMRw==
manifest-audio_eng=112055-video_eng=691631.m3u8
videos-cloudfront-usp.jwpsrv.com/648be680_8d474011461d4179fd3bde19a0ee0f042d51ec1f/site/X9hFlV9M/media/YM5sDNF6/version/YM5sDNF6/manifest.ism/ Frame 0BA1 		686 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://videos-cloudfront-usp.jwpsrv.com/648be680_8d474011461d4179fd3bde19a0ee0f042d51ec1f/site/X9hFlV9M/media/YM5sDNF6/version/YM5sDNF6/manifest.ism/manifest-audio_eng=112055-video_eng=691631.m3u8
Requested by
Host: ssl.p.jwpcdn.com
URL: https://ssl.p.jwpcdn.com/player/v/8.27.1/provider.hlsjs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:3e00:2:cecb:23c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
5579b0905f89543fad5a096c1fc1f1343415035d936564d5e39c7bbef0e4fa45

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Tue, 13 Jun 2023 12:11:30 GMT
via
1.1 4dd80d99fd5d0f6baaaf5179cd921f72.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P7
age
188622
x-cache
Hit from cloudfront
content-length
686
server
Apache
etag
"usp-4AFE36C0"
content-type
application/vnd.apple.mpegurl
access-control-allow-origin
*
access-control-expose-headers
server,range,date,x-cdn-forward
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
origin, range, x-cdn-forward
x-amz-cf-id
YbJ19s3YCLfwVQVtGDTnQa1RNUa4ov1QLOp6_IiLZKE9QEZjo-hGIg==
ping.gif
prd.jwpltx.com/v1/jwplayer6/ Frame 0BA1 		0
69 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prd.jwpltx.com/v1/jwplayer6/ping.gif?h=-1411415324&e=bs&n=1725988138639987&aid=1rK4IprxEeqWcLomdtlmUQ&amp=0&at=1&c=-1&ccp=0&cp=0&d=0&eb=0&ed=6&emi=17lpx2ihi87s&i=1&id=YM5sDNF6&lid=1f0bg6czldzb&lsa=read&mt=0&pbd=1&pbr=1&pgi=1m9cydtbq97o&ph=3&pid=HdA8q6gX&pii=0&pl=338&plc=1&pli=1yiimy21luw4&pp=hlsjs&ppm=VOD&prc=1&ps=4&pss=1&pt=Hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20milh%C3%A3o%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai&pu=https%3A%2F%2Fwww.metropoles.com%2F&pv=8.27.1&pyc=0&s=1&sdk=0&stc=1&stpe=0&t=Hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20milh%C3%A3o%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai&tv=3.42.2&vb=0&vi=0&vl=90&wd=600&fed=EXBgzmjj&fid=e1f61c76-494b-4262-a460-e967d93585ce&ft=FEED&mu=https%3A%2F%2Fcontent.jwplatform.com%2Fmanifests%2FYM5sDNF6.m3u8&os=1&sa=1686846912656
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-served-by
cache-fra-eddf8230048-FRA
date
Thu, 15 Jun 2023 16:35:12 GMT
via
1.1 varnish
server
nginx
accept-ranges
bytes
x-cache
MISS
x-cache-hits
0
gtm.js
www.googletagmanager.com/ 		354 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-P7M62WP
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f811b4b9f291effb566ce0233b9819272c55f83e7b1cea2c65d5e2a40b5b5eeb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
83771
x-xss-protection
0
last-modified
Thu, 15 Jun 2023 15:58:27 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 15 Jun 2023 16:35:12 GMT
tag.js
a.teads.tv/analytics/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.teads.tv/analytics/tag.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P7M62WP
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
88.221.169.49 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-169-49.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
221e69003af87e6e8f934828ab416477126f3c062500e3bcb636bb9d87bf9b06

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id
Y6qsPmt0o95KDo3Ibo2euzqSnxQebNV8
date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
br
last-modified
Wed, 02 Nov 2022 09:38:15 GMT
x-amz-request-id
CQW5W0RWVHRYA975
etag
"6ddfb3a828a563a7719081ff9aeedaba"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
cache-control
private, max-age=3600
accept-ranges
bytes
content-length
3391
x-amz-id-2
0qsN3QFgfxOs+/q/R1cZGnol5JfqF/+08lMxOyVv8dOCsHY/szYkQWnzWWPQgJcmMnyVtCsa8Ug=
loader.js
cdn.taboola.com/libtrc/metropolesdf/ 		553 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/metropolesdf/loader.js
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
739be916cacf8f111551f4a46137d9d2a7d790e0037e052ef2ae6e0a84ef8b9a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id
8Ha16E5Z0bpMSBspMBKO8GR6unQlgu7m
content-encoding
gzip
via
1.1 varnish
date
Thu, 15 Jun 2023 16:35:12 GMT
x-amz-request-id
WPPRGD1SYA26YWV2
age
3662
x-amz-server-side-encryption
AES256
x-cache
HIT
x-from-cache
1
x-envoy-upstream-service-time
10
x-amz-replication-status
FAILED
content-length
53104
x-amz-id-2
qpbe1cYI7Fcob8lHylR+a+05h4zbeuSDwMPdAFb+KliyDAki43xeF1t/4uBkBJNlndZF9/NzM4I=
x-served-by
cache-fra-eddf8230082-FRA
last-modified
Thu, 15 Jun 2023 12:22:28 UTC
server
nginx
x-tbl-debug
bestatus=200,beresp=OK
x-timer
S1686846913.936540,VS0,VE3
etag
"e03031615ba95a831a8238e43cf249165a583486"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
abp
4
cache-control
private,max-age=14400
accept-ranges
bytes
x-cache-hits
1
js
www.googletagmanager.com/gtag/ 		256 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-JKHLW29XV9&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P7M62WP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
be7fe445c5a32ac863e7216aab588ccf196a6bb61f36c92dd6613d8651d1796f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
88916
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 15 Jun 2023 16:35:12 GMT
b
sb.scorecardresearch.com/ 		0
226 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b?c1=2&c2=20966896&ns__t=1686846912909&ns_c=UTF-8&c8=V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai%20%7C%20Metr%C3%B3poles&c7=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&c9=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.206.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-206-115.ham50.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
via
1.1 1589d05ea8998abdd2e7ba3167a84e2c.cloudfront.net (CloudFront)
accept-ch
UA, Platform, Arch, Model, Mobile
x-amz-cf-pop
HAM50-C3
x-amz-cf-id
cyT026YfGN6o7v0ut5s6_zVqlOObD7uOZVN37ONSFpc_IfEEF7jRCg==
x-cache
Miss from cloudfront
denakop.js
tags.denakop.com/10057/ 		44 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.denakop.com/10057/denakop.js
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:170e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
71260fb668daf621678dc1c3dd8799ea4912f0ed5205f80075253157b8855b73

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Thu, 15 Jun 2023 15:07:40 GMT
server
cloudflare
age
1545
etag
W/"648b293c-b1f6"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, must-revalidate, max-age=3600
timing-allow-origin
*
cf-ray
7d7c399608bd18dd-FRA
alt-svc
h3=":443"; ma=86400
ws-XNKIKTMY.js
wfpscripts.webspectator.com/bootstrap/ 		1 KB
844 B 		Script
General
Check archive.org
Download Go to
Full URL
https://wfpscripts.webspectator.com/bootstrap/ws-XNKIKTMY.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P7M62WP
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.252.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-1-252-251.compute-1.amazonaws.com
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
a12739cf3db5809e351609d3a7fa78245640d2b33083beb6be4376a246af5520

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
content-encoding
gzip
last-modified
Thu, 17 Dec 2020 20:19:21 GMT
server
nginx/1.10.3 (Ubuntu)
etag
W/"4641805831b7b568e460ebb6aab7e273"
x-cache-status
HIT
content-type
application/x-javascript
cache-control
max-age=31536000
integrator.js
adservice.google.com/adsid/ 		107 B
457 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.metropoles.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075333
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		208 KB
41 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4053246792815207&correlator=1408685511658219&eid=31075333%2C31075349%2C31075352&output=ldjh&gdfp_req=1&vrg=202306130101&ptt=17&impl=fifs&iu_parts=123935210%2Cdistrito-federal-na-mira-horizontal-1%2Cdistrito-federal-na-mira-horizontal-2%2Cdistrito-federal-na-mira-horizontal-3%2Cdistrito-federal-na-mira-quadrado-1%2Cdistrito-federal-na-mira-quadrado-2%2Cdistrito-federal-na-mira-quadrado-3%2Cdistrito-federal-na-mira-quadrado-4%2Cdistrito-federal-na-mira-quadrado-sidebar-1%2Ctag-nsc%2Cdistrito-federal-na-mira-selo&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7%2C%2F0%2F8%2C%2F0%2F9%2C%2F0%2F10&prev_iu_szs=728x90%7C970x90%7C970x66%7C970x250%7C970x100%7C970x66%2C728x90%7C468x60%2C728x90%7C970x90%7C970x66%7C970x250%7C468x60%2C300x250%7C336x280%2C300x250%7C336x280%2C300x250%7C336x280%2C300x250%7C336x280%2C300x600%7C120x600%7C300x250%7C336x280%7C320x480%2C120x50%2C120x50&ifi=1&adks=1917955322%2C9308471%2C2062949776%2C599016775%2C1160825319%2C1219773255%2C878376230%2C1437173479%2C2140353106%2C775209279&didk=1010477248~1010477255~1010477254~4237817281~4237817286~4237817287~4237817284~1569103568~1721523343~71975095&sfv=1-0-40&prev_scp=refresh%3Dtrue%26refreshed_slot%3Dfalse%7Crefresh%3Dtrue%26refreshed_slot%3Dfalse%7Crefresh%3Dtrue%26refreshed_slot%3Dfalse%7Crefresh%3Dtrue%26refreshed_slot%3Dfalse%7Crefresh%3Dtrue%26refreshed_slot%3Dfalse%7Crefresh%3Dtrue%26refreshed_slot%3Dfalse%7Crefresh%3Dtrue%26refreshed_slot%3Dfalse%7Crefresh%3Dtrue%26refreshed_slot%3Dfalse%7Crefresh%3Dtrue%26refreshed_slot%3Dfalse%7Crefresh%3Dtrue%26refreshed_slot%3Dfalse&eri=1&cust_params=ttLS%3Dna%26ttS%3Dna%26ttT%3Dna%26ttC%3Dna%26ttU%3Dna%26ttCA%3Dna%26ttE%3Dna%26ttA%3Dna%26ttG%3Dna%26key-test%3Dinvestigados%252Cresponderao%252Cpor%252Cfurto%252Cqualificado%252Cpelo%252Cuso%252Crecursos%252Ccibernetico%252Calem%252Clavagem%252Cdinheiro%252Corganizacao%252Ccriminosa%252Cvideos%252Chacker%252Costentacao%252Cdeu%252Cgolpe%252Catacadista%252Ctorrou%252Cdubai%252Cmetropoles&sc=1&cookie_enabled=1&abxe=1&dt=1686846912952&lmt=1686846912&dlt=1686846911016&idt=430&adxs=1114%2C-9%2C-9%2C324%2C324%2C-9%2C324%2C1440%2C903%2C-9&adys=227%2C-9%2C-9%2C1732%2C2380%2C-9%2C5478%2C277%2C2157%2C-9&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C-1%7C-1%7C1%7C2%7C-1%7C3%7C0%7C4%7C-1&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9%7Ca&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&ref=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&frm=20&vis=1&psz=954x250%7C0x-1%7C0x-1%7C627x280%7C627x280%7C0x-1%7C627x280%7C302x600%7C325x6705%7C0x-1&msz=954x250%7C0x-1%7C0x-1%7C627x280%7C627x280%7C0x-1%7C627x280%7C302x600%7C301x0%7C0x-1&fws=0%2C2%2C2%2C0%2C0%2C2%2C0%2C512%2C0%2C2&ohw=0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0&ga_vid=221450224.1686846911&ga_sid=1686846913&ga_hid=963000094&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075333
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5d1d237ea0f3f7d2ed1b3038b8636892ef78cbcfac5d9cdbdcba6de3856a3051
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2,-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42011
x-xss-protection
0
google-lineitem-id
-1,6323729489,6324956539,-1,-1,-2,-1,-1,-1,-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-1,138435725127,138435899750,-1,-1,-2,-1,-1,-1,-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.metropoles.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202306130101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075333
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ac4570dd9d3129456439631294afcf3e104b81bd76e446ee6ecad7ae1d70924
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11071
x-xss-protection
0
container.html
e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2C14 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075333
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.metropoles.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 15 Jun 2023 16:35:13 GMT
expires
Fri, 14 Jun 2024 16:35:13 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
cs.js
sb.scorecardresearch.com/internal-c2/default/
Redirect Chain
  • https://sb.scorecardresearch.com/c2/20966896/cs.js
  • https://sb.scorecardresearch.com/internal-c2/default/cs.js
0
359 B 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/internal-c2/default/cs.js
Protocol
H2
Server
54.230.206.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-206-115.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:22:56 GMT
via
1.1 1589d05ea8998abdd2e7ba3167a84e2c.cloudfront.net (CloudFront)
last-modified
Mon, 01 Mar 2021 20:42:20 GMT
server
AmazonS3
x-amz-cf-pop
HAM50-C3
age
739
x-amz-server-side-encryption
AES256
etag
"d41d8cd98f00b204e9800998ecf8427e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
0
x-amz-cf-id
d0PawLjEYYV6werOLlOYMVA4A646dswvcLSotOUrbLCjDdC5n_Cerg==

Redirect headers

date
Thu, 15 Jun 2023 16:35:12 GMT
via
1.1 1589d05ea8998abdd2e7ba3167a84e2c.cloudfront.net (CloudFront)
accept-ch
UA, Platform, Arch, Model, Mobile
x-amz-cf-pop
HAM50-C3
x-cache
Miss from cloudfront
location
/internal-c2/default/cs.js
content-length
0
x-amz-cf-id
2oc_k_kwmo4CMDAG53cH7d5fsSSVj6YTmkHOujymyQ5k1o-cmsdBdw==
qb9ey5up-120.jpg
assets-jpcust.jwpsrv.com/thumbnails/ Frame 2685
Redirect Chain
  • https://cdn.jwplayer.com/v2/media/dzDgy0yC/poster.jpg?width=120
  • https://assets-jpcust.jwpsrv.com/thumbnails/qb9ey5up-120.jpg
6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets-jpcust.jwpsrv.com/thumbnails/qb9ey5up-120.jpg
Protocol
H2
Server
2a04:4e42:200::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
339f84fe49fbb2ed753a5dcf562142bcbb74f253518fe167000fc5a75fa6395f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
596
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
6605
x-served-by
cache-iad-kcgs7200145-IAD, cache-fra-eddf8230048-FRA
last-modified
Wed, 14 Jun 2023 01:35:13 GMT
server
nginx
x-timer
S1686846913.152046,VS0,VE1
etag
"f876d295c0fce3d9ceb804eb18444c28"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=900
accept-ranges
bytes
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
x-cache-hits
737, 1

Redirect headers

date
Thu, 15 Jun 2023 16:35:13 GMT
via
1.1 8f9305e858931aa6ae96c1310e7ea596.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
HAM50-C2
access-control-allow-methods
GET
content-type
image/jpeg
location
https://assets-jpcust.jwpsrv.com/thumbnails/qb9ey5up-120.jpg
access-control-allow-origin
*
cache-control
max-age=180, max-stale=180
x-cache
Miss from cloudfront
x-robots-tag
noindex, indexifembedded
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
content-length
0
x-amz-cf-id
jpGyGMs1w7DFWsntkXStfjoGcNwANvuimEXMMpS3PAXc2mYP4SDguw==
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		76 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/10057/denakop.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8767a6420f475a2a054ed5388971130a040f40e4d241ced42c1fb3404bd90a4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
25338
x-xss-protection
0
server
cafe
etag
539 / 19523 / 31075344 / config-hash: 17480437215513226996
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Thu, 15 Jun 2023 16:35:13 GMT
prebid.js
tags.denakop.com/ 		272 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.denakop.com/prebid.js
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/10057/denakop.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:170e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ee888bc3e7a166fe422eb4ba38421559ac0d86114235822d5ee02d8c5bdd7d63

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Mon, 17 Apr 2023 14:43:23 GMT
server
cloudflare
age
1632
cf-polished
origSize=279167
etag
W/"643d5b0b-4427f"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, must-revalidate, max-age=3600
timing-allow-origin
*
cf-ray
7d7c3996593518dd-FRA
alt-svc
h3=":443"; ma=86400
metropoles.com.js
tags.denakop.com/10057/ 		225 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.denakop.com/10057/metropoles.com.js
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/10057/denakop.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:170e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8304d44a4a0e3f726ea635cea6b7f6a86c8c0b2b568d0e5a9d578681a6b5fbb5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Thu, 15 Jun 2023 15:07:40 GMT
server
cloudflare
age
1532
etag
W/"648b293c-38473"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, must-revalidate, max-age=3600
timing-allow-origin
*
cf-ray
7d7c3996593718dd-FRA
alt-svc
h3=":443"; ma=86400
apstag.js
c.amazon-adsystem.com/aax2/ 		235 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/10057/denakop.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.181.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-181-100.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b17f4c082b272213f4da075af5c73893db6c70f060c8441ff6e70f7251324ff9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:17:02 GMT
content-encoding
gzip
via
1.1 d954dd318e06aa0e69375f36dcd819de.cloudfront.net (CloudFront), 1.1 6c0cf54c85a45b06ce06eb9b5a31a1c6.cloudfront.net (CloudFront)
last-modified
Thu, 08 Jun 2023 19:47:46 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1, HAM50-C1
age
1092
x-amz-server-side-encryption
AES256
etag
W/"22e740da4e2336def33bbd74ea6796a6"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=3600
x-amz-cf-id
S3EHpkRNqcZrcW6pHzx81ciV5RtnO6NZsn9fPXHOWnfJ3WY2uSX2bg==
fpc
at.teads.tv/ 		0
289 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://at.teads.tv/fpc?analytics_tag_id=&tfpvi=&gdpr_status=22&gdpr_reason=220&gdpr_consent=&ccpa_consent=&shared_ids=&sv=8480ba3&
Requested by
Host: a.teads.tv
URL: https://a.teads.tv/analytics/tag.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.102.35.84 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-102-35-84.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://www.metropoles.com
Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:13 GMT
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Expires
Thu, 15 Jun 2023 16:35:13 GMT
collect
region1.analytics.google.com/g/ 		0
257 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-JKHLW29XV9&gtm=45je36c0&_p=963000094&_gaz=1&cid=221450224.1686846911&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1686846913&sct=1&seg=0&dl=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&dr=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&dt=V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai%20%7C%20Metr%C3%B3poles&en=page_view&_fv=1&_ss=2&_c=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JKHLW29XV9&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:13 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.metropoles.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
48 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-JKHLW29XV9&cid=221450224.1686846911&gtm=45je36c0&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JKHLW29XV9&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c07::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:13 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.metropoles.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-JKHLW29XV9&cid=221450224.1686846911&gtm=45je36c0&aip=1&z=2056574651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:13 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
load.js
pm-widget.taboola.com/metropolesdf/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pm-widget.taboola.com/metropolesdf/load.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/metropolesdf/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
92495b4d41aad0c20f2c0418e338f5db165b2cc0c2372898b723016f9f302a90

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id
zEdmfZy7W8UXJ1VsyFEa78XMsk1Mc6We
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Thu, 15 Jun 2023 16:35:13 GMT
x-amz-request-id
QRS5XCJRM574AF13
age
60
x-cache
HIT, HIT
content-length
1190
x-amz-id-2
JvVmAb9lW6k7aTb3esueFVP/1Fq3SuveUuyr3qSy0/SBS5v/9YXGZAHKhZD433cmDDGWarnrguk=
x-served-by
cache-bur-kbur8200063-BUR, cache-fra-eddf8230082-FRA
last-modified
Tue, 02 May 2023 06:58:44 GMT
server
AmazonS3
x-timer
S1686846913.075106,VS0,VE2
etag
"ea09c55dc3825c565adaac551ba5e782"
vary
Accept-Encoding,,
content-type
application/javascript; charset=utf-8
cache-control
max-age=300
accept-ranges
bytes
x-cache-hits
10896, 1
impl.20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79.js
cdn.taboola.com/libtrc/ 		778 KB
162 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/impl.20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/metropolesdf/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3-br /
Resource Hash
f28de26fa161a336a6b42af55bb8b03acb24f783ad1680e1c6d6e88f207d4c24

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id
Ca3Sv07XNJVWE1jIIR7ZhNteqEvyfR2n
content-encoding
br
via
1.1 varnish
date
Thu, 15 Jun 2023 16:35:13 GMT
x-amz-request-id
7MSP3GZMTVKJPWAT
age
18815
x-amz-server-side-encryption
AES256
x-cache
HIT
content-length
165781
x-amz-id-2
0kkXEMHiMvz5grPjZNS6ii9UsmPYFYXfaHwdKONApFQL5LODd0sNWQMnXGTteEbz0KyzOSktKBQ=
x-served-by
cache-fra-eddf8230082-FRA
last-modified
Thu, 15 Jun 2023 11:02:01 GMT
server
AmazonS3-br
x-tbl-debug
bestatus=200,beresp=OK
x-timer
S1686846913.075020,VS0,VE0
etag
"ac1e333edd81c940593e534c8aaa0511"
vary
Accept-Encoding
content-type
application/javascript
abp
20
access-control-allow-origin
*
cache-control
private,max-age=14400
accept-ranges
bytes
x-cache-hits
1494
beacon.js
sb.scorecardresearch.com/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/metropolesdf/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.206.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-206-115.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1aee66e2e24e851039801c0dace90f3efb7a1a17b033f7d5bbc12ca7c1d19432

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 03:19:29 GMT
content-encoding
gzip
via
1.1 1589d05ea8998abdd2e7ba3167a84e2c.cloudfront.net (CloudFront)
last-modified
Thu, 09 Mar 2023 09:22:40 GMT
server
AmazonS3
x-amz-cf-pop
HAM50-C3
age
47745
x-amz-server-side-encryption
AES256
etag
W/"a06e7a176f40dc26aa5e9567ac9d2d5e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=86400
x-amz-cf-id
Xzxb54K5va9Ct3UAK62PIqAdOLGMuMDRXrAywoUxljT2RSB6KLFBEw==
tr5
cdn.taboola.com/libtrc/ 		3 B
79 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.taboola.com/libtrc/tr5?abgroup=em-in-body-26_var
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-served-by
cache-fra-eddf8230082-FRA
date
Thu, 15 Jun 2023 16:35:13 GMT
via
1.1 varnish
server
Varnish
x-timer
S1686846913.075554,VS0,VE0
x-cache
HIT
content-type
text/html
access-control-allow-origin
*
cache-control
private,max-age=14400
accept-ranges
bytes
content-length
3
retry-after
0
x-cache-hits
0
js
www.googletagmanager.com/gtag/ 		107 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=undefined
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/10057/metropoles.com.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
588ba476fa77a6f9f0021b610ab249cc0755fea8c0b6c6b0d918d326dedced51
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42978
x-xss-protection
0
last-modified
Thu, 15 Jun 2023 15:58:27 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 15 Jun 2023 16:35:13 GMT
api.gif
tags.denakop.com/ 		0
349 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.denakop.com/api.gif?a=10057&d=desktop&b=Chrome&o=Windows&v=4.18.8&sw=1600&sh=1200&ac=p&p=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&t=1686846913098&cb=0.4452050241393488&r=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:170e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:13 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
x-frame-options
DENY
content-type
image/gif
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
cf-ray
7d7c3996e92d37fb-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
expires
Sun, 01 Jan 2014 00:00:00 GMT
config
c.amazon-adsystem.com/cdn/prod/ 		0
0
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.181.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-181-100.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id
Zm_tZQQ808JKRizBfXGgSN2OWn8Z6JUU
content-encoding
gzip
via
1.1 ce9a2abd25eed1f472711c23f8a0adae.cloudfront.net (CloudFront)
date
Thu, 15 Jun 2023 05:29:47 GMT
x-amz-cf-pop
HAM50-C1
age
43176
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Fri, 26 May 2023 01:35:48 GMT
server
AmazonS3
etag
W/"a4d296427fc806b21335359e398c025c"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
vary
Accept-Encoding,Origin
x-amz-cf-id
4pVjWJWUk6dk8LGJmnDTDxdtD9OonPdLGQqim5dGjcC5_SBd6dXRjQ==
b
sb.scorecardresearch.com/ 		0
226 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b?c1=7&c2=34354936&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1686846913132&ns_c=UTF-8&c3=1&c7=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&c8=V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai%20%7C%20Metr%C3%B3poles&c9=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.206.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-206-115.ham50.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
via
1.1 1589d05ea8998abdd2e7ba3167a84e2c.cloudfront.net (CloudFront)
accept-ch
UA, Platform, Arch, Model, Mobile
x-amz-cf-pop
HAM50-C3
x-amz-cf-id
PVWR7Yk1x2WE2t-Ouw6Z0bdSH1Bg125c94JVZS2vW3eHc8ynqkTCUw==
x-cache
Miss from cloudfront
pmk-20220605.2.js
pm-widget.taboola.com/metropolesdf/ 		115 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pm-widget.taboola.com/metropolesdf/pmk-20220605.2.js
Requested by
Host: pm-widget.taboola.com
URL: https://pm-widget.taboola.com/metropolesdf/load.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a7170f28686cf23692d8b6b7915861035b829faa281323d5b6c68ace658f0ecb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id
umdLRgXm8BmfohpvD7qyUxC5thk79dGF
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Thu, 15 Jun 2023 16:35:13 GMT
x-amz-request-id
BPZDMH88BFXNQAQ7
age
272250
x-cache
HIT, HIT
content-length
31820
x-amz-id-2
U1ZedXRTsGZX8ViRgYdS0YHkocKmOL3cm44rkuwO5c6CPSAIDJC5jSyRhwcTZdc09QmZWIKafOo=
x-served-by
cache-bur-kbur8200067-BUR, cache-fra-eddf8230082-FRA
last-modified
Tue, 02 May 2023 06:58:43 GMT
server
AmazonS3
x-timer
S1686846913.135018,VS0,VE0
etag
"b30a2d278e9f2f288e8c5e8bc5f71bea"
vary
Accept-Encoding,,
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000
accept-ranges
bytes
x-cache-hits
712, 3
sync
gum.criteo.com/ 		46 B
288 B 		Script
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:d::d , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
189b8ed64093b12937354b2ef71ccf1df59690d90432241a10fe1cb25000acba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:12 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=3600
server-processing-duration-in-ticks
211054
expires
60
json
trc.taboola.com/metropolesdf/trc/3/ 		55 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://trc.taboola.com/metropolesdf/trc/3/json?tim=16%3A35%3A13.149&lti=em-in-body-26_var&data=%7B%22id%22%3A58%2C%22ii%22%3A%22%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1686823648926%2C%22vi%22%3A1686846913146%2C%22cv%22%3A%2220230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai%22%2C%22bv%22%3A%220%22%2C%22wc%22%3Atrue%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22uad%22%3A%7B%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%7D%2C%22pev%22%3A11920%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22bu%22%3A%22https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai%22%2C%22vpi%22%3A%22%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai%22%2C%22e%22%3A%22https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1600%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A1200%2C%22dw%22%3A1600%2C%22dh%22%3A7828%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A1%2C%22uim%22%3A%22thumbnails-mid-gallery%3Aabp%3D0%22%2C%22uip%22%3A%2214-Widget%201%20photo%20galley%22%2C%22orig_uip%22%3A%2214-Widget%201%20photo%20galley%22%2C%22cd%22%3A2559.5%2C%22mw%22%3A600%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A3%2C%22uim%22%3A%22thumbnails-c-3x1%3Aabp%3D0%22%2C%22uip%22%3A%22Mid%20Article%22%2C%22orig_uip%22%3A%22Mid%20Article%22%2C%22cd%22%3A4362.890625%2C%22mw%22%3A627.984375%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A3%2C%22uim%22%3A%22thumbnails-a-3x1%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22cd%22%3A6989.203125%2C%22mw%22%3A627.984375%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A4%2C%22uim%22%3A%22thumbnails-d-1x1-stream%3Aabp%3D0%22%2C%22uip%22%3A%22Right%20Rail%22%2C%22orig_uip%22%3A%22Right%20Rail%22%2C%22cd%22%3A1856.828125%2C%22mw%22%3A301.984375%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai%2C14-Widget%201%20photo%20galley%3Dthumbnails-mid-gallery%3Aabp%3D0%2C%2CBelow%20Article%20Thumbnails%3Dthumbnails-a-3x1%3Aabp%3D0%2C%2CMid%20Article%3Dthumbnails-c-3x1%3Aabp%3D0%2C%2CRight%20Rail%3Dthumbnails-d-1x1-stream%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22em-in-body-26_var%22%7D&llvl=2
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
31f7aa000a69c90e2d6c96c642183ebb16dd18cf32a0ad317a93266ba8903861

Request headers

Referer
https://www.metropoles.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain

Response headers

x-vcl-time-ms
918
date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
via
1.1 varnish
x-fastly-to-nlb-rtt
7548
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
x-service-version
v2
x-served-by
cache-fra-eddf8230082-FRA
server
nginx
x-timer
S1686846913.168016,VS0,VE918
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
https://www.metropoles.com
access-control-allow-credentials
true
accept-ranges
bytes
x-cache-hits
0
28jj0mog-120.jpg
assets-jpcust.jwpsrv.com/thumbnails/ Frame 0BA1
Redirect Chain
  • https://cdn.jwplayer.com/v2/media/chywiA5K/poster.jpg?width=120
  • https://assets-jpcust.jwpsrv.com/thumbnails/28jj0mog-120.jpg
5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets-jpcust.jwpsrv.com/thumbnails/28jj0mog-120.jpg
Protocol
H2
Server
2a04:4e42:200::626 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
244986048523824ae665c4a079ca86ecb638de618657c24a1d56cc0ce8679335

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jwplayer.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
632
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
content-length
4893
x-served-by
cache-iad-kjyo7100129-IAD, cache-fra-eddf8230048-FRA
last-modified
Tue, 13 Jun 2023 17:38:14 GMT
server
nginx
x-timer
S1686846913.289071,VS0,VE1
etag
"575cc53c56322a58c51f47a01b785d62"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=900
accept-ranges
bytes
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
x-cache-hits
39, 1

Redirect headers

date
Thu, 15 Jun 2023 16:35:13 GMT
via
1.1 8f9305e858931aa6ae96c1310e7ea596.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
HAM50-C2
access-control-allow-methods
GET
content-type
image/jpeg
location
https://assets-jpcust.jwpsrv.com/thumbnails/28jj0mog-120.jpg
access-control-allow-origin
*
cache-control
max-age=180, max-stale=180
x-cache
Miss from cloudfront
x-robots-tag
noindex, indexifembedded
access-control-allow-headers
accept-encoding, cache-control, origin, dnt, accept-language
content-length
0
x-amz-cf-id
R5aJ-q5sMY4m6c7pylwxTR8Pjg71I3mWy3DssNQJB3kLuJfT7JW_-A==
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075333
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 15 Jun 2023 16:35:13 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame F602 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.metropoles.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
28786
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 15 Jun 2023 08:35:27 GMT
expires
Fri, 14 Jun 2024 08:35:27 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame C3E1 		783 B
969 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
d5022e67d6d150fa0d27df0424cd7b7b3d81d9da792417485f74d45b3fd290d5
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-7VU2-REVsTsdrUKs9wVhsw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.metropoles.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-length
511
content-security-policy
script-src 'report-sample' 'nonce-7VU2-REVsTsdrUKs9wVhsw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 15 Jun 2023 16:35:13 GMT
expires
Thu, 15 Jun 2023 16:35:13 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
init
webservices.webspectator.com/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://webservices.webspectator.com/init?appId=XNKIKTMY&h=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&q=undefined&t=1686846913318
Requested by
Host: wfpscripts.webspectator.com
URL: https://wfpscripts.webspectator.com/bootstrap/ws-XNKIKTMY.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.192.67.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-67-210.compute-1.amazonaws.com
Software
WildFly/10 / Undertow/1
Resource Hash
bd96a68a93d5367dce375794e07d04fe0e832ebd5dfa3d993c52897fe5c40dfc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:13 GMT
Content-Encoding
gzip
Server
WildFly/10
X-Powered-By
Undertow/1
Transfer-Encoding
chunked
Content-Type
application/javascript;charset=UTF-8
X-NoCache
true
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Jan 1970 00:00:00 GMT
quant.js
secure.quantserve.com/ 		22 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: wfpscripts.webspectator.com
URL: https://wfpscripts.webspectator.com/bootstrap/ws-XNKIKTMY.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e23decabee8464b650d1d0241283ba0c469806e14a2199efc5bb41771cb673c1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
content-encoding
gzip
etag
"sLp6xTjO7svFVaOemhLWUQ=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
accept-ranges
bytes
expires
Thu, 22 Jun 2023 16:35:13 GMT
F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js
pagead2.googlesyndication.com/bg/ Frame F602 		37 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
176df1038f84f14d1d2ec33b51af8cef8034b6ebf27106f9b716f714d560e882
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 09:31:52 GMT
content-encoding
br
x-content-type-options
nosniff
age
25401
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14698
x-xss-protection
0
last-modified
Mon, 05 Jun 2023 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 14 Jun 2024 09:31:52 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame C3E1 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202306130101&jk=4053246792815207&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers
rules-p-HGAVM7nQJ_sep.js
rules.quantcount.com/ 		160 B
632 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-HGAVM7nQJ_sep.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223c:6800:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
73db2a2a4d0933294f7188230306bea80ad011455f5f3a34127d33cbb43eb1c9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:03:21 GMT
via
1.1 f4137273db9ae377298b8f8daf5b93f0.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
age
1913
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
160
last-modified
Thu, 13 Oct 2022 15:29:48 GMT
server
AmazonS3
etag
"afb90b4e3022c802397d34b9f457500e"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
x-amz-cf-id
Y8h6A88LKtupe8g1oXYM4bRxBu8Z7TPAroHiWkZsRxLso-on-t7ARA==
pixel;r=452987011;rf=0;a=p-HGAVM7nQJ_sep;url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai;re...
pixel.quantserve.com/ 		35 B
373 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=452987011;rf=0;a=p-HGAVM7nQJ_sep;url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai;ref=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F;uht=2;fpan=1;fpa=P0-1893435488-1686846913372;pbc=;ns=0;ce=1;qjs=1;qv=c818c8ec-20230509111053;cm=;gdpr=0;d=metropoles.com;dst=0;et=1686846913414;tzo=0;ogl=locale.pt_BR%2Ctype.article%2Ctitle.V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%252C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20di%2Cdescription.Investigados%20responder%C3%A3o%20por%20furto%20qualificado%252C%20pelo%20uso%20de%20recursos%20cibern%C3%A9tico%2Curl.https%3A%2F%2Fwww%252Emetropoles%252Ecom%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-%2Csite_name.Metr%C3%B3poles%2Cupdated_time.2023-06-13T19%3A44%3A57-03%3A00%2Cimage.https%3A%2F%2Fuploads%252Emetropoles%252Ecom%2Fwp-content%2Fuploads%2F2023%2F06%2F13093242%2Foperacao-pcdf%2Cimage%3Asecure_url.https%3A%2F%2Fuploads%252Emetropoles%252Ecom%2Fwp-content%2Fuploads%2F2023%2F06%2F13093242%2Foperacao-pcdf%2Cimage%3Awidth.960%2Cimage%3Aheight.640%2Cimage%3Aalt.hacker%2Cimage%3Atype.image%2Fjpeg;ses=7de2289a-f075-46b4-ae63-04e436925ed5;mdl=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:13 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type
image/gif
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
generate_204
tpc.googlesyndication.com/ Frame F602 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?sAoYCA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
fastlane.json
fastlane.rubiconproject.com/a/api/ 		12 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23648&site_id=427988&zone_id=2448788&size_id=8&rp_schain=1.0,1!denakop.com,10057,1,,,!google.com,pub-8170966538152543,1,,,&rf=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&tk_flint=pbjs_lite_v7.11.0&x_source.tid=2fe29743-9ccb-482a-a278-21b03d057795&l_pb_bid_id=24c12368b4a245&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7909127041018198
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::51 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
1b33a7df3203f54d97754d600d6163b76be470464a5d72d2d70801e308996a8c

Request headers

Referer
https://www.metropoles.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:13 GMT
content-encoding
gzip
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.metropoles.com
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		4 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23648&site_id=427988&zone_id=2448788&size_id=2&alt_size_ids=55&rp_schain=1.0,1!denakop.com,10057,1,,,!google.com,pub-8170966538152543,1,,,&rf=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&tk_flint=pbjs_lite_v7.11.0&x_source.tid=e04f69c1-0210-470c-9d4d-97e8158aafc3&l_pb_bid_id=3e050ca6df51f4&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.12162701107772511
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::51 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
dd8762b95ee8691385c70c46fac68d7e72a620f1c9556bde021ef73d053818a4

Request headers

Referer
https://www.metropoles.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:13 GMT
content-encoding
gzip
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.metropoles.com
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
prebid-request
onetag-sys.com/ 		15 B
366 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/prebid-request
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://www.metropoles.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
content-type
application/json
access-control-allow-origin
https://www.metropoles.com
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control
no-transform, no-cache
access-control-allow-credentials
true
access-control-allow-headers
content-type, origin, referer, user-agent
content-length
41
prebid
ib.adnxs.com/ut/v3/ 		247 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.141 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
6f41a7c2605f609e29b209d7c275a781571bad7a8e9ea6201a31f670613c4ecc
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.metropoles.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:13 GMT
AN-X-Request-Uuid
ab41df2d-f62e-4f5c-9a65-834a11bb028a
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
application/json; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.metropoles.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
185.213.155.177; 185.213.155.177; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
247
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
prg.smartadserver.com/prebid/ 		171 B
565 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
89.149.192.65 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://www.metropoles.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:13 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.metropoles.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
v1
prg.smartadserver.com/prebid/ 		171 B
560 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
89.149.192.65 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://www.metropoles.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:13 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.metropoles.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
prebid
ib.adnxs.com/ut/v3/ 		250 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.141 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
8f4766022a954903d0d6615808a49aa6ef81b66c80ffd3fd5cadc2725b476a24
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.metropoles.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:13 GMT
AN-X-Request-Uuid
62ecae57-417a-4d83-8943-05a49ff15773
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
application/json; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.metropoles.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
185.213.155.177; 185.213.155.177; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
250
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
hb
cpm.denakop.com/ 		0
265 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cpm.denakop.com/hb?zone=140188&v=1.6
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.metropoles.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:13 GMT
Server
nginx
Age
0
Access-Control-Allow-Origin
https://www.metropoles.com
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Connection
close
Content-Length
0
hb
cpm.denakop.com/ 		0
265 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cpm.denakop.com/hb?zone=140461&v=1.6
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.metropoles.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:13 GMT
Server
nginx
Age
0
Access-Control-Allow-Origin
https://www.metropoles.com
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Connection
close
Content-Length
0
/
prebid.smilewanted.com/ 		0
35 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.smilewanted.com/
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.69.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.metropoles.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
cf-cache-status
DYNAMIC
server
cloudflare
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin
https://www.metropoles.com
cache-control
no-cache, private
access-control-allow-credentials
true
cf-ray
7d7c399a8f0abb35-FRA
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
/
prebid.smilewanted.com/ 		0
312 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.smilewanted.com/
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.69.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.metropoles.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
cf-cache-status
DYNAMIC
server
cloudflare
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin
https://www.metropoles.com
cache-control
no-cache, private
access-control-allow-credentials
true
cf-ray
7d7c399a8f0bbb35-FRA
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
bids
prebid-us.creativecdn.com/bidder/prebid/ 		0
181 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid-us.creativecdn.com/bidder/prebid/bids
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.184.10.30 , Poland, ASN203690 (RTB-HOUSE-ASH, PL),
Reverse DNS
ip-185-184-10-30.rtbhouse.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.metropoles.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.metropoles.com
date
Thu, 15 Jun 2023 16:35:13 GMT
access-control-allow-credentials
true
vary
Origin
access-control-max-age
3600
access-control-allow-methods
POST
bid
aax.amazon-adsystem.com/e/dtb/ 		23 B
467 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&pr=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&pid=bmVVA96xG1IC8&cb=0&ws=1600x1200&v=23.605.2213&t=2000&slots=%5B%7B%22sd%22%3A%22denakop-auto-side-5ba26992-e34d-40ea-af32-45e7361a08f8%22%2C%22s%22%3A%5B%22120x600%22%2C%22120x450%22%5D%2C%22sn%22%3A%22%2F21715141650%2C123935210%2Fmetropoles.com%2Fdesktop_side%22%7D%2C%7B%22sd%22%3A%22denakop-auto-under-b5584f77-0387-494f-9e5a-3a2e21a94725%22%2C%22s%22%3A%5B%22970x90%22%2C%22728x90%22%5D%2C%22sn%22%3A%22%2F21715141650%2C123935210%2Fmetropoles.com%2Fdesktop_under%22%7D%5D&schain=1.0%2C1!denakop.com%2C0%2C1%2C%2C%2C!google.com%2Cpub-8170966538152543%2C1%2C%2C%2C&pubid=2bb0a508-595f-49a8-87af-9e3915fc9884&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.155.146.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-155-146-78.ham50.r.cloudfront.net
Software
Server /
Resource Hash
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 60fdae524298443cc52e327d1b093408.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
HAM50-P1
x-amz-rid
GBWPDQ1DKKS4MXGMWTT4
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.metropoles.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
m3FKXSpQCSqh9NEelvnu1oe2x4QJz0LfYiOdXk6nTGLMyulbCgwMmg==
initcb
webservices.webspectator.com/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://webservices.webspectator.com/initcb?appId=2779&vId=30A0B7F38F84E171&dads=0&lts=0&nv=1&s=4898&res=1600x1200&c=1&l=en&r=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&sr=direct&ts=1686846913791&rs=0&h=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&npv=1&ltsss=0&ltsvs=0
Requested by
Host: webservices.webspectator.com
URL: https://webservices.webspectator.com/init?appId=XNKIKTMY&h=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&q=undefined&t=1686846913318
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.192.67.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-67-210.compute-1.amazonaws.com
Software
WildFly/10 / Undertow/1
Resource Hash
83888529154989f21f4ee959c6cf76ceafbeddb65661ddf3659f742bb3037327

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:13 GMT
Content-Encoding
gzip
Server
WildFly/10
X-Powered-By
Undertow/1
Transfer-Encoding
chunked
Content-Type
application/javascript;charset=UTF-8
X-NoCache
true
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Jan 1970 00:00:00 GMT
ortc-heartbeat1sec-min.js
wfpscripts.webspectator.com/ 		76 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wfpscripts.webspectator.com/ortc-heartbeat1sec-min.js
Requested by
Host: webservices.webspectator.com
URL: https://webservices.webspectator.com/initcb?appId=2779&vId=30A0B7F38F84E171&dads=0&lts=0&nv=1&s=4898&res=1600x1200&c=1&l=en&r=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&sr=direct&ts=1686846913791&rs=0&h=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&npv=1&ltsss=0&ltsvs=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.252.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-1-252-251.compute-1.amazonaws.com
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
80a6c8fd3fd83054bdd51a596217f806cec456cd5b176ec5e44a407201a82d2a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
content-encoding
gzip
last-modified
Wed, 30 Nov 2016 17:07:44 GMT
server
nginx/1.10.3 (Ubuntu)
etag
"ae07ae40393a03d603b6341bf9f7f923"
x-cache-status
HIT
content-type
application/javascript
cache-control
max-age=2592000
content-length
19153
x-amz-meta-s3b-last-modified
20161130T162538Z
retargetly_univ_2.js
wfpscripts.webspectator.com/third_party/ 		612 B
579 B 		Script
General
Check archive.org
Download Go to
Full URL
https://wfpscripts.webspectator.com/third_party/retargetly_univ_2.js
Requested by
Host: webservices.webspectator.com
URL: https://webservices.webspectator.com/initcb?appId=2779&vId=30A0B7F38F84E171&dads=0&lts=0&nv=1&s=4898&res=1600x1200&c=1&l=en&r=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&sr=direct&ts=1686846913791&rs=0&h=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&npv=1&ltsss=0&ltsvs=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.252.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-1-252-251.compute-1.amazonaws.com
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
0d89ab019fdc4db07a89ba39546aa0ef86110eb0478c636a033e8ac5e5fb6acb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
last-modified
Thu, 09 Sep 2021 20:05:54 GMT
server
nginx/1.10.3 (Ubuntu)
etag
"302fb998d90e2452d81370c4e03fa940"
x-cache-status
MISS
content-type
application/javascript
content-length
394
swfobject.js
ajax.googleapis.com/ajax/libs/swfobject/2.2/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js
Requested by
Host: webservices.webspectator.com
URL: https://webservices.webspectator.com/initcb?appId=2779&vId=30A0B7F38F84E171&dads=0&lts=0&nv=1&s=4898&res=1600x1200&c=1&l=en&r=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&sr=direct&ts=1686846913791&rs=0&h=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&npv=1&ltsss=0&ltsvs=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8677971b119ccdb82af697ff0e08f218490d15116f221d44301f1cc8797e67d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 19:23:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
508313
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3974
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 08 Jun 2024 19:23:21 GMT
blockadblock.js
wfpscripts.webspectator.com/adblocker/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wfpscripts.webspectator.com/adblocker/blockadblock.js
Requested by
Host: webservices.webspectator.com
URL: https://webservices.webspectator.com/initcb?appId=2779&vId=30A0B7F38F84E171&dads=0&lts=0&nv=1&s=4898&res=1600x1200&c=1&l=en&r=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&sr=direct&ts=1686846913791&rs=0&h=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&npv=1&ltsss=0&ltsvs=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.252.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-1-252-251.compute-1.amazonaws.com
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
7ed1947cb1ec4f11c68e3b281741c4214839a262843c339c1f1e3bc357434183

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
content-encoding
gzip
last-modified
Tue, 11 Oct 2016 13:22:22 GMT
server
nginx/1.10.3 (Ubuntu)
etag
"0dcdd7a190caf42e7d287645d9ba0303"
x-cache-status
HIT
content-type
application/javascript
cache-control
max-age=2592000
content-length
2696
ws-4.4.62.js
wfpscripts.webspectator.com/ 		81 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wfpscripts.webspectator.com/ws-4.4.62.js
Requested by
Host: webservices.webspectator.com
URL: https://webservices.webspectator.com/initcb?appId=2779&vId=30A0B7F38F84E171&dads=0&lts=0&nv=1&s=4898&res=1600x1200&c=1&l=en&r=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&sr=direct&ts=1686846913791&rs=0&h=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&npv=1&ltsss=0&ltsvs=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.252.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-1-252-251.compute-1.amazonaws.com
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
2e8fac6fa9527aaae83a3fc6200472418e1aa0cf42d9ed4422683e8e0192a861

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
content-encoding
gzip
last-modified
Wed, 06 Mar 2019 17:07:49 GMT
server
nginx/1.10.3 (Ubuntu)
etag
"4e7c8880fbc1b585c27bd698eb84469f"
x-cache-status
HIT
content-type
application/javascript
cache-control
max-age=2592000
content-length
23796
container.html
e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 395B 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075333
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.metropoles.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 15 Jun 2023 16:35:13 GMT
expires
Fri, 14 Jun 2024 16:35:13 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
container.html
e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B230 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075333
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.metropoles.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 15 Jun 2023 16:35:13 GMT
expires
Fri, 14 Jun 2024 16:35:13 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
container.html
e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame A085 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075333
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.metropoles.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 15 Jun 2023 16:35:13 GMT
expires
Fri, 14 Jun 2024 16:35:13 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
container.html
e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E8F6 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075333
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.metropoles.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 15 Jun 2023 16:35:13 GMT
expires
Fri, 14 Jun 2024 16:35:13 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
container.html
e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E2DB 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075333
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.metropoles.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 15 Jun 2023 16:35:13 GMT
expires
Fri, 14 Jun 2024 16:35:13 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
afr.php
ads.eu.criteo.com/delivery/r/ Frame C518 		166 KB
53 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
5808e787f09b3503e9a4a88f350bf131e298d2e25857b7f2326904db583e2d45
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://www.metropoles.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
1000
cache-control
private, max-age=0, no-cache
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
date
Thu, 15 Jun 2023 16:35:13 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
link
<pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p
CP='CUR ADM OUR NOR STA NID'
pragma
no-cache
report-to
{"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=dUALYiTjJvATA1JEPlEqrI0fCidTD50LogOGOPYKfqW9jNU5-_DzSd08Dor6Pk1_UbgQN5CsGdGN8qpCnNbzPg-0-mbcIrItqdRp2i9IuyUoMBK79Wgk9_fbi_Ty_SVNaAS8lIfZQ2Pmsn9SIgUMCDgX_p7IpY0Iui8VQNljg5QcKkDbx4j7QQfsreYCy-79wHo02UKLKZUp_34hrZFv41lsFhXfB8WPr5IgUM3HzL99Z0Vp9xVv6pGdDrhI3mJfUpQmYg"}], "max_age": 86400}
server
Kestrel
server-processing-duration-in-ticks
63569891
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame 9FFA 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.201.255.110 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-255-110.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://www.metropoles.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Thu, 15 Jun 2023 16:35:14 GMT
ETag
"403b9-119-5ec73a0a33d00"
Last-Modified
Wed, 02 Nov 2022 02:30:44 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
api.gif
tags.denakop.com/ 		0
209 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.denakop.com/api.gif?a=10057&d=desktop&b=Chrome&o=Windows&v=4.18.8&sw=1600&sh=1200&ac=a&p=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&t=1686846914006&cb=0.39213438212488394&aa=side&r=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:170e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
x-frame-options
DENY
content-type
image/gif
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
cf-ray
7d7c399ca96e37fb-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
expires
Sun, 01 Jan 2014 00:00:00 GMT
c0c57a1a-a3e7-4a15-ac2b-082e3ea47181
beacon-ams3.rubiconproject.com/beacon/d/ Frame 8D2A 		43 B
228 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon-ams3.rubiconproject.com/beacon/d/c0c57a1a-a3e7-4a15-ac2b-082e3ea47181?oo=0&accountId=23648&siteId=427988&zoneId=2448788&sizeId=55&e=6A1E40E384DA563BE2FB992A7E5C703890946C6C41EA6ADC44E14C2FE9E841DBC84D666D322B1D7C82041C1387EFEDCA9F0BE1F8337FD75D1DA7E4EE376ACCF914C5EC3C177C93FDD608CC76597A2B9385480D01CD81A0D22387705EDFE53F5D72DC65F0EE7BD8A5C2A65A20B94EE356049EE29C7CD00629E298B6C167B6699A737BE402DC7D2817D6E2E36FAC3898D4A3A2F21B102E167BAB74E6A7FE1E3887330DA9769E8A53FC8F410080ECA5FE108B6587CA012C6ED9BBFCB0375A11E6E4ED510C8BE497B34C07FCB18A8C324AD7A6C8308537FD3D86840537513E39649E0581CD636C2A8D84A1888FE29B60B3ED5C1BBE5AE76FA7AAFDF96945F136E6420D6D8A19566A6F72D00E363161C0674BC790441208EC9D9E7A476BE5CD9798AE68B553F214C28995424CE3E2211D4C46B3FB061234DFB3494D452B92A1BFB17887FF60ADBB7514BCF951E1E0F39512E4EC6D0EB321B7721663BFBE7325A3F97E73A0979AC1D132CC10EF91C610F05A648F45A5EB5FFCDE0861CAEB1B00F16E468303D5E8645857FC861F690506C5E1D2D51E5942125D117F7A60482061BB8F128BB4EFD0AB8E3D4FC732503E3ECEE5684793BD4F9CB9D8E9FDA9EC2C110A41BC8DFD5C1A05387769C7A474D9570A7F04BEF04EA6090698CD87B0BB9741B21FAE32A9D76A35962FF1AA51140074F5247E8DBEF03035826A2846E97868444954F4857D41B6B315452811B53CEF57A9697750B14DB4C830F1433C0F77FADF7761D6C94985A3E35D3AE97057965431D481A3E0C995A9E623324F6C07B143EE5131B6A146DA0E7116D5FAAF585EED5B7B2E5EAEE33B698A12759D3140A4A477A0507B7412488F93E023DE9F66F171FEA4EC1C2D924CB34A29CB85E9A5FF72D6936A754A85A61C60AF2952E522D8EFA55E3A1FB377ED8952DF1CB9CEB451469439DC5AABDF62BB29A1A8DD5FE8D56693642F536C3E5362319F30294F9690BA31D017F508BE3A57C51E939A061973D0E8E20D1B761E51B0CB62700583CF0E886F34BBF1C8E4A80ADC387F21B9FBE64E90B3D97E2882CB6ADA03789502F0A88C24FE7536500C0D50531815A80DCEC1D0ED62931B28FC0A4ED6543EC8DE3E240348E47B21D3BF4FC8EEF9815069A8906358651F33A92835837041E2A418F30CB366CEB4CF94AE8138ECDC72D532902E9CF10A481D611BE82D163FB011C65BBAD99EB724F3
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::57 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:13 GMT
x-content-type-options
nosniff
x-frame-options
DENY
content-type
image/avif
cache-control
private, max-age=0, no-cache
content-length
43
x-xss-protection
1; mode=block
expires
01 Jan 1970 10:00:00 GMT
api.gif
tags.denakop.com/ 		0
209 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.denakop.com/api.gif?a=10057&d=desktop&b=Chrome&o=Windows&v=4.18.8&sw=1600&sh=1200&ac=a&p=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&t=1686846914017&cb=0.9311750570457&aa=under&r=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:170e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
x-frame-options
DENY
content-type
image/gif
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
cf-ray
7d7c399ca96f37fb-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
expires
Sun, 01 Jan 2014 00:00:00 GMT
integrator.js
adservice.google.com/adsid/ 		107 B
166 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.metropoles.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075333
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
pixel
googleads.g.doubleclick.net/xbbe/ Frame 5A7A 		624 B
507 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CO_4sqYCELfrruECGLmExucBMAE&v=APEucNW2FhAMEoOmFP7smabVkVZ_VKYEqVXmBnbNx4UJ2hq_wErvLCV3qpp5VPmIO3iZC6uS_mg7Xo7DsBcZt0w97kNJu6TUBDifjYA50SdBQbzmVb35fb_PbveuiDdijW7Q10JXFMasFxB8S3l89AXvb522DIh6cAFZRWuhWx0cySDk4uE3Jx8
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
222
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 15 Jun 2023 16:35:14 GMT
expires
Thu, 15 Jun 2023 16:35:14 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame 395B 		78 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
28042
x-xss-protection
0
server
cafe
etag
3261498652431352696
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Thu, 15 Jun 2023 16:35:14 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 395B 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ACj_41VVvxZ_9-K_e7FLBXnFB7QMM7hjoKUPKLC3vmZX0h7BpmanLCSJWzi2MI4dK79l9Y7U8nQM7c0US8pgesYarJWp-Rl9nB8cqoJSDdrLW-rmY
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 395B 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=12261841391918151387&x=1&ct=76
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230613/r20110914/client/ Frame 395B 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230613/r20110914/client/window_focus_fy2021.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 15:45:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
3010
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 29 Jun 2023 15:45:04 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230613/r20110914/client/ Frame 395B 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230613/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 15:45:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
3010
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8120
x-xss-protection
0
server
cafe
etag
8171891181101138299
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 29 Jun 2023 15:45:04 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 395B 		178 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57029
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1686742752845198"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 15 Jun 2023 16:35:14 GMT
truncated
/ 		262 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0f266202b591aab2563e8ef52fcc7cf8d2358f48600ad7f52bc62462787dca01

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/svg+xml
ads
securepubads.g.doubleclick.net/gampad/ 		49 KB
18 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4053246792815207&correlator=493263349958599&eid=31075333%2C31075349%2C31075352&output=ldjh&gdfp_req=1&vrg=202306130101&ptt=17&impl=fifs&iu_parts=21715141650%3A123935210%2Cmetropoles.com%2Cdesktop_side%2Cdesktop_under&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F3&prev_iu_szs=120x600%7C120x450%2C970x90%7C728x90&ifi=11&adks=1371935244%2C3021073091&didk=1425917933~4251426212&sfv=1-0-40&prev_scp=dk_refresh%3Dtrue%26index%3D1%26hostname%3Dwww%2Cmetropoles%2Ccom%2Cwww.metropoles.com%26pathname%3D0%253Adistrito-federal%2C1%253Ana-mira%2C2%253Ahacker-ostentacao-deu-golpe-de-r-15-mi%2C%252Fdistrito-federal%252Fna-mira%252Fhacker-ostenta%26placement_name%3Dside%26keyword%3Ddistrito%2Cfederal%2Cmira%2Chacker%2Costentacao%2Cdeu%2Cgolpe%2Catacadista%2Ctorrou%2Cdinheiro%2Cdubai%26secom%3D1%26tier%3D1%26bl%3Dsecom%26amznbid%3D2%26amznp%3D2%26hb_format%3Dbanner%26hb_size%3D120x600%26hb_pb%3D0.01%26hb_adid%3D26026df82c0695e%26hb_bidder%3Drubicon%26requested%3Dtrue%7Cdk_refresh%3Dtrue%26index%3D1%26hostname%3Dwww%2Cmetropoles%2Ccom%2Cwww.metropoles.com%26pathname%3D0%253Adistrito-federal%2C1%253Ana-mira%2C2%253Ahacker-ostentacao-deu-golpe-de-r-15-mi%2C%252Fdistrito-federal%252Fna-mira%252Fhacker-ostenta%26placement_name%3Dunder%26keyword%3Ddistrito%2Cfederal%2Cmira%2Chacker%2Costentacao%2Cdeu%2Cgolpe%2Catacadista%2Ctorrou%2Cdinheiro%2Cdubai%26secom%3D1%26tier%3D1%26bl%3Dsecom%26amznbid%3D2%26amznp%3D2%26hb_format%3Dbanner%26hb_size%3D970x90%26hb_pb%3D0.00%26hb_adid%3D25399c5fdf2bd89%26hb_bidder%3Drubicon%26requested%3Dtrue&eri=1&cust_params=ttLS%3Dna%26ttS%3Dna%26ttT%3Dna%26ttC%3Dna%26ttU%3Dna%26ttCA%3Dna%26ttE%3Dna%26ttA%3Dna%26ttG%3Dna%26key-test%3Dinvestigados%252Cresponderao%252Cpor%252Cfurto%252Cqualificado%252Cpelo%252Cuso%252Crecursos%252Ccibernetico%252Calem%252Clavagem%252Cdinheiro%252Corganizacao%252Ccriminosa%252Cvideos%252Chacker%252Costentacao%252Cdeu%252Cgolpe%252Catacadista%252Ctorrou%252Cdubai%252Cmetropoles&sc=1&cookie=ID%3Ddd86525f3e549161%3AT%3D1686846912%3ART%3D1686846912%3AS%3DALNI_MZZbtAM5CE_o62-pXjdhh3k1cAdqA&gpic=UID%3D00000c484b572faf%3AT%3D1686846912%3ART%3D1686846912%3AS%3DALNI_MZK5nz7d6Y6ti8sHKERKAOP1P9wqA&abxe=1&dt=1686846914053&lmt=1686846914&dlt=1686846911016&idt=430&adxs=0%2C315&adys=0%2C1204&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C5&ucis=b%7Cc&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&ref=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&frm=20&vis=1&psz=1600x7828%7C1600x7828&msz=120x-1%7C970x-1&fws=512%2C512&ohw=0%2C0&ga_vid=221450224.1686846911&ga_sid=1686846913&ga_hid=963000094&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075333
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4465d5eb7a19e2f7783d58c88b4c2c6812ef8481bcb62bd010edfd70d32ecf83
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17920
x-xss-protection
0
google-lineitem-id
-1,-1
pragma
no-cache
server
cafe
google-creative-id
-1,-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.metropoles.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame 12F5 		624 B
506 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CO_4sqYCELfrruECGK2ExucBMAE&v=APEucNUxbgt38fHP7BQ13I1VsYSr8YC0a1qTPkp_ZPIR-2aK7sGeUATvdiZHOQ_zSEF0cxhItO6ijgdyNUYmk05sT5SnuouOpYB4iC-YFLm-RpsAwE31Mg3oIthyiiJ4ovTrYgnYcWzlhc_jJ7mR26FwAuI_8BZL7ss0wwEF1nB61IT0RwTCx2E
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
222
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 15 Jun 2023 16:35:14 GMT
expires
Thu, 15 Jun 2023 16:35:14 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame B230 		78 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
28042
x-xss-protection
0
server
cafe
etag
3261498652431352696
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Thu, 15 Jun 2023 16:35:14 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame B230 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AXPU55_sd7ewMsiubXgy5ub-HziLYcF2oJRTHl_4RwLysH9Klv-sSKgEPkU3qPFL1dYlt2l216VgrkQf3jJZvonS7gLxxl4GjY3ZaoAvqM_S9QxWk
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame B230 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=14372604510407956251&x=1&ct=76
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230613/r20110914/client/ Frame B230 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230613/r20110914/client/window_focus_fy2021.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 15:45:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
3010
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 29 Jun 2023 15:45:04 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230613/r20110914/client/ Frame B230 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230613/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 15:45:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
3010
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8120
x-xss-protection
0
server
cafe
etag
8171891181101138299
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 29 Jun 2023 15:45:04 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame B230 		178 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57029
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1686742752845198"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 15 Jun 2023 16:35:14 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame FE20 		624 B
507 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CO_4sqYCELfrruECGK2ExucBMAE&v=APEucNUl4ET4oqQnxIMUvxPD9tubicP8vokOomrJPD4d06e_750Fc12ctwTu1eUE4jSTYEwzzMXpUfN9MlhvLnT-oaYjHI_MBfnKqtb-jQh-sx2x3pJ6g4rw1-m5OB9cdcfV2nNKm-NGMuVmt66qc-rsNdgTDfP8B29z6d1v4lj3T3P8e5Gnn7w
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
222
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 15 Jun 2023 16:35:14 GMT
expires
Thu, 15 Jun 2023 16:35:14 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame A085 		78 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
28042
x-xss-protection
0
server
cafe
etag
3261498652431352696
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Thu, 15 Jun 2023 16:35:14 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame A085 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BkRqdpW8Yxy2WsVw8YlpFyngXQSRjrjuDroyVS4LbUC17XMsVxXcSmCi6kpLtXCz5yRk6VvI1OxwpGu8gCYvz_yrjstRk82lNXwAA-_kHHnzeBPLI
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame A085 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=6075511303309776927&x=1&ct=76
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230613/r20110914/client/ Frame A085 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230613/r20110914/client/window_focus_fy2021.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 15:45:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
3010
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 29 Jun 2023 15:45:04 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230613/r20110914/client/ Frame A085 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230613/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 15:45:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
3010
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8120
x-xss-protection
0
server
cafe
etag
8171891181101138299
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 29 Jun 2023 15:45:04 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame A085 		178 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57029
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1686742752845198"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 15 Jun 2023 16:35:14 GMT
adview
securepubads.g.doubleclick.net/pagead/ Frame E8F6 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=C0zUjwT2LZIC3EsGY1wbm_IXgC8me0rFc9ZHevrEBwI23ARABIABgleKQgqAHggEXY2EtcHViLTg0NDYxMzg5OTE4MjEwMjXIAQmpAvENXVuMMLI-4AIAqAMBqgTXAk_Qon2OsarbI1wGxbCH_kHvCNsWvUl8okzQKz9oj0ZTLtlZbAxh6c2qubhcO5UNFCEEp7lfzx0EQ0Z5jIaZt6mnszUpz5HIiYUWw6VWEbP3FlA-bI4jDpGKhxJ8bHMEJCcAhwCx2fAuAO0iHCpy5j7IPCh80MwtBZe36Yh1v-EC4HB3a8yGum3VeehY1IVzAScLMjSMUQKdAqZ3nN3a_anLby7DiQTp24eHgQXKI3ylmkVChQpDoBbTMp4ZXnmjlGGSF3ZjL2i4NfeMhVZ15OUfrP6_1A4-Ubr53YPPYG1giteyj9boiYSwqaKTDe0w73hGPCwJ5OuLV3Uy30lqaNFy8Cthd2VZBqU8gcZSDleUtshov9cBsj5O4lhrRpefe9XBhPxk9TklKwwKFM1yz_WI_yJfg5BHQpnpwyFK9GwWSxKqreJ7VRWGdNpA48JIYzBAXby5FIngBAGABpLA1aul1aqDNaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgECACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItODQ0NjEzODk5MTgyMTAyNRiqxx4&sigh=as7I1quTfuY&uach_m=[UACH]&cid=CAQSTABygQiDbbxzMUVnTGrMTZmSyBmuIzPqBKuQxShYlndOu8CSMgGeJ9rkryuKxm4A8Qm_uWESyKAb4fukkGpnybkUt-QhSVwzBIm0w0YYAQ
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers
notify
rtb.fr3.eu.criteo.com/google/auction/ Frame E8F6 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=k4ugFLr5RHgynYNiAgIAAAAAds520I9WTZwNWCYjQ2_mEME9i2RhrfP1QqlJFZywAAASAAAKCkFRVUREd0VCRHc&wp=ZIs9wQAEm4AK1cxBAAF-ZrVkpOfWratDRGYHTg
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:d::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
strict-transport-security
max-age=31536000; preload;
server-processing-duration-in-ticks
183853
server
Kestrel
content-length
0
afr.php
ads.eu.criteo.com/delivery/r/ Frame 6DD4 		95 KB
35 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.eu.criteo.com/delivery/r/afr.php?z=ZIs9wQAEm4AK1cxBAAF-ZrVkpOfWratDRGYHTg&u=%7CDlrcQWLrv9TXhrzKEF4YFDoYjksUWNkjab8%2BSSjv9O8%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYOn9dvnzewo0NswcNHMySYBexoFFu_CKHv257-HeW_pQ75m60X5ph5PIEPrEdLhKkiUpxoxSBvElcLibnflQu9PGzoiYqjzjGzC597P4bh_KebBqvV1wmagXwyGVn1nPo30FgP1loWgFWL3nwuQRvASPPkGblL1JLS3oi1dfdIXq6mREyTsrMmqyCgO6g8HK5MYEe6gY6lMBe-ROxoRNG8ix2anB9E5gsrmNVZ3oJEzK7B5lj9neHdQgcTTzKJnW2G0tVbdd1ofwAr_bVCrbe4ZRHDNVsS1swph6v06VONYBqwH4ljQasGl-ploE1l4bMOIz7IUVdljuQO3WzNm2SY7Ye-IRS8huTOEgJBntlRX4_tJ44NsWZKagOrHJVqZUaPoU1h_9s9s9wKUF0BalHhwig7T1nOrzdw7vf3Fjn41vrGHMpPfsvz6JhlGGqopTxS4j3PsENkbcmvfLQ2wTLvlBCH8W9fmOkWlQdfyJvwrUXryY_yAaQeEnn6rlrXZNXh5tAnhr1U3XgMsP5h93RQifyM-gh-1lj0VKykFIdzAlbTm96cyT8Pb67Uv5pbssc0qwhwPavopk-Zb_fBa08ux4KISdhdSFZU&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7ER_wT2LZIC3EsGY1wbm_IXgC8me0rFc9ZHevrEBwI23ARABIABgleKQgqAHggEXY2EtcHViLTg0NDYxMzg5OTE4MjEwMjXIAQmpAvENXVuMMLI-4AIAqAMBqgTaAk_Qon2OsarbI1wGxbCH_kHvCNsWvUl8okzQKz9oj0ZTLtlZbAxh6c2qubhcO5UNFCEEp7lfzx0EQ0Z5jIaZt6mnszUpz5HIiYUWw6VWEbP3FlA-bI4jDpGKhxJ8bHMEJCcAhwCx2fAuAO0iHCpy5j7IPCh80MwtBZe36Yh1v-EC4HB3a8yGum3VeehY1IVzAScLMjSMUQKdAqZ3nN3a_anLby7DiQTp24eHgQXKI3ylmkVChQpDoBbTMp4ZXnmjlGGSF3ZjL2i4NfeMhVZ15OUfrP6_1A4-Ubr53YPPYG1giteyj9boiYSwqaKTDe0w73hGPCwJ5OuLV3Uy30lqaNFy8Cthd2VZBqU8gcZSDleUtshov9cBsj5O4lhrRpefe9XBhPxk9TklKwwKFM1yz_WIvSB-ERfI3opWXzXpJFGwsxu-p1Rxew0EwBJ9RTD3fRxY2BY9Bzb3Y43gBAGABpLA1aul1aqDNaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3AiSNTErOoSuf9-GNU3lVIRdBM5w%26client%3Dca-pub-8446138991821025%26adurl%3D
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
62693d0ca47885e31fc70b6cd31dbf6119293ed34e69abfe73ea28eae52f06ee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
1000
cache-control
private, max-age=0, no-cache
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
date
Thu, 15 Jun 2023 16:35:13 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
link
<pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p
CP='CUR ADM OUR NOR STA NID'
pragma
no-cache
report-to
{"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=tMIKOyTjJvATA1JEZ3hhY8bWLqr4ysasKrBF1fmPcpUpUbm9L4VLvOIdy7sDMbroSrKhh6AUcKsmMVSv5Q6cwxdILMNiH5SCTvOxljUK9eoiz4TpG7cmyymrbdZkjlEoIb_T4tIU2qoQ6bHHCwyOJFf1yVWoymJwhzlqTDriPQL2S3JffRVpixCnBPvJvflFheU69WiHeiETNkm3b_l96he-qXweps0g_HZuSwyi_3F2juMK1_5jDj1umTN1ObE8AEVQ3w"}], "max_age": 86400}
server
Kestrel
server-processing-duration-in-ticks
28663308
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230613/r20110914/client/ Frame E8F6 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230613/r20110914/client/window_focus_fy2021.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 15:45:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
3010
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 29 Jun 2023 15:45:04 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230613/r20110914/client/ Frame E8F6 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230613/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 15:45:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
3010
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8120
x-xss-protection
0
server
cafe
etag
8171891181101138299
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 29 Jun 2023 15:45:04 GMT
ext.js
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame E8F6 		24 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 10:25:39 GMT
content-encoding
br
x-content-type-options
nosniff
age
108575
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6402
x-xss-protection
0
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Thu, 13 Jun 2024 10:25:39 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame E8F6 		178 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57029
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1686742752845198"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 15 Jun 2023 16:35:14 GMT
usync.js
eus.rubiconproject.com/ Frame 9FFA 		34 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.201.255.110 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-255-110.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
e688988e1a802a298ca327000a3266be6af64da0c6f6a48dd38dfd4bc30fa951

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Thu, 15 Jun 2023 16:35:14 GMT
Content-Encoding
gzip
Last-Modified
Wed, 14 Jun 2023 19:18:58 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=9766
Connection
keep-alive
Content-Length
10113
Expires
Thu, 15 Jun 2023 19:18:00 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame C17F 		624 B
828 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CO_4sqYCELfrruECGLGExucBMAE&v=APEucNXyBIMfC2UusOfWzhD7gbx0ePGtvSE1890wfsIpzgerjySHqZ5glnKgXCvPvYR6hCmyQCI2XRBnxBlT3zy_i_6laiTNMpIJ_gvy8OSqAp4r5fExCHOFVnr53KsGEg3qvGFxeydjoBccZYWacnvh_ixf017yNMGBeLTw8lV-_FTzquyD9ZM
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
222
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 15 Jun 2023 16:35:14 GMT
expires
Thu, 15 Jun 2023 16:35:14 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame E2DB 		78 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
28042
x-xss-protection
0
server
cafe
etag
3261498652431352696
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Thu, 15 Jun 2023 16:35:14 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame E2DB 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D8yjSh-nEe_FGZQrenCRjF9zkS4SSo9crT7WMmahEOoxozlvGNN6QWwxt1Q4wbkTcVELakptnQlItz_SCKDy70g_XSrsYwbX4WtNZo4m5NCqeJJV4
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame E2DB 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=8605657849199250215&x=1&ct=76
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230613/r20110914/client/ Frame E2DB 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230613/r20110914/client/window_focus_fy2021.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 15:45:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
3010
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 29 Jun 2023 15:45:04 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230613/r20110914/client/ Frame E2DB 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230613/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 15:45:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
3010
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8120
x-xss-protection
0
server
cafe
etag
8171891181101138299
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 29 Jun 2023 15:45:04 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame E2DB 		178 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57029
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1686742752845198"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 15 Jun 2023 16:35:14 GMT
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202306130101&jk=4053246792815207&bg=!7O-l77vNAAaGYqkwpmI7ADkAdvg8Wptf3ZUy9Yoov9RrwFk92MAQRsmrtqka-fAhBAQhAm_O1uA45I7I9n0IB0Lkb8PaGEAcx-wCAAAARlIAAAACaAEHmQLh7mEibRr8hKM2hJnKULT4Is2l_0ehaKMrTtFrDeZEM-XEW_6yAwrwHwkJrqVeqTcEbfJx35zfoNHOxCVV9TCmAMZx0VEdeaLb9aVpQ2YWTwpAXuhYheqiIHNrybI5Z3e9C69TshZpHJvIusoIf8h4UWdD21lhiFR-g1RcPt5mwkc7SSZE8pMxmRVXTwSP6A1d7jiFVbAUGuFS_agb6XNOpN4Fpo6Uj0fgFLCOVoCn_zEeIuhGepcH1_PTG4Pw06HTFdltxaAW9H2SrsXgJxhjJUlplFsTI4KKZ1-yeR0KH5nj_dmI4RA7yAKfAW7fccj08_tFDgmGrZJ9bsChmzqBDfUXZpkReHgdK21LmFThAjVQrHDLyHUvSCMwR2SzPSC_oicnwnFS1-oJRgiYXzf85U9RRz3vzTVdgcGSKxG3ww7JqQXORvjyaqsVv-mG8IgDWYh8ZNTa5hu1sOYA3Pp_KWF758LB_xeHPhAk3cJudduSO4Vl3qunP0LKp_Q2L0m6U-WV_KM5PvVU8iHUh2j8OnQSkE9olQDNLkcyu9nyWLjeXNgDTJVV76X0sxzk2_oZq-WLS8mr5sjPUcB1QCsYrrMBvByX-LTjAP1Yhv9McrnJOFG6QIwYBReSHArZmkyK5D4Hjww5xiEBkvbk56HyX4sF-sFaVosjawwiAFGOnVx3BwRniEy9JKhw1HmzZaQknkp6-9YyQe4SL4dB-jDNxLYEQuBIhRbzdl9hhjDfumx6T9Lc77UXjHRkNjspINEoICwokyFMcyFK1Vg1u1HxFuzp1Ls9apCQ19MHphVlHva5W4Xm3DD72ajfXscG7bVFoVhcgrmChnZGyjJFhEO1dDkSrQm8qMgFQDlhgW2tRjnTlt9wJx357lKKDN3MFq6jyqJn1qbhYu9Gc_Q3DgCDyMIMv3ueSexDAsIX_5Com9BAnqz_vUap-cjtqiDAKzTortjcwIJDtj-ESpN2paqeNtQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers
em-different-fonts.js
cdn.taboola.com/ui-ab-tests/em-different-fonts/ 		1 KB
853 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/ui-ab-tests/em-different-fonts/em-different-fonts.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e536fda1980cac11a47cfc3197cbfc1931ef79bb3988dbc75821e739003589f3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id
630Ok5GWAtRdgBcjfz0rFuXr9VZMgngj
content-encoding
gzip
via
1.1 varnish
date
Thu, 15 Jun 2023 16:35:14 GMT
x-amz-request-id
BR0P4PPY9CY5RT9P
age
2275
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
538
x-amz-id-2
cxgyJbMgag3OesVvWqrSg7J0hUdmijgmYixh1q+xYn8p+3CyEDi5FiPAkchGl07tIC/1+7tFlF0=
x-served-by
cache-fra-eddf8230082-FRA
last-modified
Wed, 14 Jun 2023 08:15:29 GMT
server
AmazonS3
x-tbl-debug
bestatus=200,beresp=OK
x-timer
S1686846914.109071,VS0,VE0
etag
"e97471ea41e872c8c811701da6621649"
vary
Accept-Encoding
content-type
application/x-javascript
abp
68
access-control-allow-origin
*
cache-control
private,max-age=14400
accept-ranges
bytes
x-cache-hits
2478
em-different-fonts.css
cdn.taboola.com/ui-ab-tests/em-different-fonts/ 		697 B
574 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/ui-ab-tests/em-different-fonts/em-different-fonts.css
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
05d755802bd0e8e1293d79e0734bdcc23298a9bdef2d1a09f1c5d01e509a9d94

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id
6F2yD6RWqWLh8sff_dN0Jx7tXDrJ5sfK
content-encoding
gzip
via
1.1 varnish
date
Thu, 15 Jun 2023 16:35:14 GMT
x-amz-request-id
BR0MHRDX7VV2E4F7
age
2275
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
198
x-amz-id-2
HiRh43o5g0Z0/CC/PT+JNkyPtLL3FGNMSDCo2BeuIW4SdpJs0eQCe9bqRRKjHq3nGg8PI/3QGCE=
x-served-by
cache-fra-eddf8230082-FRA
last-modified
Wed, 14 Jun 2023 08:15:26 GMT
server
AmazonS3
x-tbl-debug
bestatus=200,beresp=OK
x-timer
S1686846914.109114,VS0,VE0
etag
"d36371691d3345a5a5b4795a30c4bb1b"
vary
Accept-Encoding
content-type
text/css
abp
22
access-control-allow-origin
*
cache-control
private,max-age=14400
accept-ranges
bytes
x-cache-hits
2480
tb
15.taboola.com/ 		40 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://15.taboola.com/tb?oid=15&pubnm=metropolesdf&unitType=244&tbloc=&pageType=text&pstn=Below%20Article%20Thumbnails&uuip=Feed%20-%20Below%20Article%20Thumbnails&cisrf=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&cirf=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&encoded=1&uid=1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341&variant=-100|1233799999&callback=TRC.videoTagCallbacks.videoCallback1&cb=1686846914111&tagid=&cntry=DE&platform=1&sesid=c2f08179341cf5539d8ab5f001d97a1f&itemid=/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&viewid=1686846913146&geolat=&geoing=&deviceifa=&appid=&sd=v2_c2f08179341cf5539d8ab5f001d97a1f_1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341_1686846913_1686846913_CO75kxMQh6dLGPr0pP-LMSABKAEwODib4wlAiIoQSKW02QNQ____________AVgAYABosrWxmb6uzo3eAXAA&ri=505372bbb834a23d2d2266c8dd0e79f4&appname=&cdb=&gdprApplies=true&rid=&sii=2673322812514299382&oee=true&tpubid=1233799&uis=2&fagg=1&ccpaDns=false&ccpaPrivacy=1---&region=NW&hasGDPRConsent=true&tcfVersion=&cmpStatus=&tnetid=1461835&prcnt=&layer=&normp=1&gvv=10882
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
7083c38c44db5389f923fe8a036a2bbc0a403703bdf3e6339e1185e44e385afe

Request headers

Referer
https://www.metropoles.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain

Response headers

expires
Sat, 26 Jul 1997 05:00:00 GMT
date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
via
1.1 varnish
machineid
1442
x-cache
MISS
xvid-debug
mrmr - :
x-served-by
cache-fra-eddf8230082-FRA
pragma
no-cache
server
nginx
x-timer
S1686846914.160537,VS0,VE27
vary
Accept-Encoding
content-type
text/html;charset=ISO-8859-1
access-control-allow-origin
https://www.metropoles.com
cache-control
no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials
true
accept-ranges
bytes
link
<https://am-wf.taboola.com>; rel=preconnect
x-cache-hits
0
feed-card-placeholder.20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79.es6.js
cdn.taboola.com/libtrc/ 		0
0
userx.20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79.es6.js
cdn.taboola.com/libtrc/ 		0
0
distance-from-article.20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79.es6.js
cdn.taboola.com/libtrc/ 		0
0
article-detection.20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79.es6.js
cdn.taboola.com/libtrc/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/article-detection.20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79.es6.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/metropolesdf/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
be5b2286300130922d71e0778f8f84a3ec5bff9f8ed014af127fc250eae19b23

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id
OuCNHB9xUpFfP5sf3dl8qBouwGHsjvNT
content-encoding
gzip
via
1.1 varnish
date
Thu, 15 Jun 2023 16:35:38 GMT
x-amz-request-id
RYQZKPMDNF342MAJ
age
18726
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
FAILED
fastly-restarts
1
x-amz-id-2
Dcw1gbOR6uaOR6eSWbcpUJ/gPG7fXSi0yH8nlDeFtlRm7LUtpDiLHm/qzBxxwmXeeGUaNh1XLDE=
x-served-by
cache-fra-eddf8230082-FRA
content-length
1296
last-modified
Thu, 15 Jun 2023 11:01:56 GMT
server
AmazonS3
x-tbl-debug
bestatus=200,beresp=OK
x-timer
S1686846914.127011,VS0,VE24859
etag
"ab24c73ff961f93d0ef3a161be7738c1"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
abp
71
access-control-allow-origin
*
cache-control
private,max-age=14400
accept-ranges
bytes
x-cache-hits
683
explore-more.20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79.es6.js
cdn.taboola.com/libtrc/ 		28 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/explore-more.20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79.es6.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/metropolesdf/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5ddc621fc476a38c38f7513e1c47a273f3b2f2b966f4abe1c5f406874bff34f5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id
hALxKNuay_is9fTpVGIeZOg4LxzWpkgu
content-encoding
gzip
via
1.1 varnish
date
Thu, 15 Jun 2023 16:35:14 GMT
x-amz-request-id
K1C1BJCP9JDYGGNT
age
15956
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
FAILED
fastly-restarts
1
x-amz-id-2
tTue6gJne4TW0Ns0abrW9UWcx5m1+d4ia4K6uw3tY+c5tRvHyOgZsm9JmGHPtjXAKQ4bcwvGZq8=
x-served-by
cache-fra-eddf8230082-FRA
content-length
8257
last-modified
Thu, 15 Jun 2023 11:02:06 GMT
server
AmazonS3
x-tbl-debug
bestatus=200,beresp=OK
x-timer
S1686846914.130828,VS0,VE102
etag
"d37c80b439cec7bc6e13e195f8d0e78e"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
abp
6
access-control-allow-origin
*
cache-control
private,max-age=14400
accept-ranges
bytes
x-cache-hits
292
abtests
am-trc-events.taboola.com/metropolesdf/log/3/ 		0
232 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://am-trc-events.taboola.com/metropolesdf/log/3/abtests?route=AM:AM:V&tvi2=-2&lti=em-in-body-26_var&ri=6495f03e592c05a9a431f5fb29a6c694&sd=v2_c2f08179341cf5539d8ab5f001d97a1f_1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341_1686846913_1686846913_CO75kxMQh6dLGPr0pP-LMSABKAEwODib4wlAiIoQSKW02QNQ____________AVgAYABosrWxmb6uzo3eAXAA&ui=1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341&pi=/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&wi=2673322812514299382&pt=text&vi=1686846913146&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22block_clicks_init%22%2C%22type%22%3A%22block-clicks-manager%22%2C%22eventTime%22%3A1686846914118%7D&tim=16%3A35%3A14.119&id=3047&llvl=2&cv=20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79&
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
/
loadus.exelator.com/load/ 		0
324 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://loadus.exelator.com/load/?p=1252&g=8&cpid=24834454&publisher=metropolesdf&ad_id=3687147735&j=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.143.3 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-143-3.eu-west-1.compute.amazonaws.com
Software
nginx / Undertow/1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
supply-feature
am-trc-events.taboola.com/metropolesdf/log/3/ 		0
231 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://am-trc-events.taboola.com/metropolesdf/log/3/supply-feature?route=AM:AM:V&tvi2=-2&lti=em-in-body-26_var&ri=6495f03e592c05a9a431f5fb29a6c694&sd=v2_c2f08179341cf5539d8ab5f001d97a1f_1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341_1686846913_1686846913_CO75kxMQh6dLGPr0pP-LMSABKAEwODib4wlAiIoQSKW02QNQ____________AVgAYABosrWxmb6uzo3eAXAA&ui=1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341&pi=/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&wi=2673322812514299382&pt=text&vi=1686846913146&d=%7B%22event_type%22%3A%22EXPLORE_MORE%22%2C%22event_state%22%3A%22ADOPTED%22%2C%22event_value%22%3A%22%22%2C%22event_msg%22%3A%22%22%2C%22event_key%22%3A%22%22%7D&tim=16%3A35%3A14.127&id=5007&llvl=2&cv=20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79&
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
/
loadus.exelator.com/load/ 		0
324 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://loadus.exelator.com/load/?p=1252&g=8&cpid=24834454&publisher=metropolesdf&ad_id=3687147732&j=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.143.3 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-143-3.eu-west-1.compute.amazonaws.com
Software
nginx / Undertow/1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
f89e1763-220d-4e09-ba69-9e040548fb7a.svg
cdn.taboola.com/static/f8/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.taboola.com/static/f8/f89e1763-220d-4e09-ba69-9e040548fb7a.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
39b076e4bb4fab9b8a142499cf6155f8c128464974691a04de7e764f71b72618

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id
cMrDKn.emLmm9kiiOOF64ulDT4DRy6LK
content-encoding
gzip
via
1.1 varnish
date
Thu, 15 Jun 2023 16:35:14 GMT
x-amz-request-id
1BAYCASKNKXWVNGQ
age
86
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
1758
x-amz-id-2
LNZn1mcaPPNRi5kmtgUdAq8Cb+QP8A93lQJzI7jgBcERThsHBA6nTw7SvXtQmAWwc/fF6PeGeiY=
x-served-by
cache-fra-eddf8230082-FRA
last-modified
Wed, 07 Feb 2018 11:15:52 GMT
server
AmazonS3
x-timer
S1686846914.164975,VS0,VE0
etag
"b8b410e4b18d45aa2f3d9bc09cd335fb"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
abp
21
cache-control
private,max-age=31536000
accept-ranges
bytes
access-control-allow-headers
*
x-cache-hits
151
social
am-trc-events.taboola.com/metropolesdf/log/3/ 		0
231 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://am-trc-events.taboola.com/metropolesdf/log/3/social?route=AM:AM:V&tvi2=-2&lti=em-in-body-26_var&ri=6495f03e592c05a9a431f5fb29a6c694&sd=v2_c2f08179341cf5539d8ab5f001d97a1f_1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341_1686846913_1686846913_CO75kxMQh6dLGPr0pP-LMSABKAEwODib4wlAiIoQSKW02QNQ____________AVgAYABosrWxmb6uzo3eAXAA&ui=1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341&pi=/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&wi=2673322812514299382&pt=text&vi=1686846913146&st=social-available&d=%7B%22data%22%3A%5B%7B%22i%22%3A%22ctx%22%2C%22ism%22%3Afalse%2C%22srx%22%3A1600%2C%22sry%22%3A1200%2C%22pd%22%3Anull%2C%22tpl%22%3A%22%22%2C%22url%22%3A%22https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai%22%2C%22rref%22%3A%22https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F%22%2C%22sref%22%3A%22_sessionPending_%22%2C%22hdl%22%3A%22V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai%22%2C%22sec%22%3A%22distrito-federal%22%2C%22aut%22%3A%5B%5D%2C%22img%22%3A%22https%3A%2F%2Fuploads.metropoles.com%2Fwp-content%2Fuploads%2F2023%2F06%2F13093242%2Foperacao-pcdf-atacadista-desvio-1.jpeg%22%2C%22v%22%3A15%2C%22pw%22%3Afalse%7D%5D%7D&tim=16%3A35%3A14.171&id=8885&llvl=2&cv=20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79&
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
json
trc.taboola.com/metropolesdf/trc/3/ 		14 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://trc.taboola.com/metropolesdf/trc/3/json?tim=16%3A35%3A14.175&route=AM:AM:V&tvi2=-2&lti=em-in-body-26_var&data=%7B%22id%22%3A358%2C%22ii%22%3A%22%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai%22%2C%22it%22%3A%22text%22%2C%22sd%22%3A%22v2_c2f08179341cf5539d8ab5f001d97a1f_1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341_1686846913_1686846913_CO75kxMQh6dLGPr0pP-LMSABKAEwODib4wlAiIoQSKW02QNQ____________AVgAYABosrWxmb6uzo3eAXAA%22%2C%22ui%22%3A%221c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341%22%2C%22uifp%22%3A%221c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341%22%2C%22lbt%22%3A1686823648926%2C%22vi%22%3A1686846913146%2C%22cv%22%3A%2220230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai%22%2C%22bv%22%3A%220%22%2C%22wc%22%3Atrue%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22uad%22%3A%7B%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%7D%2C%22pev%22%3A11920%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22plf%22%3A%7B%22stop_tslt%22%3Atrue%2C%22ack_exm%22%3Atrue%7D%2C%22bu%22%3A%22https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai%22%2C%22vpi%22%3A%22%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai%22%2C%22e%22%3A%22https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1600%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A1200%2C%22dw%22%3A1600%2C%22dh%22%3A7828%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A4%2C%22uim%22%3A%22thumbnails-d-1x1-stream%3Aabp%3D0%22%2C%22uip%22%3A%22Right%20Rail%22%2C%22orig_uip%22%3A%22Right%20Rail%22%2C%22cd%22%3A1741.109375%2C%22mw%22%3A301.984375%2C%22fi%22%3A3%2C%22fb%22%3A1%2C%22fti%22%3A%22delta-override%3A10661075%3APUBLISHED%22%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai%2C14-Widget%201%20photo%20galley%3Dthumbnails-mid-gallery%3Aabp%3D0%2C%2CBelow%20Article%20Thumbnails%3Dthumbnails-a-3x1%3Aabp%3D0%2C%2CMid%20Article%3Dthumbnails-c-3x1%3Aabp%3D0%2C%2CRight%20Rail%3Dthumbnails-d-1x1-stream%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_2%22%2C%22lt%22%3A%22em-in-body-26_var%22%7D&llvl=2
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3eb80c7c9375b138b93c794de0f05dd27e383c737b08a1a25401b0e6aab9af04

Request headers

Referer
https://www.metropoles.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain

Response headers

x-vcl-time-ms
390
date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
via
1.1 varnish
x-fastly-to-nlb-rtt
7955
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
x-service-version
v2
x-served-by
cache-fra-eddf8230082-FRA
server
nginx
x-timer
S1686846914.177345,VS0,VE390
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
https://www.metropoles.com
access-control-allow-credentials
true
accept-ranges
bytes
x-cache-hits
0
privacy_small.svg
static.criteo.net/flash/icon/ Frame 6DD4 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/privacy_small.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZIs9wQAEm4AK1cxBAAF-ZrVkpOfWratDRGYHTg&u=%7CDlrcQWLrv9TXhrzKEF4YFDoYjksUWNkjab8%2BSSjv9O8%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYOn9dvnzewo0NswcNHMySYBexoFFu_CKHv257-HeW_pQ75m60X5ph5PIEPrEdLhKkiUpxoxSBvElcLibnflQu9PGzoiYqjzjGzC597P4bh_KebBqvV1wmagXwyGVn1nPo30FgP1loWgFWL3nwuQRvASPPkGblL1JLS3oi1dfdIXq6mREyTsrMmqyCgO6g8HK5MYEe6gY6lMBe-ROxoRNG8ix2anB9E5gsrmNVZ3oJEzK7B5lj9neHdQgcTTzKJnW2G0tVbdd1ofwAr_bVCrbe4ZRHDNVsS1swph6v06VONYBqwH4ljQasGl-ploE1l4bMOIz7IUVdljuQO3WzNm2SY7Ye-IRS8huTOEgJBntlRX4_tJ44NsWZKagOrHJVqZUaPoU1h_9s9s9wKUF0BalHhwig7T1nOrzdw7vf3Fjn41vrGHMpPfsvz6JhlGGqopTxS4j3PsENkbcmvfLQ2wTLvlBCH8W9fmOkWlQdfyJvwrUXryY_yAaQeEnn6rlrXZNXh5tAnhr1U3XgMsP5h93RQifyM-gh-1lj0VKykFIdzAlbTm96cyT8Pb67Uv5pbssc0qwhwPavopk-Zb_fBa08ux4KISdhdSFZU&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7ER_wT2LZIC3EsGY1wbm_IXgC8me0rFc9ZHevrEBwI23ARABIABgleKQgqAHggEXY2EtcHViLTg0NDYxMzg5OTE4MjEwMjXIAQmpAvENXVuMMLI-4AIAqAMBqgTaAk_Qon2OsarbI1wGxbCH_kHvCNsWvUl8okzQKz9oj0ZTLtlZbAxh6c2qubhcO5UNFCEEp7lfzx0EQ0Z5jIaZt6mnszUpz5HIiYUWw6VWEbP3FlA-bI4jDpGKhxJ8bHMEJCcAhwCx2fAuAO0iHCpy5j7IPCh80MwtBZe36Yh1v-EC4HB3a8yGum3VeehY1IVzAScLMjSMUQKdAqZ3nN3a_anLby7DiQTp24eHgQXKI3ylmkVChQpDoBbTMp4ZXnmjlGGSF3ZjL2i4NfeMhVZ15OUfrP6_1A4-Ubr53YPPYG1giteyj9boiYSwqaKTDe0w73hGPCwJ5OuLV3Uy30lqaNFy8Cthd2VZBqU8gcZSDleUtshov9cBsj5O4lhrRpefe9XBhPxk9TklKwwKFM1yz_WIvSB-ERfI3opWXzXpJFGwsxu-p1Rxew0EwBJ9RTD3fRxY2BY9Bzb3Y43gBAGABpLA1aul1aqDNaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3AiSNTErOoSuf9-GNU3lVIRdBM5w%26client%3Dca-pub-8446138991821025%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Tue, 11 Feb 2020 14:30:28 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42ba84-6aa"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 09 Jun 2024 16:35:14 GMT
adchoices_de.svg
static.criteo.net/flash/icon/ Frame 6DD4 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/adchoices_de.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZIs9wQAEm4AK1cxBAAF-ZrVkpOfWratDRGYHTg&u=%7CDlrcQWLrv9TXhrzKEF4YFDoYjksUWNkjab8%2BSSjv9O8%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYOn9dvnzewo0NswcNHMySYBexoFFu_CKHv257-HeW_pQ75m60X5ph5PIEPrEdLhKkiUpxoxSBvElcLibnflQu9PGzoiYqjzjGzC597P4bh_KebBqvV1wmagXwyGVn1nPo30FgP1loWgFWL3nwuQRvASPPkGblL1JLS3oi1dfdIXq6mREyTsrMmqyCgO6g8HK5MYEe6gY6lMBe-ROxoRNG8ix2anB9E5gsrmNVZ3oJEzK7B5lj9neHdQgcTTzKJnW2G0tVbdd1ofwAr_bVCrbe4ZRHDNVsS1swph6v06VONYBqwH4ljQasGl-ploE1l4bMOIz7IUVdljuQO3WzNm2SY7Ye-IRS8huTOEgJBntlRX4_tJ44NsWZKagOrHJVqZUaPoU1h_9s9s9wKUF0BalHhwig7T1nOrzdw7vf3Fjn41vrGHMpPfsvz6JhlGGqopTxS4j3PsENkbcmvfLQ2wTLvlBCH8W9fmOkWlQdfyJvwrUXryY_yAaQeEnn6rlrXZNXh5tAnhr1U3XgMsP5h93RQifyM-gh-1lj0VKykFIdzAlbTm96cyT8Pb67Uv5pbssc0qwhwPavopk-Zb_fBa08ux4KISdhdSFZU&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7ER_wT2LZIC3EsGY1wbm_IXgC8me0rFc9ZHevrEBwI23ARABIABgleKQgqAHggEXY2EtcHViLTg0NDYxMzg5OTE4MjEwMjXIAQmpAvENXVuMMLI-4AIAqAMBqgTaAk_Qon2OsarbI1wGxbCH_kHvCNsWvUl8okzQKz9oj0ZTLtlZbAxh6c2qubhcO5UNFCEEp7lfzx0EQ0Z5jIaZt6mnszUpz5HIiYUWw6VWEbP3FlA-bI4jDpGKhxJ8bHMEJCcAhwCx2fAuAO0iHCpy5j7IPCh80MwtBZe36Yh1v-EC4HB3a8yGum3VeehY1IVzAScLMjSMUQKdAqZ3nN3a_anLby7DiQTp24eHgQXKI3ylmkVChQpDoBbTMp4ZXnmjlGGSF3ZjL2i4NfeMhVZ15OUfrP6_1A4-Ubr53YPPYG1giteyj9boiYSwqaKTDe0w73hGPCwJ5OuLV3Uy30lqaNFy8Cthd2VZBqU8gcZSDleUtshov9cBsj5O4lhrRpefe9XBhPxk9TklKwwKFM1yz_WIvSB-ERfI3opWXzXpJFGwsxu-p1Rxew0EwBJ9RTD3fRxY2BY9Bzb3Y43gBAGABpLA1aul1aqDNaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3AiSNTErOoSuf9-GNU3lVIRdBM5w%26client%3Dca-pub-8446138991821025%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Tue, 11 Feb 2020 14:27:58 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42b9ee-763"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 09 Jun 2024 16:35:14 GMT
close_button.svg
static.criteo.net/flash/icon/ Frame 6DD4 		308 B
636 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/close_button.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZIs9wQAEm4AK1cxBAAF-ZrVkpOfWratDRGYHTg&u=%7CDlrcQWLrv9TXhrzKEF4YFDoYjksUWNkjab8%2BSSjv9O8%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYOn9dvnzewo0NswcNHMySYBexoFFu_CKHv257-HeW_pQ75m60X5ph5PIEPrEdLhKkiUpxoxSBvElcLibnflQu9PGzoiYqjzjGzC597P4bh_KebBqvV1wmagXwyGVn1nPo30FgP1loWgFWL3nwuQRvASPPkGblL1JLS3oi1dfdIXq6mREyTsrMmqyCgO6g8HK5MYEe6gY6lMBe-ROxoRNG8ix2anB9E5gsrmNVZ3oJEzK7B5lj9neHdQgcTTzKJnW2G0tVbdd1ofwAr_bVCrbe4ZRHDNVsS1swph6v06VONYBqwH4ljQasGl-ploE1l4bMOIz7IUVdljuQO3WzNm2SY7Ye-IRS8huTOEgJBntlRX4_tJ44NsWZKagOrHJVqZUaPoU1h_9s9s9wKUF0BalHhwig7T1nOrzdw7vf3Fjn41vrGHMpPfsvz6JhlGGqopTxS4j3PsENkbcmvfLQ2wTLvlBCH8W9fmOkWlQdfyJvwrUXryY_yAaQeEnn6rlrXZNXh5tAnhr1U3XgMsP5h93RQifyM-gh-1lj0VKykFIdzAlbTm96cyT8Pb67Uv5pbssc0qwhwPavopk-Zb_fBa08ux4KISdhdSFZU&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7ER_wT2LZIC3EsGY1wbm_IXgC8me0rFc9ZHevrEBwI23ARABIABgleKQgqAHggEXY2EtcHViLTg0NDYxMzg5OTE4MjEwMjXIAQmpAvENXVuMMLI-4AIAqAMBqgTaAk_Qon2OsarbI1wGxbCH_kHvCNsWvUl8okzQKz9oj0ZTLtlZbAxh6c2qubhcO5UNFCEEp7lfzx0EQ0Z5jIaZt6mnszUpz5HIiYUWw6VWEbP3FlA-bI4jDpGKhxJ8bHMEJCcAhwCx2fAuAO0iHCpy5j7IPCh80MwtBZe36Yh1v-EC4HB3a8yGum3VeehY1IVzAScLMjSMUQKdAqZ3nN3a_anLby7DiQTp24eHgQXKI3ylmkVChQpDoBbTMp4ZXnmjlGGSF3ZjL2i4NfeMhVZ15OUfrP6_1A4-Ubr53YPPYG1giteyj9boiYSwqaKTDe0w73hGPCwJ5OuLV3Uy30lqaNFy8Cthd2VZBqU8gcZSDleUtshov9cBsj5O4lhrRpefe9XBhPxk9TklKwwKFM1yz_WIvSB-ERfI3opWXzXpJFGwsxu-p1Rxew0EwBJ9RTD3fRxY2BY9Bzb3Y43gBAGABpLA1aul1aqDNaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3AiSNTErOoSuf9-GNU3lVIRdBM5w%26client%3Dca-pub-8446138991821025%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Fri, 14 Feb 2020 13:51:32 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"5e46a5e4-134"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
308
expires
Sun, 09 Jun 2024 16:35:14 GMT
back_button2.svg
static.criteo.net/flash/icon/ Frame 6DD4 		293 B
621 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/back_button2.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZIs9wQAEm4AK1cxBAAF-ZrVkpOfWratDRGYHTg&u=%7CDlrcQWLrv9TXhrzKEF4YFDoYjksUWNkjab8%2BSSjv9O8%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYOn9dvnzewo0NswcNHMySYBexoFFu_CKHv257-HeW_pQ75m60X5ph5PIEPrEdLhKkiUpxoxSBvElcLibnflQu9PGzoiYqjzjGzC597P4bh_KebBqvV1wmagXwyGVn1nPo30FgP1loWgFWL3nwuQRvASPPkGblL1JLS3oi1dfdIXq6mREyTsrMmqyCgO6g8HK5MYEe6gY6lMBe-ROxoRNG8ix2anB9E5gsrmNVZ3oJEzK7B5lj9neHdQgcTTzKJnW2G0tVbdd1ofwAr_bVCrbe4ZRHDNVsS1swph6v06VONYBqwH4ljQasGl-ploE1l4bMOIz7IUVdljuQO3WzNm2SY7Ye-IRS8huTOEgJBntlRX4_tJ44NsWZKagOrHJVqZUaPoU1h_9s9s9wKUF0BalHhwig7T1nOrzdw7vf3Fjn41vrGHMpPfsvz6JhlGGqopTxS4j3PsENkbcmvfLQ2wTLvlBCH8W9fmOkWlQdfyJvwrUXryY_yAaQeEnn6rlrXZNXh5tAnhr1U3XgMsP5h93RQifyM-gh-1lj0VKykFIdzAlbTm96cyT8Pb67Uv5pbssc0qwhwPavopk-Zb_fBa08ux4KISdhdSFZU&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7ER_wT2LZIC3EsGY1wbm_IXgC8me0rFc9ZHevrEBwI23ARABIABgleKQgqAHggEXY2EtcHViLTg0NDYxMzg5OTE4MjEwMjXIAQmpAvENXVuMMLI-4AIAqAMBqgTaAk_Qon2OsarbI1wGxbCH_kHvCNsWvUl8okzQKz9oj0ZTLtlZbAxh6c2qubhcO5UNFCEEp7lfzx0EQ0Z5jIaZt6mnszUpz5HIiYUWw6VWEbP3FlA-bI4jDpGKhxJ8bHMEJCcAhwCx2fAuAO0iHCpy5j7IPCh80MwtBZe36Yh1v-EC4HB3a8yGum3VeehY1IVzAScLMjSMUQKdAqZ3nN3a_anLby7DiQTp24eHgQXKI3ylmkVChQpDoBbTMp4ZXnmjlGGSF3ZjL2i4NfeMhVZ15OUfrP6_1A4-Ubr53YPPYG1giteyj9boiYSwqaKTDe0w73hGPCwJ5OuLV3Uy30lqaNFy8Cthd2VZBqU8gcZSDleUtshov9cBsj5O4lhrRpefe9XBhPxk9TklKwwKFM1yz_WIvSB-ERfI3opWXzXpJFGwsxu-p1Rxew0EwBJ9RTD3fRxY2BY9Bzb3Y43gBAGABpLA1aul1aqDNaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3AiSNTErOoSuf9-GNU3lVIRdBM5w%26client%3Dca-pub-8446138991821025%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Thu, 28 Apr 2022 09:09:48 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"626a59dc-125"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
293
expires
Sun, 09 Jun 2024 16:35:14 GMT
lg.php
cat.fr3.eu.criteo.com/delivery/ Frame 6DD4 		43 B
347 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=H8xmgRq0F1yP8B3zhHvzMXX-QpLhLwFTCiFXJ7fLphBviPWYTdeRCGcjKV-jY1TMU53hNekH7HCk1E61zP0vOfjh2Fx-w9YPp99RlugZ4Eqq-2dygzZkFEZwhjKoHHaGao1ADd7b8O93RS_O3jeOnKb6TARadjECjk6J-mzEine5_CfmPv3f1H_nIqMxawzYSOIKq0ClSG6LVL7QJNR_KEuzupJn2oUw6dMmCZFnxO9xRt9SzmWoto6F2iD1QKJ9e8UfWVuNEfax_q2W34qJozpP5o3MYFdm0_ctYePMbG-fFiPNFNOiV_ba6RNaLNhnI6JEkffAGbvfmRAS0aHv7MuP00TYbL93eLylGyGEdYNP7_pZH6I2GUeWjfMN38ClP2ngITaW47rlbtG1pVVCAo6YDonAHj3ie42sLB9v8ErxTjW_
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZIs9wQAEm4AK1cxBAAF-ZrVkpOfWratDRGYHTg&u=%7CDlrcQWLrv9TXhrzKEF4YFDoYjksUWNkjab8%2BSSjv9O8%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYOn9dvnzewo0NswcNHMySYBexoFFu_CKHv257-HeW_pQ75m60X5ph5PIEPrEdLhKkiUpxoxSBvElcLibnflQu9PGzoiYqjzjGzC597P4bh_KebBqvV1wmagXwyGVn1nPo30FgP1loWgFWL3nwuQRvASPPkGblL1JLS3oi1dfdIXq6mREyTsrMmqyCgO6g8HK5MYEe6gY6lMBe-ROxoRNG8ix2anB9E5gsrmNVZ3oJEzK7B5lj9neHdQgcTTzKJnW2G0tVbdd1ofwAr_bVCrbe4ZRHDNVsS1swph6v06VONYBqwH4ljQasGl-ploE1l4bMOIz7IUVdljuQO3WzNm2SY7Ye-IRS8huTOEgJBntlRX4_tJ44NsWZKagOrHJVqZUaPoU1h_9s9s9wKUF0BalHhwig7T1nOrzdw7vf3Fjn41vrGHMpPfsvz6JhlGGqopTxS4j3PsENkbcmvfLQ2wTLvlBCH8W9fmOkWlQdfyJvwrUXryY_yAaQeEnn6rlrXZNXh5tAnhr1U3XgMsP5h93RQifyM-gh-1lj0VKykFIdzAlbTm96cyT8Pb67Uv5pbssc0qwhwPavopk-Zb_fBa08ux4KISdhdSFZU&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7ER_wT2LZIC3EsGY1wbm_IXgC8me0rFc9ZHevrEBwI23ARABIABgleKQgqAHggEXY2EtcHViLTg0NDYxMzg5OTE4MjEwMjXIAQmpAvENXVuMMLI-4AIAqAMBqgTaAk_Qon2OsarbI1wGxbCH_kHvCNsWvUl8okzQKz9oj0ZTLtlZbAxh6c2qubhcO5UNFCEEp7lfzx0EQ0Z5jIaZt6mnszUpz5HIiYUWw6VWEbP3FlA-bI4jDpGKhxJ8bHMEJCcAhwCx2fAuAO0iHCpy5j7IPCh80MwtBZe36Yh1v-EC4HB3a8yGum3VeehY1IVzAScLMjSMUQKdAqZ3nN3a_anLby7DiQTp24eHgQXKI3ylmkVChQpDoBbTMp4ZXnmjlGGSF3ZjL2i4NfeMhVZ15OUfrP6_1A4-Ubr53YPPYG1giteyj9boiYSwqaKTDe0w73hGPCwJ5OuLV3Uy30lqaNFy8Cthd2VZBqU8gcZSDleUtshov9cBsj5O4lhrRpefe9XBhPxk9TklKwwKFM1yz_WIvSB-ERfI3opWXzXpJFGwsxu-p1Rxew0EwBJ9RTD3fRxY2BY9Bzb3Y43gBAGABpLA1aul1aqDNaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3AiSNTErOoSuf9-GNU3lVIRdBM5w%26client%3Dca-pub-8446138991821025%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:13 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type
image/gif
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
2053583
expires
Mon, 26 Jul 1997 05:00:00 GMT
abtests
am-trc-events.taboola.com/metropolesdf/log/3/ 		0
231 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://am-trc-events.taboola.com/metropolesdf/log/3/abtests?route=AM:AM:V&tvi2=-2&lti=em-in-body-26_var&ri=6495f03e592c05a9a431f5fb29a6c694&sd=v2_c2f08179341cf5539d8ab5f001d97a1f_1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341_1686846913_1686846913_CO75kxMQh6dLGPr0pP-LMSABKAEwODib4wlAiIoQSKW02QNQ____________AVgAYABosrWxmb6uzo3eAXAA&ui=1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341&pi=/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&wi=2673322812514299382&pt=text&vi=1686846913146&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22recommendation-reel%22%2C%22type%22%3A%22available%22%2C%22eventTime%22%3A1686846914184%7D&tim=16%3A35%3A14.184&id=502&llvl=2&cv=20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79&
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
privacy_small.svg
static.criteo.net/flash/icon/ Frame C518 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/privacy_small.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Tue, 11 Feb 2020 14:30:28 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42ba84-6aa"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 09 Jun 2024 16:35:14 GMT
adchoices_de.svg
static.criteo.net/flash/icon/ Frame C518 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/adchoices_de.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Tue, 11 Feb 2020 14:27:58 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e42b9ee-763"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 09 Jun 2024 16:35:14 GMT
close_button.svg
static.criteo.net/flash/icon/ Frame C518 		308 B
636 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/close_button.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Fri, 14 Feb 2020 13:51:32 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"5e46a5e4-134"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
308
expires
Sun, 09 Jun 2024 16:35:14 GMT
back_button2.svg
static.criteo.net/flash/icon/ Frame C518 		293 B
621 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/back_button2.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Thu, 28 Apr 2022 09:09:48 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"626a59dc-125"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
293
expires
Sun, 09 Jun 2024 16:35:14 GMT
lg.php
cat.fr3.eu.criteo.com/delivery/ Frame C518 		43 B
348 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=4XwpUNsuFMaK9ONBGwku8ubMU5vSEfF-_lhNr_yKTBKVwqxTZtChjjy7dryKNKV2HbexcREK7BFsspEiF3lhrHcvz6RGBTiilSjjvyiLdytz7-E_AQSVeIH7_1P9M7WQV3lUy2RH-bRSZrVj7XecvTlBnY6otygET-ewI6MHGUwlRcrLd2t9b8M7WA-Rle_rnc6Ivg1UF7Um5I0FIO8zVtwdoD3albcum01DsXMjIyHXy3G4TRYuYnkod02ES7hRI4831h68vMcHKlBJdkJkVzUszaLIwtlFT5fnAroopOtJzNB6bakO8Sg49SeHOjGAoc94Krvq_qI0lhj1BvlNYFdWcv1dsc5duIPyhKKzSzjBbEu1wNmjkeRnOpw5C0DM4PrxcSQV6Z0GG2_3cTpanBei-dJb3_1h86M4hdBMDmq1Tpoh
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:13 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type
image/gif
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
1968684
expires
Mon, 26 Jul 1997 05:00:00 GMT
animejs.js
static.criteo.net/animejs/ Frame 6DD4 		12 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/animejs/animejs.js
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZIs9wQAEm4AK1cxBAAF-ZrVkpOfWratDRGYHTg&u=%7CDlrcQWLrv9TXhrzKEF4YFDoYjksUWNkjab8%2BSSjv9O8%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYOn9dvnzewo0NswcNHMySYBexoFFu_CKHv257-HeW_pQ75m60X5ph5PIEPrEdLhKkiUpxoxSBvElcLibnflQu9PGzoiYqjzjGzC597P4bh_KebBqvV1wmagXwyGVn1nPo30FgP1loWgFWL3nwuQRvASPPkGblL1JLS3oi1dfdIXq6mREyTsrMmqyCgO6g8HK5MYEe6gY6lMBe-ROxoRNG8ix2anB9E5gsrmNVZ3oJEzK7B5lj9neHdQgcTTzKJnW2G0tVbdd1ofwAr_bVCrbe4ZRHDNVsS1swph6v06VONYBqwH4ljQasGl-ploE1l4bMOIz7IUVdljuQO3WzNm2SY7Ye-IRS8huTOEgJBntlRX4_tJ44NsWZKagOrHJVqZUaPoU1h_9s9s9wKUF0BalHhwig7T1nOrzdw7vf3Fjn41vrGHMpPfsvz6JhlGGqopTxS4j3PsENkbcmvfLQ2wTLvlBCH8W9fmOkWlQdfyJvwrUXryY_yAaQeEnn6rlrXZNXh5tAnhr1U3XgMsP5h93RQifyM-gh-1lj0VKykFIdzAlbTm96cyT8Pb67Uv5pbssc0qwhwPavopk-Zb_fBa08ux4KISdhdSFZU&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7ER_wT2LZIC3EsGY1wbm_IXgC8me0rFc9ZHevrEBwI23ARABIABgleKQgqAHggEXY2EtcHViLTg0NDYxMzg5OTE4MjEwMjXIAQmpAvENXVuMMLI-4AIAqAMBqgTaAk_Qon2OsarbI1wGxbCH_kHvCNsWvUl8okzQKz9oj0ZTLtlZbAxh6c2qubhcO5UNFCEEp7lfzx0EQ0Z5jIaZt6mnszUpz5HIiYUWw6VWEbP3FlA-bI4jDpGKhxJ8bHMEJCcAhwCx2fAuAO0iHCpy5j7IPCh80MwtBZe36Yh1v-EC4HB3a8yGum3VeehY1IVzAScLMjSMUQKdAqZ3nN3a_anLby7DiQTp24eHgQXKI3ylmkVChQpDoBbTMp4ZXnmjlGGSF3ZjL2i4NfeMhVZ15OUfrP6_1A4-Ubr53YPPYG1giteyj9boiYSwqaKTDe0w73hGPCwJ5OuLV3Uy30lqaNFy8Cthd2VZBqU8gcZSDleUtshov9cBsj5O4lhrRpefe9XBhPxk9TklKwwKFM1yz_WIvSB-ERfI3opWXzXpJFGwsxu-p1Rxew0EwBJ9RTD3fRxY2BY9Bzb3Y43gBAGABpLA1aul1aqDNaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3AiSNTErOoSuf9-GNU3lVIRdBM5w%26client%3Dca-pub-8446138991821025%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Tue, 26 Mar 2019 17:44:11 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5c9a64eb-3181"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 09 Jun 2024 16:35:14 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 395B 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5406348589404&version=m202301230201
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 395B 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5406348589404&version=m202301230201&ct=76&x=1&cor=12261841391918152000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame 395B 		101 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bailc8tL_CUSlStgHTFiQyGqGZsT0snbjYkLlrsR0kTNCBxt4nbxQoGOM3Z2bJ5oIr6GVMlck2cKtV9kUhxQHVgFvODEZpVEwMbvo5VYDG6Q7cVf_XPxSEXJp1XnWVTDahCj-G_XR247Mdhw_Mkejyhk-BXgDiJybl__cDr-VnbHuLPb4&dbm_d=AKAmf-CUn-3RN-TdD-OUzadTrvPo6Vphpy-FCS7irUZtBuntC5JjudX2mzdclSnXTMC_T0oeEGQvwlsn3DqD1jWUWvZA_SmRnMjQOAwi1ZY2SNaSYk65mywcXfr6Bt-DvLpJ2o7kf6FloahFPHm6AdKINEzZFHplG_VmTkYJfNdVMKhmmLL6tSP01c6sFLvWPrKXhQvggzDBD18aOgtx0ID_MsbHcsBpMVpj7pvZ0zKvUau6Gk2ihQspt_mmyC-4NAUkpT5lfKqOHXh1W9ppcWArJkGHhs7APbGCUmKh0o7jxNDfiLTbnmtGtmF9V7gY6T_D1IITxwiWBrSZQn-GtRgitnNgm9LuS_VnzvzJezyFabXjYjyePmb-l9Y8KqUuBwiJFoIZ9nZOy3swxv-RNIP898itK_zJW8gZMVYlLIMpuD3Qh3TJHtzFyYzEInLBFgY0U_5US-tTuUhd4CmR2XS91PiXKF2x7zVw-gHBbl9jmWlzPG7hmmVqnJ9LgqPs30aGIXUDgO1_-_nFRBKw95dHATwvtl3MuWA0FzzoqRPeNihD1jmDnGudiPsbprbtO8AzGrxXMmNYVHny-SlOm9nGbj0i2ZzpvtBpxLHrlCpCjvWkzxZEn1w0KLGT-H7RLuRQbc3jSMQ-zJc_zEaaCNiKZDnIXQmiRpD68lMvzx5rWIJDM4zQ9pOwAevMz59KNJyzzqH2tyauymgz96rzkU-n6Jg2aN7tcB3aOxBpfgdJArzqjNMTWGRFBJBeE2puuOYwf2T6leNyT2nnJgVaNq9HhiEeqk1A9xM6HIdVTO_EV1iUhU0IMk4iMIoEWcXHoE7ejOhu_B2lTYbmzBXaMY2gw01gx6PCtLjIKSC1LMLvMXlxKDDJRjsi6EIZMjC4trFFlg7ZWdijicnMtMELNOi3PWrUPl1CBvyvvCipVmcbEmMKBlCwebAURSlB0pQ7Bz56nx7Dlxz5GfozZkmMGDyz27QHGtU9FmBnCh_3Z19tebIudiOcpFoVIH3EXKOgFJEE007oGiVtsRwR2dNJafC7pwh89CKtpiWD6qLSEQnWYLa_SD8Sfj6xjzBW_S0Grd9LuWgwhe42ITfFcUvTXjSdjzdGD038Dop5j-H4yawl556k8MvuNgEtBpEk4O03xuPc7RlJxe-PDxtYoSEHwQeoUzDFAhUkBCH0TFBmtCl3E04YYN_oaw9oamXEPQZIsIupUU9FHj0QlZwoJJqDuINPV__Zv2V4vyWAT4UZWOdROTZlVTXckaB5upOtjQ-TNIqXcVyi30Bifk0AMYr_RPVdaS9QCU7qYSMeDvI4tPfjpZKYSsByM2dLUyFqDwUS6nZlbjRU3PRKFwuNvmBQ8YOr_8Q_cUkwWLaSqlYYsvVBGJ_p9fcvEgHL1yR3dw0uZrJZH_8oGu4YybAcsqj79T1eMLJvhNIO5pHfqsdLWG86Bti880tX7BMZSCXsNSwTLg7Fv2TNQ7U4WLLey2ZD1yVH7MC1nNrIha1itqRPDosL8w3XBEWzUf8NtAvEKKX7995Ryl_E-gul1tURT54_R6TpaWehXNcQwS7a62qk8MZVDgbqaE9V_kVpGVPCpBNM7c1vsQzYgvbjNmUuKWkqzhY3lNcTNHz758Xt0AxaUMu307WYBqJ4iL-2QwLuVCOw0f-9KGZVvplLP-sLZLh11l81_PNNZtCeOp9hujKZbDQoOccUeNOJ3Gzp4NSWawHqW1RhvO69RR5KTzAMDweMwfKRXtrCKdgEemMenIiUBzofVoySID1KsHd_yXRwZUp9B0VMMUqz_V6JvEnOMUNTRHfakXJJKSjiHVwg8jNIkKFefci2m8au_8B14jTThQBqHqHKMhP1xtp2W3m-kjapFiiI7LVvcghl3yee_ArUkQBuARLl85i0dPpcej7p7mZ-N2YzgwZZlIHlJ4gIeSRWOUcZO1ORBGhmI7ujMfbW45TzgssyJCY9gPYGSlua9EDDvzcuJpvGGZz-X44yomgIcaveSae-q-xK-JUl_3I44LpDx667HL_d2V67-0M2oCeo0VTV6f9fiGs1g52vmQdtN8hz1g6aJxpqdzAyE50llez3z4YdR6XoY7h1n7uvd2P8JEaMy-iZ8ULQen3zUNQMu74YJPYlkhDzpCd5rnZkOB7rL1dIMEWhktmCNX7OGzKRCv9QZL0CPgc1oIbUisy6uXxeqMkUBH1GZhaWxbaVjbgNQ3PcYOSpc1q_lFJrjIRNsKDJuO9bStYJIk_Wva3eB-EwOfytSTj4tbmESdTuC337y0TbJcFosaKPD5npNddoNjTGNdEprE7naMDjchC-Nhn8np4KBo3lCAaOLvD_1SxEW9c9mRJOkhIAbzLaAPVborAdGRePaiw4XT7fpwokOMaP02TVy5mL0Kw-pEEVQM-Cf6i0fZx8zepWpUbEFCwmuHbD9hwwlbPxbOZLJkW3FPTJPqfxD79-Pfn2H-ACWPu3VkkJdI96QT409gl7u4dYJD7tX2m658Ybk7D3Hk1-SJxGy3wTqdiPq60zcSrZqRXCMhJsVpNNUibfzh70uIfbZKfKB1Tioenp0-PB39-wfSWzdQXEKB1THMBbljvces_cEZwYzSXMZcxhLOLeFRj_sciH5Yo2EXeHZJedpLL0PYiYqoSUPZNwxPT-pfWWgiI8HiCF3VPW6r-qdQOpkwdkNQyhlUR-DLh09FHiUEbvBIoxup6pGLkT5tSExnzguodyE9DVqMeZkLl01OQvrYXvqLlja6x-rj2QcRQKg_fLi72eIL3F1cGVnmjNDo6XXdfgbWXbgEaUimlXfDjBI1szf2l9JNs2us7_pqu2qapgJHbuVzHCT9nUk_yQp2ehoVnvJfDUWIQOM4_B6jjniqMQwTFYclty16UYs1BzKLg_61qS4aSDIsbzQJwns8YdJcINTuFj8oHzwLg3uhFaCpGwBFA9kgZ7_GOYwQcCBDe4SreBeeE39nEptin4L5hQSPsSgimP9UB1FbIpS2EWS_aT8mI24c_Nd8ykSr_MTlzB0GGUdFgfqziOWBSQZuviWKp11YgOdjXyCWrUlKDyNpSpTHl-qldh5GGFMUgEbR9Y-SB6dnmUoecpDy56_S1Hr20ZbwG0-Kqd2bwL1olmgCp-dPDT2N7ychiQLsseZ75rtxnHCC7p5zczJJQpXVGQMgKBFgy6mmwaJqdU5ljvDIwKUoPiV8kfQufNxJ8tvKincy83SRFopw0c8-qcsCrwn2MA81aKxK9kBciU-AAHM4lEoNIm1WCcgIWuEBdZWKH8rGxTRzzGQm-s6hRLBtHjoPI26gr66auLJ-7RQWtoMwyQLaZwdfsxNwpaqmT1UwhQ6Y7ilVd_mK5Mr7-PuGZifeI5dmrPQ8n-Fo6n9dNtJuTGNyXnC56yl5LAHLDBVEAq7LkEwA13GIpAdnKOoIsd5nIC_DsjhTdeXqTQa5p9o6uYFT-qHz-pptRQ3puRbTSs49jK7bPeK26gF3jV2gIpH2_xBKggs9BhIOdobcsOsxN2YiUJ1BkbwCfL2HY6EhciKgK9OJy6cTUPguJbRvosDvlYPY1Nig6ZI04ObDIWmknswx3MwQU2gIRBuhM3SLMX985nxrFQlEWCT21w3KdkAjkASCxpbpzOeLjfyREX7vgLJUVHmvQAod67JWPvq-aKfnZhY7HrUS3d60JrFYZsoNUhkxL2gTcU9PxiZOM-qOz4dSRndK1E_9EzwkMwl0iZwC_9g-4MU14Wj5xLpPYkNLRfn5nxsHyjICgATQE7dBgNPrGNBkWP-Ktg55ZgqqjO3WFo_qUK_1bz7aNQENkJEK87VoI4PfvU7lTMbLXZFEF5AYBcMBJM_vLJ&cid=CAQSTABygQiDbbxzMUVnTGrMTZmSyBmuIzPqBKuQxShYlndOu8CSMgGeJ9rkryuKxm4A8Qm_uWESyKAb4fukkGpnybkUt-QhSVwzBIm0w0YYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.metropoles.com%2F&ds=l&xdt=1&iif=1&cor=12261841391918152000&adk=1964084972&idt=111&cac=0&dtd=25
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
722a95b27353358df67697072e19065ff5cd5365c49b401698fef4de7a77897c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39425
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dis.aspx
widget.fr3.eu.criteo.com/dis/ Frame DBA6 		28 B
0 		Document
General
Check archive.org
Download Go to
Full URL
https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=648b3dc10a76ef70fac61cb7071bb9b1&r=https%3a%2f%2fwww.metropoles.com%2f&crossorigin=false
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.7.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.eu.criteo.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache
content-encoding
gzip
content-type
text/html
date
Thu, 15 Jun 2023 16:35:13 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
p3p
CP='CUR ADM OUR NOR STA NID'
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
911623
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
vary
Accept-Encoding
webfontloader.js
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame C518 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1604160
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
4420
last-modified
Mon, 04 May 2020 16:17:52 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb04030-30d9"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3dH%2FuVHZ3kWaznN7bueUDplqJvtv0KKcQ1kgp1xIFdmpsqstj%2BOuSqdIU23euFaDgpD%2BqLNN3eXkFhQAbKum54wnt3PzkeJmpAls1p5cyo0nGINOMBxhwA2bg9nN9B9VQOJgv9g4fKZKL1knVH%2BT7U1s"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7d7c399e8d969b8f-FRA
expires
Tue, 04 Jun 2024 16:35:14 GMT
animejs.js
static.criteo.net/animejs/ Frame C518 		0
0
UnitFeedManagerDesktop.min.js
vidstat.taboola.com/lite-unit/4.0.2/ 		111 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vidstat.taboola.com/lite-unit/4.0.2/UnitFeedManagerDesktop.min.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
768a9442208cdd78c918d76a02b10ba19adeff59cdde3df4a9aa5b77a8bac2ee

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
via
1.1 c60125e7f3465aceafb0abd071a41a36.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
x-amz-cf-pop
FRA60-P1
age
113394
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront, HIT
content-length
31059
x-served-by
cache-fra-eddf8230082-FRA
last-modified
Wed, 14 Jun 2023 09:04:48 GMT
server
AmazonS3
x-timer
S1686846914.264175,VS0,VE0
etag
"bf1d1b1bf26d74f0430bf82cff0cb94a"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
access-control-allow-headers
*
x-amz-cf-id
tkVFTGp7lYmxkViy5ZGfVJbnj9Uvyk6SIefq-8N-2X4K4G7tEI9bQA==
x-cache-hits
7038
sync.php
pixel.rubiconproject.com/exchange/ Frame 9FFA
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TElYRDNLUUYtTC1BVjZQ
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJvWI-rEml3vRu5sUE49s90&google_cver=1
0
0
pixel
cm.g.doubleclick.net/ Frame 9FFA
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YjY2ZGVjMzZkY2UyMTEyMTM3ODcyMDg0OGEwNzU5ZTZhNGRiN2MzNQ
170 B
244 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YjY2ZGVjMzZkY2UyMTEyMTM3ODcyMDg0OGEwNzU5ZTZhNGRiN2MzNQ
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YjY2ZGVjMzZkY2UyMTEyMTM3ODcyMDg0OGEwNzU5ZTZhNGRiN2MzNQ
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
54ae5f20a7acdd83fd00ddb00e96a2c1
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
rubicon
match.adsrvr.org/track/cmf/ Frame 9FFA 		70 B
266 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/rubicon
Requested by
Host: www.metropoles.com
URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
dcm
aax-eu.amazon-adsystem.com/s/ Frame 9FFA
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
0
0
9RGvM21E7Pkw2IdleeGWAA
pr-bh.ybp.yahoo.com/sync/rubicon/ Frame 9FFA
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/9RGvM21E7Pkw2IdleeGWAA?csrc=
0
0
dcm
s.amazon-adsystem.com/ Frame 9FFA 		0
0
tap.php
pixel.rubiconproject.com/ Frame 9FFA
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEAndXHZ705D4iVw9MbDpj5s&google_cver=1
0
0
setuid
px.ads.linkedin.com/ Frame 9FFA
Redirect Chain
  • https://token.rubiconproject.com/token?pid=36584
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LIXD3KQF-L-AV6P
0
0
96ef9f36384868e3003effe8c1188a30.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_115%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_115%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/96ef9f36384868e3003effe8c1188a30.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e5440d5afe856086addc185a34f00b1326fa0497d0eb579377005d9bb99e9063

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-vcl-time-ms
1
date
Thu, 15 Jun 2023 16:35:14 GMT
via
1.1 varnish, 1.1 varnish
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_115%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/96ef9f36384868e3003effe8c1188a30.jpg
age
1251281
edge-cache-tag
423378923426958322646638588909106471745,469003076724496694020487778216065093704,29ecf9b93bbf306179626feeda1fab70
cache-tag
423378923426958322646638588909106471745,469003076724496694020487778216065093704,29ecf9b93bbf306179626feeda1fab70
status
200 OK
x-cache
MISS, MISS, MISS, HIT, HIT
x-envoy-upstream-service-time
264
req-referer
https://dantri.com.vn/
content-length
5812
x-request-id
7e6bd670958da0f01eec1afd678de0c4
x-backend-name
CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
x-served-by
cache-iad-kiad7000062-IAD, cache-iad-kjyo7100021-IAD, cache-lga21929-LGA, cache-iad-kiad7000090-IAD, cache-fra-eddf8230082-FRA
last-modified
Fri, 26 May 2023 07:19:38 GMT
server
nginx
x-timer
S1686846914.274013,VS0,VE1
etag
"fb8b3e2892ce60c806ff5f1ba72fa5e6"
x-ratelimit-remaining
100
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 0, 0, 6, 1
css
fonts.googleapis.com/ 		2 KB
970 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Montserrat
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/ui-ab-tests/em-different-fonts/em-different-fonts.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d243481a66bdffbe09bc2f74f8f1b57714dcd20963e8703c1372716d3fe689a5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 15 Jun 2023 15:01:05 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 15 Jun 2023 16:35:14 GMT
truncated
/ Frame E8F6 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8e1e4b31552024f44b605d2ed7f34f45c2f319307de83828f06b2ffcaf916897

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/png
img
imageproxy.eu.criteo.net/img/ Frame 6DD4 		806 B
998 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?h=96&m=0&partner=9376&q=80&r=0&u=http%3A%2F%2Fstatic.fr3.eu.criteo.net%2Fdesign%2Fdt%2F9376%2F220912%2F894c4542fbb54aeba1e9cc838b75284d_jeweller_logo.jpeg&v=3&w=196&s=GDRkwpj6jYXFTqSJEZ88Vl0Y
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZIs9wQAEm4AK1cxBAAF-ZrVkpOfWratDRGYHTg&u=%7CDlrcQWLrv9TXhrzKEF4YFDoYjksUWNkjab8%2BSSjv9O8%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYOn9dvnzewo0NswcNHMySYBexoFFu_CKHv257-HeW_pQ75m60X5ph5PIEPrEdLhKkiUpxoxSBvElcLibnflQu9PGzoiYqjzjGzC597P4bh_KebBqvV1wmagXwyGVn1nPo30FgP1loWgFWL3nwuQRvASPPkGblL1JLS3oi1dfdIXq6mREyTsrMmqyCgO6g8HK5MYEe6gY6lMBe-ROxoRNG8ix2anB9E5gsrmNVZ3oJEzK7B5lj9neHdQgcTTzKJnW2G0tVbdd1ofwAr_bVCrbe4ZRHDNVsS1swph6v06VONYBqwH4ljQasGl-ploE1l4bMOIz7IUVdljuQO3WzNm2SY7Ye-IRS8huTOEgJBntlRX4_tJ44NsWZKagOrHJVqZUaPoU1h_9s9s9wKUF0BalHhwig7T1nOrzdw7vf3Fjn41vrGHMpPfsvz6JhlGGqopTxS4j3PsENkbcmvfLQ2wTLvlBCH8W9fmOkWlQdfyJvwrUXryY_yAaQeEnn6rlrXZNXh5tAnhr1U3XgMsP5h93RQifyM-gh-1lj0VKykFIdzAlbTm96cyT8Pb67Uv5pbssc0qwhwPavopk-Zb_fBa08ux4KISdhdSFZU&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7ER_wT2LZIC3EsGY1wbm_IXgC8me0rFc9ZHevrEBwI23ARABIABgleKQgqAHggEXY2EtcHViLTg0NDYxMzg5OTE4MjEwMjXIAQmpAvENXVuMMLI-4AIAqAMBqgTaAk_Qon2OsarbI1wGxbCH_kHvCNsWvUl8okzQKz9oj0ZTLtlZbAxh6c2qubhcO5UNFCEEp7lfzx0EQ0Z5jIaZt6mnszUpz5HIiYUWw6VWEbP3FlA-bI4jDpGKhxJ8bHMEJCcAhwCx2fAuAO0iHCpy5j7IPCh80MwtBZe36Yh1v-EC4HB3a8yGum3VeehY1IVzAScLMjSMUQKdAqZ3nN3a_anLby7DiQTp24eHgQXKI3ylmkVChQpDoBbTMp4ZXnmjlGGSF3ZjL2i4NfeMhVZ15OUfrP6_1A4-Ubr53YPPYG1giteyj9boiYSwqaKTDe0w73hGPCwJ5OuLV3Uy30lqaNFy8Cthd2VZBqU8gcZSDleUtshov9cBsj5O4lhrRpefe9XBhPxk9TklKwwKFM1yz_WIvSB-ERfI3opWXzXpJFGwsxu-p1Rxew0EwBJ9RTD3fRxY2BY9Bzb3Y43gBAGABpLA1aul1aqDNaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3AiSNTErOoSuf9-GNU3lVIRdBM5w%26client%3Dca-pub-8446138991821025%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
098ecc750f8b0dcf6edd64523c7d7579ad9deb6d8945e54b8f90eb65e3ec3bd6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
content-length
806
expires
Fri, 31 May 2024 06:57:49 GMT
img
imageproxy.eu.criteo.net/img/ Frame 6DD4 		94 KB
94 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?h=1200&m=0&partner=9376&q=80&r=0&u=http%3A%2F%2Fstatic.fr3.eu.criteo.net%2Fdesign%2Fdt%2F9376%2F220912%2Fd9200fd3e9574ba19e06401a1dfe569d_tj-criteo-ad-800x1200px_05-men.jpg&v=3&w=1200&s=7SgWcgYiPwz3mNxQX-a6oKYe
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZIs9wQAEm4AK1cxBAAF-ZrVkpOfWratDRGYHTg&u=%7CDlrcQWLrv9TXhrzKEF4YFDoYjksUWNkjab8%2BSSjv9O8%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYOn9dvnzewo0NswcNHMySYBexoFFu_CKHv257-HeW_pQ75m60X5ph5PIEPrEdLhKkiUpxoxSBvElcLibnflQu9PGzoiYqjzjGzC597P4bh_KebBqvV1wmagXwyGVn1nPo30FgP1loWgFWL3nwuQRvASPPkGblL1JLS3oi1dfdIXq6mREyTsrMmqyCgO6g8HK5MYEe6gY6lMBe-ROxoRNG8ix2anB9E5gsrmNVZ3oJEzK7B5lj9neHdQgcTTzKJnW2G0tVbdd1ofwAr_bVCrbe4ZRHDNVsS1swph6v06VONYBqwH4ljQasGl-ploE1l4bMOIz7IUVdljuQO3WzNm2SY7Ye-IRS8huTOEgJBntlRX4_tJ44NsWZKagOrHJVqZUaPoU1h_9s9s9wKUF0BalHhwig7T1nOrzdw7vf3Fjn41vrGHMpPfsvz6JhlGGqopTxS4j3PsENkbcmvfLQ2wTLvlBCH8W9fmOkWlQdfyJvwrUXryY_yAaQeEnn6rlrXZNXh5tAnhr1U3XgMsP5h93RQifyM-gh-1lj0VKykFIdzAlbTm96cyT8Pb67Uv5pbssc0qwhwPavopk-Zb_fBa08ux4KISdhdSFZU&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7ER_wT2LZIC3EsGY1wbm_IXgC8me0rFc9ZHevrEBwI23ARABIABgleKQgqAHggEXY2EtcHViLTg0NDYxMzg5OTE4MjEwMjXIAQmpAvENXVuMMLI-4AIAqAMBqgTaAk_Qon2OsarbI1wGxbCH_kHvCNsWvUl8okzQKz9oj0ZTLtlZbAxh6c2qubhcO5UNFCEEp7lfzx0EQ0Z5jIaZt6mnszUpz5HIiYUWw6VWEbP3FlA-bI4jDpGKhxJ8bHMEJCcAhwCx2fAuAO0iHCpy5j7IPCh80MwtBZe36Yh1v-EC4HB3a8yGum3VeehY1IVzAScLMjSMUQKdAqZ3nN3a_anLby7DiQTp24eHgQXKI3ylmkVChQpDoBbTMp4ZXnmjlGGSF3ZjL2i4NfeMhVZ15OUfrP6_1A4-Ubr53YPPYG1giteyj9boiYSwqaKTDe0w73hGPCwJ5OuLV3Uy30lqaNFy8Cthd2VZBqU8gcZSDleUtshov9cBsj5O4lhrRpefe9XBhPxk9TklKwwKFM1yz_WIvSB-ERfI3opWXzXpJFGwsxu-p1Rxew0EwBJ9RTD3fRxY2BY9Bzb3Y43gBAGABpLA1aul1aqDNaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3AiSNTErOoSuf9-GNU3lVIRdBM5w%26client%3Dca-pub-8446138991821025%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
30f5e4f8f423b3fadb879bbc99640c42540011422e91f8c764724261c573cd79
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
content-length
95774
expires
Sat, 01 Jun 2024 05:16:43 GMT
all
csm.eu.criteo.net/ Frame 6DD4 		0
128 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csm.eu.criteo.net/all?cppv=3&cpp=tMIKOyTjJvATA1JEZ3hhY8bWLqr4ysasKrBF1fmPcpUpUbm9L4VLvOIdy7sDMbroSrKhh6AUcKsmMVSv5Q6cwxdILMNiH5SCTvOxljUK9eoiz4TpG7cmyymrbdZkjlEoIb_T4tIU2qoQ6bHHCwyOJFf1yVWoymJwhzlqTDriPQL2S3JffRVpixCnBPvJvflFheU69WiHeiETNkm3b_l96he-qXweps0g_HZuSwyi_3F2juMK1_5jDj1umTN1ObE8AEVQ3w&sds=2&rev=87007&sendBeacon=true
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZIs9wQAEm4AK1cxBAAF-ZrVkpOfWratDRGYHTg&u=%7CDlrcQWLrv9TXhrzKEF4YFDoYjksUWNkjab8%2BSSjv9O8%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYOn9dvnzewo0NswcNHMySYBexoFFu_CKHv257-HeW_pQ75m60X5ph5PIEPrEdLhKkiUpxoxSBvElcLibnflQu9PGzoiYqjzjGzC597P4bh_KebBqvV1wmagXwyGVn1nPo30FgP1loWgFWL3nwuQRvASPPkGblL1JLS3oi1dfdIXq6mREyTsrMmqyCgO6g8HK5MYEe6gY6lMBe-ROxoRNG8ix2anB9E5gsrmNVZ3oJEzK7B5lj9neHdQgcTTzKJnW2G0tVbdd1ofwAr_bVCrbe4ZRHDNVsS1swph6v06VONYBqwH4ljQasGl-ploE1l4bMOIz7IUVdljuQO3WzNm2SY7Ye-IRS8huTOEgJBntlRX4_tJ44NsWZKagOrHJVqZUaPoU1h_9s9s9wKUF0BalHhwig7T1nOrzdw7vf3Fjn41vrGHMpPfsvz6JhlGGqopTxS4j3PsENkbcmvfLQ2wTLvlBCH8W9fmOkWlQdfyJvwrUXryY_yAaQeEnn6rlrXZNXh5tAnhr1U3XgMsP5h93RQifyM-gh-1lj0VKykFIdzAlbTm96cyT8Pb67Uv5pbssc0qwhwPavopk-Zb_fBa08ux4KISdhdSFZU&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7ER_wT2LZIC3EsGY1wbm_IXgC8me0rFc9ZHevrEBwI23ARABIABgleKQgqAHggEXY2EtcHViLTg0NDYxMzg5OTE4MjEwMjXIAQmpAvENXVuMMLI-4AIAqAMBqgTaAk_Qon2OsarbI1wGxbCH_kHvCNsWvUl8okzQKz9oj0ZTLtlZbAxh6c2qubhcO5UNFCEEp7lfzx0EQ0Z5jIaZt6mnszUpz5HIiYUWw6VWEbP3FlA-bI4jDpGKhxJ8bHMEJCcAhwCx2fAuAO0iHCpy5j7IPCh80MwtBZe36Yh1v-EC4HB3a8yGum3VeehY1IVzAScLMjSMUQKdAqZ3nN3a_anLby7DiQTp24eHgQXKI3ylmkVChQpDoBbTMp4ZXnmjlGGSF3ZjL2i4NfeMhVZ15OUfrP6_1A4-Ubr53YPPYG1giteyj9boiYSwqaKTDe0w73hGPCwJ5OuLV3Uy30lqaNFy8Cthd2VZBqU8gcZSDleUtshov9cBsj5O4lhrRpefe9XBhPxk9TklKwwKFM1yz_WIvSB-ERfI3opWXzXpJFGwsxu-p1Rxew0EwBJ9RTD3fRxY2BY9Bzb3Y43gBAGABpLA1aul1aqDNaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3AiSNTErOoSuf9-GNU3lVIRdBM5w%26client%3Dca-pub-8446138991821025%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.eu.criteo.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 15 Jun 2023 16:35:14 GMT
strict-transport-security
max-age=31536000; preload;
cross-origin-resource-policy
cross-origin
server
Finatra
content-length
0
criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 6DD4 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/criteo_logo_2021.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZIs9wQAEm4AK1cxBAAF-ZrVkpOfWratDRGYHTg&u=%7CDlrcQWLrv9TXhrzKEF4YFDoYjksUWNkjab8%2BSSjv9O8%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYOn9dvnzewo0NswcNHMySYBexoFFu_CKHv257-HeW_pQ75m60X5ph5PIEPrEdLhKkiUpxoxSBvElcLibnflQu9PGzoiYqjzjGzC597P4bh_KebBqvV1wmagXwyGVn1nPo30FgP1loWgFWL3nwuQRvASPPkGblL1JLS3oi1dfdIXq6mREyTsrMmqyCgO6g8HK5MYEe6gY6lMBe-ROxoRNG8ix2anB9E5gsrmNVZ3oJEzK7B5lj9neHdQgcTTzKJnW2G0tVbdd1ofwAr_bVCrbe4ZRHDNVsS1swph6v06VONYBqwH4ljQasGl-ploE1l4bMOIz7IUVdljuQO3WzNm2SY7Ye-IRS8huTOEgJBntlRX4_tJ44NsWZKagOrHJVqZUaPoU1h_9s9s9wKUF0BalHhwig7T1nOrzdw7vf3Fjn41vrGHMpPfsvz6JhlGGqopTxS4j3PsENkbcmvfLQ2wTLvlBCH8W9fmOkWlQdfyJvwrUXryY_yAaQeEnn6rlrXZNXh5tAnhr1U3XgMsP5h93RQifyM-gh-1lj0VKykFIdzAlbTm96cyT8Pb67Uv5pbssc0qwhwPavopk-Zb_fBa08ux4KISdhdSFZU&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7ER_wT2LZIC3EsGY1wbm_IXgC8me0rFc9ZHevrEBwI23ARABIABgleKQgqAHggEXY2EtcHViLTg0NDYxMzg5OTE4MjEwMjXIAQmpAvENXVuMMLI-4AIAqAMBqgTaAk_Qon2OsarbI1wGxbCH_kHvCNsWvUl8okzQKz9oj0ZTLtlZbAxh6c2qubhcO5UNFCEEp7lfzx0EQ0Z5jIaZt6mnszUpz5HIiYUWw6VWEbP3FlA-bI4jDpGKhxJ8bHMEJCcAhwCx2fAuAO0iHCpy5j7IPCh80MwtBZe36Yh1v-EC4HB3a8yGum3VeehY1IVzAScLMjSMUQKdAqZ3nN3a_anLby7DiQTp24eHgQXKI3ylmkVChQpDoBbTMp4ZXnmjlGGSF3ZjL2i4NfeMhVZ15OUfrP6_1A4-Ubr53YPPYG1giteyj9boiYSwqaKTDe0w73hGPCwJ5OuLV3Uy30lqaNFy8Cthd2VZBqU8gcZSDleUtshov9cBsj5O4lhrRpefe9XBhPxk9TklKwwKFM1yz_WIvSB-ERfI3opWXzXpJFGwsxu-p1Rxew0EwBJ9RTD3fRxY2BY9Bzb3Y43gBAGABpLA1aul1aqDNaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3AiSNTErOoSuf9-GNU3lVIRdBM5w%26client%3Dca-pub-8446138991821025%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Thu, 27 May 2021 13:21:59 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"60af9cf7-891"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 09 Jun 2024 16:35:14 GMT
privacy.svg
static.criteo.net/flash/icon/ Frame 6DD4 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/privacy.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZIs9wQAEm4AK1cxBAAF-ZrVkpOfWratDRGYHTg&u=%7CDlrcQWLrv9TXhrzKEF4YFDoYjksUWNkjab8%2BSSjv9O8%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYOn9dvnzewo0NswcNHMySYBexoFFu_CKHv257-HeW_pQ75m60X5ph5PIEPrEdLhKkiUpxoxSBvElcLibnflQu9PGzoiYqjzjGzC597P4bh_KebBqvV1wmagXwyGVn1nPo30FgP1loWgFWL3nwuQRvASPPkGblL1JLS3oi1dfdIXq6mREyTsrMmqyCgO6g8HK5MYEe6gY6lMBe-ROxoRNG8ix2anB9E5gsrmNVZ3oJEzK7B5lj9neHdQgcTTzKJnW2G0tVbdd1ofwAr_bVCrbe4ZRHDNVsS1swph6v06VONYBqwH4ljQasGl-ploE1l4bMOIz7IUVdljuQO3WzNm2SY7Ye-IRS8huTOEgJBntlRX4_tJ44NsWZKagOrHJVqZUaPoU1h_9s9s9wKUF0BalHhwig7T1nOrzdw7vf3Fjn41vrGHMpPfsvz6JhlGGqopTxS4j3PsENkbcmvfLQ2wTLvlBCH8W9fmOkWlQdfyJvwrUXryY_yAaQeEnn6rlrXZNXh5tAnhr1U3XgMsP5h93RQifyM-gh-1lj0VKykFIdzAlbTm96cyT8Pb67Uv5pbssc0qwhwPavopk-Zb_fBa08ux4KISdhdSFZU&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC7ER_wT2LZIC3EsGY1wbm_IXgC8me0rFc9ZHevrEBwI23ARABIABgleKQgqAHggEXY2EtcHViLTg0NDYxMzg5OTE4MjEwMjXIAQmpAvENXVuMMLI-4AIAqAMBqgTaAk_Qon2OsarbI1wGxbCH_kHvCNsWvUl8okzQKz9oj0ZTLtlZbAxh6c2qubhcO5UNFCEEp7lfzx0EQ0Z5jIaZt6mnszUpz5HIiYUWw6VWEbP3FlA-bI4jDpGKhxJ8bHMEJCcAhwCx2fAuAO0iHCpy5j7IPCh80MwtBZe36Yh1v-EC4HB3a8yGum3VeehY1IVzAScLMjSMUQKdAqZ3nN3a_anLby7DiQTp24eHgQXKI3ylmkVChQpDoBbTMp4ZXnmjlGGSF3ZjL2i4NfeMhVZ15OUfrP6_1A4-Ubr53YPPYG1giteyj9boiYSwqaKTDe0w73hGPCwJ5OuLV3Uy30lqaNFy8Cthd2VZBqU8gcZSDleUtshov9cBsj5O4lhrRpefe9XBhPxk9TklKwwKFM1yz_WIvSB-ERfI3opWXzXpJFGwsxu-p1Rxew0EwBJ9RTD3fRxY2BY9Bzb3Y43gBAGABpLA1aul1aqDNaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3AiSNTErOoSuf9-GNU3lVIRdBM5w%26client%3Dca-pub-8446138991821025%26adurl%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 19 Feb 2020 10:57:21 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e4d1491-646"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 09 Jun 2024 16:35:14 GMT
img
imageproxy.eu.criteo.net/img/ Frame C518 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?h=176&m=0&partner=9376&q=80&r=0&u=http%3A%2F%2Fstatic.fr3.eu.criteo.net%2Fdesign%2Fdt%2F9376%2F220218%2Fd77bb6eb78d045f2a6947800753141fd_logo_n_horizontal.jpg&v=3&w=256&s=Zo5vBo6TvZKZ3OfAk_eKl9vb
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
5b830566b2490f63737ec1e1ad1563b298f0a58cdbb07de1c03d78c3a098f1ee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=31104000
content-length
1494
expires
Wed, 22 May 2024 06:57:06 GMT
img
imageproxy.eu.criteo.net/img/ Frame C518 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=9376&q=80&r=0&u=https%3A%2F%2Fmedia.thejewellershop.com%2Fimages%2Fproducts%2FSP0811_01.jpg&v=3&w=400&s=aMq3rz2Ky-hhuTmbwLDg5OxP&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
ef9853fe009fad797c3ca8b0a0b21be0321df633f869a6f020b8a1ff5e31cd9a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=604800
content-length
4834
expires
Wed, 21 Jun 2023 20:57:59 GMT
img
imageproxy.eu.criteo.net/img/ Frame C518 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=9376&q=80&r=0&u=https%3A%2F%2Fmedia.thejewellershop.com%2Fimages%2Fproducts%2FKK0025_03.jpg&v=3&w=400&s=QDQQlSZe9y1iN2JVp547yIrI&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
5956d96cb4f844bdd698ae653c670b7ebc985077bbebf9c930672a47f61d6afc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=604800
content-length
4588
expires
Thu, 22 Jun 2023 15:50:22 GMT
img
imageproxy.eu.criteo.net/img/ Frame C518 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=9376&q=80&r=0&u=https%3A%2F%2Fmedia.thejewellershop.com%2Fimages%2Fproducts%2FPK0030_03.jpg&v=3&w=400&s=gjsToMwNqHZLf20Qb5zCwL3L&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
7f925d844d620832bd01ba8935ea8a86267536d184e8ec1d27372e11ec734af2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=604800
content-length
5026
expires
Wed, 21 Jun 2023 10:40:35 GMT
img
imageproxy.eu.criteo.net/img/ Frame C518 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=9376&q=80&r=0&u=https%3A%2F%2Fmedia.thejewellershop.com%2Fimages%2Fproducts%2FKA0045_01.jpg&v=3&w=400&s=RFwJKiiELgYDx-w6DfnBs1Hc&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
72edece08b4e6dec241f8f0ae88c1b05a7f5f6146a8c09e4767573a1059e375b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=604800
content-length
11386
expires
Thu, 22 Jun 2023 16:09:43 GMT
img
imageproxy.eu.criteo.net/img/ Frame C518 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=9376&q=80&r=0&u=https%3A%2F%2Fmedia.thejewellershop.com%2Fimages%2Fproducts%2FPA0080_01.jpg&v=3&w=400&s=VW7zSHcxxUBKI-sVCbV9-iR5&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
159274edeebd680cfa245a69f234abda2ae694a2cf0e65d763da727ebccdff37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=604800
content-length
10738
expires
Thu, 22 Jun 2023 15:10:19 GMT
img
imageproxy.eu.criteo.net/img/ Frame C518 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=9376&q=80&r=0&u=https%3A%2F%2Fmedia.thejewellershop.com%2Fimages%2Fproducts%2FPK0060_03.jpg&v=3&w=400&s=os75k1we7gDtFGz2aYdtxk5o&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
dbb7364ede002b4a05f7af67983c48fb1c7f8b6a94ea4403afb7178c99e38cfd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=604800
content-length
5962
expires
Thu, 15 Jun 2023 18:11:47 GMT
img
imageproxy.eu.criteo.net/img/ Frame C518 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=9376&q=80&r=0&u=https%3A%2F%2Fmedia.thejewellershop.com%2Fimages%2Fproducts%2FPA0070_01.jpg&v=3&w=400&s=LFH5nsCQhUeb5z9brJk5-WX_&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
310c7e74792944a6d029a63d5485a1f75fa429892b2caf4ee7a4ceaa9b0846f4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=604800
content-length
9878
expires
Fri, 16 Jun 2023 13:05:20 GMT
img
imageproxy.eu.criteo.net/img/ Frame C518 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=9376&q=80&r=0&u=https%3A%2F%2Fmedia.thejewellershop.com%2Fimages%2Fproducts%2FKA0035_01.jpg&v=3&w=400&s=td8aVEKyPuSvzQxLznMPgdlA&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
7c9f1fa3e285722d50f13b0a099dd87a8ff64feabc86d2cc1ce9a5ce4ce4b470
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=604800
content-length
9380
expires
Thu, 22 Jun 2023 15:14:19 GMT
img
imageproxy.eu.criteo.net/img/ Frame C518 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=9376&q=80&r=0&u=https%3A%2F%2Fmedia.thejewellershop.com%2Fimages%2Fproducts%2FPK0020_03.jpg&v=3&w=400&s=qhXgnBXOHPv8m0wv_AuiBOYa&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4acf74637ce981753451d91504117ab50c1d6e470ae7ca6afaff454c365f4938
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=604800
content-length
4016
expires
Thu, 22 Jun 2023 14:43:34 GMT
img
imageproxy.eu.criteo.net/img/ Frame C518 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=9376&q=80&r=0&u=https%3A%2F%2Fmedia.thejewellershop.com%2Fimages%2Fproducts%2FKA0060_01.jpg&v=3&w=400&s=7FI1zsqr0hfJu-XbK8d2ONYf&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
cbf3d1c50d0e686bf1c0ff73f4babcd0bf9c053dacda2a1a9f438db373d0be6e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=604800
content-length
11716
expires
Thu, 22 Jun 2023 08:48:15 GMT
img
imageproxy.eu.criteo.net/img/ Frame C518 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=9376&q=80&r=0&u=https%3A%2F%2Fmedia.thejewellershop.com%2Fimages%2Fproducts%2FPK0010_03.jpg&v=3&w=400&s=RGAJA9aBo5PI_AESwS-inx2Y&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
996e07e5f5f2c7a31302049a4a4f76320168f7206a655bcaa1af14cd45f3ed46
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=604800
content-length
2274
expires
Fri, 16 Jun 2023 08:06:34 GMT
img
imageproxy.eu.criteo.net/img/ Frame C518 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=9376&q=80&r=0&u=https%3A%2F%2Fmedia.thejewellershop.com%2Fimages%2Fproducts%2FKA0050-RH_01.jpg&v=3&w=400&s=-qoiTwl9HrYoIBGPQY77tRR6&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
9dbdb3993a41c534ca8f97be720ae24ac290965a76c26267e08a3feb735bf781
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=604800
content-length
11050
expires
Fri, 16 Jun 2023 10:57:34 GMT
img
imageproxy.eu.criteo.net/img/ Frame C518 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=9376&q=80&r=0&u=https%3A%2F%2Fmedia.thejewellershop.com%2Fimages%2Fproducts%2F397802CZ_01.jpg&v=3&w=400&s=UX9TxvGiJLhXbJNZwBsJNofR&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
d0e73fff6c5334f8c0f84e0a6e085db16680b183fdbdcef32c62185437a098fb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=604800
content-length
2492
expires
Sat, 17 Jun 2023 20:43:58 GMT
img
imageproxy.eu.criteo.net/img/ Frame C518 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=9376&q=80&r=0&u=https%3A%2F%2Fmedia.thejewellershop.com%2Fimages%2Fproducts%2FPA0060_01.jpg&v=3&w=400&s=PA8Ps7qIMy1Wv0qgBZtm-EQZ&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
08509c3b8bf1317b634e879f5d77f9851311e14fac82a3a0f28e0522d8759f1f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=604800
content-length
9540
expires
Wed, 21 Jun 2023 19:30:22 GMT
img
imageproxy.eu.criteo.net/img/ Frame C518 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=9376&q=80&r=0&u=https%3A%2F%2Fmedia.thejewellershop.com%2Fimages%2Fproducts%2FMOK0005_01.jpg&v=3&w=400&s=8RiQ7ripcWnuuhLx9tvNnTPI&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
52bf94091d68b796368978b46104a2374d37ac4004f50df68c48a5310bde7c7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=604800
content-length
13258
expires
Mon, 19 Jun 2023 21:34:34 GMT
img
imageproxy.eu.criteo.net/img/ Frame C518 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=9376&q=80&r=0&u=https%3A%2F%2Fmedia.thejewellershop.com%2Fimages%2Fproducts%2F022825_01.jpg&v=3&w=400&s=49jNW7IgduMAXxGH5GTxuVgQ&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
bd210dc4af2070d25008c77b682ab15d34e428f35b0822c82453ccdce805cefb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=604800
content-length
3184
expires
Tue, 20 Jun 2023 14:52:19 GMT
img
imageproxy.eu.criteo.net/img/ Frame C518 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=9376&q=80&r=0&u=https%3A%2F%2Fmedia.thejewellershop.com%2Fimages%2Fproducts%2F280305023_01.jpg&v=3&w=400&s=ZqeMFNifAJnpjEuoEnVcYTa7&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
8a5015a81d2387aab8dd073ccc12b31b73471f690b2cbdfb0e05a7dadb788b1a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=604800
content-length
3954
expires
Fri, 16 Jun 2023 08:32:13 GMT
img
imageproxy.eu.criteo.net/img/ Frame C518 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imageproxy.eu.criteo.net/img/img?cq=256&h=400&m=0&partner=9376&q=80&r=0&u=https%3A%2F%2Fmedia.thejewellershop.com%2Fimages%2Fproducts%2FKK0035_03.jpg&v=3&w=400&s=ayq8XQwSQUSKW_okg8bLHa64&b=400
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
35209871d29203d76de91cb43aba474f927b721ec4f9428fff64cf21257629b9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:13 GMT
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 4 Jun 2008 06:06:06 GMT
server
Kestrel
content-type
image/webp
cache-control
public, max-age=604800
content-length
5840
expires
Wed, 21 Jun 2023 16:28:13 GMT
all
csm.eu.criteo.net/ Frame C518 		0
127 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csm.eu.criteo.net/all?cppv=3&cpp=dUALYiTjJvATA1JEPlEqrI0fCidTD50LogOGOPYKfqW9jNU5-_DzSd08Dor6Pk1_UbgQN5CsGdGN8qpCnNbzPg-0-mbcIrItqdRp2i9IuyUoMBK79Wgk9_fbi_Ty_SVNaAS8lIfZQ2Pmsn9SIgUMCDgX_p7IpY0Iui8VQNljg5QcKkDbx4j7QQfsreYCy-79wHo02UKLKZUp_34hrZFv41lsFhXfB8WPr5IgUM3HzL99Z0Vp9xVv6pGdDrhI3mJfUpQmYg&sds=2&rev=87007&sendBeacon=true
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.eu.criteo.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 15 Jun 2023 16:35:13 GMT
strict-transport-security
max-age=31536000; preload;
cross-origin-resource-policy
cross-origin
server
Finatra
content-length
0
criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame C518 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/criteo_logo_2021.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Thu, 27 May 2021 13:21:59 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"60af9cf7-891"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 09 Jun 2024 16:35:14 GMT
privacy.svg
static.criteo.net/flash/icon/ Frame C518 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/flash/icon/privacy.svg
Requested by
Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=0CC735899A8DACDA&u=%7CDlrcQWLrv9TES7XwpjghODLNEjJNntLnQj53FjXGxO8%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxhz-rXaRM-9rGIUsm7h7ieQmLBDGPkyiLsdbM7-4q1VzYay9_T6Y1oi4b2ZGTiAc3QJlya1oCJBz9CHP3q17RW1p7ufvwweDXZAKnFENOKRUfUFL4kBdILUtecIb73GkLWyw4AipJoxKZV4mUwJsL9HRTkNgTVZdhu6thjQsAOu9L8Mo7Qgj2IC8b8r5E-BH5fFISMXkmjSprnuCfLR7VzbKWJdsR1BO6wXHSZ2POT8V_SKp7un8mXusCJ0f1wTrpRoMkE_I3rpNaPv9pbSoitaFAD5a0VLERD6PD8xeAEnxiq5PBzGmwCYpD2ayZEOBJ_jnOvYP7YVo23SkA2bAB5OaH4uT1e_V1DFyOauSg7rJp0Y4FSZ3OZ0AG155QaU1tt3ahSr461ZThYTCJAPnqnEq3jaii95-rvxGzmD6o2dC-twportDS6IZy5ihZFE8zys5qDumZZN52iIrq1asBhzB9RO94O0BVPxB3-gaIOpdu-oQ5wAw78HFgsLUsK1lFg7AbQpgfPnu3IPpGyztjvlkRSGvKuhJK6t9gT0epK4csIuZSblb800k5QN1qfN978s4-cLEpP52FY2-2ajskVYBS1zu-oEurRjPDu289-oe6XRQsd-AtsuwVZwbutkM_4idWEzDEjhlE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.eu.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Wed, 19 Feb 2020 10:57:21 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
W/"5e4d1491-646"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 09 Jun 2024 16:35:14 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame B230 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3416228772813&version=m202301230201
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame B230 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3416228772813&version=m202301230201&ct=76&x=1&cor=14372604510407956000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame B230 		101 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CCb9Fjq_Jk63bHojW-zbZ2jiQF9QHLOXE8gmHjiiy4cLoIy_NC7VACrPXkmNTxhKNcdX8mgdyMch7HkgvsHmlQzv2TMhvQyccSCQnd9QXVIj2QdgQ9wVwGUpII6oU31NoSTXDG-QRywUK5QH6bTCymTgnru9Ba6afuKRxxUmUyVW1azSM&dbm_d=AKAmf-ALcNA6moamUxe2zeh2hlAN8u_1lDaBVJ6j583GKBJGQp6lXdyJ1HvET4U7Xk2E6m7BKXYH_MJ5ixZ6ZhCFDv-AZCuIdQqPUWgW3I6n7zfRzkWastwtwN9qD-DX7fM72UMZ_a5ZV4-wDK5BK0JER07dG4nEOzoSElg9sMjCbo7AcrUCMCLrz1NK6k0HIemOg9WiUsmuQfPk-WsLYFNU4eFubi6FUFF55kRcN1MBHHPnvs2Irqd1eHl-znrMz06tABJiBY62VlWusiEJ8u3pdwi6ZciLqxfyYvQSAf-9V9EJxtcjPZU0R32DCViaGC4FEA0_o6CujamuffM0zZrlVMVqRJjqs_h_MXYZeEyYs85jH7bNGnNLmjsEoRUDMj1rGMS0w1y3AU0Eoy7VPG0JPkV6-DOmxcfSzzsD8lzzx0KIuaffKkPaBQbLYeWAr5n0kM2Ff25R5ldcb5NWLslo_G4PAPFtyRB0IPz7giKISwdsicDyAtDVem29pMwIxwRUAHwgiEMxC3YU-GnDT9YgIojiU2qbA8MfBMBhplnktwPBbfFxhtUkLFyy5zliNBUNmRy5pXkw_OhmiUHU_-jccEgRBe_0uGIqfBJ5IBP_7Q1cbxql244DqznbBVcwDExiKQ_OPn3kIihh-Xoya9sukbrZwi3oeMMl2Sq4VENChGJjhEzmIT9G9LcQKSdAJaqFa_m5v81ExR-XTTm1s8E2mG1_bl5nKd3-gSGIBS12K_8Wy_ForHMZ3UH10KVw-RfJLIqdw4XF6qZ9WMIFzNLhQXKkXMFmZmvMDiqwYJTNE_AXd_HHGUDR0HyCR76s3FA9s9E34tmePYuP_z8xRb0KaAcJKI_i0_nnd5EjtsoGKYedZ2l21XH7ul7tM4qe4ZAjuTQvT-R0X7wCI4Kpjl7X_mBmZdOX0V0YPgW5bWkkWc3VRwUJZdqAZYdiQjqUOU6FJaP0cdq8WIqgOAAAxvxdwrAp_ePcjjeb6ncTHUnvhiAEsg01JVPY3pDTgyPHF1DYgA0-rkakMESS8Ai8DcM5dJdGB0rDkoX2Z6N82G-Jf6VhTYsGIWNH6Kg2H6Z-Uf_DQvx1x5SMv_1XiyFHzUW8b3-ODNY_ySp7MTW-3jptI_bbRUgRsVgwzOafPSwMx_qEYAj1-w7KLIvYDOC5xNMO8oP9z9h6JENXJEJHyuR4YVErmchu_Y4PU2jWJET8i8hAPMkrqyC5fsQ1PWJOnmYmJ2N10ZjWBMIvo5j2Vd5GtYxaG75i4GzKBp9C42zfqlhC0LuKgfhG_Eb4TuKI-1-zaK2pgGsAPtbUvrOHmbP1fx9ghpGKIjANRKXxbJABRj7EV760IMHbP7naWKGjyvIuUFTpqDKiirSHXvmQWCbuk3cTaCPDaJKlVDuNNqJ9vkjT-jSdD8N2M_niOwnpSnAprDhgYLDXciNHHMJpD_EQhm3GoW7Joud4x1q7dbhpXw0wMTxQiMKW_Mjw5n6VCnWf-fO9ckSK376u1fOVCMDkaZiUubI-oQI78abHPbUlk7dWG8LHWe61EjWKynlOj2n7mbd8uRig_Vu6--x-146salHjsS1WvYjzMe5YYlb3Al_biSq_c2VxrV-2BCHMncJ6rRWhrCw8A24JMDmpkdefh-iJEgi_xt2loQ0ITUWM1okgGgLpTg_DOP3jhqDrdDhg_8JO8p2b8ChMOiBuZLiN8YvBY2PgB21bekhySIEdw-qoxlwQWobTD7310I277kIFVOOoYsugMNmsC9epfCfo-AsXLbAr35alahXjOtMoO6IlWCDe8blsK4guKnWGM7RQhwf46p-LndQfeIzD15Nc67OK455Ncn_lh4snQ03Uz_emK8yyWkaRGVNOU9V9HOP68B3Vf4KrZOt__W4vIwh30S9n9fRHbOl-K72VgK_QaOfQ64qJUEnX9YLpkoeCvHnKDDrfo51sW1DM7-WGC9ddYlHDxmIbOHJyuOfwEoerpJKJ9PPwc5uPDeT35Nt72IqaM_0t-W1rA74-VEEYCsDd_NeY27Guo5tkuB0m2xenZ3FWRcaF0rdupYlrlPYzNivOjZTg7O8lYSPnULbnhrtgW1GxzgamTbb3wLKW3kox_eQxeiA4eWyI-KoYP5iHOtApjZ0POkhnhTkjJFb5PzLigyBTNgwL_1ag3HKQTsgbuS1zyDtdxV0vCRSFfeXB8Qa7RCxpfY2eT_whKOEsHmcrIUssIeypnI4d8fBGVquz1K8BEnXKq2cFYVDsoR-WbKWDdGlLp5sv-43d39qjIxQqTQekHCAP9_PDqzTrfLVDU3rFoVVyjBINDY_qcDGdjMAQ5y5u8TkGhzIVvX2Rv0ZuKnmSWENMvKHyQ2DqF3SfyeFmKVgQSE60KjWWhsG50qJY6oOyqF_g4Zb4WQxMeUhY6_CEgipkCneN3Pw_4vmx7ygJq5qMk7ri9qP54vM2p-FNicBvJqZswKjyf9LbooWH97KIZmjClsO4nu1mR-0mdOxpTH1-Gf4wd9gnw-HpQa8qGM3NYombIug6KVHsyWlKOlCC_7hrgvJ3mMz3Uw2DEZNk5OKT2sC4bG4_vshRticeGpXV3cFx7NA1tmzcUVNCI3lKDUdnDTwq8z5rbY2k4E7Yk_NQiUCqbqaCsSDWmBNhCiZCtRsHsPYFIzXFFyHFYkPgXelECoMYkdzyNRnCIDEjtJN-ZQmxwpS336fdZ9Rdz32jNEkE3_iAeybNrFEg30Duhem9PtRs5IMjuZHhug7ebwM_xUSEUZgFr4ZorNVbbtJO-f2AvADoQeyzAt6qIbJrK_QvpZNd9BMiE8VM4kjldHiobGDxUsd1AmZ78ac-c9tv0_disAtjfVh3VkfPiph3ka5uVEgpDtVo5I7Iu09xdwiEgwVoiGo0VRs3B1g-E67Fn9TPzJUPRfnwMwhFXhqX-_SVZgLKRcmbZ3a1FuePWwsDMgYHPHvf3oRHqW4dN3RJdGhwO4N3DIAGVmvdwjYttn4ExqG61qlyzAz-pDqX9N5Njl4b5CWdXonVhDr66SjG0rvD8ZWUJgvJUYoKTjEYwWZAGCcJzWVWTMgweMRGfPwtd_uxJuA95kuBetdCARkotrwOw_bxO-0WVMPfphV9NgqcPsrnu5Zw5Hj2zla20UG6Ct8r-bMY0NjBKelHamJ0ZpcNSjcABpYGWav40YOabs9uMBD-Mf7Xh_oAXL_hyJdNjVztkEiuBX-qGR-094IgVKDp2NFh9S87Vvk6Ham9yjIgliEdBcYOP0dF-HMufEB6CYRaDSb15ukQPqgO685jADRo2O8-UIBR3eUKUDbEhfkhJFfUYLbTKCt47QXAq4-YAznamR4jfhy5BvF1ColahJlBhwadMy_JDNLUKioSnKxAQYF3tCORu9oCZNootDhW_UMCYVzaYBfCBSDF08RLTd5E5tt3sqC417qks0DNNONHJTuwmD8dnFcfTcNyLFvGcbl-d9i-GfVTzSJsATp-h9ZG2O1OHKy0vdNV2EMJJr-nxTWqiiveP4riC2WLa3jsSWo2Wu5hcJZjlcpWIgZVfVuIN_tFkbu9ochFBHQBQsrLq4LZd1G-sG7VCWqpJqNz08tC6eUUGfKdLuegQk1_7jZ_StngCVECiP9-fXHXuK2ElVfdoFCbisHRUtQx0J05FtLoq5TxOwu3oh1eaCHZ76DDKAKFKYNZDhZJE8yyDXZ6KoorVIYPbsUSUa3kPKjKmwCqiyBltg2veTUQaLWGy3vXjGYxjzuYsCVkyTy90ZqkuICsNBBX2H-F7600RSVvCC3k1L9wkNPcSdrCDa8ZZ57dd-GhUtbnopy96GP2yrLvfapl_I1RuFcEdXSD83sOqlYFQ3ot3bhE81fxyOSgbPPSFQ&cid=CAQSTABygQiDbbxzMUVnTGrMTZmSyBmuIzPqBKuQxShYlndOu8CSMgGeJ9rkryuKxm4A8Qm_uWESyKAb4fukkGpnybkUt-QhSVwzBIm0w0YYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.metropoles.com%2F&ds=l&xdt=1&iif=1&cor=14372604510407956000&adk=2228999115&idt=167&cac=0&dtd=6
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
92447e198ef265932cb5225e08264a6dc205c1de67f62f497ee781c6d69d4119
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39476
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adunitMapping
webservices.webspectator.com/ Frame 7279 		755 B
774 B 		Script
General
Check archive.org
Download Go to
Full URL
https://webservices.webspectator.com/adunitMapping?appId=2779&eaup=/123935210/tag-nsc&eolid=null&eci=null&ct=%7B%22refresh%22%3A%5B%22true%22%5D%2C%22refreshed_slot%22%3A%5B%22false%22%5D%7D&w=120&h=50&wsRotSlot=&isda=1
Requested by
Host: wfpscripts.webspectator.com
URL: https://wfpscripts.webspectator.com/ws-4.4.62.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.192.67.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-67-210.compute-1.amazonaws.com
Software
WildFly/10 / Undertow/1
Resource Hash
190fab81159e99eb3f058ca9be1fb8983f6374695111651de3be9cfdad1bb375

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:14 GMT
Content-Encoding
gzip
Server
WildFly/10
X-Powered-By
Undertow/1
Transfer-Encoding
chunked
Content-Type
text/javascript;charset=UTF-8
X-NoCache
true
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Jan 1970 00:00:00 GMT
adunitMapping
webservices.webspectator.com/ Frame 6076 		756 B
774 B 		Script
General
Check archive.org
Download Go to
Full URL
https://webservices.webspectator.com/adunitMapping?appId=2779&eaup=/123935210/distrito-federal-na-mira-quadrado-sidebar-1&eolid=null&eci=null&ct=%7B%22refresh%22%3A%5B%22true%22%5D%2C%22refreshed_slot%22%3A%5B%22false%22%5D%7D&w=300&h=600&wsRotSlot=&isda=1
Requested by
Host: wfpscripts.webspectator.com
URL: https://wfpscripts.webspectator.com/ws-4.4.62.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.192.67.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-67-210.compute-1.amazonaws.com
Software
WildFly/10 / Undertow/1
Resource Hash
9a6b675b684edac204edf7dddd557de9d49f49bb5870f8f61d046b6825c2d17e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:14 GMT
Content-Encoding
gzip
Server
WildFly/10
X-Powered-By
Undertow/1
Transfer-Encoding
chunked
Content-Type
text/javascript;charset=UTF-8
X-NoCache
true
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Jan 1970 00:00:00 GMT
adunitMapping
webservices.webspectator.com/ Frame E6DD 		765 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://webservices.webspectator.com/adunitMapping?appId=2779&eaup=/123935210/distrito-federal-na-mira-quadrado-4&eolid=null&eci=null&ct=%7B%22refresh%22%3A%5B%22true%22%5D%2C%22refreshed_slot%22%3A%5B%22false%22%5D%7D&w=336&h=280&wsRotSlot=&isda=1
Requested by
Host: wfpscripts.webspectator.com
URL: https://wfpscripts.webspectator.com/ws-4.4.62.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.192.67.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-67-210.compute-1.amazonaws.com
Software
WildFly/10 / Undertow/1
Resource Hash
ff151943b4284eb07a2bf4c4dd491248d6d1e5b5f8e9d3870da0f207469f38a7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:14 GMT
Content-Encoding
gzip
Server
WildFly/10
X-Powered-By
Undertow/1
Transfer-Encoding
chunked
Content-Type
text/javascript;charset=UTF-8
X-NoCache
true
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Jan 1970 00:00:00 GMT
adunitMapping
webservices.webspectator.com/ Frame A5C3 		765 B
790 B 		Script
General
Check archive.org
Download Go to
Full URL
https://webservices.webspectator.com/adunitMapping?appId=2779&eaup=/123935210/distrito-federal-na-mira-quadrado-2&eolid=null&eci=null&ct=%7B%22refresh%22%3A%5B%22true%22%5D%2C%22refreshed_slot%22%3A%5B%22false%22%5D%7D&w=300&h=250&wsRotSlot=&isda=1
Requested by
Host: wfpscripts.webspectator.com
URL: https://wfpscripts.webspectator.com/ws-4.4.62.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.192.67.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-67-210.compute-1.amazonaws.com
Software
WildFly/10 / Undertow/1
Resource Hash
33fcb056c45397e5e8c4a600db38f0ec5768ea7b0631a10812ce2f6b752049c0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:14 GMT
Content-Encoding
gzip
Server
WildFly/10
X-Powered-By
Undertow/1
Transfer-Encoding
chunked
Content-Type
text/javascript;charset=UTF-8
X-NoCache
true
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Jan 1970 00:00:00 GMT
adunitMapping
webservices.webspectator.com/ Frame 924B 		765 B
790 B 		Script
General
Check archive.org
Download Go to
Full URL
https://webservices.webspectator.com/adunitMapping?appId=2779&eaup=/123935210/distrito-federal-na-mira-quadrado-1&eolid=null&eci=null&ct=%7B%22refresh%22%3A%5B%22true%22%5D%2C%22refreshed_slot%22%3A%5B%22false%22%5D%7D&w=300&h=250&wsRotSlot=&isda=1
Requested by
Host: wfpscripts.webspectator.com
URL: https://wfpscripts.webspectator.com/ws-4.4.62.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.192.67.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-67-210.compute-1.amazonaws.com
Software
WildFly/10 / Undertow/1
Resource Hash
a94b4839376373c960e3297b538e6c65ce38d4a33ba84c4cabbaa501cd5873bb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:14 GMT
Content-Encoding
gzip
Server
WildFly/10
X-Powered-By
Undertow/1
Transfer-Encoding
chunked
Content-Type
text/javascript;charset=UTF-8
X-NoCache
true
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Jan 1970 00:00:00 GMT
adunitMapping
webservices.webspectator.com/ Frame D17B 		764 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://webservices.webspectator.com/adunitMapping?appId=2779&eaup=/123935210/distrito-federal-na-mira-horizontal-1&eolid=null&eci=null&ct=%7B%22refresh%22%3A%5B%22true%22%5D%2C%22refreshed_slot%22%3A%5B%22false%22%5D%7D&w=728&h=90&wsRotSlot=&isda=1
Requested by
Host: wfpscripts.webspectator.com
URL: https://wfpscripts.webspectator.com/ws-4.4.62.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.192.67.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-67-210.compute-1.amazonaws.com
Software
WildFly/10 / Undertow/1
Resource Hash
63a8ba36baccd6e19277e6cbcbaf3b5a9a0fded00fd3fdc3385d9da4f93e3caf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:14 GMT
Content-Encoding
gzip
Server
WildFly/10
X-Powered-By
Undertow/1
Transfer-Encoding
chunked
Content-Type
text/javascript;charset=UTF-8
X-NoCache
true
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Jan 1970 00:00:00 GMT
/
msgws.webspectator.com/server/ssl/2.1/ 		67 B
248 B 		Script
General
Check archive.org
Download Go to
Full URL
https://msgws.webspectator.com/server/ssl/2.1/?guid=90f21c66-aeed-3550-171b-aff38d3fc876&appkey=w5tlOg
Requested by
Host: wfpscripts.webspectator.com
URL: https://wfpscripts.webspectator.com/ortc-heartbeat1sec-min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.234.140.75 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-234-140-75.compute-1.amazonaws.com
Software
/ Express
Resource Hash
4a2a801c9c80fdddf923fc6b0c364467a102da2ca6a46afaffca59819f030539

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 15 Jun 2023 16:35:14 GMT
X-Powered-By
Express
Transfer-Encoding
chunked
Content-Type
text/javascript
gen_204
pagead2.googlesyndication.com/pagead/ Frame A085 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3084885249374&version=m202301230201
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame A085 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3084885249374&version=m202301230201&ct=76&x=1&cor=6075511303309777000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame A085 		101 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Ah0cA0DiTdygNugLKzLphkw7O9LxiImBdlgEENQCpHxQBz3OXUaPwc2MzR5hCoYRpS4XYxOBNYjMnyynFA3qFG7O959CJRrSU9yYkca9fX2Po-6ri5J_rglNbi6LL0sAuQnDGoF_S-3qpjlhqrqEqR9YZoQ-M1WX1W74w41NpmeLbINkI&dbm_d=AKAmf-Bqej2d87McplapTQi5ts0buU70789zzdKYbtzvFET8OY6jhgkXLyrjOVh5J0jaOah7tI1vbLCNownvyx-mKIMmSsZWrryqspidRcWhubxqQHv6ulVPGIwAAFtzYjvILOJPpS1xWzbKaWa_Bc01kHCoiDasc-Pk3WXL81nZGzjwIVAi51ODVUbjfU8b2ap-8FdPk6pZUSBV2HiPfs2K-r9txfsRwIep6e6URkzAY9m2s7f37havBQRNRSwWrwhhlOyZ0hlpV_mymYdmhDZwcZP2_c3pl-50q_gRjOVAX51Nh8mDYap33dBdiyLM6wT8a1G4Fi_HnIIDLWoQvyic6MbHSL2ipi3KjgKbiZ_CUKA6bA--cwmHCcCMrpOV_xAYf5bUwXmEiowYiEGPj9gOY01de4GtaoFSZg6fghvDGlhBnEennSB16sajqpibT5F3u-H1ZJOCarGnQUZ5njGJBZe9O7WiLufRvpP018-qaB_PSyvYi0cAJzWsFPEyi8JX3VERog5HNo93LiNC7OxgFJ9A8QPM2Z9Jfp-HL5ZZyqoT5SiQRawTipKG8hH0WOWJfut8CmSURI6dnTitHVNLFBeOUhT_kKspvfAjdwhoTC_ew__jQ5Kq32uQXZT486sy6fIMht-2AkD2iBoPDn6CtvnVM0AXtRjbA3rvyTdqQa25Ik-qUXCnPHByP-Rey31SRI1_FLfeHSWFSXPgqK7Sy95ZfT-HJxL9UgNjkNLCzbXRof4s8EYgCwYLi31VawhKvaeWE67dXEQkF7Msp8BJT7PFzLVc03PKGppYYaksJaLqqWQvJ6Z6uyf7tGjDNcauoG1VyGyTk9JCk1LkkS9qyZ1Nn1PwvyADibesBG4b4syzAkbKoqgYXNHV2-xXrpGb2P_Vp1bOmIPbFF3KNlgEffRU8-4LcSmCRlDtQxE02FzEXKSfWXN6PfAJxsBq337yLl7B7dkO8lBiWe616JcsFNzhQ_12qGgnxW2LgMkhJ2_SY4a-wjzt68vwtr43-ta13IILnUmIhDkGhxWKwZa5gFj6U-mRF21x6mfSfIZn64agGx2gOzdgUJKfvo1lnJO02bZDIAetKDapFHzuoljQBzC-StnpEK4UOV-NYssm1hRSbs-ojZG31XYEi-0BdnWy5oWpr6bxCKscz4lh8NdYWRVNL4kfeRIrhWCvI2zyHyk64R3ogBpJ-cjxqRQeXegy5ixg3N1lBvZ0-O779jZQ2jOIKLJ1MbGYVTYHAjP4GlOKI7VDIUgUbFvvkKrBRfAOCqRuNbDmqERwSBYgFwwwDLTtEKy_0F5sn9fIBsaTmB4SR0F4GK-G5hgyd5NoNTut3v_Soucx_p4vTv9FoWVsDmt4Lcr1KpIGGcxQagjuaeeyl4KzmnLVtByIZ5Kel_-XogZZPvou-_BkljcO-HcVKXjbkin2bLapVeqMEiuaKH1RES1tudTqqll5HlY9f4vWegD3C9eiuk6gdSM1YT4k3r1t2mXGWn-9z2U538_leq7Ubv3wdYMHpIWCWfi40pHcRXgActND1fxDOFuTDl-rWAHYF8PQHSmxLE--1H5qdVcU6whJmutqct1JJ9isqj-psbLFf3PfEgE4Kv33iC8Zm5iZiC8MO2ySay-KozVFt5wHsf9dAIUA7TaXAvNx9so8VSuHvgRt_NmWTRLBRY_oevakZ6JE_ZYPtddpPpawcZPh3Zlzz3UgEQykp3ft5J_fBcga4Hm0qz0N2g8L6kwQPF5v6xElhDmOU83iR272yl99TS2NVu-0tLNtg-iJXVEbvTuXGAIdUD-Cm-yYKpRtQF8-jzaDlqw3Septf1J5A-x6yd1f5O3I_26SxZ02_T1wRQHjW5ivG1gI89FXKWCdASR8onymd0txs0UhuleZgkg8jQef-DVgDbL902IsCABnf8EzV4ZITQnlxE6RZGh-dwQdDzMnOWG6Ajnl0_jrDJMtM7IHpWo8GZmZpgFnBSSg6UtTMU3iQm3mDdH496vfI7V8NkwsYAIlWJv0LV26mJL2mA-22mmmqZxDgi7kx-oR66ITWKBbQyD0n6RKywK1kIZLj2EMcpOcrLMMIaopNTWG8Y4FlneeEjnG8f_5vpRwAale40V0kA2ZuNxcW-4LmW1MNfGXH8O8pZ2GNA_n0kGnpr38IYp241MZhj_adtXxM1j1FdPh-j_9lGWkXVLJcgz0DSeLvhHC4fyo98qiN4j92DsU0AZEWrVeC8zkKN3KtIZwOvEIcR3JkrQJrIAjvh9vD2cEUH0omcmxokBbOvVMeaFU8sDRVWudtEi4As3hJaacoh_U5S1HqmLRCi5k9vDrlFY_hEzUDazxztURqXrs4j_5UJA2SS9DAur-lfBZpSVJeaJsDbWf8sj_3ydTv2s16CmMAw1nqEL1s2tdEHaOmYM1o6hvMMqu047NupoF3b6CHFh__0x1EvhGDwAFvjBBfUJ8yrE9sqOxY7hkcxG3Uo-DFFrmcv2H5MvsXyyWd8ofdGz6MjB7uXB0lauk7Pr0dEORztiLFuRKRtcItFT4VsG70Hicg_KYu9S_a1i7AyRRfMeeFrh1x2YmmXYeI1arPCX7tg5e7iPmpfg2QZALPnTTF_U8VI6DwAAi-RklIv_poLdbd_mboVQfoLzbliNgnnyKNlkhMlnfLCsrFkviV4hBgDOhUFrO2qFmRiDvLvXJmVkFx0cDPH3XIolS2ne0KgS825TjDcbvWBBL-SOBwked8KDHV4oY_TPAzmTFEqwxl7_po2tK8Y5nUuLhzCclu6Zp_TcZpKoiaAdBqTBMtf8hhi-fwc8fYGtwRbB1QcrXTHYIedekYj6X_MpPmSxnwj_J-vLxFSkFHSTp5T_bsl0d4jTHks22dAbOM52gy2RtdRnYxsfO6sh7PIr8ab16qKmtFyEMYbp-ARexMQ3KfFYTAE1-JT0rYaCAvSMbOSetBid5ycSVicTTD9RHxM205qJpCgoxspAhBZgV9iRYERMQ35LYL2mDLZHe8rmeezAO9VG90yX9KlgjkEDX5hmBUYgaDBYMBZHFjtnYLfQvOawgzR6J9e4ceQskNMg3vrPWmnilfcZvIaWsS3Vw9NBug49dG_NH2XvbcTy1cIlPiiWJqSGmuXqRAB8IEZS80pbRYJEwGUVZSjWyF5woKJrTdruFedfj_yx0EiwaUhxS-bFrHfrpu-sxJEMPk97f1XeVtoJ6JOq9told490QM5xm5NydEOb2G0mNKCxuKY9kQPXvJZFUZ0pRaCEkd-rZIJbZaRbtgbvMb4VeAysO1l7-vIV63mEhKdSoYTSs6JePWalzURBbQNKgR7a_P4igaTYCdQLhFXb5lHI9cNagltIG_feDO5r9ltKsfwJdIR7fdmNsYyKQBtGiAtwuVWf6fnGkJJiaqHL8L5JsGkTj0z6_6Xx6UMWwDO7dP56GdnuGgvIjGuCEs0bYu5-toFWamAgzKAo_NiM8r7R7FrPtNluBMXvC08bm4h9H2MYxPg63Fuf9CF29ikfftbdOFufG5EqCiUi8Ld2b1jUhZWJZ5iGYZuzdsqevvgJ1QFgEQ-2gQAsawn5azrpS9I5dMZIs8umkO1MI2XvTaV2HTV5J8jIDFer_agi0RgNxbbnBlfmsFiCAHiIw6h3510dDhqQbcSAb59Yk32H5XWniIV_UEAzxVrWvaqKUMx8nwmlleNSrYUaeQb5PKeGTe1CuBLnwD7y9w5NpAqaauOwrnCB1oxRX4TYafYJw708jVI2aD5r8Qj-VQEun4sehvlytCKSuejNN3O4jULTtwDARyLUhGHlXMdKaVGsSIBSlVkpdbIttbdVp27QAChdbMsGPRVZKNdJH7AEqvbJbadWtc8AEQGRVXYsOsg&cid=CAQSTABygQiDbbxzMUVnTGrMTZmSyBmuIzPqBKuQxShYlndOu8CSMgGeJ9rkryuKxm4A8Qm_uWESyKAb4fukkGpnybkUt-QhSVwzBIm0w0YYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.metropoles.com%2F&ds=l&xdt=1&iif=1&cor=6075511303309777000&adk=3047537735&idt=167&cac=0&dtd=2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
becfccd2ba87da2c37e36720ef566e2127b830a8b4d3b753836873f868de38a2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39509
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame E2DB 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4256196999775&version=m202301230201
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame E2DB 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4256196999775&version=m202301230201&ct=76&x=1&cor=8605657849199250000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame E2DB 		105 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B0DRQvC4wyN8ZZFeOQa2ZBO0dgybaVwxk-DxzPt0l-fWfnvMtxmlOgUOtOSzk6808GFGUjH1LIelwC0ds3tbudxq8FJd6fmedyiEnilh-IFv0cbXmdBGx3J95-0IUqoSwNNpmCSownlHgxHsW8C5pT3fhHMEMRJj6D2iZYYUc0YPb_z6g&dbm_d=AKAmf-A2Ok-shL-soqXQOLfOaJYvRqh8EEr4HNpi5dmIpf005K7nF5wrSyqy09XwzxLtOmLPtgJ_Q-mAJSLZA7R9ZzAqwgwTz7eO-5IKa1KX1u6XF77Osaflmu3r1m1SbHlHgS5l0gR415iphA0pbUvitHKJAJ4jOrzJwtpoltI1d73y-ocyA0YMFTVZsptlCldokk0ZWjOnwJV10dnnVymf7afaWbXQRB3VB7OUgElckbiyNiaEuDzLHj84kmfs0pjnVB1dhWRxTVyYPtVD7rQnNkdl7hFHzSKAzQyocazsrF5CqvV93e86QQK5Vw5w7TaWlm6KQZvRkVMi7X4OHqfVLEzmMdqrngSoJGWyO8yFuHrzUVkzn3zWrVpqAtgmUe34YzcSu6mFteOvWnD6kCQ1XvRzcwNopCgj9yd5Q2dmgbmhrhHM9rtKgwpFjbPUALoKQPXeiuKbtemrJ89UvJ6UMFvz7bMH5UNq46TZTkzwc1j1dwoeT0gBuJpUTwIWaAn4plAiosA8SvIfshz5nuytZ18-MEua38ElBYlMRoGoecRtGxrMpqQUv5jrRvuksdBIpEia6Gr-CTSOkxaMPIsG5JbrECoaq0rdDl3Zk9oor65DdQ2DRZjW8iC8CCau_wxmwDupH4mCMWpYbn_nP0KhYoM-1RXlaNEsoRE2LOVW33KxUNk6faInAAlASHeZfDFoiaMoWHvT5nRcssiq9AtP6Zuz1V_WwLy1MTMK-BJ8jd36QuJWyKuQZHmOlQ52OrE3EGVlz0f85G4MEVRw44f0RQ0bTPZ8cbmkq6l7XTYojxP5y-nVPFFKXtwPXzmTualQNk59m1xd8Ijzz-snZivGdohSoKGKIePzWrqDXbYik--VfBGet8YDcEkn7j6guYmklPOKhoyahNOX0aqjOyT4jjdSeHNrczSJmOGCkWARSxmK4YLzKTejD5lePfpHa5oEN2UmTTwihlipkCxu5wfygtw8VMX1LgM9cOccjPrDznwwH4_rHfN7zckSXwf1MbDye3lUrTTk5dN6hYDjvtoyjU8QiMp96802tDaHXOv2kZirE8PWWJchQ95LoxuvNLtuC4l1VtXvO-g96-78xWuAfZAlc5ZomeqWMRPtHsaFv2gWbBhFRhNeVwP64xX32EtzNwZU3kDibZ3NaiRnR8r-9Y0M5t_Xrq3mldrEXAV1gc21qisbyUyCPTFddD_TbtlwR3k1F8xdvZU2zw7fJW477JLyeOW5MttSrMfpk1GFVhHwBRSTG9t8WN6o8PhCB4DBsIw9mPASBVgpTyfaSO5omiPHshaXHaamiCX9aJymy26UDzOwM69WdBpwY-XGk_RsV1rFPVeao6FzcSK-mPjNMvZJd9_YFdd6dTsTdSU8E3Ri3NyFY5m65FFJnKBhkYznaK9uWVzL9xNE1OMw_tPlC2Eh66svFwv8Amvbfs8I2lcsv-kQhrzUD2-u1y1C0R-AKX2WSvFlFElJ6gdQ-Q1ls34mJfc6ZauYRHA_NOv5QCjRGOm5jGBas6dak-UuurDtTp0tbdWncPtlYKf2soOylsokssRWKXeZxvcSq2a-K-Zn_81Piw9MfO2WseQDfgUB3aHQU7B0c2KxF5LIzlTGZtIuRtOqUHKjrXsMFfjppOhG6BXA3ZJvLd9kQlNOR3uo8bD6oOkty-60eZfqW08y1prytxLte1xKCeBiz2GhygBIwwzkj2QH6KBd6DZocvG8sAn0uaBXTT9C0cvaM7aAC87bKw8z40aayYRW5B-yng39QWvbX6NrNFdZOU0GoAVhk6qHcS61h5yuYFNuhvO0V12jv5qB2CS6hl4c7wXAYn1FyONRJGFwFylMx1r_ADCezL2shlaYnRqre1fWRxg3-Tt22Uedss_bPH9xHylo2k7jDBPdDAQQFDBs8Pj1QWNEQ0AWBfRPw9nq0oj5r2EvqSnXuBsUmJI2l5GKlZtbhKIW-XhiCD2GdbdPnjuQKVRZ80e6jl0ayiZrWvPSjQ8nfNvvmF0YyHlK4JSXowveNU9EHQSSFQP-Z9pkf9NYfV6NAyY8bG_-32eagdCbs5z-u-4A60zIANazL85T7g0Ulg1HvknClTQ_VzbZs4Wun-QGdHMaI4lCh_BYutwyx4gDu9C5eHVorjnLTOKEkEe9dD6AUiRriJikPbUukjUQZtrb2TZCnHOwqN-vKpnWVzpIZd7_u3xXWQ67c0ZORFq4e9WxsMbTDXIOdKXNmpMK89S4YHqFrK_-Gt4PwZDhV8C79z62_qE3nSeaH55xnNX1NZgLydZ_-ICmJXbo3OqX_x2ogoqOMqWf4eVR5S4-VIM5rMuw-U7H4lKPYL2am2xSKxJPiwjVc7fz31UeP_MUfdDiYKGTx_grzyjdNUFAfEviLIUdVu4kti0LrNGM2vp5qhZY-8i7yWVwtTa-JRFderKRU4aM9Pizdh5eU9hSfSkNs7xLZS2_Od9Iv1O5AA3zUZPu1As_4YOZ2qy4wiJA66TqXFDyoPq-YZM0ZSNHEtEqR9v2weFo9PQ-Mchh4Non7nMkXkSr9HwuwuQVAdozl5zoFYu-4z5hkY7rW6kiGoToH82icDBx7LHgPsrBx26oZPuCQq5L2FoF02fIxhlzBX-qUKAKZ8Q-H6VewYv0ETPmexfCEimu4eSreij97dr9DRc6NFp-0dbkEc4fY4KQIU3RFUBDTI9TiWCs9eHqn5coHJ1P_szJStpITbYEYk0NgQvJh4O8nzUyEjqvuTjhcOMf2gpOQfRi87jDnqaBee567z--ikFRGp-Wu27vJOtJYYw0T-BjUVRzgZlcPYWNwU3cxDkmZ8a-FWWl1_jgt9IS8GJhU-IOEv_8NgnANkt0fJzqJhSl1O2oHhmAqqEV2uuYEHf5mD7B2oKziPh_PYe4UO7kw_G353vtCGTXFfbvcyUZTFCXvtfuuhlhBQAQJESBEoTVtQGlNNOVePoZ4nZSW75oCwQncaP0mSLD8tto2FhNSXTZZ1j7zqFnNZjHgLDOSsnasQqul92iJHVpwcnyFRIj-dmGjxpK7KDW9PWvJWes48HiFtRDQTUyQq7EwHpxLbhAH6w1pyoSjjs4fgib5JqoWOlyfHlzAtZczgJWsqC5xRFcq2SPcUsiHheuobuOLXwa_mLtJojj4SAATpG64UnqiAAa8fu_CmtM6VauSENYx4OMKC9ZD18eZBwghPnPUUxkVodBmoHN01zm0JMDY58YzKB1GlzxAESa5aJU5XXfBT3oJTLFZSiOYUP-gJRglcfRK56FpbZoZQRky-tJvmX01U9JEonMWpDXSbZxAqn7mnnViht-6r0RaT-B4cc4vXDnuEMtP4SlQXEg4kxb-FPJiu2uxsTtUg8EL_FnM8Fj40oNS_TDlqMrlMNobUl8Z3xpmKRPsQIQTeuOrW6LmhyWP1NkeqhZwlZuHeVsTKb8DES5rLH20etcIva93xpqcFtp5JJaneKZ45PwWqON5H6qyWCypQZCpROmqNrrgmOTBR8_8TsMB-TGihFfct1vhCzameZitV6kO2wHFeDucXfe2mOuXShpjAtD1SYDfru_tlNCkMpmo7CVnWDwHBw-avnr51DIKx59JC7DqbPJt6RTNlgFUvC3qWQOXfII5Y7c_h5uMJJj5J2fkABz3K92dSMvgzd3Am17_iWy5_OC1OUXiJGehl_ol_d8hHM4jJeXJMvkhQkpMuMZSKQCgNKzyegaWJDXtlMUM4TlqXLh50MZcoaKa9JQV-IjWgnUflaHdL5gRAFj81KH40rrnFjE8TcVgRtSOON9Z50Yd_gv4DArqzF-rpEGQSFYn0yIZXahafWBSLa4W4S1_1fCYubBokzeuZS2iFdbZx0Pai9hE-7olqkBiQ&cid=CAQSTABygQiDbbxzMUVnTGrMTZmSyBmuIzPqBKuQxShYlndOu8CSMgGeJ9rkryuKxm4A8Qm_uWESyKAb4fukkGpnybkUt-QhSVwzBIm0w0YYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.metropoles.com%2F&ds=l&xdt=1&iif=1&cor=8605657849199250000&adk=2086295851&idt=202&cac=0&dtd=2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2ef90473814366489749f46d702b705d285bf55047e828dbd71f855ff840a5f3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39747
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame C17F
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKC2s5f-3g-dbMIoEoRPX9M&google_cver=1
43 B
632 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKC2s5f-3g-dbMIoEoRPX9M&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO_4sqYCELfrruECGLGExucBMAE&v=APEucNXyBIMfC2UusOfWzhD7gbx0ePGtvSE1890wfsIpzgerjySHqZ5glnKgXCvPvYR6hCmyQCI2XRBnxBlT3zy_i_6laiTNMpIJ_gvy8OSqAp4r5fExCHOFVnr53KsGEg3qvGFxeydjoBccZYWacnvh_ixf017yNMGBeLTw8lV-_FTzquyD9ZM
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:14 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=500
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKC2s5f-3g-dbMIoEoRPX9M&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame C17F
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZIs9wmfzYpvegbKk6y3eUwAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
43 B
632 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO_4sqYCELfrruECGLGExucBMAE&v=APEucNXyBIMfC2UusOfWzhD7gbx0ePGtvSE1890wfsIpzgerjySHqZ5glnKgXCvPvYR6hCmyQCI2XRBnxBlT3zy_i_6laiTNMpIJ_gvy8OSqAp4r5fExCHOFVnr53KsGEg3qvGFxeydjoBccZYWacnvh_ixf017yNMGBeLTw8lV-_FTzquyD9ZM
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:14 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=496
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame C17F
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESENiGRItncm-TkR7vZ6-hjPw&google_cver=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESENiGRItncm-TkR7vZ6-hjPw&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO_4sqYCELfrruECGLGExucBMAE&v=APEucNXyBIMfC2UusOfWzhD7gbx0ePGtvSE1890wfsIpzgerjySHqZ5glnKgXCvPvYR6hCmyQCI2XRBnxBlT3zy_i_6laiTNMpIJ_gvy8OSqAp4r5fExCHOFVnr53KsGEg3qvGFxeydjoBccZYWacnvh_ixf017yNMGBeLTw8lV-_FTzquyD9ZM
Protocol
HTTP/1.1
Server
185.89.210.141 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:14 GMT
AN-X-Request-Uuid
27df36ae-a4c6-407e-b317-59e8743096fa
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
image/gif
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
185.213.155.177; 185.213.155.177; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ib.adnxs.com/setuid?entity=101&code=CAESENiGRItncm-TkR7vZ6-hjPw&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame C17F
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY4MDIwMDM1OTMyNTM5OTQ0OQ%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY4MDIwMDM1OTMyNTM5OTQ0OQ%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO_4sqYCELfrruECGLGExucBMAE&v=APEucNXyBIMfC2UusOfWzhD7gbx0ePGtvSE1890wfsIpzgerjySHqZ5glnKgXCvPvYR6hCmyQCI2XRBnxBlT3zy_i_6laiTNMpIJ_gvy8OSqAp4r5fExCHOFVnr53KsGEg3qvGFxeydjoBccZYWacnvh_ixf017yNMGBeLTw8lV-_FTzquyD9ZM
Protocol
H3
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Thu, 15 Jun 2023 16:35:14 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
185.213.155.177; 185.213.155.177; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
b5cdc659-a871-4503-b682-c5336de2d5f8
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY4MDIwMDM1OTMyNTM5OTQ0OQ%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame FE20
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKC2s5f-3g-dbMIoEoRPX9M&google_cver=1
43 B
766 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKC2s5f-3g-dbMIoEoRPX9M&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO_4sqYCELfrruECGK2ExucBMAE&v=APEucNUl4ET4oqQnxIMUvxPD9tubicP8vokOomrJPD4d06e_750Fc12ctwTu1eUE4jSTYEwzzMXpUfN9MlhvLnT-oaYjHI_MBfnKqtb-jQh-sx2x3pJ6g4rw1-m5OB9cdcfV2nNKm-NGMuVmt66qc-rsNdgTDfP8B29z6d1v4lj3T3P8e5Gnn7w
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:14 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=497
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKC2s5f-3g-dbMIoEoRPX9M&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame FE20
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZIs9wmfzYpvegbKk6y3eUwAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
43 B
766 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO_4sqYCELfrruECGK2ExucBMAE&v=APEucNUl4ET4oqQnxIMUvxPD9tubicP8vokOomrJPD4d06e_750Fc12ctwTu1eUE4jSTYEwzzMXpUfN9MlhvLnT-oaYjHI_MBfnKqtb-jQh-sx2x3pJ6g4rw1-m5OB9cdcfV2nNKm-NGMuVmt66qc-rsNdgTDfP8B29z6d1v4lj3T3P8e5Gnn7w
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:14 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=496
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame FE20
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEHoBgXrReFgSZtK4404COQ8&google_cver=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEHoBgXrReFgSZtK4404COQ8&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO_4sqYCELfrruECGK2ExucBMAE&v=APEucNUl4ET4oqQnxIMUvxPD9tubicP8vokOomrJPD4d06e_750Fc12ctwTu1eUE4jSTYEwzzMXpUfN9MlhvLnT-oaYjHI_MBfnKqtb-jQh-sx2x3pJ6g4rw1-m5OB9cdcfV2nNKm-NGMuVmt66qc-rsNdgTDfP8B29z6d1v4lj3T3P8e5Gnn7w
Protocol
HTTP/1.1
Server
185.89.210.141 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:14 GMT
AN-X-Request-Uuid
a30b7318-53f4-426f-8e9f-1ddc28a12ff8
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
image/gif
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
185.213.155.177; 185.213.155.177; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEHoBgXrReFgSZtK4404COQ8&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame FE20
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY4MDIwMDM1OTMyNTM5OTQ0OQ%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY4MDIwMDM1OTMyNTM5OTQ0OQ%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO_4sqYCELfrruECGK2ExucBMAE&v=APEucNUl4ET4oqQnxIMUvxPD9tubicP8vokOomrJPD4d06e_750Fc12ctwTu1eUE4jSTYEwzzMXpUfN9MlhvLnT-oaYjHI_MBfnKqtb-jQh-sx2x3pJ6g4rw1-m5OB9cdcfV2nNKm-NGMuVmt66qc-rsNdgTDfP8B29z6d1v4lj3T3P8e5Gnn7w
Protocol
H3
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Thu, 15 Jun 2023 16:35:14 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
185.213.155.177; 185.213.155.177; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
64a9c207-b509-4c9e-937c-e5c81dc935f6
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY4MDIwMDM1OTMyNTM5OTQ0OQ%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 5A7A
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKC2s5f-3g-dbMIoEoRPX9M&google_cver=1
43 B
632 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKC2s5f-3g-dbMIoEoRPX9M&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO_4sqYCELfrruECGLmExucBMAE&v=APEucNW2FhAMEoOmFP7smabVkVZ_VKYEqVXmBnbNx4UJ2hq_wErvLCV3qpp5VPmIO3iZC6uS_mg7Xo7DsBcZt0w97kNJu6TUBDifjYA50SdBQbzmVb35fb_PbveuiDdijW7Q10JXFMasFxB8S3l89AXvb522DIh6cAFZRWuhWx0cySDk4uE3Jx8
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:14 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=498
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKC2s5f-3g-dbMIoEoRPX9M&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 5A7A
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZIs9wmfzYpvegbKk6y3eUwAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
43 B
632 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO_4sqYCELfrruECGLmExucBMAE&v=APEucNW2FhAMEoOmFP7smabVkVZ_VKYEqVXmBnbNx4UJ2hq_wErvLCV3qpp5VPmIO3iZC6uS_mg7Xo7DsBcZt0w97kNJu6TUBDifjYA50SdBQbzmVb35fb_PbveuiDdijW7Q10JXFMasFxB8S3l89AXvb522DIh6cAFZRWuhWx0cySDk4uE3Jx8
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:14 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=495
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 5A7A
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEHoBgXrReFgSZtK4404COQ8&google_cver=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEHoBgXrReFgSZtK4404COQ8&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO_4sqYCELfrruECGLmExucBMAE&v=APEucNW2FhAMEoOmFP7smabVkVZ_VKYEqVXmBnbNx4UJ2hq_wErvLCV3qpp5VPmIO3iZC6uS_mg7Xo7DsBcZt0w97kNJu6TUBDifjYA50SdBQbzmVb35fb_PbveuiDdijW7Q10JXFMasFxB8S3l89AXvb522DIh6cAFZRWuhWx0cySDk4uE3Jx8
Protocol
HTTP/1.1
Server
185.89.210.141 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:14 GMT
AN-X-Request-Uuid
a8b9fff4-80b6-44b1-a786-d44f7dc08aaf
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
image/gif
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
185.213.155.177; 185.213.155.177; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEHoBgXrReFgSZtK4404COQ8&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 5A7A
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY4MDIwMDM1OTMyNTM5OTQ0OQ%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY4MDIwMDM1OTMyNTM5OTQ0OQ%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO_4sqYCELfrruECGLmExucBMAE&v=APEucNW2FhAMEoOmFP7smabVkVZ_VKYEqVXmBnbNx4UJ2hq_wErvLCV3qpp5VPmIO3iZC6uS_mg7Xo7DsBcZt0w97kNJu6TUBDifjYA50SdBQbzmVb35fb_PbveuiDdijW7Q10JXFMasFxB8S3l89AXvb522DIh6cAFZRWuhWx0cySDk4uE3Jx8
Protocol
H3
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Thu, 15 Jun 2023 16:35:14 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
185.213.155.177; 185.213.155.177; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
468b24d8-066c-40c7-a192-6c49306034a0
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY4MDIwMDM1OTMyNTM5OTQ0OQ%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 12F5
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKC2s5f-3g-dbMIoEoRPX9M&google_cver=1
43 B
632 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKC2s5f-3g-dbMIoEoRPX9M&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO_4sqYCELfrruECGK2ExucBMAE&v=APEucNUxbgt38fHP7BQ13I1VsYSr8YC0a1qTPkp_ZPIR-2aK7sGeUATvdiZHOQ_zSEF0cxhItO6ijgdyNUYmk05sT5SnuouOpYB4iC-YFLm-RpsAwE31Mg3oIthyiiJ4ovTrYgnYcWzlhc_jJ7mR26FwAuI_8BZL7ss0wwEF1nB61IT0RwTCx2E
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:14 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=497
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKC2s5f-3g-dbMIoEoRPX9M&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 12F5
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZIs9wmfzYpvegbKk6y3eUwAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
43 B
632 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO_4sqYCELfrruECGK2ExucBMAE&v=APEucNUxbgt38fHP7BQ13I1VsYSr8YC0a1qTPkp_ZPIR-2aK7sGeUATvdiZHOQ_zSEF0cxhItO6ijgdyNUYmk05sT5SnuouOpYB4iC-YFLm-RpsAwE31Mg3oIthyiiJ4ovTrYgnYcWzlhc_jJ7mR26FwAuI_8BZL7ss0wwEF1nB61IT0RwTCx2E
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:14 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=499
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 12F5
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEHoBgXrReFgSZtK4404COQ8&google_cver=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEHoBgXrReFgSZtK4404COQ8&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO_4sqYCELfrruECGK2ExucBMAE&v=APEucNUxbgt38fHP7BQ13I1VsYSr8YC0a1qTPkp_ZPIR-2aK7sGeUATvdiZHOQ_zSEF0cxhItO6ijgdyNUYmk05sT5SnuouOpYB4iC-YFLm-RpsAwE31Mg3oIthyiiJ4ovTrYgnYcWzlhc_jJ7mR26FwAuI_8BZL7ss0wwEF1nB61IT0RwTCx2E
Protocol
HTTP/1.1
Server
185.89.210.141 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:14 GMT
AN-X-Request-Uuid
670f0496-0557-4922-98b1-036f8a21387b
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
image/gif
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
185.213.155.177; 185.213.155.177; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEHoBgXrReFgSZtK4404COQ8&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 12F5
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY4MDIwMDM1OTMyNTM5OTQ0OQ%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY4MDIwMDM1OTMyNTM5OTQ0OQ%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO_4sqYCELfrruECGK2ExucBMAE&v=APEucNUxbgt38fHP7BQ13I1VsYSr8YC0a1qTPkp_ZPIR-2aK7sGeUATvdiZHOQ_zSEF0cxhItO6ijgdyNUYmk05sT5SnuouOpYB4iC-YFLm-RpsAwE31Mg3oIthyiiJ4ovTrYgnYcWzlhc_jJ7mR26FwAuI_8BZL7ss0wwEF1nB61IT0RwTCx2E
Protocol
H3
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Thu, 15 Jun 2023 16:35:14 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
185.213.155.177; 185.213.155.177; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
8d8d707b-b8fe-4b69-8ac8-70486c763098
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY4MDIwMDM1OTMyNTM5OTQ0OQ%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
loader
api.retargetly.com/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.retargetly.com/loader?id=3368
Requested by
Host: wfpscripts.webspectator.com
URL: https://wfpscripts.webspectator.com/third_party/retargetly_univ_2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4362a2b21daa8185db1960d48bdfa4fc744b4144199df5bc9fad8fa49be876e3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
content-type
application/javascript
access-control-allow-origin
*
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control
public, max-age=604800
cf-ray
7d7c399fb9a13a57-FRA
expires
Thu Jun 22 2023 16:35:14 GMT+0000 (Coordinated Universal Time)
96ef9f36384868e3003effe8c1188a30.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_115%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_115%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/96ef9f36384868e3003effe8c1188a30.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e5440d5afe856086addc185a34f00b1326fa0497d0eb579377005d9bb99e9063

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Thu, 15 Jun 2023 16:35:14 GMT
via
1.1 varnish, 1.1 varnish
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_115%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/96ef9f36384868e3003effe8c1188a30.jpg
age
1251281
edge-cache-tag
423378923426958322646638588909106471745,469003076724496694020487778216065093704,29ecf9b93bbf306179626feeda1fab70
cache-tag
423378923426958322646638588909106471745,469003076724496694020487778216065093704,29ecf9b93bbf306179626feeda1fab70
status
200 OK
x-cache
MISS, MISS, MISS, HIT, HIT
x-envoy-upstream-service-time
264
req-referer
https://dantri.com.vn/
content-length
5812
x-request-id
7e6bd670958da0f01eec1afd678de0c4
x-backend-name
CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
x-served-by
cache-iad-kiad7000062-IAD, cache-iad-kjyo7100021-IAD, cache-lga21929-LGA, cache-iad-kiad7000090-IAD, cache-fra-eddf8230082-FRA
last-modified
Fri, 26 May 2023 07:19:38 GMT
server
nginx
x-timer
S1686846914.465494,VS0,VE0
etag
"fb8b3e2892ce60c806ff5f1ba72fa5e6"
x-ratelimit-remaining
100
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 0, 0, 6, 2
spa-detector.20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79.es6.js
cdn.taboola.com/libtrc/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/spa-detector.20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79.es6.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/metropolesdf/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7de3ee8c3faece42c2be69d21bc6a06aece4f4d7d53f4ab7f218bf71109fc7d1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id
_RToCOvN8g87d3JUOjWJP_ocN0yx8ng8
content-encoding
gzip
via
1.1 varnish
date
Thu, 15 Jun 2023 16:35:14 GMT
x-amz-request-id
CX5B4ZCNVJVDYSM6
age
15959
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
FAILED
fastly-restarts
1
x-amz-id-2
eTDJPKGhLsyV4lrsJfDSVUAa8M1Cm/kTwIMHz+4ao7pIgmdVsNojQ6kzU/8SBD9nejhNvrHc+i0=
x-served-by
cache-fra-eddf8230082-FRA
content-length
879
last-modified
Thu, 15 Jun 2023 11:02:21 GMT
server
AmazonS3
x-tbl-debug
bestatus=200,beresp=OK
x-timer
S1686846914.477358,VS0,VE190
etag
"2de64ffe58e4f5c45dcaf0422e60547a"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
abp
43
access-control-allow-origin
*
cache-control
private,max-age=14400
accept-ranges
bytes
x-cache-hits
303
supply-feature
am-trc-events.taboola.com/metropolesdf/log/3/ 		0
231 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://am-trc-events.taboola.com/metropolesdf/log/3/supply-feature?route=AM:AM:V&tvi2=-2&lti=em-in-body-26_var&ri=6495f03e592c05a9a431f5fb29a6c694&sd=v2_c2f08179341cf5539d8ab5f001d97a1f_1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341_1686846913_1686846913_CO75kxMQh6dLGPr0pP-LMSABKAEwODib4wlAiIoQSKW02QNQ____________AVgAYABosrWxmb6uzo3eAXAA&ui=1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341&pi=/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&wi=2673322812514299382&pt=text&vi=1686846913146&d=%7B%22event_type%22%3A%22EXPLORE_MORE%22%2C%22event_state%22%3A%22AVAILABLE%22%2C%22event_value%22%3A%22%22%2C%22event_msg%22%3A%22%22%2C%22event_key%22%3A%22%22%7D&tim=16%3A35%3A14.462&id=6593&llvl=2&cv=20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79&
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
abtests
am-trc-events.taboola.com/metropolesdf/log/3/ 		0
231 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://am-trc-events.taboola.com/metropolesdf/log/3/abtests?route=AM:AM:V&tvi2=-2&lti=em-in-body-26_var&ri=6495f03e592c05a9a431f5fb29a6c694&sd=v2_c2f08179341cf5539d8ab5f001d97a1f_1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341_1686846913_1686846913_CO75kxMQh6dLGPr0pP-LMSABKAEwODib4wlAiIoQSKW02QNQ____________AVgAYABosrWxmb6uzo3eAXAA&ui=1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341&pi=/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&wi=2673322812514299382&pt=text&vi=1686846913146&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22explore-more%22%2C%22type%22%3A%22header%20found%22%2C%22eventTime%22%3A1686846914463%7D&tim=16%3A35%3A14.463&id=1885&llvl=2&cv=20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79&
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
supply-feature
am-trc-events.taboola.com/metropolesdf/log/3/ 		0
231 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://am-trc-events.taboola.com/metropolesdf/log/3/supply-feature?route=AM:AM:V&tvi2=-2&lti=em-in-body-26_var&ri=6495f03e592c05a9a431f5fb29a6c694&sd=v2_c2f08179341cf5539d8ab5f001d97a1f_1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341_1686846913_1686846913_CO75kxMQh6dLGPr0pP-LMSABKAEwODib4wlAiIoQSKW02QNQ____________AVgAYABosrWxmb6uzo3eAXAA&ui=1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341&pi=/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&wi=2673322812514299382&pt=text&vi=1686846913146&d=%7B%22event_type%22%3A%22EXPLORE_MORE%22%2C%22event_state%22%3A%22CLICKABLE%22%2C%22event_value%22%3A%22tblOriginalState%3A%20true%2C%20%22%2C%22event_msg%22%3A%22back%20button%20enabled%2C%20history%20changed.%22%2C%22event_key%22%3A%22%22%7D&tim=16%3A35%3A14.467&id=516&llvl=2&cv=20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79&
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
abtests
am-trc-events.taboola.com/metropolesdf/log/3/ 		0
231 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://am-trc-events.taboola.com/metropolesdf/log/3/abtests?route=AM:AM:V&tvi2=-2&lti=em-in-body-26_var&ri=6495f03e592c05a9a431f5fb29a6c694&sd=v2_c2f08179341cf5539d8ab5f001d97a1f_1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341_1686846913_1686846913_CO75kxMQh6dLGPr0pP-LMSABKAEwODib4wlAiIoQSKW02QNQ____________AVgAYABosrWxmb6uzo3eAXAA&ui=1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341&pi=/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&wi=2673322812514299382&pt=text&vi=1686846913146&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22explore-more%22%2C%22type%22%3A%22explore-more-available%22%2C%22eventTime%22%3A1686846914475%7D&tim=16%3A35%3A14.475&id=243&llvl=2&cv=20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79&
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
skeleton.js
fw.adsafeprotected.com/rjss/st/1431402/70901275/ Frame 395B 		244 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fw.adsafeprotected.com/rjss/st/1431402/70901275/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1011798148&ias_pubId=pub-8446138991821025&ias_chanId=1&ias_placementId=20014135090&bidurl=https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0h1haP490NR0oP6oi_pl4Rf
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.220.86.224 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-220-86-224.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
91971bbe97c99ef8756424b021770e9810de2af653d9de6d330a963e0a92444d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
vary
accept-encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
fw.adsafeprotected.com
cache-control
no-cache
access-control-allow-credentials
true
expires
Wed, 31 Dec 1969 23:59:59 GMT
express_html_inpage_rendering_lib_200_278.js
s0.2mdn.net/879366/ Frame 395B 		111 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
Origin
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 10:17:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
22688
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39806
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 18:44:05 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 16 Jun 2023 10:17:06 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20230613/r20110914/elements/html/ Frame 395B 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20230613/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bailc8tL_CUSlStgHTFiQyGqGZsT0snbjYkLlrsR0kTNCBxt4nbxQoGOM3Z2bJ5oIr6GVMlck2cKtV9kUhxQHVgFvODEZpVEwMbvo5VYDG6Q7cVf_XPxSEXJp1XnWVTDahCj-G_XR247Mdhw_Mkejyhk-BXgDiJybl__cDr-VnbHuLPb4&dbm_d=AKAmf-CUn-3RN-TdD-OUzadTrvPo6Vphpy-FCS7irUZtBuntC5JjudX2mzdclSnXTMC_T0oeEGQvwlsn3DqD1jWUWvZA_SmRnMjQOAwi1ZY2SNaSYk65mywcXfr6Bt-DvLpJ2o7kf6FloahFPHm6AdKINEzZFHplG_VmTkYJfNdVMKhmmLL6tSP01c6sFLvWPrKXhQvggzDBD18aOgtx0ID_MsbHcsBpMVpj7pvZ0zKvUau6Gk2ihQspt_mmyC-4NAUkpT5lfKqOHXh1W9ppcWArJkGHhs7APbGCUmKh0o7jxNDfiLTbnmtGtmF9V7gY6T_D1IITxwiWBrSZQn-GtRgitnNgm9LuS_VnzvzJezyFabXjYjyePmb-l9Y8KqUuBwiJFoIZ9nZOy3swxv-RNIP898itK_zJW8gZMVYlLIMpuD3Qh3TJHtzFyYzEInLBFgY0U_5US-tTuUhd4CmR2XS91PiXKF2x7zVw-gHBbl9jmWlzPG7hmmVqnJ9LgqPs30aGIXUDgO1_-_nFRBKw95dHATwvtl3MuWA0FzzoqRPeNihD1jmDnGudiPsbprbtO8AzGrxXMmNYVHny-SlOm9nGbj0i2ZzpvtBpxLHrlCpCjvWkzxZEn1w0KLGT-H7RLuRQbc3jSMQ-zJc_zEaaCNiKZDnIXQmiRpD68lMvzx5rWIJDM4zQ9pOwAevMz59KNJyzzqH2tyauymgz96rzkU-n6Jg2aN7tcB3aOxBpfgdJArzqjNMTWGRFBJBeE2puuOYwf2T6leNyT2nnJgVaNq9HhiEeqk1A9xM6HIdVTO_EV1iUhU0IMk4iMIoEWcXHoE7ejOhu_B2lTYbmzBXaMY2gw01gx6PCtLjIKSC1LMLvMXlxKDDJRjsi6EIZMjC4trFFlg7ZWdijicnMtMELNOi3PWrUPl1CBvyvvCipVmcbEmMKBlCwebAURSlB0pQ7Bz56nx7Dlxz5GfozZkmMGDyz27QHGtU9FmBnCh_3Z19tebIudiOcpFoVIH3EXKOgFJEE007oGiVtsRwR2dNJafC7pwh89CKtpiWD6qLSEQnWYLa_SD8Sfj6xjzBW_S0Grd9LuWgwhe42ITfFcUvTXjSdjzdGD038Dop5j-H4yawl556k8MvuNgEtBpEk4O03xuPc7RlJxe-PDxtYoSEHwQeoUzDFAhUkBCH0TFBmtCl3E04YYN_oaw9oamXEPQZIsIupUU9FHj0QlZwoJJqDuINPV__Zv2V4vyWAT4UZWOdROTZlVTXckaB5upOtjQ-TNIqXcVyi30Bifk0AMYr_RPVdaS9QCU7qYSMeDvI4tPfjpZKYSsByM2dLUyFqDwUS6nZlbjRU3PRKFwuNvmBQ8YOr_8Q_cUkwWLaSqlYYsvVBGJ_p9fcvEgHL1yR3dw0uZrJZH_8oGu4YybAcsqj79T1eMLJvhNIO5pHfqsdLWG86Bti880tX7BMZSCXsNSwTLg7Fv2TNQ7U4WLLey2ZD1yVH7MC1nNrIha1itqRPDosL8w3XBEWzUf8NtAvEKKX7995Ryl_E-gul1tURT54_R6TpaWehXNcQwS7a62qk8MZVDgbqaE9V_kVpGVPCpBNM7c1vsQzYgvbjNmUuKWkqzhY3lNcTNHz758Xt0AxaUMu307WYBqJ4iL-2QwLuVCOw0f-9KGZVvplLP-sLZLh11l81_PNNZtCeOp9hujKZbDQoOccUeNOJ3Gzp4NSWawHqW1RhvO69RR5KTzAMDweMwfKRXtrCKdgEemMenIiUBzofVoySID1KsHd_yXRwZUp9B0VMMUqz_V6JvEnOMUNTRHfakXJJKSjiHVwg8jNIkKFefci2m8au_8B14jTThQBqHqHKMhP1xtp2W3m-kjapFiiI7LVvcghl3yee_ArUkQBuARLl85i0dPpcej7p7mZ-N2YzgwZZlIHlJ4gIeSRWOUcZO1ORBGhmI7ujMfbW45TzgssyJCY9gPYGSlua9EDDvzcuJpvGGZz-X44yomgIcaveSae-q-xK-JUl_3I44LpDx667HL_d2V67-0M2oCeo0VTV6f9fiGs1g52vmQdtN8hz1g6aJxpqdzAyE50llez3z4YdR6XoY7h1n7uvd2P8JEaMy-iZ8ULQen3zUNQMu74YJPYlkhDzpCd5rnZkOB7rL1dIMEWhktmCNX7OGzKRCv9QZL0CPgc1oIbUisy6uXxeqMkUBH1GZhaWxbaVjbgNQ3PcYOSpc1q_lFJrjIRNsKDJuO9bStYJIk_Wva3eB-EwOfytSTj4tbmESdTuC337y0TbJcFosaKPD5npNddoNjTGNdEprE7naMDjchC-Nhn8np4KBo3lCAaOLvD_1SxEW9c9mRJOkhIAbzLaAPVborAdGRePaiw4XT7fpwokOMaP02TVy5mL0Kw-pEEVQM-Cf6i0fZx8zepWpUbEFCwmuHbD9hwwlbPxbOZLJkW3FPTJPqfxD79-Pfn2H-ACWPu3VkkJdI96QT409gl7u4dYJD7tX2m658Ybk7D3Hk1-SJxGy3wTqdiPq60zcSrZqRXCMhJsVpNNUibfzh70uIfbZKfKB1Tioenp0-PB39-wfSWzdQXEKB1THMBbljvces_cEZwYzSXMZcxhLOLeFRj_sciH5Yo2EXeHZJedpLL0PYiYqoSUPZNwxPT-pfWWgiI8HiCF3VPW6r-qdQOpkwdkNQyhlUR-DLh09FHiUEbvBIoxup6pGLkT5tSExnzguodyE9DVqMeZkLl01OQvrYXvqLlja6x-rj2QcRQKg_fLi72eIL3F1cGVnmjNDo6XXdfgbWXbgEaUimlXfDjBI1szf2l9JNs2us7_pqu2qapgJHbuVzHCT9nUk_yQp2ehoVnvJfDUWIQOM4_B6jjniqMQwTFYclty16UYs1BzKLg_61qS4aSDIsbzQJwns8YdJcINTuFj8oHzwLg3uhFaCpGwBFA9kgZ7_GOYwQcCBDe4SreBeeE39nEptin4L5hQSPsSgimP9UB1FbIpS2EWS_aT8mI24c_Nd8ykSr_MTlzB0GGUdFgfqziOWBSQZuviWKp11YgOdjXyCWrUlKDyNpSpTHl-qldh5GGFMUgEbR9Y-SB6dnmUoecpDy56_S1Hr20ZbwG0-Kqd2bwL1olmgCp-dPDT2N7ychiQLsseZ75rtxnHCC7p5zczJJQpXVGQMgKBFgy6mmwaJqdU5ljvDIwKUoPiV8kfQufNxJ8tvKincy83SRFopw0c8-qcsCrwn2MA81aKxK9kBciU-AAHM4lEoNIm1WCcgIWuEBdZWKH8rGxTRzzGQm-s6hRLBtHjoPI26gr66auLJ-7RQWtoMwyQLaZwdfsxNwpaqmT1UwhQ6Y7ilVd_mK5Mr7-PuGZifeI5dmrPQ8n-Fo6n9dNtJuTGNyXnC56yl5LAHLDBVEAq7LkEwA13GIpAdnKOoIsd5nIC_DsjhTdeXqTQa5p9o6uYFT-qHz-pptRQ3puRbTSs49jK7bPeK26gF3jV2gIpH2_xBKggs9BhIOdobcsOsxN2YiUJ1BkbwCfL2HY6EhciKgK9OJy6cTUPguJbRvosDvlYPY1Nig6ZI04ObDIWmknswx3MwQU2gIRBuhM3SLMX985nxrFQlEWCT21w3KdkAjkASCxpbpzOeLjfyREX7vgLJUVHmvQAod67JWPvq-aKfnZhY7HrUS3d60JrFYZsoNUhkxL2gTcU9PxiZOM-qOz4dSRndK1E_9EzwkMwl0iZwC_9g-4MU14Wj5xLpPYkNLRfn5nxsHyjICgATQE7dBgNPrGNBkWP-Ktg55ZgqqjO3WFo_qUK_1bz7aNQENkJEK87VoI4PfvU7lTMbLXZFEF5AYBcMBJM_vLJ&cid=CAQSTABygQiDbbxzMUVnTGrMTZmSyBmuIzPqBKuQxShYlndOu8CSMgGeJ9rkryuKxm4A8Qm_uWESyKAb4fukkGpnybkUt-QhSVwzBIm0w0YYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.metropoles.com%2F&ds=l&xdt=1&iif=1&cor=12261841391918152000&adk=1964084972&idt=111&cac=0&dtd=25
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 15:48:09 GMT
content-encoding
br
x-content-type-options
nosniff
age
2825
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4172
x-xss-protection
0
server
cafe
etag
5499578052516643378
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 29 Jun 2023 15:48:09 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20230613/r20110914/ Frame 395B 		29 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20230613/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bailc8tL_CUSlStgHTFiQyGqGZsT0snbjYkLlrsR0kTNCBxt4nbxQoGOM3Z2bJ5oIr6GVMlck2cKtV9kUhxQHVgFvODEZpVEwMbvo5VYDG6Q7cVf_XPxSEXJp1XnWVTDahCj-G_XR247Mdhw_Mkejyhk-BXgDiJybl__cDr-VnbHuLPb4&dbm_d=AKAmf-CUn-3RN-TdD-OUzadTrvPo6Vphpy-FCS7irUZtBuntC5JjudX2mzdclSnXTMC_T0oeEGQvwlsn3DqD1jWUWvZA_SmRnMjQOAwi1ZY2SNaSYk65mywcXfr6Bt-DvLpJ2o7kf6FloahFPHm6AdKINEzZFHplG_VmTkYJfNdVMKhmmLL6tSP01c6sFLvWPrKXhQvggzDBD18aOgtx0ID_MsbHcsBpMVpj7pvZ0zKvUau6Gk2ihQspt_mmyC-4NAUkpT5lfKqOHXh1W9ppcWArJkGHhs7APbGCUmKh0o7jxNDfiLTbnmtGtmF9V7gY6T_D1IITxwiWBrSZQn-GtRgitnNgm9LuS_VnzvzJezyFabXjYjyePmb-l9Y8KqUuBwiJFoIZ9nZOy3swxv-RNIP898itK_zJW8gZMVYlLIMpuD3Qh3TJHtzFyYzEInLBFgY0U_5US-tTuUhd4CmR2XS91PiXKF2x7zVw-gHBbl9jmWlzPG7hmmVqnJ9LgqPs30aGIXUDgO1_-_nFRBKw95dHATwvtl3MuWA0FzzoqRPeNihD1jmDnGudiPsbprbtO8AzGrxXMmNYVHny-SlOm9nGbj0i2ZzpvtBpxLHrlCpCjvWkzxZEn1w0KLGT-H7RLuRQbc3jSMQ-zJc_zEaaCNiKZDnIXQmiRpD68lMvzx5rWIJDM4zQ9pOwAevMz59KNJyzzqH2tyauymgz96rzkU-n6Jg2aN7tcB3aOxBpfgdJArzqjNMTWGRFBJBeE2puuOYwf2T6leNyT2nnJgVaNq9HhiEeqk1A9xM6HIdVTO_EV1iUhU0IMk4iMIoEWcXHoE7ejOhu_B2lTYbmzBXaMY2gw01gx6PCtLjIKSC1LMLvMXlxKDDJRjsi6EIZMjC4trFFlg7ZWdijicnMtMELNOi3PWrUPl1CBvyvvCipVmcbEmMKBlCwebAURSlB0pQ7Bz56nx7Dlxz5GfozZkmMGDyz27QHGtU9FmBnCh_3Z19tebIudiOcpFoVIH3EXKOgFJEE007oGiVtsRwR2dNJafC7pwh89CKtpiWD6qLSEQnWYLa_SD8Sfj6xjzBW_S0Grd9LuWgwhe42ITfFcUvTXjSdjzdGD038Dop5j-H4yawl556k8MvuNgEtBpEk4O03xuPc7RlJxe-PDxtYoSEHwQeoUzDFAhUkBCH0TFBmtCl3E04YYN_oaw9oamXEPQZIsIupUU9FHj0QlZwoJJqDuINPV__Zv2V4vyWAT4UZWOdROTZlVTXckaB5upOtjQ-TNIqXcVyi30Bifk0AMYr_RPVdaS9QCU7qYSMeDvI4tPfjpZKYSsByM2dLUyFqDwUS6nZlbjRU3PRKFwuNvmBQ8YOr_8Q_cUkwWLaSqlYYsvVBGJ_p9fcvEgHL1yR3dw0uZrJZH_8oGu4YybAcsqj79T1eMLJvhNIO5pHfqsdLWG86Bti880tX7BMZSCXsNSwTLg7Fv2TNQ7U4WLLey2ZD1yVH7MC1nNrIha1itqRPDosL8w3XBEWzUf8NtAvEKKX7995Ryl_E-gul1tURT54_R6TpaWehXNcQwS7a62qk8MZVDgbqaE9V_kVpGVPCpBNM7c1vsQzYgvbjNmUuKWkqzhY3lNcTNHz758Xt0AxaUMu307WYBqJ4iL-2QwLuVCOw0f-9KGZVvplLP-sLZLh11l81_PNNZtCeOp9hujKZbDQoOccUeNOJ3Gzp4NSWawHqW1RhvO69RR5KTzAMDweMwfKRXtrCKdgEemMenIiUBzofVoySID1KsHd_yXRwZUp9B0VMMUqz_V6JvEnOMUNTRHfakXJJKSjiHVwg8jNIkKFefci2m8au_8B14jTThQBqHqHKMhP1xtp2W3m-kjapFiiI7LVvcghl3yee_ArUkQBuARLl85i0dPpcej7p7mZ-N2YzgwZZlIHlJ4gIeSRWOUcZO1ORBGhmI7ujMfbW45TzgssyJCY9gPYGSlua9EDDvzcuJpvGGZz-X44yomgIcaveSae-q-xK-JUl_3I44LpDx667HL_d2V67-0M2oCeo0VTV6f9fiGs1g52vmQdtN8hz1g6aJxpqdzAyE50llez3z4YdR6XoY7h1n7uvd2P8JEaMy-iZ8ULQen3zUNQMu74YJPYlkhDzpCd5rnZkOB7rL1dIMEWhktmCNX7OGzKRCv9QZL0CPgc1oIbUisy6uXxeqMkUBH1GZhaWxbaVjbgNQ3PcYOSpc1q_lFJrjIRNsKDJuO9bStYJIk_Wva3eB-EwOfytSTj4tbmESdTuC337y0TbJcFosaKPD5npNddoNjTGNdEprE7naMDjchC-Nhn8np4KBo3lCAaOLvD_1SxEW9c9mRJOkhIAbzLaAPVborAdGRePaiw4XT7fpwokOMaP02TVy5mL0Kw-pEEVQM-Cf6i0fZx8zepWpUbEFCwmuHbD9hwwlbPxbOZLJkW3FPTJPqfxD79-Pfn2H-ACWPu3VkkJdI96QT409gl7u4dYJD7tX2m658Ybk7D3Hk1-SJxGy3wTqdiPq60zcSrZqRXCMhJsVpNNUibfzh70uIfbZKfKB1Tioenp0-PB39-wfSWzdQXEKB1THMBbljvces_cEZwYzSXMZcxhLOLeFRj_sciH5Yo2EXeHZJedpLL0PYiYqoSUPZNwxPT-pfWWgiI8HiCF3VPW6r-qdQOpkwdkNQyhlUR-DLh09FHiUEbvBIoxup6pGLkT5tSExnzguodyE9DVqMeZkLl01OQvrYXvqLlja6x-rj2QcRQKg_fLi72eIL3F1cGVnmjNDo6XXdfgbWXbgEaUimlXfDjBI1szf2l9JNs2us7_pqu2qapgJHbuVzHCT9nUk_yQp2ehoVnvJfDUWIQOM4_B6jjniqMQwTFYclty16UYs1BzKLg_61qS4aSDIsbzQJwns8YdJcINTuFj8oHzwLg3uhFaCpGwBFA9kgZ7_GOYwQcCBDe4SreBeeE39nEptin4L5hQSPsSgimP9UB1FbIpS2EWS_aT8mI24c_Nd8ykSr_MTlzB0GGUdFgfqziOWBSQZuviWKp11YgOdjXyCWrUlKDyNpSpTHl-qldh5GGFMUgEbR9Y-SB6dnmUoecpDy56_S1Hr20ZbwG0-Kqd2bwL1olmgCp-dPDT2N7ychiQLsseZ75rtxnHCC7p5zczJJQpXVGQMgKBFgy6mmwaJqdU5ljvDIwKUoPiV8kfQufNxJ8tvKincy83SRFopw0c8-qcsCrwn2MA81aKxK9kBciU-AAHM4lEoNIm1WCcgIWuEBdZWKH8rGxTRzzGQm-s6hRLBtHjoPI26gr66auLJ-7RQWtoMwyQLaZwdfsxNwpaqmT1UwhQ6Y7ilVd_mK5Mr7-PuGZifeI5dmrPQ8n-Fo6n9dNtJuTGNyXnC56yl5LAHLDBVEAq7LkEwA13GIpAdnKOoIsd5nIC_DsjhTdeXqTQa5p9o6uYFT-qHz-pptRQ3puRbTSs49jK7bPeK26gF3jV2gIpH2_xBKggs9BhIOdobcsOsxN2YiUJ1BkbwCfL2HY6EhciKgK9OJy6cTUPguJbRvosDvlYPY1Nig6ZI04ObDIWmknswx3MwQU2gIRBuhM3SLMX985nxrFQlEWCT21w3KdkAjkASCxpbpzOeLjfyREX7vgLJUVHmvQAod67JWPvq-aKfnZhY7HrUS3d60JrFYZsoNUhkxL2gTcU9PxiZOM-qOz4dSRndK1E_9EzwkMwl0iZwC_9g-4MU14Wj5xLpPYkNLRfn5nxsHyjICgATQE7dBgNPrGNBkWP-Ktg55ZgqqjO3WFo_qUK_1bz7aNQENkJEK87VoI4PfvU7lTMbLXZFEF5AYBcMBJM_vLJ&cid=CAQSTABygQiDbbxzMUVnTGrMTZmSyBmuIzPqBKuQxShYlndOu8CSMgGeJ9rkryuKxm4A8Qm_uWESyKAb4fukkGpnybkUt-QhSVwzBIm0w0YYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.metropoles.com%2F&ds=l&xdt=1&iif=1&cor=12261841391918152000&adk=1964084972&idt=111&cac=0&dtd=25
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bb86be0538b5ef8bb7fabe6cfdcc28f99687242fbecab81a9a2a72d92931594a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 15:48:09 GMT
content-encoding
br
x-content-type-options
nosniff
age
2825
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11316
x-xss-protection
0
server
cafe
etag
309758756414748794
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 29 Jun 2023 15:48:09 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 395B 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Tue, 13 Jun 2023 07:39:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
204941
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 12 Jun 2024 07:39:33 GMT
skeleton.js
fw.adsafeprotected.com/rjss/st/1431402/70901175/ Frame B230 		244 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fw.adsafeprotected.com/rjss/st/1431402/70901175/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1011798148&ias_pubId=pub-8446138991821025&ias_chanId=1&ias_placementId=20014135090&bidurl=https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0g9zCpG3Y9ayI1yFrM02_w8
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.220.86.224 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-220-86-224.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ff4274c8318f98a23b2c5dca57e1b0be62ee9aa8ae7b27de2ddbf448aed1d9a1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
vary
accept-encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
fw.adsafeprotected.com
cache-control
no-cache
access-control-allow-credentials
true
expires
Wed, 31 Dec 1969 23:59:59 GMT
express_html_inpage_rendering_lib_200_278.js
s0.2mdn.net/879366/ Frame B230 		111 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
Origin
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 10:17:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
22688
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39806
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 18:44:05 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 16 Jun 2023 10:17:06 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20230613/r20110914/elements/html/ Frame B230 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20230613/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CCb9Fjq_Jk63bHojW-zbZ2jiQF9QHLOXE8gmHjiiy4cLoIy_NC7VACrPXkmNTxhKNcdX8mgdyMch7HkgvsHmlQzv2TMhvQyccSCQnd9QXVIj2QdgQ9wVwGUpII6oU31NoSTXDG-QRywUK5QH6bTCymTgnru9Ba6afuKRxxUmUyVW1azSM&dbm_d=AKAmf-ALcNA6moamUxe2zeh2hlAN8u_1lDaBVJ6j583GKBJGQp6lXdyJ1HvET4U7Xk2E6m7BKXYH_MJ5ixZ6ZhCFDv-AZCuIdQqPUWgW3I6n7zfRzkWastwtwN9qD-DX7fM72UMZ_a5ZV4-wDK5BK0JER07dG4nEOzoSElg9sMjCbo7AcrUCMCLrz1NK6k0HIemOg9WiUsmuQfPk-WsLYFNU4eFubi6FUFF55kRcN1MBHHPnvs2Irqd1eHl-znrMz06tABJiBY62VlWusiEJ8u3pdwi6ZciLqxfyYvQSAf-9V9EJxtcjPZU0R32DCViaGC4FEA0_o6CujamuffM0zZrlVMVqRJjqs_h_MXYZeEyYs85jH7bNGnNLmjsEoRUDMj1rGMS0w1y3AU0Eoy7VPG0JPkV6-DOmxcfSzzsD8lzzx0KIuaffKkPaBQbLYeWAr5n0kM2Ff25R5ldcb5NWLslo_G4PAPFtyRB0IPz7giKISwdsicDyAtDVem29pMwIxwRUAHwgiEMxC3YU-GnDT9YgIojiU2qbA8MfBMBhplnktwPBbfFxhtUkLFyy5zliNBUNmRy5pXkw_OhmiUHU_-jccEgRBe_0uGIqfBJ5IBP_7Q1cbxql244DqznbBVcwDExiKQ_OPn3kIihh-Xoya9sukbrZwi3oeMMl2Sq4VENChGJjhEzmIT9G9LcQKSdAJaqFa_m5v81ExR-XTTm1s8E2mG1_bl5nKd3-gSGIBS12K_8Wy_ForHMZ3UH10KVw-RfJLIqdw4XF6qZ9WMIFzNLhQXKkXMFmZmvMDiqwYJTNE_AXd_HHGUDR0HyCR76s3FA9s9E34tmePYuP_z8xRb0KaAcJKI_i0_nnd5EjtsoGKYedZ2l21XH7ul7tM4qe4ZAjuTQvT-R0X7wCI4Kpjl7X_mBmZdOX0V0YPgW5bWkkWc3VRwUJZdqAZYdiQjqUOU6FJaP0cdq8WIqgOAAAxvxdwrAp_ePcjjeb6ncTHUnvhiAEsg01JVPY3pDTgyPHF1DYgA0-rkakMESS8Ai8DcM5dJdGB0rDkoX2Z6N82G-Jf6VhTYsGIWNH6Kg2H6Z-Uf_DQvx1x5SMv_1XiyFHzUW8b3-ODNY_ySp7MTW-3jptI_bbRUgRsVgwzOafPSwMx_qEYAj1-w7KLIvYDOC5xNMO8oP9z9h6JENXJEJHyuR4YVErmchu_Y4PU2jWJET8i8hAPMkrqyC5fsQ1PWJOnmYmJ2N10ZjWBMIvo5j2Vd5GtYxaG75i4GzKBp9C42zfqlhC0LuKgfhG_Eb4TuKI-1-zaK2pgGsAPtbUvrOHmbP1fx9ghpGKIjANRKXxbJABRj7EV760IMHbP7naWKGjyvIuUFTpqDKiirSHXvmQWCbuk3cTaCPDaJKlVDuNNqJ9vkjT-jSdD8N2M_niOwnpSnAprDhgYLDXciNHHMJpD_EQhm3GoW7Joud4x1q7dbhpXw0wMTxQiMKW_Mjw5n6VCnWf-fO9ckSK376u1fOVCMDkaZiUubI-oQI78abHPbUlk7dWG8LHWe61EjWKynlOj2n7mbd8uRig_Vu6--x-146salHjsS1WvYjzMe5YYlb3Al_biSq_c2VxrV-2BCHMncJ6rRWhrCw8A24JMDmpkdefh-iJEgi_xt2loQ0ITUWM1okgGgLpTg_DOP3jhqDrdDhg_8JO8p2b8ChMOiBuZLiN8YvBY2PgB21bekhySIEdw-qoxlwQWobTD7310I277kIFVOOoYsugMNmsC9epfCfo-AsXLbAr35alahXjOtMoO6IlWCDe8blsK4guKnWGM7RQhwf46p-LndQfeIzD15Nc67OK455Ncn_lh4snQ03Uz_emK8yyWkaRGVNOU9V9HOP68B3Vf4KrZOt__W4vIwh30S9n9fRHbOl-K72VgK_QaOfQ64qJUEnX9YLpkoeCvHnKDDrfo51sW1DM7-WGC9ddYlHDxmIbOHJyuOfwEoerpJKJ9PPwc5uPDeT35Nt72IqaM_0t-W1rA74-VEEYCsDd_NeY27Guo5tkuB0m2xenZ3FWRcaF0rdupYlrlPYzNivOjZTg7O8lYSPnULbnhrtgW1GxzgamTbb3wLKW3kox_eQxeiA4eWyI-KoYP5iHOtApjZ0POkhnhTkjJFb5PzLigyBTNgwL_1ag3HKQTsgbuS1zyDtdxV0vCRSFfeXB8Qa7RCxpfY2eT_whKOEsHmcrIUssIeypnI4d8fBGVquz1K8BEnXKq2cFYVDsoR-WbKWDdGlLp5sv-43d39qjIxQqTQekHCAP9_PDqzTrfLVDU3rFoVVyjBINDY_qcDGdjMAQ5y5u8TkGhzIVvX2Rv0ZuKnmSWENMvKHyQ2DqF3SfyeFmKVgQSE60KjWWhsG50qJY6oOyqF_g4Zb4WQxMeUhY6_CEgipkCneN3Pw_4vmx7ygJq5qMk7ri9qP54vM2p-FNicBvJqZswKjyf9LbooWH97KIZmjClsO4nu1mR-0mdOxpTH1-Gf4wd9gnw-HpQa8qGM3NYombIug6KVHsyWlKOlCC_7hrgvJ3mMz3Uw2DEZNk5OKT2sC4bG4_vshRticeGpXV3cFx7NA1tmzcUVNCI3lKDUdnDTwq8z5rbY2k4E7Yk_NQiUCqbqaCsSDWmBNhCiZCtRsHsPYFIzXFFyHFYkPgXelECoMYkdzyNRnCIDEjtJN-ZQmxwpS336fdZ9Rdz32jNEkE3_iAeybNrFEg30Duhem9PtRs5IMjuZHhug7ebwM_xUSEUZgFr4ZorNVbbtJO-f2AvADoQeyzAt6qIbJrK_QvpZNd9BMiE8VM4kjldHiobGDxUsd1AmZ78ac-c9tv0_disAtjfVh3VkfPiph3ka5uVEgpDtVo5I7Iu09xdwiEgwVoiGo0VRs3B1g-E67Fn9TPzJUPRfnwMwhFXhqX-_SVZgLKRcmbZ3a1FuePWwsDMgYHPHvf3oRHqW4dN3RJdGhwO4N3DIAGVmvdwjYttn4ExqG61qlyzAz-pDqX9N5Njl4b5CWdXonVhDr66SjG0rvD8ZWUJgvJUYoKTjEYwWZAGCcJzWVWTMgweMRGfPwtd_uxJuA95kuBetdCARkotrwOw_bxO-0WVMPfphV9NgqcPsrnu5Zw5Hj2zla20UG6Ct8r-bMY0NjBKelHamJ0ZpcNSjcABpYGWav40YOabs9uMBD-Mf7Xh_oAXL_hyJdNjVztkEiuBX-qGR-094IgVKDp2NFh9S87Vvk6Ham9yjIgliEdBcYOP0dF-HMufEB6CYRaDSb15ukQPqgO685jADRo2O8-UIBR3eUKUDbEhfkhJFfUYLbTKCt47QXAq4-YAznamR4jfhy5BvF1ColahJlBhwadMy_JDNLUKioSnKxAQYF3tCORu9oCZNootDhW_UMCYVzaYBfCBSDF08RLTd5E5tt3sqC417qks0DNNONHJTuwmD8dnFcfTcNyLFvGcbl-d9i-GfVTzSJsATp-h9ZG2O1OHKy0vdNV2EMJJr-nxTWqiiveP4riC2WLa3jsSWo2Wu5hcJZjlcpWIgZVfVuIN_tFkbu9ochFBHQBQsrLq4LZd1G-sG7VCWqpJqNz08tC6eUUGfKdLuegQk1_7jZ_StngCVECiP9-fXHXuK2ElVfdoFCbisHRUtQx0J05FtLoq5TxOwu3oh1eaCHZ76DDKAKFKYNZDhZJE8yyDXZ6KoorVIYPbsUSUa3kPKjKmwCqiyBltg2veTUQaLWGy3vXjGYxjzuYsCVkyTy90ZqkuICsNBBX2H-F7600RSVvCC3k1L9wkNPcSdrCDa8ZZ57dd-GhUtbnopy96GP2yrLvfapl_I1RuFcEdXSD83sOqlYFQ3ot3bhE81fxyOSgbPPSFQ&cid=CAQSTABygQiDbbxzMUVnTGrMTZmSyBmuIzPqBKuQxShYlndOu8CSMgGeJ9rkryuKxm4A8Qm_uWESyKAb4fukkGpnybkUt-QhSVwzBIm0w0YYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.metropoles.com%2F&ds=l&xdt=1&iif=1&cor=14372604510407956000&adk=2228999115&idt=167&cac=0&dtd=6
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 15:48:09 GMT
content-encoding
br
x-content-type-options
nosniff
age
2825
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4172
x-xss-protection
0
server
cafe
etag
5499578052516643378
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 29 Jun 2023 15:48:09 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20230613/r20110914/ Frame B230 		29 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20230613/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CCb9Fjq_Jk63bHojW-zbZ2jiQF9QHLOXE8gmHjiiy4cLoIy_NC7VACrPXkmNTxhKNcdX8mgdyMch7HkgvsHmlQzv2TMhvQyccSCQnd9QXVIj2QdgQ9wVwGUpII6oU31NoSTXDG-QRywUK5QH6bTCymTgnru9Ba6afuKRxxUmUyVW1azSM&dbm_d=AKAmf-ALcNA6moamUxe2zeh2hlAN8u_1lDaBVJ6j583GKBJGQp6lXdyJ1HvET4U7Xk2E6m7BKXYH_MJ5ixZ6ZhCFDv-AZCuIdQqPUWgW3I6n7zfRzkWastwtwN9qD-DX7fM72UMZ_a5ZV4-wDK5BK0JER07dG4nEOzoSElg9sMjCbo7AcrUCMCLrz1NK6k0HIemOg9WiUsmuQfPk-WsLYFNU4eFubi6FUFF55kRcN1MBHHPnvs2Irqd1eHl-znrMz06tABJiBY62VlWusiEJ8u3pdwi6ZciLqxfyYvQSAf-9V9EJxtcjPZU0R32DCViaGC4FEA0_o6CujamuffM0zZrlVMVqRJjqs_h_MXYZeEyYs85jH7bNGnNLmjsEoRUDMj1rGMS0w1y3AU0Eoy7VPG0JPkV6-DOmxcfSzzsD8lzzx0KIuaffKkPaBQbLYeWAr5n0kM2Ff25R5ldcb5NWLslo_G4PAPFtyRB0IPz7giKISwdsicDyAtDVem29pMwIxwRUAHwgiEMxC3YU-GnDT9YgIojiU2qbA8MfBMBhplnktwPBbfFxhtUkLFyy5zliNBUNmRy5pXkw_OhmiUHU_-jccEgRBe_0uGIqfBJ5IBP_7Q1cbxql244DqznbBVcwDExiKQ_OPn3kIihh-Xoya9sukbrZwi3oeMMl2Sq4VENChGJjhEzmIT9G9LcQKSdAJaqFa_m5v81ExR-XTTm1s8E2mG1_bl5nKd3-gSGIBS12K_8Wy_ForHMZ3UH10KVw-RfJLIqdw4XF6qZ9WMIFzNLhQXKkXMFmZmvMDiqwYJTNE_AXd_HHGUDR0HyCR76s3FA9s9E34tmePYuP_z8xRb0KaAcJKI_i0_nnd5EjtsoGKYedZ2l21XH7ul7tM4qe4ZAjuTQvT-R0X7wCI4Kpjl7X_mBmZdOX0V0YPgW5bWkkWc3VRwUJZdqAZYdiQjqUOU6FJaP0cdq8WIqgOAAAxvxdwrAp_ePcjjeb6ncTHUnvhiAEsg01JVPY3pDTgyPHF1DYgA0-rkakMESS8Ai8DcM5dJdGB0rDkoX2Z6N82G-Jf6VhTYsGIWNH6Kg2H6Z-Uf_DQvx1x5SMv_1XiyFHzUW8b3-ODNY_ySp7MTW-3jptI_bbRUgRsVgwzOafPSwMx_qEYAj1-w7KLIvYDOC5xNMO8oP9z9h6JENXJEJHyuR4YVErmchu_Y4PU2jWJET8i8hAPMkrqyC5fsQ1PWJOnmYmJ2N10ZjWBMIvo5j2Vd5GtYxaG75i4GzKBp9C42zfqlhC0LuKgfhG_Eb4TuKI-1-zaK2pgGsAPtbUvrOHmbP1fx9ghpGKIjANRKXxbJABRj7EV760IMHbP7naWKGjyvIuUFTpqDKiirSHXvmQWCbuk3cTaCPDaJKlVDuNNqJ9vkjT-jSdD8N2M_niOwnpSnAprDhgYLDXciNHHMJpD_EQhm3GoW7Joud4x1q7dbhpXw0wMTxQiMKW_Mjw5n6VCnWf-fO9ckSK376u1fOVCMDkaZiUubI-oQI78abHPbUlk7dWG8LHWe61EjWKynlOj2n7mbd8uRig_Vu6--x-146salHjsS1WvYjzMe5YYlb3Al_biSq_c2VxrV-2BCHMncJ6rRWhrCw8A24JMDmpkdefh-iJEgi_xt2loQ0ITUWM1okgGgLpTg_DOP3jhqDrdDhg_8JO8p2b8ChMOiBuZLiN8YvBY2PgB21bekhySIEdw-qoxlwQWobTD7310I277kIFVOOoYsugMNmsC9epfCfo-AsXLbAr35alahXjOtMoO6IlWCDe8blsK4guKnWGM7RQhwf46p-LndQfeIzD15Nc67OK455Ncn_lh4snQ03Uz_emK8yyWkaRGVNOU9V9HOP68B3Vf4KrZOt__W4vIwh30S9n9fRHbOl-K72VgK_QaOfQ64qJUEnX9YLpkoeCvHnKDDrfo51sW1DM7-WGC9ddYlHDxmIbOHJyuOfwEoerpJKJ9PPwc5uPDeT35Nt72IqaM_0t-W1rA74-VEEYCsDd_NeY27Guo5tkuB0m2xenZ3FWRcaF0rdupYlrlPYzNivOjZTg7O8lYSPnULbnhrtgW1GxzgamTbb3wLKW3kox_eQxeiA4eWyI-KoYP5iHOtApjZ0POkhnhTkjJFb5PzLigyBTNgwL_1ag3HKQTsgbuS1zyDtdxV0vCRSFfeXB8Qa7RCxpfY2eT_whKOEsHmcrIUssIeypnI4d8fBGVquz1K8BEnXKq2cFYVDsoR-WbKWDdGlLp5sv-43d39qjIxQqTQekHCAP9_PDqzTrfLVDU3rFoVVyjBINDY_qcDGdjMAQ5y5u8TkGhzIVvX2Rv0ZuKnmSWENMvKHyQ2DqF3SfyeFmKVgQSE60KjWWhsG50qJY6oOyqF_g4Zb4WQxMeUhY6_CEgipkCneN3Pw_4vmx7ygJq5qMk7ri9qP54vM2p-FNicBvJqZswKjyf9LbooWH97KIZmjClsO4nu1mR-0mdOxpTH1-Gf4wd9gnw-HpQa8qGM3NYombIug6KVHsyWlKOlCC_7hrgvJ3mMz3Uw2DEZNk5OKT2sC4bG4_vshRticeGpXV3cFx7NA1tmzcUVNCI3lKDUdnDTwq8z5rbY2k4E7Yk_NQiUCqbqaCsSDWmBNhCiZCtRsHsPYFIzXFFyHFYkPgXelECoMYkdzyNRnCIDEjtJN-ZQmxwpS336fdZ9Rdz32jNEkE3_iAeybNrFEg30Duhem9PtRs5IMjuZHhug7ebwM_xUSEUZgFr4ZorNVbbtJO-f2AvADoQeyzAt6qIbJrK_QvpZNd9BMiE8VM4kjldHiobGDxUsd1AmZ78ac-c9tv0_disAtjfVh3VkfPiph3ka5uVEgpDtVo5I7Iu09xdwiEgwVoiGo0VRs3B1g-E67Fn9TPzJUPRfnwMwhFXhqX-_SVZgLKRcmbZ3a1FuePWwsDMgYHPHvf3oRHqW4dN3RJdGhwO4N3DIAGVmvdwjYttn4ExqG61qlyzAz-pDqX9N5Njl4b5CWdXonVhDr66SjG0rvD8ZWUJgvJUYoKTjEYwWZAGCcJzWVWTMgweMRGfPwtd_uxJuA95kuBetdCARkotrwOw_bxO-0WVMPfphV9NgqcPsrnu5Zw5Hj2zla20UG6Ct8r-bMY0NjBKelHamJ0ZpcNSjcABpYGWav40YOabs9uMBD-Mf7Xh_oAXL_hyJdNjVztkEiuBX-qGR-094IgVKDp2NFh9S87Vvk6Ham9yjIgliEdBcYOP0dF-HMufEB6CYRaDSb15ukQPqgO685jADRo2O8-UIBR3eUKUDbEhfkhJFfUYLbTKCt47QXAq4-YAznamR4jfhy5BvF1ColahJlBhwadMy_JDNLUKioSnKxAQYF3tCORu9oCZNootDhW_UMCYVzaYBfCBSDF08RLTd5E5tt3sqC417qks0DNNONHJTuwmD8dnFcfTcNyLFvGcbl-d9i-GfVTzSJsATp-h9ZG2O1OHKy0vdNV2EMJJr-nxTWqiiveP4riC2WLa3jsSWo2Wu5hcJZjlcpWIgZVfVuIN_tFkbu9ochFBHQBQsrLq4LZd1G-sG7VCWqpJqNz08tC6eUUGfKdLuegQk1_7jZ_StngCVECiP9-fXHXuK2ElVfdoFCbisHRUtQx0J05FtLoq5TxOwu3oh1eaCHZ76DDKAKFKYNZDhZJE8yyDXZ6KoorVIYPbsUSUa3kPKjKmwCqiyBltg2veTUQaLWGy3vXjGYxjzuYsCVkyTy90ZqkuICsNBBX2H-F7600RSVvCC3k1L9wkNPcSdrCDa8ZZ57dd-GhUtbnopy96GP2yrLvfapl_I1RuFcEdXSD83sOqlYFQ3ot3bhE81fxyOSgbPPSFQ&cid=CAQSTABygQiDbbxzMUVnTGrMTZmSyBmuIzPqBKuQxShYlndOu8CSMgGeJ9rkryuKxm4A8Qm_uWESyKAb4fukkGpnybkUt-QhSVwzBIm0w0YYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.metropoles.com%2F&ds=l&xdt=1&iif=1&cor=14372604510407956000&adk=2228999115&idt=167&cac=0&dtd=6
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bb86be0538b5ef8bb7fabe6cfdcc28f99687242fbecab81a9a2a72d92931594a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 15:48:09 GMT
content-encoding
br
x-content-type-options
nosniff
age
2825
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11316
x-xss-protection
0
server
cafe
etag
309758756414748794
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 29 Jun 2023 15:48:09 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame B230 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Tue, 13 Jun 2023 07:39:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
204941
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 12 Jun 2024 07:39:33 GMT
truncated
/ Frame 395B 		217 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f3b107ae56dbfe344e761571ec869a03b7d31ef637b6d8703a332fb23eb2734e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/png
ws-ad.js
wfpscripts.webspectator.com/ Frame 7279 		21 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wfpscripts.webspectator.com/ws-ad.js
Requested by
Host: webservices.webspectator.com
URL: https://webservices.webspectator.com/adunitMapping?appId=2779&eaup=/123935210/tag-nsc&eolid=null&eci=null&ct=%7B%22refresh%22%3A%5B%22true%22%5D%2C%22refreshed_slot%22%3A%5B%22false%22%5D%7D&w=120&h=50&wsRotSlot=&isda=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.252.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-1-252-251.compute-1.amazonaws.com
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
9d02c3facc410ee6a9dceade80ce0bc710f6037df881453124d3f5c83a6241b5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
last-modified
Tue, 12 Feb 2019 15:34:42 GMT
server
nginx/1.10.3 (Ubuntu)
etag
"5134affc2f01c20ef17e399c5c7cbfbd"
x-cache-status
HIT
content-type
application/javascript
cache-control
max-age=300
content-length
8492
skeleton.js
fw.adsafeprotected.com/rjss/st/1431402/70901175/ Frame A085 		244 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fw.adsafeprotected.com/rjss/st/1431402/70901175/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1011798148&ias_pubId=pub-8446138991821025&ias_chanId=1&ias_placementId=20014135090&bidurl=https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0gaHfrXB6ZwbOCeRr0mT7nQ
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.220.86.224 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-220-86-224.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
b4cee4d27cd09e307b8e0eeab901217e2eb19b19979860d4b4f31631e7073c5c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
vary
accept-encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
fw.adsafeprotected.com
cache-control
no-cache
access-control-allow-credentials
true
expires
Wed, 31 Dec 1969 23:59:59 GMT
express_html_inpage_rendering_lib_200_278.js
s0.2mdn.net/879366/ Frame A085 		111 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
Origin
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 10:17:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
22688
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39806
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 18:44:05 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 16 Jun 2023 10:17:06 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20230613/r20110914/elements/html/ Frame A085 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20230613/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Ah0cA0DiTdygNugLKzLphkw7O9LxiImBdlgEENQCpHxQBz3OXUaPwc2MzR5hCoYRpS4XYxOBNYjMnyynFA3qFG7O959CJRrSU9yYkca9fX2Po-6ri5J_rglNbi6LL0sAuQnDGoF_S-3qpjlhqrqEqR9YZoQ-M1WX1W74w41NpmeLbINkI&dbm_d=AKAmf-Bqej2d87McplapTQi5ts0buU70789zzdKYbtzvFET8OY6jhgkXLyrjOVh5J0jaOah7tI1vbLCNownvyx-mKIMmSsZWrryqspidRcWhubxqQHv6ulVPGIwAAFtzYjvILOJPpS1xWzbKaWa_Bc01kHCoiDasc-Pk3WXL81nZGzjwIVAi51ODVUbjfU8b2ap-8FdPk6pZUSBV2HiPfs2K-r9txfsRwIep6e6URkzAY9m2s7f37havBQRNRSwWrwhhlOyZ0hlpV_mymYdmhDZwcZP2_c3pl-50q_gRjOVAX51Nh8mDYap33dBdiyLM6wT8a1G4Fi_HnIIDLWoQvyic6MbHSL2ipi3KjgKbiZ_CUKA6bA--cwmHCcCMrpOV_xAYf5bUwXmEiowYiEGPj9gOY01de4GtaoFSZg6fghvDGlhBnEennSB16sajqpibT5F3u-H1ZJOCarGnQUZ5njGJBZe9O7WiLufRvpP018-qaB_PSyvYi0cAJzWsFPEyi8JX3VERog5HNo93LiNC7OxgFJ9A8QPM2Z9Jfp-HL5ZZyqoT5SiQRawTipKG8hH0WOWJfut8CmSURI6dnTitHVNLFBeOUhT_kKspvfAjdwhoTC_ew__jQ5Kq32uQXZT486sy6fIMht-2AkD2iBoPDn6CtvnVM0AXtRjbA3rvyTdqQa25Ik-qUXCnPHByP-Rey31SRI1_FLfeHSWFSXPgqK7Sy95ZfT-HJxL9UgNjkNLCzbXRof4s8EYgCwYLi31VawhKvaeWE67dXEQkF7Msp8BJT7PFzLVc03PKGppYYaksJaLqqWQvJ6Z6uyf7tGjDNcauoG1VyGyTk9JCk1LkkS9qyZ1Nn1PwvyADibesBG4b4syzAkbKoqgYXNHV2-xXrpGb2P_Vp1bOmIPbFF3KNlgEffRU8-4LcSmCRlDtQxE02FzEXKSfWXN6PfAJxsBq337yLl7B7dkO8lBiWe616JcsFNzhQ_12qGgnxW2LgMkhJ2_SY4a-wjzt68vwtr43-ta13IILnUmIhDkGhxWKwZa5gFj6U-mRF21x6mfSfIZn64agGx2gOzdgUJKfvo1lnJO02bZDIAetKDapFHzuoljQBzC-StnpEK4UOV-NYssm1hRSbs-ojZG31XYEi-0BdnWy5oWpr6bxCKscz4lh8NdYWRVNL4kfeRIrhWCvI2zyHyk64R3ogBpJ-cjxqRQeXegy5ixg3N1lBvZ0-O779jZQ2jOIKLJ1MbGYVTYHAjP4GlOKI7VDIUgUbFvvkKrBRfAOCqRuNbDmqERwSBYgFwwwDLTtEKy_0F5sn9fIBsaTmB4SR0F4GK-G5hgyd5NoNTut3v_Soucx_p4vTv9FoWVsDmt4Lcr1KpIGGcxQagjuaeeyl4KzmnLVtByIZ5Kel_-XogZZPvou-_BkljcO-HcVKXjbkin2bLapVeqMEiuaKH1RES1tudTqqll5HlY9f4vWegD3C9eiuk6gdSM1YT4k3r1t2mXGWn-9z2U538_leq7Ubv3wdYMHpIWCWfi40pHcRXgActND1fxDOFuTDl-rWAHYF8PQHSmxLE--1H5qdVcU6whJmutqct1JJ9isqj-psbLFf3PfEgE4Kv33iC8Zm5iZiC8MO2ySay-KozVFt5wHsf9dAIUA7TaXAvNx9so8VSuHvgRt_NmWTRLBRY_oevakZ6JE_ZYPtddpPpawcZPh3Zlzz3UgEQykp3ft5J_fBcga4Hm0qz0N2g8L6kwQPF5v6xElhDmOU83iR272yl99TS2NVu-0tLNtg-iJXVEbvTuXGAIdUD-Cm-yYKpRtQF8-jzaDlqw3Septf1J5A-x6yd1f5O3I_26SxZ02_T1wRQHjW5ivG1gI89FXKWCdASR8onymd0txs0UhuleZgkg8jQef-DVgDbL902IsCABnf8EzV4ZITQnlxE6RZGh-dwQdDzMnOWG6Ajnl0_jrDJMtM7IHpWo8GZmZpgFnBSSg6UtTMU3iQm3mDdH496vfI7V8NkwsYAIlWJv0LV26mJL2mA-22mmmqZxDgi7kx-oR66ITWKBbQyD0n6RKywK1kIZLj2EMcpOcrLMMIaopNTWG8Y4FlneeEjnG8f_5vpRwAale40V0kA2ZuNxcW-4LmW1MNfGXH8O8pZ2GNA_n0kGnpr38IYp241MZhj_adtXxM1j1FdPh-j_9lGWkXVLJcgz0DSeLvhHC4fyo98qiN4j92DsU0AZEWrVeC8zkKN3KtIZwOvEIcR3JkrQJrIAjvh9vD2cEUH0omcmxokBbOvVMeaFU8sDRVWudtEi4As3hJaacoh_U5S1HqmLRCi5k9vDrlFY_hEzUDazxztURqXrs4j_5UJA2SS9DAur-lfBZpSVJeaJsDbWf8sj_3ydTv2s16CmMAw1nqEL1s2tdEHaOmYM1o6hvMMqu047NupoF3b6CHFh__0x1EvhGDwAFvjBBfUJ8yrE9sqOxY7hkcxG3Uo-DFFrmcv2H5MvsXyyWd8ofdGz6MjB7uXB0lauk7Pr0dEORztiLFuRKRtcItFT4VsG70Hicg_KYu9S_a1i7AyRRfMeeFrh1x2YmmXYeI1arPCX7tg5e7iPmpfg2QZALPnTTF_U8VI6DwAAi-RklIv_poLdbd_mboVQfoLzbliNgnnyKNlkhMlnfLCsrFkviV4hBgDOhUFrO2qFmRiDvLvXJmVkFx0cDPH3XIolS2ne0KgS825TjDcbvWBBL-SOBwked8KDHV4oY_TPAzmTFEqwxl7_po2tK8Y5nUuLhzCclu6Zp_TcZpKoiaAdBqTBMtf8hhi-fwc8fYGtwRbB1QcrXTHYIedekYj6X_MpPmSxnwj_J-vLxFSkFHSTp5T_bsl0d4jTHks22dAbOM52gy2RtdRnYxsfO6sh7PIr8ab16qKmtFyEMYbp-ARexMQ3KfFYTAE1-JT0rYaCAvSMbOSetBid5ycSVicTTD9RHxM205qJpCgoxspAhBZgV9iRYERMQ35LYL2mDLZHe8rmeezAO9VG90yX9KlgjkEDX5hmBUYgaDBYMBZHFjtnYLfQvOawgzR6J9e4ceQskNMg3vrPWmnilfcZvIaWsS3Vw9NBug49dG_NH2XvbcTy1cIlPiiWJqSGmuXqRAB8IEZS80pbRYJEwGUVZSjWyF5woKJrTdruFedfj_yx0EiwaUhxS-bFrHfrpu-sxJEMPk97f1XeVtoJ6JOq9told490QM5xm5NydEOb2G0mNKCxuKY9kQPXvJZFUZ0pRaCEkd-rZIJbZaRbtgbvMb4VeAysO1l7-vIV63mEhKdSoYTSs6JePWalzURBbQNKgR7a_P4igaTYCdQLhFXb5lHI9cNagltIG_feDO5r9ltKsfwJdIR7fdmNsYyKQBtGiAtwuVWf6fnGkJJiaqHL8L5JsGkTj0z6_6Xx6UMWwDO7dP56GdnuGgvIjGuCEs0bYu5-toFWamAgzKAo_NiM8r7R7FrPtNluBMXvC08bm4h9H2MYxPg63Fuf9CF29ikfftbdOFufG5EqCiUi8Ld2b1jUhZWJZ5iGYZuzdsqevvgJ1QFgEQ-2gQAsawn5azrpS9I5dMZIs8umkO1MI2XvTaV2HTV5J8jIDFer_agi0RgNxbbnBlfmsFiCAHiIw6h3510dDhqQbcSAb59Yk32H5XWniIV_UEAzxVrWvaqKUMx8nwmlleNSrYUaeQb5PKeGTe1CuBLnwD7y9w5NpAqaauOwrnCB1oxRX4TYafYJw708jVI2aD5r8Qj-VQEun4sehvlytCKSuejNN3O4jULTtwDARyLUhGHlXMdKaVGsSIBSlVkpdbIttbdVp27QAChdbMsGPRVZKNdJH7AEqvbJbadWtc8AEQGRVXYsOsg&cid=CAQSTABygQiDbbxzMUVnTGrMTZmSyBmuIzPqBKuQxShYlndOu8CSMgGeJ9rkryuKxm4A8Qm_uWESyKAb4fukkGpnybkUt-QhSVwzBIm0w0YYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.metropoles.com%2F&ds=l&xdt=1&iif=1&cor=6075511303309777000&adk=3047537735&idt=167&cac=0&dtd=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 15:48:09 GMT
content-encoding
br
x-content-type-options
nosniff
age
2825
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4172
x-xss-protection
0
server
cafe
etag
5499578052516643378
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 29 Jun 2023 15:48:09 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20230613/r20110914/ Frame A085 		29 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20230613/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Ah0cA0DiTdygNugLKzLphkw7O9LxiImBdlgEENQCpHxQBz3OXUaPwc2MzR5hCoYRpS4XYxOBNYjMnyynFA3qFG7O959CJRrSU9yYkca9fX2Po-6ri5J_rglNbi6LL0sAuQnDGoF_S-3qpjlhqrqEqR9YZoQ-M1WX1W74w41NpmeLbINkI&dbm_d=AKAmf-Bqej2d87McplapTQi5ts0buU70789zzdKYbtzvFET8OY6jhgkXLyrjOVh5J0jaOah7tI1vbLCNownvyx-mKIMmSsZWrryqspidRcWhubxqQHv6ulVPGIwAAFtzYjvILOJPpS1xWzbKaWa_Bc01kHCoiDasc-Pk3WXL81nZGzjwIVAi51ODVUbjfU8b2ap-8FdPk6pZUSBV2HiPfs2K-r9txfsRwIep6e6URkzAY9m2s7f37havBQRNRSwWrwhhlOyZ0hlpV_mymYdmhDZwcZP2_c3pl-50q_gRjOVAX51Nh8mDYap33dBdiyLM6wT8a1G4Fi_HnIIDLWoQvyic6MbHSL2ipi3KjgKbiZ_CUKA6bA--cwmHCcCMrpOV_xAYf5bUwXmEiowYiEGPj9gOY01de4GtaoFSZg6fghvDGlhBnEennSB16sajqpibT5F3u-H1ZJOCarGnQUZ5njGJBZe9O7WiLufRvpP018-qaB_PSyvYi0cAJzWsFPEyi8JX3VERog5HNo93LiNC7OxgFJ9A8QPM2Z9Jfp-HL5ZZyqoT5SiQRawTipKG8hH0WOWJfut8CmSURI6dnTitHVNLFBeOUhT_kKspvfAjdwhoTC_ew__jQ5Kq32uQXZT486sy6fIMht-2AkD2iBoPDn6CtvnVM0AXtRjbA3rvyTdqQa25Ik-qUXCnPHByP-Rey31SRI1_FLfeHSWFSXPgqK7Sy95ZfT-HJxL9UgNjkNLCzbXRof4s8EYgCwYLi31VawhKvaeWE67dXEQkF7Msp8BJT7PFzLVc03PKGppYYaksJaLqqWQvJ6Z6uyf7tGjDNcauoG1VyGyTk9JCk1LkkS9qyZ1Nn1PwvyADibesBG4b4syzAkbKoqgYXNHV2-xXrpGb2P_Vp1bOmIPbFF3KNlgEffRU8-4LcSmCRlDtQxE02FzEXKSfWXN6PfAJxsBq337yLl7B7dkO8lBiWe616JcsFNzhQ_12qGgnxW2LgMkhJ2_SY4a-wjzt68vwtr43-ta13IILnUmIhDkGhxWKwZa5gFj6U-mRF21x6mfSfIZn64agGx2gOzdgUJKfvo1lnJO02bZDIAetKDapFHzuoljQBzC-StnpEK4UOV-NYssm1hRSbs-ojZG31XYEi-0BdnWy5oWpr6bxCKscz4lh8NdYWRVNL4kfeRIrhWCvI2zyHyk64R3ogBpJ-cjxqRQeXegy5ixg3N1lBvZ0-O779jZQ2jOIKLJ1MbGYVTYHAjP4GlOKI7VDIUgUbFvvkKrBRfAOCqRuNbDmqERwSBYgFwwwDLTtEKy_0F5sn9fIBsaTmB4SR0F4GK-G5hgyd5NoNTut3v_Soucx_p4vTv9FoWVsDmt4Lcr1KpIGGcxQagjuaeeyl4KzmnLVtByIZ5Kel_-XogZZPvou-_BkljcO-HcVKXjbkin2bLapVeqMEiuaKH1RES1tudTqqll5HlY9f4vWegD3C9eiuk6gdSM1YT4k3r1t2mXGWn-9z2U538_leq7Ubv3wdYMHpIWCWfi40pHcRXgActND1fxDOFuTDl-rWAHYF8PQHSmxLE--1H5qdVcU6whJmutqct1JJ9isqj-psbLFf3PfEgE4Kv33iC8Zm5iZiC8MO2ySay-KozVFt5wHsf9dAIUA7TaXAvNx9so8VSuHvgRt_NmWTRLBRY_oevakZ6JE_ZYPtddpPpawcZPh3Zlzz3UgEQykp3ft5J_fBcga4Hm0qz0N2g8L6kwQPF5v6xElhDmOU83iR272yl99TS2NVu-0tLNtg-iJXVEbvTuXGAIdUD-Cm-yYKpRtQF8-jzaDlqw3Septf1J5A-x6yd1f5O3I_26SxZ02_T1wRQHjW5ivG1gI89FXKWCdASR8onymd0txs0UhuleZgkg8jQef-DVgDbL902IsCABnf8EzV4ZITQnlxE6RZGh-dwQdDzMnOWG6Ajnl0_jrDJMtM7IHpWo8GZmZpgFnBSSg6UtTMU3iQm3mDdH496vfI7V8NkwsYAIlWJv0LV26mJL2mA-22mmmqZxDgi7kx-oR66ITWKBbQyD0n6RKywK1kIZLj2EMcpOcrLMMIaopNTWG8Y4FlneeEjnG8f_5vpRwAale40V0kA2ZuNxcW-4LmW1MNfGXH8O8pZ2GNA_n0kGnpr38IYp241MZhj_adtXxM1j1FdPh-j_9lGWkXVLJcgz0DSeLvhHC4fyo98qiN4j92DsU0AZEWrVeC8zkKN3KtIZwOvEIcR3JkrQJrIAjvh9vD2cEUH0omcmxokBbOvVMeaFU8sDRVWudtEi4As3hJaacoh_U5S1HqmLRCi5k9vDrlFY_hEzUDazxztURqXrs4j_5UJA2SS9DAur-lfBZpSVJeaJsDbWf8sj_3ydTv2s16CmMAw1nqEL1s2tdEHaOmYM1o6hvMMqu047NupoF3b6CHFh__0x1EvhGDwAFvjBBfUJ8yrE9sqOxY7hkcxG3Uo-DFFrmcv2H5MvsXyyWd8ofdGz6MjB7uXB0lauk7Pr0dEORztiLFuRKRtcItFT4VsG70Hicg_KYu9S_a1i7AyRRfMeeFrh1x2YmmXYeI1arPCX7tg5e7iPmpfg2QZALPnTTF_U8VI6DwAAi-RklIv_poLdbd_mboVQfoLzbliNgnnyKNlkhMlnfLCsrFkviV4hBgDOhUFrO2qFmRiDvLvXJmVkFx0cDPH3XIolS2ne0KgS825TjDcbvWBBL-SOBwked8KDHV4oY_TPAzmTFEqwxl7_po2tK8Y5nUuLhzCclu6Zp_TcZpKoiaAdBqTBMtf8hhi-fwc8fYGtwRbB1QcrXTHYIedekYj6X_MpPmSxnwj_J-vLxFSkFHSTp5T_bsl0d4jTHks22dAbOM52gy2RtdRnYxsfO6sh7PIr8ab16qKmtFyEMYbp-ARexMQ3KfFYTAE1-JT0rYaCAvSMbOSetBid5ycSVicTTD9RHxM205qJpCgoxspAhBZgV9iRYERMQ35LYL2mDLZHe8rmeezAO9VG90yX9KlgjkEDX5hmBUYgaDBYMBZHFjtnYLfQvOawgzR6J9e4ceQskNMg3vrPWmnilfcZvIaWsS3Vw9NBug49dG_NH2XvbcTy1cIlPiiWJqSGmuXqRAB8IEZS80pbRYJEwGUVZSjWyF5woKJrTdruFedfj_yx0EiwaUhxS-bFrHfrpu-sxJEMPk97f1XeVtoJ6JOq9told490QM5xm5NydEOb2G0mNKCxuKY9kQPXvJZFUZ0pRaCEkd-rZIJbZaRbtgbvMb4VeAysO1l7-vIV63mEhKdSoYTSs6JePWalzURBbQNKgR7a_P4igaTYCdQLhFXb5lHI9cNagltIG_feDO5r9ltKsfwJdIR7fdmNsYyKQBtGiAtwuVWf6fnGkJJiaqHL8L5JsGkTj0z6_6Xx6UMWwDO7dP56GdnuGgvIjGuCEs0bYu5-toFWamAgzKAo_NiM8r7R7FrPtNluBMXvC08bm4h9H2MYxPg63Fuf9CF29ikfftbdOFufG5EqCiUi8Ld2b1jUhZWJZ5iGYZuzdsqevvgJ1QFgEQ-2gQAsawn5azrpS9I5dMZIs8umkO1MI2XvTaV2HTV5J8jIDFer_agi0RgNxbbnBlfmsFiCAHiIw6h3510dDhqQbcSAb59Yk32H5XWniIV_UEAzxVrWvaqKUMx8nwmlleNSrYUaeQb5PKeGTe1CuBLnwD7y9w5NpAqaauOwrnCB1oxRX4TYafYJw708jVI2aD5r8Qj-VQEun4sehvlytCKSuejNN3O4jULTtwDARyLUhGHlXMdKaVGsSIBSlVkpdbIttbdVp27QAChdbMsGPRVZKNdJH7AEqvbJbadWtc8AEQGRVXYsOsg&cid=CAQSTABygQiDbbxzMUVnTGrMTZmSyBmuIzPqBKuQxShYlndOu8CSMgGeJ9rkryuKxm4A8Qm_uWESyKAb4fukkGpnybkUt-QhSVwzBIm0w0YYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.metropoles.com%2F&ds=l&xdt=1&iif=1&cor=6075511303309777000&adk=3047537735&idt=167&cac=0&dtd=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bb86be0538b5ef8bb7fabe6cfdcc28f99687242fbecab81a9a2a72d92931594a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 15:48:09 GMT
content-encoding
br
x-content-type-options
nosniff
age
2825
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11316
x-xss-protection
0
server
cafe
etag
309758756414748794
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 29 Jun 2023 15:48:09 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame A085 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Tue, 13 Jun 2023 07:39:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
204941
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 12 Jun 2024 07:39:33 GMT
container.html
e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame EBF4 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075333
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.metropoles.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 15 Jun 2023 16:35:13 GMT
expires
Fri, 14 Jun 2024 16:35:13 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
container.html
e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 644D 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306130101/pubads_impl.js?cb=31075333
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.metropoles.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 15 Jun 2023 16:35:13 GMT
expires
Fri, 14 Jun 2024 16:35:13 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
skeleton.js
fw.adsafeprotected.com/rjss/st/1431402/70901273/ Frame E2DB 		244 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fw.adsafeprotected.com/rjss/st/1431402/70901273/skeleton.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1011798148&ias_pubId=pub-8446138991821025&ias_chanId=1&ias_placementId=20014135090&bidurl=https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0j0VX9fhC8qj7k8Pfr-WKX1
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.220.86.224 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-220-86-224.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
16d0125609b487f368acb8eabb57a57c16e804246ff81f8a93a4838f6683757b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
vary
accept-encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
fw.adsafeprotected.com
cache-control
no-cache
access-control-allow-credentials
true
expires
Wed, 31 Dec 1969 23:59:59 GMT
express_html_inpage_rendering_lib_200_278.js
s0.2mdn.net/879366/ Frame E2DB 		111 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
Origin
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 10:17:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
22688
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39806
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 18:44:05 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 16 Jun 2023 10:17:06 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20230613/r20110914/elements/html/ Frame E2DB 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20230613/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B0DRQvC4wyN8ZZFeOQa2ZBO0dgybaVwxk-DxzPt0l-fWfnvMtxmlOgUOtOSzk6808GFGUjH1LIelwC0ds3tbudxq8FJd6fmedyiEnilh-IFv0cbXmdBGx3J95-0IUqoSwNNpmCSownlHgxHsW8C5pT3fhHMEMRJj6D2iZYYUc0YPb_z6g&dbm_d=AKAmf-A2Ok-shL-soqXQOLfOaJYvRqh8EEr4HNpi5dmIpf005K7nF5wrSyqy09XwzxLtOmLPtgJ_Q-mAJSLZA7R9ZzAqwgwTz7eO-5IKa1KX1u6XF77Osaflmu3r1m1SbHlHgS5l0gR415iphA0pbUvitHKJAJ4jOrzJwtpoltI1d73y-ocyA0YMFTVZsptlCldokk0ZWjOnwJV10dnnVymf7afaWbXQRB3VB7OUgElckbiyNiaEuDzLHj84kmfs0pjnVB1dhWRxTVyYPtVD7rQnNkdl7hFHzSKAzQyocazsrF5CqvV93e86QQK5Vw5w7TaWlm6KQZvRkVMi7X4OHqfVLEzmMdqrngSoJGWyO8yFuHrzUVkzn3zWrVpqAtgmUe34YzcSu6mFteOvWnD6kCQ1XvRzcwNopCgj9yd5Q2dmgbmhrhHM9rtKgwpFjbPUALoKQPXeiuKbtemrJ89UvJ6UMFvz7bMH5UNq46TZTkzwc1j1dwoeT0gBuJpUTwIWaAn4plAiosA8SvIfshz5nuytZ18-MEua38ElBYlMRoGoecRtGxrMpqQUv5jrRvuksdBIpEia6Gr-CTSOkxaMPIsG5JbrECoaq0rdDl3Zk9oor65DdQ2DRZjW8iC8CCau_wxmwDupH4mCMWpYbn_nP0KhYoM-1RXlaNEsoRE2LOVW33KxUNk6faInAAlASHeZfDFoiaMoWHvT5nRcssiq9AtP6Zuz1V_WwLy1MTMK-BJ8jd36QuJWyKuQZHmOlQ52OrE3EGVlz0f85G4MEVRw44f0RQ0bTPZ8cbmkq6l7XTYojxP5y-nVPFFKXtwPXzmTualQNk59m1xd8Ijzz-snZivGdohSoKGKIePzWrqDXbYik--VfBGet8YDcEkn7j6guYmklPOKhoyahNOX0aqjOyT4jjdSeHNrczSJmOGCkWARSxmK4YLzKTejD5lePfpHa5oEN2UmTTwihlipkCxu5wfygtw8VMX1LgM9cOccjPrDznwwH4_rHfN7zckSXwf1MbDye3lUrTTk5dN6hYDjvtoyjU8QiMp96802tDaHXOv2kZirE8PWWJchQ95LoxuvNLtuC4l1VtXvO-g96-78xWuAfZAlc5ZomeqWMRPtHsaFv2gWbBhFRhNeVwP64xX32EtzNwZU3kDibZ3NaiRnR8r-9Y0M5t_Xrq3mldrEXAV1gc21qisbyUyCPTFddD_TbtlwR3k1F8xdvZU2zw7fJW477JLyeOW5MttSrMfpk1GFVhHwBRSTG9t8WN6o8PhCB4DBsIw9mPASBVgpTyfaSO5omiPHshaXHaamiCX9aJymy26UDzOwM69WdBpwY-XGk_RsV1rFPVeao6FzcSK-mPjNMvZJd9_YFdd6dTsTdSU8E3Ri3NyFY5m65FFJnKBhkYznaK9uWVzL9xNE1OMw_tPlC2Eh66svFwv8Amvbfs8I2lcsv-kQhrzUD2-u1y1C0R-AKX2WSvFlFElJ6gdQ-Q1ls34mJfc6ZauYRHA_NOv5QCjRGOm5jGBas6dak-UuurDtTp0tbdWncPtlYKf2soOylsokssRWKXeZxvcSq2a-K-Zn_81Piw9MfO2WseQDfgUB3aHQU7B0c2KxF5LIzlTGZtIuRtOqUHKjrXsMFfjppOhG6BXA3ZJvLd9kQlNOR3uo8bD6oOkty-60eZfqW08y1prytxLte1xKCeBiz2GhygBIwwzkj2QH6KBd6DZocvG8sAn0uaBXTT9C0cvaM7aAC87bKw8z40aayYRW5B-yng39QWvbX6NrNFdZOU0GoAVhk6qHcS61h5yuYFNuhvO0V12jv5qB2CS6hl4c7wXAYn1FyONRJGFwFylMx1r_ADCezL2shlaYnRqre1fWRxg3-Tt22Uedss_bPH9xHylo2k7jDBPdDAQQFDBs8Pj1QWNEQ0AWBfRPw9nq0oj5r2EvqSnXuBsUmJI2l5GKlZtbhKIW-XhiCD2GdbdPnjuQKVRZ80e6jl0ayiZrWvPSjQ8nfNvvmF0YyHlK4JSXowveNU9EHQSSFQP-Z9pkf9NYfV6NAyY8bG_-32eagdCbs5z-u-4A60zIANazL85T7g0Ulg1HvknClTQ_VzbZs4Wun-QGdHMaI4lCh_BYutwyx4gDu9C5eHVorjnLTOKEkEe9dD6AUiRriJikPbUukjUQZtrb2TZCnHOwqN-vKpnWVzpIZd7_u3xXWQ67c0ZORFq4e9WxsMbTDXIOdKXNmpMK89S4YHqFrK_-Gt4PwZDhV8C79z62_qE3nSeaH55xnNX1NZgLydZ_-ICmJXbo3OqX_x2ogoqOMqWf4eVR5S4-VIM5rMuw-U7H4lKPYL2am2xSKxJPiwjVc7fz31UeP_MUfdDiYKGTx_grzyjdNUFAfEviLIUdVu4kti0LrNGM2vp5qhZY-8i7yWVwtTa-JRFderKRU4aM9Pizdh5eU9hSfSkNs7xLZS2_Od9Iv1O5AA3zUZPu1As_4YOZ2qy4wiJA66TqXFDyoPq-YZM0ZSNHEtEqR9v2weFo9PQ-Mchh4Non7nMkXkSr9HwuwuQVAdozl5zoFYu-4z5hkY7rW6kiGoToH82icDBx7LHgPsrBx26oZPuCQq5L2FoF02fIxhlzBX-qUKAKZ8Q-H6VewYv0ETPmexfCEimu4eSreij97dr9DRc6NFp-0dbkEc4fY4KQIU3RFUBDTI9TiWCs9eHqn5coHJ1P_szJStpITbYEYk0NgQvJh4O8nzUyEjqvuTjhcOMf2gpOQfRi87jDnqaBee567z--ikFRGp-Wu27vJOtJYYw0T-BjUVRzgZlcPYWNwU3cxDkmZ8a-FWWl1_jgt9IS8GJhU-IOEv_8NgnANkt0fJzqJhSl1O2oHhmAqqEV2uuYEHf5mD7B2oKziPh_PYe4UO7kw_G353vtCGTXFfbvcyUZTFCXvtfuuhlhBQAQJESBEoTVtQGlNNOVePoZ4nZSW75oCwQncaP0mSLD8tto2FhNSXTZZ1j7zqFnNZjHgLDOSsnasQqul92iJHVpwcnyFRIj-dmGjxpK7KDW9PWvJWes48HiFtRDQTUyQq7EwHpxLbhAH6w1pyoSjjs4fgib5JqoWOlyfHlzAtZczgJWsqC5xRFcq2SPcUsiHheuobuOLXwa_mLtJojj4SAATpG64UnqiAAa8fu_CmtM6VauSENYx4OMKC9ZD18eZBwghPnPUUxkVodBmoHN01zm0JMDY58YzKB1GlzxAESa5aJU5XXfBT3oJTLFZSiOYUP-gJRglcfRK56FpbZoZQRky-tJvmX01U9JEonMWpDXSbZxAqn7mnnViht-6r0RaT-B4cc4vXDnuEMtP4SlQXEg4kxb-FPJiu2uxsTtUg8EL_FnM8Fj40oNS_TDlqMrlMNobUl8Z3xpmKRPsQIQTeuOrW6LmhyWP1NkeqhZwlZuHeVsTKb8DES5rLH20etcIva93xpqcFtp5JJaneKZ45PwWqON5H6qyWCypQZCpROmqNrrgmOTBR8_8TsMB-TGihFfct1vhCzameZitV6kO2wHFeDucXfe2mOuXShpjAtD1SYDfru_tlNCkMpmo7CVnWDwHBw-avnr51DIKx59JC7DqbPJt6RTNlgFUvC3qWQOXfII5Y7c_h5uMJJj5J2fkABz3K92dSMvgzd3Am17_iWy5_OC1OUXiJGehl_ol_d8hHM4jJeXJMvkhQkpMuMZSKQCgNKzyegaWJDXtlMUM4TlqXLh50MZcoaKa9JQV-IjWgnUflaHdL5gRAFj81KH40rrnFjE8TcVgRtSOON9Z50Yd_gv4DArqzF-rpEGQSFYn0yIZXahafWBSLa4W4S1_1fCYubBokzeuZS2iFdbZx0Pai9hE-7olqkBiQ&cid=CAQSTABygQiDbbxzMUVnTGrMTZmSyBmuIzPqBKuQxShYlndOu8CSMgGeJ9rkryuKxm4A8Qm_uWESyKAb4fukkGpnybkUt-QhSVwzBIm0w0YYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.metropoles.com%2F&ds=l&xdt=1&iif=1&cor=8605657849199250000&adk=2086295851&idt=202&cac=0&dtd=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 15:48:09 GMT
content-encoding
br
x-content-type-options
nosniff
age
2825
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4172
x-xss-protection
0
server
cafe
etag
5499578052516643378
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 29 Jun 2023 15:48:09 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20230613/r20110914/ Frame E2DB 		29 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20230613/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B0DRQvC4wyN8ZZFeOQa2ZBO0dgybaVwxk-DxzPt0l-fWfnvMtxmlOgUOtOSzk6808GFGUjH1LIelwC0ds3tbudxq8FJd6fmedyiEnilh-IFv0cbXmdBGx3J95-0IUqoSwNNpmCSownlHgxHsW8C5pT3fhHMEMRJj6D2iZYYUc0YPb_z6g&dbm_d=AKAmf-A2Ok-shL-soqXQOLfOaJYvRqh8EEr4HNpi5dmIpf005K7nF5wrSyqy09XwzxLtOmLPtgJ_Q-mAJSLZA7R9ZzAqwgwTz7eO-5IKa1KX1u6XF77Osaflmu3r1m1SbHlHgS5l0gR415iphA0pbUvitHKJAJ4jOrzJwtpoltI1d73y-ocyA0YMFTVZsptlCldokk0ZWjOnwJV10dnnVymf7afaWbXQRB3VB7OUgElckbiyNiaEuDzLHj84kmfs0pjnVB1dhWRxTVyYPtVD7rQnNkdl7hFHzSKAzQyocazsrF5CqvV93e86QQK5Vw5w7TaWlm6KQZvRkVMi7X4OHqfVLEzmMdqrngSoJGWyO8yFuHrzUVkzn3zWrVpqAtgmUe34YzcSu6mFteOvWnD6kCQ1XvRzcwNopCgj9yd5Q2dmgbmhrhHM9rtKgwpFjbPUALoKQPXeiuKbtemrJ89UvJ6UMFvz7bMH5UNq46TZTkzwc1j1dwoeT0gBuJpUTwIWaAn4plAiosA8SvIfshz5nuytZ18-MEua38ElBYlMRoGoecRtGxrMpqQUv5jrRvuksdBIpEia6Gr-CTSOkxaMPIsG5JbrECoaq0rdDl3Zk9oor65DdQ2DRZjW8iC8CCau_wxmwDupH4mCMWpYbn_nP0KhYoM-1RXlaNEsoRE2LOVW33KxUNk6faInAAlASHeZfDFoiaMoWHvT5nRcssiq9AtP6Zuz1V_WwLy1MTMK-BJ8jd36QuJWyKuQZHmOlQ52OrE3EGVlz0f85G4MEVRw44f0RQ0bTPZ8cbmkq6l7XTYojxP5y-nVPFFKXtwPXzmTualQNk59m1xd8Ijzz-snZivGdohSoKGKIePzWrqDXbYik--VfBGet8YDcEkn7j6guYmklPOKhoyahNOX0aqjOyT4jjdSeHNrczSJmOGCkWARSxmK4YLzKTejD5lePfpHa5oEN2UmTTwihlipkCxu5wfygtw8VMX1LgM9cOccjPrDznwwH4_rHfN7zckSXwf1MbDye3lUrTTk5dN6hYDjvtoyjU8QiMp96802tDaHXOv2kZirE8PWWJchQ95LoxuvNLtuC4l1VtXvO-g96-78xWuAfZAlc5ZomeqWMRPtHsaFv2gWbBhFRhNeVwP64xX32EtzNwZU3kDibZ3NaiRnR8r-9Y0M5t_Xrq3mldrEXAV1gc21qisbyUyCPTFddD_TbtlwR3k1F8xdvZU2zw7fJW477JLyeOW5MttSrMfpk1GFVhHwBRSTG9t8WN6o8PhCB4DBsIw9mPASBVgpTyfaSO5omiPHshaXHaamiCX9aJymy26UDzOwM69WdBpwY-XGk_RsV1rFPVeao6FzcSK-mPjNMvZJd9_YFdd6dTsTdSU8E3Ri3NyFY5m65FFJnKBhkYznaK9uWVzL9xNE1OMw_tPlC2Eh66svFwv8Amvbfs8I2lcsv-kQhrzUD2-u1y1C0R-AKX2WSvFlFElJ6gdQ-Q1ls34mJfc6ZauYRHA_NOv5QCjRGOm5jGBas6dak-UuurDtTp0tbdWncPtlYKf2soOylsokssRWKXeZxvcSq2a-K-Zn_81Piw9MfO2WseQDfgUB3aHQU7B0c2KxF5LIzlTGZtIuRtOqUHKjrXsMFfjppOhG6BXA3ZJvLd9kQlNOR3uo8bD6oOkty-60eZfqW08y1prytxLte1xKCeBiz2GhygBIwwzkj2QH6KBd6DZocvG8sAn0uaBXTT9C0cvaM7aAC87bKw8z40aayYRW5B-yng39QWvbX6NrNFdZOU0GoAVhk6qHcS61h5yuYFNuhvO0V12jv5qB2CS6hl4c7wXAYn1FyONRJGFwFylMx1r_ADCezL2shlaYnRqre1fWRxg3-Tt22Uedss_bPH9xHylo2k7jDBPdDAQQFDBs8Pj1QWNEQ0AWBfRPw9nq0oj5r2EvqSnXuBsUmJI2l5GKlZtbhKIW-XhiCD2GdbdPnjuQKVRZ80e6jl0ayiZrWvPSjQ8nfNvvmF0YyHlK4JSXowveNU9EHQSSFQP-Z9pkf9NYfV6NAyY8bG_-32eagdCbs5z-u-4A60zIANazL85T7g0Ulg1HvknClTQ_VzbZs4Wun-QGdHMaI4lCh_BYutwyx4gDu9C5eHVorjnLTOKEkEe9dD6AUiRriJikPbUukjUQZtrb2TZCnHOwqN-vKpnWVzpIZd7_u3xXWQ67c0ZORFq4e9WxsMbTDXIOdKXNmpMK89S4YHqFrK_-Gt4PwZDhV8C79z62_qE3nSeaH55xnNX1NZgLydZ_-ICmJXbo3OqX_x2ogoqOMqWf4eVR5S4-VIM5rMuw-U7H4lKPYL2am2xSKxJPiwjVc7fz31UeP_MUfdDiYKGTx_grzyjdNUFAfEviLIUdVu4kti0LrNGM2vp5qhZY-8i7yWVwtTa-JRFderKRU4aM9Pizdh5eU9hSfSkNs7xLZS2_Od9Iv1O5AA3zUZPu1As_4YOZ2qy4wiJA66TqXFDyoPq-YZM0ZSNHEtEqR9v2weFo9PQ-Mchh4Non7nMkXkSr9HwuwuQVAdozl5zoFYu-4z5hkY7rW6kiGoToH82icDBx7LHgPsrBx26oZPuCQq5L2FoF02fIxhlzBX-qUKAKZ8Q-H6VewYv0ETPmexfCEimu4eSreij97dr9DRc6NFp-0dbkEc4fY4KQIU3RFUBDTI9TiWCs9eHqn5coHJ1P_szJStpITbYEYk0NgQvJh4O8nzUyEjqvuTjhcOMf2gpOQfRi87jDnqaBee567z--ikFRGp-Wu27vJOtJYYw0T-BjUVRzgZlcPYWNwU3cxDkmZ8a-FWWl1_jgt9IS8GJhU-IOEv_8NgnANkt0fJzqJhSl1O2oHhmAqqEV2uuYEHf5mD7B2oKziPh_PYe4UO7kw_G353vtCGTXFfbvcyUZTFCXvtfuuhlhBQAQJESBEoTVtQGlNNOVePoZ4nZSW75oCwQncaP0mSLD8tto2FhNSXTZZ1j7zqFnNZjHgLDOSsnasQqul92iJHVpwcnyFRIj-dmGjxpK7KDW9PWvJWes48HiFtRDQTUyQq7EwHpxLbhAH6w1pyoSjjs4fgib5JqoWOlyfHlzAtZczgJWsqC5xRFcq2SPcUsiHheuobuOLXwa_mLtJojj4SAATpG64UnqiAAa8fu_CmtM6VauSENYx4OMKC9ZD18eZBwghPnPUUxkVodBmoHN01zm0JMDY58YzKB1GlzxAESa5aJU5XXfBT3oJTLFZSiOYUP-gJRglcfRK56FpbZoZQRky-tJvmX01U9JEonMWpDXSbZxAqn7mnnViht-6r0RaT-B4cc4vXDnuEMtP4SlQXEg4kxb-FPJiu2uxsTtUg8EL_FnM8Fj40oNS_TDlqMrlMNobUl8Z3xpmKRPsQIQTeuOrW6LmhyWP1NkeqhZwlZuHeVsTKb8DES5rLH20etcIva93xpqcFtp5JJaneKZ45PwWqON5H6qyWCypQZCpROmqNrrgmOTBR8_8TsMB-TGihFfct1vhCzameZitV6kO2wHFeDucXfe2mOuXShpjAtD1SYDfru_tlNCkMpmo7CVnWDwHBw-avnr51DIKx59JC7DqbPJt6RTNlgFUvC3qWQOXfII5Y7c_h5uMJJj5J2fkABz3K92dSMvgzd3Am17_iWy5_OC1OUXiJGehl_ol_d8hHM4jJeXJMvkhQkpMuMZSKQCgNKzyegaWJDXtlMUM4TlqXLh50MZcoaKa9JQV-IjWgnUflaHdL5gRAFj81KH40rrnFjE8TcVgRtSOON9Z50Yd_gv4DArqzF-rpEGQSFYn0yIZXahafWBSLa4W4S1_1fCYubBokzeuZS2iFdbZx0Pai9hE-7olqkBiQ&cid=CAQSTABygQiDbbxzMUVnTGrMTZmSyBmuIzPqBKuQxShYlndOu8CSMgGeJ9rkryuKxm4A8Qm_uWESyKAb4fukkGpnybkUt-QhSVwzBIm0w0YYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.metropoles.com%2F&ds=l&xdt=1&iif=1&cor=8605657849199250000&adk=2086295851&idt=202&cac=0&dtd=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bb86be0538b5ef8bb7fabe6cfdcc28f99687242fbecab81a9a2a72d92931594a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 15:48:09 GMT
content-encoding
br
x-content-type-options
nosniff
age
2825
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11316
x-xss-protection
0
server
cafe
etag
309758756414748794
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 29 Jun 2023 15:48:09 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame E2DB 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Tue, 13 Jun 2023 07:39:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
204941
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 12 Jun 2024 07:39:33 GMT
truncated
/ Frame B230 		210 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c3daf690f8f7fbcf0fcdd103728f61057a271ed626125d39bc660826d6098610

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/png
ws-ad.js
wfpscripts.webspectator.com/ Frame 6076 		21 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wfpscripts.webspectator.com/ws-ad.js
Requested by
Host: webservices.webspectator.com
URL: https://webservices.webspectator.com/adunitMapping?appId=2779&eaup=/123935210/distrito-federal-na-mira-quadrado-sidebar-1&eolid=null&eci=null&ct=%7B%22refresh%22%3A%5B%22true%22%5D%2C%22refreshed_slot%22%3A%5B%22false%22%5D%7D&w=300&h=600&wsRotSlot=&isda=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.252.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-1-252-251.compute-1.amazonaws.com
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
9d02c3facc410ee6a9dceade80ce0bc710f6037df881453124d3f5c83a6241b5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
last-modified
Tue, 12 Feb 2019 15:34:42 GMT
server
nginx/1.10.3 (Ubuntu)
etag
"5134affc2f01c20ef17e399c5c7cbfbd"
x-cache-status
HIT
content-type
application/javascript
cache-control
max-age=300
content-length
8492
truncated
/ Frame A085 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5cb2b8c9d3d1f0ea5ea89a7efff00939ea6d7e1bd762938860a71e7fcfe44655

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame E2DB 		217 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6e8ae2d259885f3716ff911ea67ffeff1fe44ac9edd11fef10102a80ac3c6acc

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/png
89a778f7d99520834aa3ac0f2044dbd5.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_115%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_115%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/89a778f7d99520834aa3ac0f2044dbd5.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4258ad18317693d124219a6a32d46532fe142897b2e34e3a936ab549aed07092

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-vcl-time-ms
2
date
Thu, 15 Jun 2023 16:35:14 GMT
via
1.1 varnish, 1.1 varnish
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_115%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/89a778f7d99520834aa3ac0f2044dbd5.jpg
age
1270163
edge-cache-tag
555595709626915174871002370834671236692,469003076724496694020487778216065093704,29ecf9b93bbf306179626feeda1fab70
cache-tag
555595709626915174871002370834671236692,469003076724496694020487778216065093704,29ecf9b93bbf306179626feeda1fab70
status
200 OK
x-cache
MISS, MISS, HIT, HIT, HIT
x-envoy-upstream-service-time
119
req-referer
https://www.express.co.uk/
content-length
4148
x-request-id
6d457667faacab67bcc71d7daa09197c
x-backend-name
CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
x-served-by
cache-iad-kiad7000052-IAD, cache-iad-kjyo7100090-IAD, cache-lga21947-LGA, cache-iad-kjyo7100167-IAD, cache-fra-eddf8230082-FRA
last-modified
Fri, 26 May 2023 07:19:16 GMT
server
nginx
x-timer
S1686846915.758029,VS0,VE2
etag
"0378415e43289c636cb9628763c53f2f"
x-ratelimit-remaining
100
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 0, 1, 18, 1
abtests
am-trc-events.taboola.com/metropolesdf/log/3/ 		0
231 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://am-trc-events.taboola.com/metropolesdf/log/3/abtests?route=AM:AM:V&tvi2=-2&lti=em-in-body-26_var&ri=1b24adac80a67aac2391a931784fb72e&sd=v2_c2f08179341cf5539d8ab5f001d97a1f_1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341_1686846913_1686846914_CO75kxMQh6dLGPr0pP-LMSABKAEwODib4wlAiIoQSKW02QNQ____________AVgAYABosrWxmb6uzo3eAXAA&ui=1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341&pi=/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&wi=2673322812514299382&pt=text&vi=1686846913146&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22recommendation-reel%22%2C%22type%22%3A%22available%22%2C%22eventTime%22%3A1686846914759%7D&tim=16%3A35%3A14.759&id=320&llvl=2&cv=20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79&
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
9a3f7f12-f8f3-4406-8b72-a91888383479__zCsqMAvR.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_212%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/IMAGE_UPSCALER/EIU/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_212%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/IMAGE_UPSCALER/EIU/9a3f7f12-f8f3-4406-8b72-a91888383479__zCsqMAvR.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4c04ff99189209514286a2e26df9220442e9fee858edb7942d6e8d0733e71b5b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Thu, 15 Jun 2023 16:35:14 GMT
via
1.1 varnish, 1.1 varnish
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_212%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/IMAGE_UPSCALER/EIU/9a3f7f12-f8f3-4406-8b72-a91888383479__zCsqMAvR.jpg
age
2060959
edge-cache-tag
442226109216355184168105121031994953189,309727233042263395173288000816347086757,29ecf9b93bbf306179626feeda1fab70
cache-tag
442226109216355184168105121031994953189,309727233042263395173288000816347086757,29ecf9b93bbf306179626feeda1fab70
status
200 OK
x-cache
MISS, MISS, MISS, HIT, HIT
x-envoy-upstream-service-time
424
req-referer
https://www.4players.de/
content-length
12180
x-request-id
64f3c6f21492554ba2d5d4f5ac4013ac
x-backend-name
LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
x-served-by
cache-iad-kjyo7100165-IAD, cache-iad-kiad7000148-IAD, cache-lax10652-LGB, cache-iad-kjyo7100135-IAD, cache-fra-eddf8230082-FRA
last-modified
Mon, 22 May 2023 19:26:36 GMT
server
nginx
x-timer
S1686846915.791107,VS0,VE0
etag
"9fadc74d771d39cd93449595ccb1de96"
x-ratelimit-remaining
100
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 0, 0, 57, 48
6f53a38d25f0ea772db614fb941519e4.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_212%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 		30 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_212%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/6f53a38d25f0ea772db614fb941519e4.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ec2331a778dbfefbcad2b0545c6b23347b21054f036c96b376df8b52573dc124

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Thu, 15 Jun 2023 16:35:14 GMT
via
1.1 varnish, 1.1 varnish
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_212%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/6f53a38d25f0ea772db614fb941519e4.jpg
age
3236988
edge-cache-tag
379226829563982640636830187610323967922,309727233042263395173288000816347086757,29ecf9b93bbf306179626feeda1fab70
cache-tag
379226829563982640636830187610323967922,309727233042263395173288000816347086757,29ecf9b93bbf306179626feeda1fab70
status
200 OK
x-cache
HIT, MISS, HIT, HIT, HIT
x-envoy-upstream-service-time
172
req-referer
https://www.krone.at/
content-length
30910
x-request-id
ed6556386b549b965840e0fbe649b7b1
x-backend-name
LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
x-served-by
cache-iad-kjyo7100156-IAD, cache-iad-kiad7000113-IAD, cache-lax10624-LGB, cache-iad-kiad7000071-IAD, cache-fra-eddf8230082-FRA
last-modified
Sat, 22 Apr 2023 11:25:22 GMT
server
nginx
x-timer
S1686846915.791179,VS0,VE0
etag
"c3ce4d0aec7bde70f10c0ba049582309"
x-ratelimit-remaining
100
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1, 0, 1, 1697, 1538
0f9780008909d905ba620957d6941c40.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_212%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_212%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0f9780008909d905ba620957d6941c40.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
d3705aa1e7a1beda3b40c7fa22416fb0376a81f7bcb852a7eee31035cba22bfd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Thu, 15 Jun 2023 16:35:14 GMT
via
1.1 varnish, 1.1 varnish
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_212%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0f9780008909d905ba620957d6941c40.png
age
3222579
edge-cache-tag
331208042925282676003572768795640513761,309727233042263395173288000816347086757,29ecf9b93bbf306179626feeda1fab70
cache-tag
331208042925282676003572768795640513761,309727233042263395173288000816347086757,29ecf9b93bbf306179626feeda1fab70
x-cache
HIT, HIT, HIT, HIT, HIT
x-envoy-upstream-service-time
65
expiration
expiry-date="Tue, 23 May 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer
https://www.aachener-zeitung.de/
content-length
8472
x-backend-name
CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
x-served-by
cache-iad-kiad7000108-IAD, cache-iad-kcgs7200147-IAD, cache-chi-kigq8000139-CHI, cache-iad-kcgs7200170-IAD, cache-fra-eddf8230082-FRA
last-modified
Sat, 22 Apr 2023 18:25:22 GMT
server
nginx
x-timer
S1686846915.792367,VS0,VE0
etag
"abffca5dae8564bd37d5bef13b5b58e7"
x-ratelimit-remaining
100
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1, 1, 1, 1986, 2
dda50b0081e682afd1788f5fcced0d13.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_212%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_212%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/dda50b0081e682afd1788f5fcced0d13.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0cfb37c0de7c749b11c6b79253f1ac0c3aa22a56d2319a8ca10fdd30d4e686f0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Thu, 15 Jun 2023 16:35:14 GMT
via
1.1 varnish, 1.1 varnish
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_212%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/dda50b0081e682afd1788f5fcced0d13.png
age
1549597
edge-cache-tag
575412125607672003900554714023427765006,309727233042263395173288000816347086757,29ecf9b93bbf306179626feeda1fab70
cache-tag
575412125607672003900554714023427765006,309727233042263395173288000816347086757,29ecf9b93bbf306179626feeda1fab70
x-cache
HIT, HIT, MISS, HIT, HIT
x-envoy-upstream-service-time
70
expiration
expiry-date="Thu, 08 Jun 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer
https://www.t-online.de/
content-length
12758
x-backend-name
CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb803
x-served-by
cache-iad-kiad7000160-IAD, cache-iad-kiad7000074-IAD, cache-lga21963-LGA, cache-iad-kjyo7100078-IAD, cache-fra-eddf8230082-FRA
last-modified
Mon, 08 May 2023 14:13:05 GMT
server
nginx
x-timer
S1686846915.792336,VS0,VE0
etag
"4380d6daa046ba9502a7f03ada2336c1"
x-ratelimit-remaining
100
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1, 1, 0, 134, 2
ws-ad.js
wfpscripts.webspectator.com/ Frame E6DD 		21 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wfpscripts.webspectator.com/ws-ad.js
Requested by
Host: webservices.webspectator.com
URL: https://webservices.webspectator.com/adunitMapping?appId=2779&eaup=/123935210/distrito-federal-na-mira-quadrado-4&eolid=null&eci=null&ct=%7B%22refresh%22%3A%5B%22true%22%5D%2C%22refreshed_slot%22%3A%5B%22false%22%5D%7D&w=336&h=280&wsRotSlot=&isda=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.252.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-1-252-251.compute-1.amazonaws.com
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
9d02c3facc410ee6a9dceade80ce0bc710f6037df881453124d3f5c83a6241b5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
last-modified
Tue, 12 Feb 2019 15:34:42 GMT
server
nginx/1.10.3 (Ubuntu)
etag
"5134affc2f01c20ef17e399c5c7cbfbd"
x-cache-status
HIT
content-type
application/javascript
cache-control
max-age=300
content-length
8492
pixel
googleads.g.doubleclick.net/xbbe/ Frame 4A56 		624 B
242 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CICHEhDygCQYzszhczAB&v=APEucNVI8-tVjDXV5NAA0yOc7J1xWNmCLxDS9iY6H1B2d-r_dLTERg_hjNqOMtGCdKGkrINrH0jCoDjnzEIXIAqTUBj6BZrB1rzxb9FOnUDGSXpifEHECtz30aiwnKMrTwnK5mIyOVWeUBb4lehyjcgrrNpd-VP_eGO3lXiH33hihI_57IxZ6wEgzdUvx6FiFK5zswt9MflHYcDkFg11o2ahQcscYeQpDA
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
222
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 15 Jun 2023 16:35:14 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame EBF4 		78 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
28042
x-xss-protection
0
server
cafe
etag
3261498652431352696
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Thu, 15 Jun 2023 16:35:14 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame EBF4 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CJkqUqWrbhRhsrIxodTWZH7HGUAnzAAA_FgY07i67nWu6kxl0ur5ffOghXVx8RCvcqOpLGwG2pD6kQWttbjjoZvH7gryVy3kwHpOeCZ9PmN9UnZyM
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame EBF4 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=17563541338858341329&x=1&ct=77
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
r62eglto.js
ad4m.at/ Frame EBF4 		25 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad4m.at/r62eglto.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d5e67a38c9a11424cac19ce192c9fd124a6d74e64d3791a01561dbd3e39c0b4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 14 Mar 2023 13:45:21 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
182958
etag
W/"fcb2a26b07bd76d9a925cae661d6d94d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RYt7SzMq7mQOzIyZcyz3c3sJGgc%2FyAIHs5RXUJVOEESEKC2waQPO7S7A7CWWJPsvcr4lgF3M6SQzd5N34228yCThHLBaGPFog6yhSMPZU8Wj6EH%2FWFKLLwSbAF4KIpbtnXUaS9U%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray
7d7c39a19b4c367f-FRA
alt-svc
h3=":443"; ma=86400
expires
Tue, 06 Jun 2023 13:46:12 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230613/r20110914/client/ Frame EBF4 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230613/r20110914/client/window_focus_fy2021.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 15:45:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
3010
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 29 Jun 2023 15:45:04 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230613/r20110914/client/ Frame EBF4 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230613/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 15:45:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
3010
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8120
x-xss-protection
0
server
cafe
etag
8171891181101138299
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 29 Jun 2023 15:45:04 GMT
l
www.google.com/ads/measurement/ Frame EBF4 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaThNCgEvYfZHVIJk5gSM4Ba97xzMrWU8h5JLVhUY3RzoXmeofUCitPXpExbzhvt7lgQAHIzcL6efvFEPQrp7GnkadWifQ
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame EBF4 		178 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57029
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1686742752845198"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 15 Jun 2023 16:35:14 GMT
ws-ad.js
wfpscripts.webspectator.com/ Frame A5C3 		21 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wfpscripts.webspectator.com/ws-ad.js
Requested by
Host: webservices.webspectator.com
URL: https://webservices.webspectator.com/adunitMapping?appId=2779&eaup=/123935210/distrito-federal-na-mira-quadrado-2&eolid=null&eci=null&ct=%7B%22refresh%22%3A%5B%22true%22%5D%2C%22refreshed_slot%22%3A%5B%22false%22%5D%7D&w=300&h=250&wsRotSlot=&isda=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.252.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-1-252-251.compute-1.amazonaws.com
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
9d02c3facc410ee6a9dceade80ce0bc710f6037df881453124d3f5c83a6241b5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
last-modified
Tue, 12 Feb 2019 15:34:42 GMT
server
nginx/1.10.3 (Ubuntu)
etag
"5134affc2f01c20ef17e399c5c7cbfbd"
x-cache-status
HIT
content-type
application/javascript
cache-control
max-age=300
content-length
8492
pixel
googleads.g.doubleclick.net/xbbe/ Frame F6CC 		624 B
242 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARiC1bLlATAB&v=APEucNU8VlRBn37uw2fDmdM2a0U1QimjaPil80Jg_6K5SOrmrQ5nvcyKw1xA_ceUMblv_9vgY2XsOP64OLR0j4iqFHoofNU7Xh2B470UZ2ZEd3KSUmAhlg5b2aBdJc2JMEGuxgIKRpJnZk-dX3kQcUisrOdJ-bgQk6n5V-2GcEIPdMjrgG-nD02W6Ty1VK1gJ01jRHa83Fgp3BEuHfD0j0I3DrYErUjZzg
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
222
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 15 Jun 2023 16:35:14 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame 644D 		78 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
28042
x-xss-protection
0
server
cafe
etag
3261498652431352696
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Thu, 15 Jun 2023 16:35:14 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 644D 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Cp0F2E2fsY32DFTRzJeSxyp-BoaL8_M9-JjNQtZh57sz9qAyZftMBoEPk8DagY9VIPahSvtZpg1dGasGPmRnCHgoSGIxIltD82g9Pnq3DYY-2IXOE
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 644D 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=17556787969673149853&x=1&ct=76
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230613/r20110914/client/ Frame 644D 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230613/r20110914/client/window_focus_fy2021.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 15:45:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
3010
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 29 Jun 2023 15:45:04 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230613/r20110914/client/ Frame 644D 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230613/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 15:45:04 GMT
content-encoding
br
x-content-type-options
nosniff
age
3010
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8120
x-xss-protection
0
server
cafe
etag
8171891181101138299
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 29 Jun 2023 15:45:04 GMT
l
www.google.com/ads/measurement/ Frame 644D 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaSkWx-ykKmfioG3H6fJSzW1q2B7pxe7pRSbisSh5DVml7Ls0jwzAylzuZaxNfaeWYicezwZEFGoQK1BbesU3E1-ykZTMg
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 644D 		178 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57029
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1686742752845198"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 15 Jun 2023 16:35:14 GMT
ws-ad.js
wfpscripts.webspectator.com/ Frame 924B 		21 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wfpscripts.webspectator.com/ws-ad.js
Requested by
Host: webservices.webspectator.com
URL: https://webservices.webspectator.com/adunitMapping?appId=2779&eaup=/123935210/distrito-federal-na-mira-quadrado-1&eolid=null&eci=null&ct=%7B%22refresh%22%3A%5B%22true%22%5D%2C%22refreshed_slot%22%3A%5B%22false%22%5D%7D&w=300&h=250&wsRotSlot=&isda=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.252.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-1-252-251.compute-1.amazonaws.com
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
9d02c3facc410ee6a9dceade80ce0bc710f6037df881453124d3f5c83a6241b5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
last-modified
Tue, 12 Feb 2019 15:34:42 GMT
server
nginx/1.10.3 (Ubuntu)
etag
"5134affc2f01c20ef17e399c5c7cbfbd"
x-cache-status
HIT
content-type
application/javascript
cache-control
max-age=300
content-length
8492
ws-ad.js
wfpscripts.webspectator.com/ Frame D17B 		21 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wfpscripts.webspectator.com/ws-ad.js
Requested by
Host: webservices.webspectator.com
URL: https://webservices.webspectator.com/adunitMapping?appId=2779&eaup=/123935210/distrito-federal-na-mira-horizontal-1&eolid=null&eci=null&ct=%7B%22refresh%22%3A%5B%22true%22%5D%2C%22refreshed_slot%22%3A%5B%22false%22%5D%7D&w=728&h=90&wsRotSlot=&isda=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.252.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-1-252-251.compute-1.amazonaws.com
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
9d02c3facc410ee6a9dceade80ce0bc710f6037df881453124d3f5c83a6241b5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:14 GMT
content-encoding
gzip
last-modified
Tue, 12 Feb 2019 15:34:42 GMT
server
nginx/1.10.3 (Ubuntu)
etag
"5134affc2f01c20ef17e399c5c7cbfbd"
x-cache-status
HIT
content-type
application/javascript
cache-control
max-age=300
content-length
8492
j2sopgnjsutfxues6xwm.mp4
cdn.taboola.com/libtrc/static/video/v1671107766/ 		1 MB
1 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/static/video/v1671107766/j2sopgnjsutfxues6xwm.mp4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a87b81fecc6438cc8bedb478f4fcf7de3b2ece34d942a9e69cfa8e79b2bb2e0f

Request headers

Referer
https://www.metropoles.com/
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Range
bytes=0-

Response headers

x-amz-version-id
lnJOIsXTQJl7HOJXSRxC8UgAjvius9Mk
date
Thu, 15 Jun 2023 16:35:14 GMT
via
1.1 varnish
x-amz-request-id
AYEH7CJM745TZE3S
age
103
x-amz-server-side-encryption
AES256
x-cache
HIT
Content-Range
bytes 0-1208329/1208330
x-amz-replication-status
COMPLETED
Content-Length
1208330
x-amz-id-2
YR/UfLaDMlbRYPTWkpPvqnnpgJJfxRqhoyz+Fe7jyzDPQIYo7Sg3r/XwGGkMY+koC4ITGUnTbRg=
x-served-by
cache-fra-eddf8230082-FRA
last-modified
Thu, 15 Dec 2022 12:36:15 GMT
server
AmazonS3
x-tbl-debug
bestatus=200,beresp=OK
x-timer
S1686846915.814983,VS0,VE2
etag
"712c4d326b5e715a9464ff8783793406"
content-type
video/mp4;codecs=avc1
abp
52
access-control-allow-origin
*
cache-control
private,max-age=31536000
accept-ranges
bytes
x-cache-hits
0
4a.js
static.adsafeprotected.com/ Frame 395B
Redirect Chain
  • https://fw.adsafeprotected.com/rfw/st/1431402/70901275/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1011798148&ias_pubId=pub-8446138991821025&ias_chanId=1&ias_placementId=20014135090&bidurl=ht...
  • https://static.adsafeprotected.com/4a.js
2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/4a.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Server
2600:9000:223f:7a00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bbead98319b2bee5757af35b4eacf615df3e45da2f69cb999cd4694a26bfb90f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 15:44:58 GMT
x-amz-version-id
FoFEKnm3S7MHKHZXMzIhRNUNaVwXR0An
content-encoding
gzip
via
1.1 5c14dc328191a14142654d833f772c6c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
521418
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
PENDING
last-modified
Fri, 09 Jun 2023 15:44:56 GMT
server
AmazonS3
etag
W/"589d8955c4906ab1b8e63a2f92d932d3"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800
x-amz-cf-id
wXcuq56i93QG-7xBzJhpjQ6mNiGM_QHWYDrGlZjZrAtb-0xVPAg6_A==

Redirect headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
server
nginx
x-server-name
app17.ie.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
location
https://static.adsafeprotected.com/4a.js
cache-control
no-cache
content-length
0
sca.17.6.2.js
static.adsafeprotected.com/ Frame 9611 		91 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/sca.17.6.2.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:7a00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id
go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding
gzip
via
1.1 5c14dc328191a14142654d833f772c6c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
23072338
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 20 Sep 2022 19:21:34 GMT
server
AmazonS3
etag
W/"1f3488247c90bb5de253d3d0cb3b7458"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-amz-cf-id
SAfj0p5eZ6EyjEHr-U3vS6Zs1Uhi7ce8HS7GFViMqKwl_E9H62_ReQ==
index.html
s0.2mdn.net/sadbundle/877621449291039494/CbV_MY24_DE_Generic_970x250/ Frame 9388 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/877621449291039494/CbV_MY24_DE_Generic_970x250/index.html?ev=01_250
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7ea5b6549023165bfdbf545140521d6d6d65f46399ba291f2fdcd8ca4996ade1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
455848
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
1777
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Sat, 10 Jun 2023 09:57:46 GMT
expires
Sun, 09 Jun 2024 09:57:46 GMT
last-modified
Thu, 20 Apr 2023 13:53:36 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 395B 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssqHz4rKIbxZQ-Y08Uv7CncHTzEgZHsJ81kvAWhgVRLR3LJ1y7DYLdoUTG9NLcrE8yKomVZyDoq29T0XX8ncr5EHrkO1rwYmEEMDENEtTdGiA1teF1iW-Pr31zkweI7h_S4NPUMSkPl98-EYyRpCSTT6Jcl97-Lri3cGsCAbQRr9rES2-W6eyrllxRRXH2aQeJ6d1DWJ6o1RNIqJseudj2yhrk-wquRbSPnUf1R14f1DFJwZ3E1W6NjEEYhKi4dYRj9sb_CfAxnh5gk1EWyteKTbT-i1k3DgV7vopggtq_fcm-aRDgGwbIN-LG9ZK5yrLHxaywRIhEgMbUPh1stmEWt7o9lZoDMSo2D8Uq_mE20sqNPFHDBshpfo-xxLBmUeZaZWcsnRKlxTRGYPEylh5Dc1NDFygni8DdKLNe0dZiMXlRt-w4yTQmUJBTP3JuWxJREltGeBFIuQOSx7FdinFwAIJK_AMQgHUSuZCV4VFbCNAghv5zrblTKkIA5mWgo4kw5_wjwsItqphuZEnW6mbfBcWdfyG03cmQsgbCW-9qpK-TNygQp33GZtbZ1eeFpPCWJAeRFz4Oyfl60FLCStouiBeHkXSf9yfJFyCQPAYPQswptv74ao7Zgz79LUuwt3Brv97db08kP6F8or17P9wdDqVCUi1v6jpQyMMYdLexfe-IyWRISR9cGs5ojCs42RJSi_pdrooXGSMG2j0TEmtiS_QFWDc4EChRBxr0saxxZYBqFdFtuRdLsXhxyJt0GhWnH9GeWJEXTaQwg2h8RXGTQBMI8JlJ8KMOF4b7fh5ny-4D0kx-khYFHd3ZUNi8LdUeQUTA5yA-wi0gluj283POu7fWFqqdlCXvHO4Zlmv3dBsee2Ax4FtHosKnakznYP5RHYbs4n5qdktCysHKlDHf1Zwu44VK2Bb72ScALrb8MQUXaTDbcprCC0pMLNzrOb-uREUQ5u5STNr3amcC6vzg146f4YDWnnws513n5dmC_CpHRtZ6662MkjBKPb2ak3qVPy5muX81PU9DqdG6SogNGWv7nOkuHcbd0PYo8nCqZP0zVgFlHntq7zdVUjkljxTKBZ82SXAC7FHu7Y1YncTGDfT9QCoeLAJ9vb1YZCOZjESzPAWpBb9rYQ8Ncmiy8bLpn4J4zS0SY9aAH98zZiubvgYc8rTKocXp5yGPuOoOrcohY3oFvdxHTiRZNOl1vqKQ8y_BeLYokm-7GxUz0Py_GPnRiqwt088RzYIMMPcHnesVNN4HSlWk9-iVo7wdbf7VL2rkxZ_An4uH5_dyYp1le1EXl&sai=AMfl-YR-Sj-wbHM5nizWzCblTMdF567ba79Te2DEX-5IbX-rMr4ikvpzP-YY8jcPRPnu-2rMfEvBsZSMg65R7bwt3LjBvXAtGVYu4p89MdYXI66ULyszlkp84d3L2MEiG0vRcghCLmINEUPsZ32_J_RDBiDv-kwuVPNf66ThXeQ0IEUr94Y4FyGScauYWinosByC4Xsx-tpkz_E5n79lAOJHlKSomEpAMLkkxzceo1ZSS1HrRdsrfUvj250n7lDXPNjIqtZE4tYIhGnvt4dh8MLOHzGeRpfAO0mVwv7i&sig=Cg0ArKJSzGccRbWr0ht9EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=368&cbvp=1&cstd=366&cisv=r20230613.17265&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Thu, 15 Jun 2023 16:35:15 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
cache-control
private
access-control-allow-credentials
true
timing-allow-origin
*
expires
Thu, 15 Jun 2023 16:35:15 GMT
4a.js
static.adsafeprotected.com/ Frame B230
Redirect Chain
  • https://fw.adsafeprotected.com/rfw/st/1431402/70901175/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1011798148&ias_pubId=pub-8446138991821025&ias_chanId=1&ias_placementId=20014135090&bidurl=ht...
  • https://static.adsafeprotected.com/4a.js
2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/4a.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Server
2600:9000:223f:7a00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bbead98319b2bee5757af35b4eacf615df3e45da2f69cb999cd4694a26bfb90f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 15:44:58 GMT
x-amz-version-id
FoFEKnm3S7MHKHZXMzIhRNUNaVwXR0An
content-encoding
gzip
via
1.1 5c14dc328191a14142654d833f772c6c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
521418
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
PENDING
last-modified
Fri, 09 Jun 2023 15:44:56 GMT
server
AmazonS3
etag
W/"589d8955c4906ab1b8e63a2f92d932d3"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800
x-amz-cf-id
OBXUrajwPhKDr5VwYg_I6yVViN7W4VjVlZDfOs82Cw5NLIdapShs7Q==

Redirect headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
nginx
x-server-name
app10.ie.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
location
https://static.adsafeprotected.com/4a.js
cache-control
no-cache
content-length
0
sca.17.6.2.js
static.adsafeprotected.com/ Frame ED98 		91 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/sca.17.6.2.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:7a00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id
go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding
gzip
via
1.1 5c14dc328191a14142654d833f772c6c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
23072338
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 20 Sep 2022 19:21:34 GMT
server
AmazonS3
etag
W/"1f3488247c90bb5de253d3d0cb3b7458"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-amz-cf-id
SK7ttwsVtfQlNce0n2ngWwjjOPYdRikUUiCAKjxxobujnLwyUaAMYg==
89a778f7d99520834aa3ac0f2044dbd5.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_115%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_115%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/89a778f7d99520834aa3ac0f2044dbd5.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4258ad18317693d124219a6a32d46532fe142897b2e34e3a936ab549aed07092

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Thu, 15 Jun 2023 16:35:14 GMT
via
1.1 varnish, 1.1 varnish
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_115%2Cw_160%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/89a778f7d99520834aa3ac0f2044dbd5.jpg
age
1270163
edge-cache-tag
555595709626915174871002370834671236692,469003076724496694020487778216065093704,29ecf9b93bbf306179626feeda1fab70
cache-tag
555595709626915174871002370834671236692,469003076724496694020487778216065093704,29ecf9b93bbf306179626feeda1fab70
status
200 OK
x-cache
MISS, MISS, HIT, HIT, HIT
x-envoy-upstream-service-time
119
req-referer
https://www.express.co.uk/
content-length
4148
x-request-id
6d457667faacab67bcc71d7daa09197c
x-backend-name
CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
x-served-by
cache-iad-kiad7000052-IAD, cache-iad-kjyo7100090-IAD, cache-lga21947-LGA, cache-iad-kjyo7100167-IAD, cache-fra-eddf8230082-FRA
last-modified
Fri, 26 May 2023 07:19:16 GMT
server
nginx
x-timer
S1686846915.923888,VS0,VE0
etag
"0378415e43289c636cb9628763c53f2f"
x-ratelimit-remaining
100
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 0, 1, 18, 2
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 9861 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
468667
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 10 Jun 2023 06:24:07 GMT
expires
Sun, 09 Jun 2024 06:24:07 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
index.html
s0.2mdn.net/sadbundle/9774328433567174441/CbV_EX90_DE_300x250/ Frame 0B29 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/9774328433567174441/CbV_EX90_DE_300x250/index.html?ev=01_250
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f3cb1da0887284978d876f98e80f5cea23019d41667a2a6c68b17983574acdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
535469
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
1769
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Fri, 09 Jun 2023 11:50:45 GMT
expires
Sat, 08 Jun 2024 11:50:45 GMT
last-modified
Thu, 20 Apr 2023 13:50:12 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame B230 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv1c31r9l8jLmxP423HirgxZsU7nZCszowr-_eMreB4jtF7f9jDz5WfX_0JUf-BV_x5yl5zPcumvZs1nplO4JPmgSUZNJPtv6UVhHmKLyUBRken3s3mrSJEO6hV2PfIi6ZpkWKTwR_qMm-ekxUvfSjcKY8_7K8jwLY6cv5dmZDnGOCqJCj7r7KCSc-1SD4hDFcTvwPt6qr3uiiJ2i4oy245zNob8cPxAXapJspZzW4tcVw-CHIrbI7Jo25y-8OqfiJ5tQZPgggEVo5Wn0S0EgJVnpgwsvWTOHO8PU2XIvTjnpM0HIvfX5gQ6FsoV_iHSMmlbIvBK1SXNkwN83fXrnGn0aMty9CObKrvW6WoEyx8RbVZA4ELvtu2XIOlbsriDRLcNw1_hzNuXmN_kC8eziFRLoxARE-gzILgm3HxSwWegd6vN_s8_VMfD3mDlObbRQX7qv3_ZJzVD4Rt6_esrtHhpGqh58HzmrYY9JU8XIMhuiwo3a3LVYpCExPQEwXgCGjJhuizn7LxpvXq2uOS0q_tT3tFElRYpxLYOr8VnP1rq3syKVtt0F-pPXoA2r_8K1rH0124yGDMbSEMW7lvw9vRTjvZn7xDrCOEwjU2OzRqUJbXW8EKKRCETg66BJfjmx_cV-nCYvEs59zQbrRGcaXaecmlTGM3XFu7GAaUmvsNUn3n1ecZSQ7T7wDXhEk_sz3JmEifbHN0UwAjvlXQK1a7ZYh_bZUtcExh-vjWmx5L5KXR6IoVSaQ1l7L8ajF4zak4HGtIxyoI5CmvAKS-Ym8icbuU8H_TylA0FN7BnAkmRf_TlA_y-_H-7qsaKUjLFXZLqxQTkn5DNatqEH4AL0rBLsGtoU6ILbiqlFvDRLbKWpajQekUwObncxRUL12wTpgUWg4TOVjZMR89hK-H84P_43iE3QEnaEgXnmkdTutQZ2a4LzmRTcG3fybHIDAYQYI1CC16n8ndh50SH7G6DXR2LXTxDrmMvskHcei8TJfBJ-VmDfBicaiD2TmnleXV57T70EDBaUlbU0J9tw9z9BLfDtU5VhcrpRx4RUoIb7slNFPDE2BJobxA3vL8v9w4UjJiJ6HgnuabOHWc0EkNc-pa_jC86eEEFj_qzjIoD8E7POTZu-sa4MiBawfl9Y2fNE1WFl0zzvs1LfAp1c36EQ-WWhd5qL1qlj5bcXyGvtvbqJz-YxDzF8CE74y1BbGQH4-TSXLPO5ALDmG0uIxl-RCRieIKO7PiWr4Ex1TaK7snHo62m_QklkFNMpz8AOXNDcCZeNpAI0EQ2ZbXjdYS2BdytK0kf1lnlg&sai=AMfl-YTSGJHQjMTe6O2EDcKSN-wvGCjC8bdwDhmVW5b9SfL0dzXUh1_1WxwIEVjbqtMIr29r3nwpH7R37XOkPecuMxNDNXW3_xT33AVwXjs1QRhVqGbGr5LlnLF1IFF7CtwUPBjWp2O2MNnLLqkukKNNPHXPWYxHhT2ZpyKYQ6_J7wRYGRAepYR1E-X1XfJolfKZlt3-Y6K8377PQos81-LD6B_t7ff6pv-Ofl1Ew8DEvH-YzeR-bI-gnPNnPAatWdRAGIsmLEvFWHNLntMgfEbO8Yx-246-HuUyAPWw&sig=Cg0ArKJSzMQpvV3aFTaFEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=360&cbvp=1&cstd=358&cisv=r20230613.57419&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Thu, 15 Jun 2023 16:35:15 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
cache-control
private
access-control-allow-credentials
true
timing-allow-origin
*
expires
Thu, 15 Jun 2023 16:35:15 GMT
index.html
s0.2mdn.net/sadbundle/9774328433567174441/CbV_EX90_DE_300x250/ Frame 55A4 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/9774328433567174441/CbV_EX90_DE_300x250/index.html?ev=01_250
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f3cb1da0887284978d876f98e80f5cea23019d41667a2a6c68b17983574acdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
535469
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
1769
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Fri, 09 Jun 2023 11:50:45 GMT
expires
Sat, 08 Jun 2024 11:50:45 GMT
last-modified
Thu, 20 Apr 2023 13:50:12 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame A085 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuWf796tmej2L-nPILeBAYydf8wm03v2EKHaODp8cDlQN-d1yuli2O8QkAyVncan-ZrxcRcjTlPXmS2FD5afIaRGz_W9kqxu33IOaR-hTjKl1qroLNiHE76xjkAytyKq_oBGqpji0skgt4Cuarq0c-P9TrztvcqLwcMwOENnn-I79V6xKsx0XqATErjpRgsTMCLb-l5-OnbDRYwl4UOC7_lNDwKTQ_-PXIxqvgvoYTb69JyxI-WLwUohE2JmXehRnlGQh_N0RGGH7yaIphgVEYsCLa_g8GoAdG5EW0uT_7kCNjLYWheSZbJDV4XAXfg3Og0Cz-vqiyg5SrRfJjkTAmjn_QXR4ipO-Fy_2b48vDT-fG7TpSslncVY9_rE-_iuv5-FBF5hViXJWIS-vzUPrHt6tQ4Hn2J_25RLRYHikxuYKBV_z3GHDrW56KteZPDnQzTlmBTup339uznWYY8yoQWIyMgW3WZR7WOusbNeGkV-iMZFf2B4X3ioOwRxMADjpy5llMmV_37E9xQ0xmFsQJz7BSuLxIK9qpTnFqAZB-kt2fj7ELgm-djw_8QlaUSXqrZfC44v1CbydvNeeGmGuz7V7LuUobA2B3WxioG8vWnoFQa6WfrmF5w2KYk0f56KDO5jMonDaNkEUgmgN8aPRXCI2MF2XxhgeNCkGSebwyJz3YrqVcknL_KVd590_J_TDhCwzy-n6NMvfUMMuHGz3l84Jub9czrc03Rw5b1d5IwQMWTkrJ0weFH_uGRNGNG36nTJjsl_cgue6uxhYWZcd4evUZtB4ImEcTXmvR1cjZBUaCR6q5TguTjAC4aNvl6vrcIEbbiXOpnWxW9uqGMciamYbBwfXVWE0VyLo_r_SjW4_qJJpjGSHNJy1Rg31rqBZgxy9s7GIagej_UWxgndikcklWPJXTTnS7QxcyyJwcz14Ze6fjNe0dH4ytB2fpmUJh_C1B3u3tYnSmEkyuoP2_dr6TNjpZ_xehU5C7xB41TpeLp8CLRPqSAC-prx18lCkECfX2vkmn8lTTw7My4e-DIRNAkjjzk_x3BfIFERHCtQhcYMECsKvlXnX0d39ZPEH1V4JIhBwXls-_fkxSl1hR3KJ9uPAYTTeLwV42kEO-Yk5Wqv8ZQbnhxSyyPrL8HgRBrqSHRB7H9qIhBjnZjRRl2hePLfvj-i3mJQdLHLSAmQ8ecvKDKYA_OcWENzQiB9rKcpIR51167WObYjjmNuZU5xj7mjzMU0wlBKunHF7Vce800SzoaVaavSlOCh8g9UxdHelzfZbJX2G_VEfNgel0onZUVS3q22Q&sai=AMfl-YRa4ZX7xMHoVT6GQfiB-0RMxrP_WLOVf0EHG2pOxHEBcQ7gKq5yhq12qyjxyJgim9GYwBHhveADWuVcUAnnEml7DlH-InuMJtjhrEYHimLsMqmi0xX68AzbkRr5F0JfbqwUkn62cb62sQNthEEJDdSC-ZyZYEYuIRa7gR9vM0zz8kjeSUibgzKoQmj_TI-omMPPl-UvGG2X3-_yEpdbzrpy_676UyNBTX4XH4MdYU5IGsASvrEWNpAsd3ZUrV8FxrO10SXSAeb1IlLGWOpIj9l0wyO8_dD6-rI9&sig=Cg0ArKJSzLUZOcm1RiokEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=328&cbvp=1&cstd=327&cisv=r20230613.34363&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Thu, 15 Jun 2023 16:35:15 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
cache-control
private
access-control-allow-credentials
true
timing-allow-origin
*
expires
Thu, 15 Jun 2023 16:35:15 GMT
4a.js
static.adsafeprotected.com/ Frame E2DB
Redirect Chain
  • https://fw.adsafeprotected.com/rfw/st/1431402/70901273/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1011798148&ias_pubId=pub-8446138991821025&ias_chanId=1&ias_placementId=20014135090&bidurl=ht...
  • https://static.adsafeprotected.com/4a.js
2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/4a.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Server
2600:9000:223f:7a00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bbead98319b2bee5757af35b4eacf615df3e45da2f69cb999cd4694a26bfb90f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 15:44:58 GMT
x-amz-version-id
FoFEKnm3S7MHKHZXMzIhRNUNaVwXR0An
content-encoding
gzip
via
1.1 5c14dc328191a14142654d833f772c6c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
521418
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
PENDING
last-modified
Fri, 09 Jun 2023 15:44:56 GMT
server
AmazonS3
etag
W/"589d8955c4906ab1b8e63a2f92d932d3"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800
x-amz-cf-id
XgERAkujeeFblTnlEBe4bk9VzeA1rHC4kIQ_7XLNkQWhxhQ5C-zWkA==

Redirect headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:14 GMT
server
nginx
x-server-name
app15.ie.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
location
https://static.adsafeprotected.com/4a.js
cache-control
no-cache
content-length
0
sca.17.6.2.js
static.adsafeprotected.com/ Frame FE16 		91 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/sca.17.6.2.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:7a00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id
go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding
gzip
via
1.1 5c14dc328191a14142654d833f772c6c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
23072338
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 20 Sep 2022 19:21:34 GMT
server
AmazonS3
etag
W/"1f3488247c90bb5de253d3d0cb3b7458"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-amz-cf-id
E7cxDOmSEbc0yIytcMcmTDS3gH2Oov_MB2IuykPRduND2MPMlYHraA==
4a.js
static.adsafeprotected.com/ Frame A085
Redirect Chain
  • https://fw.adsafeprotected.com/rfw/st/1431402/70901175/4.js?bundleId=${BUNDLE_ID}&ias_dspID=3&ias_campId=1011798148&ias_pubId=pub-8446138991821025&ias_chanId=1&ias_placementId=20014135090&bidurl=ht...
  • https://static.adsafeprotected.com/4a.js
2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/4a.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Server
2600:9000:223f:7a00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bbead98319b2bee5757af35b4eacf615df3e45da2f69cb999cd4694a26bfb90f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 15:44:58 GMT
x-amz-version-id
FoFEKnm3S7MHKHZXMzIhRNUNaVwXR0An
content-encoding
gzip
via
1.1 5c14dc328191a14142654d833f772c6c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
521418
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
PENDING
last-modified
Fri, 09 Jun 2023 15:44:56 GMT
server
AmazonS3
etag
W/"589d8955c4906ab1b8e63a2f92d932d3"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800
x-amz-cf-id
KMPMWs78j2X9IDUItZe1CIi7E_pZO-5edOC0pprfKrIV_f19CiWA0Q==

Redirect headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
nginx
x-server-name
app06.ie.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
location
https://static.adsafeprotected.com/4a.js
cache-control
no-cache
content-length
0
sca.17.6.2.js
static.adsafeprotected.com/ Frame 4718 		91 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/sca.17.6.2.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:7a00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id
go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding
gzip
via
1.1 5c14dc328191a14142654d833f772c6c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
23072339
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 20 Sep 2022 19:21:34 GMT
server
AmazonS3
etag
W/"1f3488247c90bb5de253d3d0cb3b7458"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-amz-cf-id
MYEMGHIQnl9gCD_Lyha8oGVM_CzW9BE53dj5do9IAtohrcZc4YmFDQ==
api
api.retargetly.com/ Frame 08F7
Redirect Chain
  • https://api.retargetly.com/api?id=3368&src=0&url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-duba...
  • https://api.retargetly.com/api?id=3368&src=0&url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-duba...
3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://api.retargetly.com/api?id=3368&src=0&url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&browserUrl=undefined&ref=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&utmz=&n=V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai%20%7C%20Metr%C3%B3poles&md=Investigados%20responder%C3%A3o%20por%20furto%20qualificado%2C%20pelo%20uso%20de%20recursos%20cibern%C3%A9tico%2C%20al%C3%A9m%20de%20lavagem%20de%20dinheiro%20e%20organiza%C3%A7%C3%A3o%20criminosa&mk=&il=0&limit_drop=&userid=9567dbfe-41e5-499b-a379-99d6a8d82255&idx=&fullVersionList=&platform=&_rlid=9567dbfe-41e5-499b-a379-99d6a8d82255
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/loader?id=3368
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e82f45f03c68b92279eb091b7dfea6ea4e2cd0642cc445713bb4d6ec22d951db

Request headers

Referer
https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
7d7c39a3af273a57-FRA
content-encoding
gzip
content-type
text/html
date
Thu, 15 Jun 2023 16:35:15 GMT
expires
0
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
pragma
no-cache
server
cloudflare

Redirect headers

access-control-allow-origin
*
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
7d7c39a2edf93a57-FRA
content-type
application/javascript
date
Thu, 15 Jun 2023 16:35:15 GMT
expires
0
location
/api?id=3368&src=0&url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&browserUrl=undefined&ref=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&utmz=&n=V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai%20%7C%20Metr%C3%B3poles&md=Investigados%20responder%C3%A3o%20por%20furto%20qualificado%2C%20pelo%20uso%20de%20recursos%20cibern%C3%A9tico%2C%20al%C3%A9m%20de%20lavagem%20de%20dinheiro%20e%20organiza%C3%A7%C3%A3o%20criminosa&mk=&il=0&limit_drop=&userid=9567dbfe-41e5-499b-a379-99d6a8d82255&idx=&fullVersionList=&platform=&_rlid=9567dbfe-41e5-499b-a379-99d6a8d82255
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
pragma
no-cache
server
cloudflare
dt
dt.adsafeprotected.com/ Frame 395B 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1431402&asId=e2bd2d95-91a4-35d4-cd95-594460564c44&tv=%7Bc:fCPhrz,pingTime:-3,time:215,type:v,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:26%7D,%7Br:r,w:970,h:250,t:210%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:215,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:26,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B208~0%5D,as:%5B203~0.0,5~970.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHgFKnw+11%7C12%7C13%7C14%7C15*.1431402-70901275%7C151%7C161%7C171%7C181%7C191%7C1a%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g1%7C1h1,idMap:15*,rmeas:1,rend:0,renddet:svg.us,siq:27%7D&br=c
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:6c5d:d5e1:5b59:447 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
nginx
x-server-name
dt08.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame 395B 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1431402&asId=e2bd2d95-91a4-35d4-cd95-594460564c44&tv=%7Bc:fCPhrB,pingTime:-6,time:217,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:217,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:26,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B210~0%5D,as:%5B203~0.0,7~970.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHgFKnw+11%7C12%7C13%7C14%7C15*.1431402-70901275%7C151%7C161%7C171%7C181%7C191%7C1a%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g1%7C1h1,idMap:15*,rmeas:1,rend:0,renddet:svg.us,siq:27%7D&tpiLookup=ao:www.metropoles.com*&br=c
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:6c5d:d5e1:5b59:447 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
nginx
x-server-name
dt07.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
adunitMapping
webservices.webspectator.com/ Frame B51A 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://webservices.webspectator.com/adunitMapping?appId=2779&eaup=/21715141650,123935210/metropoles.com/desktop_under&eolid=null&eci=null&ct=%7B%22dk_refresh%22%3A%5B%22true%22%5D%2C%22index%22%3A%5B%221%22%5D%2C%22hostname%22%3A%5B%22www%22%2C%22metropoles%22%2C%22com%22%2C%22www.metropoles.com%22%5D%2C%22pathname%22%3A%5B%220%3Adistrito-federal%22%2C%221%3Ana-mira%22%2C%222%3Ahacker-ostentacao-deu-golpe-de-r-15-mi%22%2C%22%2Fdistrito-federal%2Fna-mira%2Fhacker-ostenta%22%5D%2C%22placement_name%22%3A%5B%22under%22%5D%2C%22keyword%22%3A%5B%22distrito%22%2C%22federal%22%2C%22mira%22%2C%22hacker%22%2C%22ostentacao%22%2C%22deu%22%2C%22golpe%22%2C%22atacadista%22%2C%22torrou%22%2C%22dinheiro%22%2C%22dubai%22%5D%2C%22secom%22%3A%5B%221%22%5D%2C%22tier%22%3A%5B%221%22%5D%2C%22bl%22%3A%5B%22secom%22%5D%2C%22amznbid%22%3A%5B%222%22%5D%2C%22amznp%22%3A%5B%222%22%5D%2C%22hb_adomain%22%3A%5B%5D%2C%22hb_format%22%3A%5B%22banner%22%5D%2C%22hb_source%22%3A%5B%5D%2C%22hb_size%22%3A%5B%22970x90%22%5D%2C%22hb_pb%22%3A%5B%220.00%22%5D%2C%22hb_adid%22%3A%5B%2225399c5fdf2bd89%22%5D%2C%22hb_bidder%22%3A%5B%22rubicon%22%5D%2C%22requested%22%3A%5B%22true%22%5D%7D&w=728&h=90&wsRotSlot=&isda=1
Requested by
Host: wfpscripts.webspectator.com
URL: https://wfpscripts.webspectator.com/ws-4.4.62.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.192.67.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-67-210.compute-1.amazonaws.com
Software
WildFly/10 / Undertow/1
Resource Hash
86babe12400903693dbb117fd502bc9b629ab934918582705263bef2a4101211

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:15 GMT
Content-Encoding
gzip
Server
WildFly/10
X-Powered-By
Undertow/1
Transfer-Encoding
chunked
Content-Type
text/javascript;charset=UTF-8
X-NoCache
true
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Jan 1970 00:00:00 GMT
adunitMapping
webservices.webspectator.com/ Frame 0AF0 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://webservices.webspectator.com/adunitMapping?appId=2779&eaup=/21715141650,123935210/metropoles.com/desktop_side&eolid=null&eci=null&ct=%7B%22dk_refresh%22%3A%5B%22true%22%5D%2C%22index%22%3A%5B%221%22%5D%2C%22hostname%22%3A%5B%22www%22%2C%22metropoles%22%2C%22com%22%2C%22www.metropoles.com%22%5D%2C%22pathname%22%3A%5B%220%3Adistrito-federal%22%2C%221%3Ana-mira%22%2C%222%3Ahacker-ostentacao-deu-golpe-de-r-15-mi%22%2C%22%2Fdistrito-federal%2Fna-mira%2Fhacker-ostenta%22%5D%2C%22placement_name%22%3A%5B%22side%22%5D%2C%22keyword%22%3A%5B%22distrito%22%2C%22federal%22%2C%22mira%22%2C%22hacker%22%2C%22ostentacao%22%2C%22deu%22%2C%22golpe%22%2C%22atacadista%22%2C%22torrou%22%2C%22dinheiro%22%2C%22dubai%22%5D%2C%22secom%22%3A%5B%221%22%5D%2C%22tier%22%3A%5B%221%22%5D%2C%22bl%22%3A%5B%22secom%22%5D%2C%22amznbid%22%3A%5B%222%22%5D%2C%22amznp%22%3A%5B%222%22%5D%2C%22hb_adomain%22%3A%5B%5D%2C%22hb_format%22%3A%5B%22banner%22%5D%2C%22hb_source%22%3A%5B%5D%2C%22hb_size%22%3A%5B%22120x600%22%5D%2C%22hb_pb%22%3A%5B%220.01%22%5D%2C%22hb_adid%22%3A%5B%2226026df82c0695e%22%5D%2C%22hb_bidder%22%3A%5B%22rubicon%22%5D%2C%22requested%22%3A%5B%22true%22%5D%7D&w=120&h=600&wsRotSlot=&isda=1
Requested by
Host: wfpscripts.webspectator.com
URL: https://wfpscripts.webspectator.com/ws-4.4.62.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.192.67.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-67-210.compute-1.amazonaws.com
Software
WildFly/10 / Undertow/1
Resource Hash
7aaff6a4cbb98fad19253a2be30dd1246f466f9592b849ef42371c5b99d9d517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:15 GMT
Content-Encoding
gzip
Server
WildFly/10
X-Powered-By
Undertow/1
Transfer-Encoding
chunked
Content-Type
text/javascript;charset=UTF-8
X-NoCache
true
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Jan 1970 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 4A56
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
43 B
632 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICHEhDygCQYzszhczAB&v=APEucNVI8-tVjDXV5NAA0yOc7J1xWNmCLxDS9iY6H1B2d-r_dLTERg_hjNqOMtGCdKGkrINrH0jCoDjnzEIXIAqTUBj6BZrB1rzxb9FOnUDGSXpifEHECtz30aiwnKMrTwnK5mIyOVWeUBb4lehyjcgrrNpd-VP_eGO3lXiH33hihI_57IxZ6wEgzdUvx6FiFK5zswt9MflHYcDkFg11o2ahQcscYeQpDA
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:15 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=493
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 4A56
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZIs9wmfzYpvegbKk6y3eUwAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
43 B
632 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICHEhDygCQYzszhczAB&v=APEucNVI8-tVjDXV5NAA0yOc7J1xWNmCLxDS9iY6H1B2d-r_dLTERg_hjNqOMtGCdKGkrINrH0jCoDjnzEIXIAqTUBj6BZrB1rzxb9FOnUDGSXpifEHECtz30aiwnKMrTwnK5mIyOVWeUBb4lehyjcgrrNpd-VP_eGO3lXiH33hihI_57IxZ6wEgzdUvx6FiFK5zswt9MflHYcDkFg11o2ahQcscYeQpDA
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:15 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=496
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 4A56
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEHoBgXrReFgSZtK4404COQ8&google_cver=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEHoBgXrReFgSZtK4404COQ8&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICHEhDygCQYzszhczAB&v=APEucNVI8-tVjDXV5NAA0yOc7J1xWNmCLxDS9iY6H1B2d-r_dLTERg_hjNqOMtGCdKGkrINrH0jCoDjnzEIXIAqTUBj6BZrB1rzxb9FOnUDGSXpifEHECtz30aiwnKMrTwnK5mIyOVWeUBb4lehyjcgrrNpd-VP_eGO3lXiH33hihI_57IxZ6wEgzdUvx6FiFK5zswt9MflHYcDkFg11o2ahQcscYeQpDA
Protocol
HTTP/1.1
Server
185.89.210.141 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:15 GMT
AN-X-Request-Uuid
b1d7c147-0117-4fe1-8397-d7c0bc57ea35
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
image/gif
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
185.213.155.177; 185.213.155.177; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEHoBgXrReFgSZtK4404COQ8&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 4A56
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY4MDIwMDM1OTMyNTM5OTQ0OQ%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY4MDIwMDM1OTMyNTM5OTQ0OQ%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICHEhDygCQYzszhczAB&v=APEucNVI8-tVjDXV5NAA0yOc7J1xWNmCLxDS9iY6H1B2d-r_dLTERg_hjNqOMtGCdKGkrINrH0jCoDjnzEIXIAqTUBj6BZrB1rzxb9FOnUDGSXpifEHECtz30aiwnKMrTwnK5mIyOVWeUBb4lehyjcgrrNpd-VP_eGO3lXiH33hihI_57IxZ6wEgzdUvx6FiFK5zswt9MflHYcDkFg11o2ahQcscYeQpDA
Protocol
H3
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Thu, 15 Jun 2023 16:35:15 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
185.213.155.177; 185.213.155.177; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
a3b4c917-0a6b-4df3-8728-8832f6e873de
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY4MDIwMDM1OTMyNTM5OTQ0OQ%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame F6CC
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
43 B
632 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARiC1bLlATAB&v=APEucNU8VlRBn37uw2fDmdM2a0U1QimjaPil80Jg_6K5SOrmrQ5nvcyKw1xA_ceUMblv_9vgY2XsOP64OLR0j4iqFHoofNU7Xh2B470UZ2ZEd3KSUmAhlg5b2aBdJc2JMEGuxgIKRpJnZk-dX3kQcUisrOdJ-bgQk6n5V-2GcEIPdMjrgG-nD02W6Ty1VK1gJ01jRHa83Fgp3BEuHfD0j0I3DrYErUjZzg
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:15 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=497
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame F6CC
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZIs9wmfzYpvegbKk6y3eUwAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
43 B
632 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARiC1bLlATAB&v=APEucNU8VlRBn37uw2fDmdM2a0U1QimjaPil80Jg_6K5SOrmrQ5nvcyKw1xA_ceUMblv_9vgY2XsOP64OLR0j4iqFHoofNU7Xh2B470UZ2ZEd3KSUmAhlg5b2aBdJc2JMEGuxgIKRpJnZk-dX3kQcUisrOdJ-bgQk6n5V-2GcEIPdMjrgG-nD02W6Ty1VK1gJ01jRHa83Fgp3BEuHfD0j0I3DrYErUjZzg
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:15 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=495
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHMKXwo8UDn3Tlpskeh5ja4&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame F6CC
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEHoBgXrReFgSZtK4404COQ8&google_cver=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEHoBgXrReFgSZtK4404COQ8&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARiC1bLlATAB&v=APEucNU8VlRBn37uw2fDmdM2a0U1QimjaPil80Jg_6K5SOrmrQ5nvcyKw1xA_ceUMblv_9vgY2XsOP64OLR0j4iqFHoofNU7Xh2B470UZ2ZEd3KSUmAhlg5b2aBdJc2JMEGuxgIKRpJnZk-dX3kQcUisrOdJ-bgQk6n5V-2GcEIPdMjrgG-nD02W6Ty1VK1gJ01jRHa83Fgp3BEuHfD0j0I3DrYErUjZzg
Protocol
HTTP/1.1
Server
185.89.210.141 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:15 GMT
AN-X-Request-Uuid
1a861222-0ad1-4ef2-8acd-8dc4d8a57dfc
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
image/gif
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
185.213.155.177; 185.213.155.177; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEHoBgXrReFgSZtK4404COQ8&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame F6CC
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY4MDIwMDM1OTMyNTM5OTQ0OQ%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY4MDIwMDM1OTMyNTM5OTQ0OQ%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPG8uQEQu-u9ARiC1bLlATAB&v=APEucNU8VlRBn37uw2fDmdM2a0U1QimjaPil80Jg_6K5SOrmrQ5nvcyKw1xA_ceUMblv_9vgY2XsOP64OLR0j4iqFHoofNU7Xh2B470UZ2ZEd3KSUmAhlg5b2aBdJc2JMEGuxgIKRpJnZk-dX3kQcUisrOdJ-bgQk6n5V-2GcEIPdMjrgG-nD02W6Ty1VK1gJ01jRHa83Fgp3BEuHfD0j0I3DrYErUjZzg
Protocol
H3
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Thu, 15 Jun 2023 16:35:15 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
185.213.155.177; 185.213.155.177; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
851f19bf-8a7d-4dcf-853d-95526d98d754
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDY4MDIwMDM1OTMyNTM5OTQ0OQ%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
dt
dt.adsafeprotected.com/ Frame B230 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1431402&asId=96b94ce7-a4b8-1036-3562-26144c501009&tv=%7Bc:fCPhse,pingTime:-3,time:198,type:v,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:20%7D,%7Br:r,w:300,h:250,t:189%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:198,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B193~0%5D,as:%5B185~0.0,8~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHgFKnw+11%7C12%7C13%7C14%7C15.1431402-70901275%7C151%7C152%7C153%7C16*.1431402-70901175%7C161%7C171%7C181%7C191%7C1a%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g1%7C1h1,idMap:16*,rmeas:1,rend:0,renddet:svg.us,siq:21%7D&br=c
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:6c5d:d5e1:5b59:447 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
nginx
x-server-name
dt25.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame B230 		43 B
217 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1431402&asId=96b94ce7-a4b8-1036-3562-26144c501009&tv=%7Bc:fCPhsf,pingTime:-6,time:199,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:199,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B194~0%5D,as:%5B185~0.0,9~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHgFKnw+11%7C12%7C13%7C14%7C15.1431402-70901275%7C151%7C152%7C153%7C16*.1431402-70901175%7C161%7C171%7C181%7C191%7C1a%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g1%7C1h1,idMap:16*,rmeas:1,rend:0,renddet:svg.us,siq:21%7D&tpiLookup=ao:www.metropoles.com*&br=c
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:6c5d:d5e1:5b59:447 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
nginx
x-server-name
dt03.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
conversion.js
www.googleadservices.com/pagead/ 		49 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion.js
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
1b170673eeef31a7e9881e2a93c4ab24c535fe0321feca405d22739de295f92a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18399
x-xss-protection
0
server
cafe
etag
5565525223662320794
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 15 Jun 2023 16:35:15 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 747D 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
468668
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 10 Jun 2023 06:24:07 GMT
expires
Sun, 09 Jun 2024 06:24:07 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
9a3f7f12-f8f3-4406-8b72-a91888383479__zCsqMAvR.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_212%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/IMAGE_UPSCALER/EIU/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_212%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/IMAGE_UPSCALER/EIU/9a3f7f12-f8f3-4406-8b72-a91888383479__zCsqMAvR.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4c04ff99189209514286a2e26df9220442e9fee858edb7942d6e8d0733e71b5b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Thu, 15 Jun 2023 16:35:15 GMT
via
1.1 varnish, 1.1 varnish
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_212%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/IMAGE_UPSCALER/EIU/9a3f7f12-f8f3-4406-8b72-a91888383479__zCsqMAvR.jpg
age
2060959
edge-cache-tag
442226109216355184168105121031994953189,309727233042263395173288000816347086757,29ecf9b93bbf306179626feeda1fab70
cache-tag
442226109216355184168105121031994953189,309727233042263395173288000816347086757,29ecf9b93bbf306179626feeda1fab70
status
200 OK
x-cache
MISS, MISS, MISS, HIT, HIT
x-envoy-upstream-service-time
424
req-referer
https://www.4players.de/
content-length
12180
x-request-id
64f3c6f21492554ba2d5d4f5ac4013ac
x-backend-name
LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
x-served-by
cache-iad-kjyo7100165-IAD, cache-iad-kiad7000148-IAD, cache-lax10652-LGB, cache-iad-kjyo7100135-IAD, cache-fra-eddf8230082-FRA
last-modified
Mon, 22 May 2023 19:26:36 GMT
server
nginx
x-timer
S1686846915.090758,VS0,VE0
etag
"9fadc74d771d39cd93449595ccb1de96"
x-ratelimit-remaining
100
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
0, 0, 0, 57, 49
6f53a38d25f0ea772db614fb941519e4.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_212%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 		30 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_212%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/6f53a38d25f0ea772db614fb941519e4.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ec2331a778dbfefbcad2b0545c6b23347b21054f036c96b376df8b52573dc124

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Thu, 15 Jun 2023 16:35:15 GMT
via
1.1 varnish, 1.1 varnish
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_212%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/6f53a38d25f0ea772db614fb941519e4.jpg
age
3236989
edge-cache-tag
379226829563982640636830187610323967922,309727233042263395173288000816347086757,29ecf9b93bbf306179626feeda1fab70
cache-tag
379226829563982640636830187610323967922,309727233042263395173288000816347086757,29ecf9b93bbf306179626feeda1fab70
status
200 OK
x-cache
HIT, MISS, HIT, HIT, HIT
x-envoy-upstream-service-time
172
req-referer
https://www.krone.at/
content-length
30910
x-request-id
ed6556386b549b965840e0fbe649b7b1
x-backend-name
LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
x-served-by
cache-iad-kjyo7100156-IAD, cache-iad-kiad7000113-IAD, cache-lax10624-LGB, cache-iad-kiad7000071-IAD, cache-fra-eddf8230082-FRA
last-modified
Sat, 22 Apr 2023 11:25:22 GMT
server
nginx
x-timer
S1686846915.091190,VS0,VE0
etag
"c3ce4d0aec7bde70f10c0ba049582309"
x-ratelimit-remaining
100
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1, 0, 1, 1697, 1539
0f9780008909d905ba620957d6941c40.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_212%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_212%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0f9780008909d905ba620957d6941c40.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
d3705aa1e7a1beda3b40c7fa22416fb0376a81f7bcb852a7eee31035cba22bfd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Thu, 15 Jun 2023 16:35:15 GMT
via
1.1 varnish, 1.1 varnish
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_212%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/0f9780008909d905ba620957d6941c40.png
age
3222579
edge-cache-tag
331208042925282676003572768795640513761,309727233042263395173288000816347086757,29ecf9b93bbf306179626feeda1fab70
cache-tag
331208042925282676003572768795640513761,309727233042263395173288000816347086757,29ecf9b93bbf306179626feeda1fab70
x-cache
HIT, HIT, HIT, HIT, HIT
x-envoy-upstream-service-time
65
expiration
expiry-date="Tue, 23 May 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer
https://www.aachener-zeitung.de/
content-length
8472
x-backend-name
CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
x-served-by
cache-iad-kiad7000108-IAD, cache-iad-kcgs7200147-IAD, cache-chi-kigq8000139-CHI, cache-iad-kcgs7200170-IAD, cache-fra-eddf8230082-FRA
last-modified
Sat, 22 Apr 2023 18:25:22 GMT
server
nginx
x-timer
S1686846915.091617,VS0,VE0
etag
"abffca5dae8564bd37d5bef13b5b58e7"
x-ratelimit-remaining
100
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1, 1, 1, 1986, 3
dda50b0081e682afd1788f5fcced0d13.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_212%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_212%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/dda50b0081e682afd1788f5fcced0d13.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0cfb37c0de7c749b11c6b79253f1ac0c3aa22a56d2319a8ca10fdd30d4e686f0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-vcl-time-ms
0
date
Thu, 15 Jun 2023 16:35:15 GMT
via
1.1 varnish, 1.1 varnish
x-debug
/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_212%2Cw_380%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/dda50b0081e682afd1788f5fcced0d13.png
age
1549598
edge-cache-tag
575412125607672003900554714023427765006,309727233042263395173288000816347086757,29ecf9b93bbf306179626feeda1fab70
cache-tag
575412125607672003900554714023427765006,309727233042263395173288000816347086757,29ecf9b93bbf306179626feeda1fab70
x-cache
HIT, HIT, MISS, HIT, HIT
x-envoy-upstream-service-time
70
expiration
expiry-date="Thu, 08 Jun 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer
https://www.t-online.de/
content-length
12758
x-backend-name
CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb803
x-served-by
cache-iad-kiad7000160-IAD, cache-iad-kiad7000074-IAD, cache-lga21963-LGA, cache-iad-kjyo7100078-IAD, cache-fra-eddf8230082-FRA
last-modified
Mon, 08 May 2023 14:13:05 GMT
server
nginx
x-timer
S1686846915.091951,VS0,VE0
etag
"4380d6daa046ba9502a7f03ada2336c1"
x-ratelimit-remaining
100
vary
ImageFormat
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-ratelimit-reset
1
x-ratelimit-limit
101
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
X-Requested-With
x-cache-hits
1, 1, 0, 134, 3
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame FA06 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
468668
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 10 Jun 2023 06:24:07 GMT
expires
Sun, 09 Jun 2024 06:24:07 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
dt
dt.adsafeprotected.com/ Frame E2DB 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1431402&asId=99468511-56ec-5d85-be60-f52d2985961a&tv=%7Bc:fCPhsu,pingTime:-3,time:152,type:v,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:29%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:152,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:29,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B147~0%5D,as:%5B147~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHgFKnw+11%7C12%7C13%7C14%7C15.1431402-70901275%7C151%7C152%7C153%7C154%7C16.1431402-70901175%7C161%7C162%7C163%7C171%7C172%7C181%7C19*.1431402-70901273%7C191%7C1a%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g1%7C1h1,idMap:19*,rmeas:1,rend:0,renddet:svg.us,siq:30%7D&br=c
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:6c5d:d5e1:5b59:447 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
nginx
x-server-name
dt26.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame E2DB 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1431402&asId=99468511-56ec-5d85-be60-f52d2985961a&tv=%7Bc:fCPhsv,pingTime:-6,time:153,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:153,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:29,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B148~0%5D,as:%5B148~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHgFKnw+11%7C12%7C13%7C14%7C15.1431402-70901275%7C151%7C152%7C153%7C154%7C16.1431402-70901175%7C161%7C162%7C163%7C171%7C172%7C181%7C19*.1431402-70901273%7C191%7C1a%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g1%7C1h1,idMap:19*,rmeas:1,rend:0,renddet:svg.us,siq:30%7D&tpiLookup=ao:www.metropoles.com*&br=c
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:6c5d:d5e1:5b59:447 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
nginx
x-server-name
dt18.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
lottie.min.js
cdnjs.cloudflare.com/ajax/libs/bodymovin/5.7.6/ Frame 9388 		256 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/bodymovin/5.7.6/lottie.min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/877621449291039494/CbV_MY24_DE_Generic_970x250/index.html?ev=01_250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c4db144321efbe62d33923077d356ee2fdc097848ebba3f1e1396027122b2d48
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
2061154
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
54976
last-modified
Sun, 17 Jan 2021 03:02:21 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"6003a8bd-3ffb4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ujyyg%2F4onkbj%2BqUGdXwJONxJoCDgKNeMrFHNMFMnsTqTzMuxCmfDHRwwfnqXktYd4TN266LaPBI28aQgny4P5eTWuPTf8FglieU5qyMuy8BX0AzStGZ4fXZCsglWUj4CCR9vrvnUrm620CYuzsUZ8mEt"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7d7c39a37d259b8f-FRA
expires
Tue, 04 Jun 2024 16:35:15 GMT
lottie.min.js
cdnjs.cloudflare.com/ajax/libs/bodymovin/5.7.6/ Frame 55A4 		256 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/bodymovin/5.7.6/lottie.min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9774328433567174441/CbV_EX90_DE_300x250/index.html?ev=01_250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c4db144321efbe62d33923077d356ee2fdc097848ebba3f1e1396027122b2d48
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
2061154
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
54976
last-modified
Sun, 17 Jan 2021 03:02:21 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"6003a8bd-3ffb4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pjzDwq1B5G3UwfoL6TH5JZf3ryV5xpakGCFM8CTuDHw3vY5gphKJIsYX6dIUsc4e7Fowfwk29K7rGxqRxAyE1lT7u4OXorcIZonB4h5rpXZz75v5Clua2xQVAgrLvuTSIU35LmjhCOmDMiy4x7D4Sj7E"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7d7c39a37d2c9b8f-FRA
expires
Tue, 04 Jun 2024 16:35:15 GMT
lottie.min.js
cdnjs.cloudflare.com/ajax/libs/bodymovin/5.7.6/ Frame 0B29 		256 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/bodymovin/5.7.6/lottie.min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9774328433567174441/CbV_EX90_DE_300x250/index.html?ev=01_250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c4db144321efbe62d33923077d356ee2fdc097848ebba3f1e1396027122b2d48
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
2061154
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
54976
last-modified
Sun, 17 Jan 2021 03:02:21 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"6003a8bd-3ffb4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YVUMPekLiubDUHkxwLw1OAHE8J14K%2FQTlvlb1STSlScPPxj%2BAE000Mjxg2q72KxwlO2Tj5VFnenO1jtIcNGYRrxjU77eG8Xii1dGrDfPt6%2BpT85K5txzKZ%2Fqq%2BYWW1FOoBipyrljZ1ptsKTTrGXxbAqa"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7d7c39a38d3a9b8f-FRA
expires
Tue, 04 Jun 2024 16:35:15 GMT
dt
dt.adsafeprotected.com/ Frame A085 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1431402&asId=c2d0b6e2-6e86-9160-8826-c76856bace0a&tv=%7Bc:fCPhsY,pingTime:-3,time:133,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:16%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:133,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:16,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B128~0%5D,as:%5B128~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHgFKnw+11%7C12%7C13%7C14%7C15.1431402-70901275%7C151%7C152%7C153%7C154%7C16.1431402-70901175%7C161%7C162%7C163%7C17*.1431402-70901175%7C171%7C172%7C181%7C19.1431402-70901273%7C191%7C192%7C1a%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g1%7C1h1,idMap:17*,rmeas:1,rend:0,renddet:DIV,siq:17%7D&br=c
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:6c5d:d5e1:5b59:447 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
nginx
x-server-name
dt19.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame A085 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1431402&asId=c2d0b6e2-6e86-9160-8826-c76856bace0a&tv=%7Bc:fCPhsZ,pingTime:-6,time:134,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:134,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:16,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B129~0%5D,as:%5B129~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHgFKnw+11%7C12%7C13%7C14%7C15.1431402-70901275%7C151%7C152%7C153%7C154%7C16.1431402-70901175%7C161%7C162%7C163%7C17*.1431402-70901175%7C171%7C172%7C181%7C19.1431402-70901273%7C191%7C192%7C1a%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g1%7C1h1,idMap:17*,rmeas:1,rend:0,renddet:DIV,siq:17%7D&tpiLookup=ao:www.metropoles.com*&br=c
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:6c5d:d5e1:5b59:447 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
nginx
x-server-name
dt06.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame 395B 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1431402&asId=e2bd2d95-91a4-35d4-cd95-594460564c44&tv=%7Bc:fCPht6,pingTime:-2,time:310,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:852,beZ:853,mfA:857,cmA:858,inA:859,inZ:862,prA:862,prZ:875,si:880,poA:881,poZ:899,cmZ:899,mfZ:899,loA:1069,loZ:1071,ltA:1163,ltZ:1163%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:970.250,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:26%7D,%7Br:r,w:970,h:250,t:210%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:311,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:26,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B304~0%5D,as:%5B203~0.0,101~970.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHgFKnw+11%7C12%7C13%7C14%7C15*.1431402-70901275%7C151%7C16.1431402-70901175%7C161%7C17.1431402-70901175%7C171%7C181%7C19.1431402-70901273%7C191%7C1a%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g1%7C1h1,idMap:15*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:svg.us,siq:27,sinceFw:282,readyFired:true%7D&br=c
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:6c5d:d5e1:5b59:447 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
nginx
x-server-name
dt04.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame E21C 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
468668
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 10 Jun 2023 06:24:07 GMT
expires
Sun, 09 Jun 2024 06:24:07 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame E2DB 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodarir&v=30&d=1&s=1&f=0.01&bgai=B8SSiwj2LZLyBGv279u8Pnruj4A0AAAAAOAHgBAI
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
index.html
s0.2mdn.net/sadbundle/8330602074580042046/CBV_MY24_Interactive_DE_300x600/ Frame AB59 		4 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/8330602074580042046/CBV_MY24_Interactive_DE_300x600/index.html?ev=01_250
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
170933
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
1429
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Tue, 13 Jun 2023 17:06:22 GMT
expires
Wed, 12 Jun 2024 17:06:22 GMT
last-modified
Thu, 20 Apr 2023 13:50:35 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame E2DB 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsue0oEHS_nT5f7gw2lD60TVIezfaTBkk8x3bbum5lgoNGwctKSZnEfLKZNnQXpJsRB5N6x3Uda2crPJSgH2RCWEkZyFRBQ6QDAehIEz4Mjpd7vJ1xucEE6IP0AIKpKCCaUhOmFbsGrGJSFV2oKNZDbRgYl3a6-V8ps4MpPi2hZKGF4XrtmeGQP27Sia5f7CWNq4MIG9z9f2AozwthPp0VHmmxPVKjk_--6Yn0BbiaNE46tJQeZct6he3OI0tsQjUJm5EB5YHKPVgPU0TWC5tDHd_uYG8LP-Rd7YHZ5MguorxZycmriy5834JIbodJQUtxYupyFAknosyhhO5Ah3b7On8wDJthtaN0ftpR37YXS-H_Bfgnkxsrz8nC5vjJLTTkY2Ir6CLdIRkywR_MUc62zsHGxh0lwYxBQbu2cjw2cslVIi8rKN_IBaHOWVThnnXoxamPnqfNBYHdUj73iSysXsvEu6x86hm5UKMCuIN_b5sBHn4ta7DKSASzPxTenOQPAWgtpqTlTEXqiRJx8kAyjEvMVtbUO3V6s_qOeTOAjSINExR9YYRn-XgMNNhhT4460ZHwpa0P60EdeIJo9yOWrOZ8J3J6DHNdzKiTM1v3PEa4t85uLeBKcGo9-jYNX4MDb3SRHDolGg7hqoWzmfmMwHvVJSa7ySrPbDJPqAlCk2BlQQ9foSP420IPX987C61ztc7Dosd27OGR0yzK8v3eZZrBZ8BnZZWLY1xOouUSRYMnRTL9cEj51vo5Jq3Ta4IzUSEGAbhE6It-7CfpBf5s1plbIMslvTB0NXG4GIS6MXs1JjRwh-R4p2rJXbCaKJRrdjhS15lCwoiCa387FdxgYqIL3Fat813MZ8c-oEeZc75orNGvgZfo4A6bPYhRVZt9W6JvWzJ_0vusROG_UtZTGKlv1jEGzf6UwWBRN9qYX5dzta9u031RDMAG0jfOVJcjZUqduN0M845R2THf0lbOoo4pHE9_R4yq3E-Yo5NDQ-6f8JOVYjZ3ViJ0jBKs7Krxs5jNUzGDTUuK6atHuZ--I_OD7cIPdmpT_cffOwiIrzpD3iiJ-4Z2R63j3xutMSOsohGC7sNMXE3DWQtjK7Y5udqW_9ZDytV9jEYsrTJZswGoIv_fKruPDePiw5XFGOiHWf-RwN8YPgW0pbxSmaczuCATJ4xA-WFDIMXdmFlX1Wtdd7h6HOpi-4iOKQeQuigu9WkNUIuiKLWxHC_gx9g1jrvCT7SukHS8bDM9VdmM63kncDknRQ5uH2LSkSpAeTvBz5eLKsIpo9FohMVWJajwe-gTzl9vUzPw&sai=AMfl-YRueEY8f1web2UzJYmHiwR5ar0WGc5vQ6jJ7kXcsQyLCZIOx9uqKYZY5EJ8F9O-2bFxOPKutuVS3O5HKysBf5dpJkfnVCZokSlKPRuy6_9mvwnnCNS2wsfembGcNPN0UaL219ZNLrHEPki5qUAlKQ4nxjFG3yXX1LjqSzkHdhQg1psco_PBhLwiML8i-liENWIj73KYIU5KbVkMqsVXCdRhv5LH4SgsYeNW988zOUhttPvEQBzkionErF_ccbQ4WnoglxJ8A9wX-z4NkRDOhoJ5zmXwyGmfhDWI&sig=Cg0ArKJSzAb2yxlm38GZEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=491&cbvp=1&cstd=489&cisv=r20230613.28082&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Thu, 15 Jun 2023 16:35:15 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
cache-control
private
access-control-allow-credentials
true
timing-allow-origin
*
expires
Thu, 15 Jun 2023 16:35:15 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame EBF4 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8225011881339&version=m202301230201
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame EBF4 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8225011881339&version=m202301230201&ct=77&x=1&cor=17563541338858340000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame EBF4 		28 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ADSGxMo_iXVgL1SBZjnvGq_LJt3CKSCecirhF9i6pYaostnike44CC4SKdsAFNciCv8Vuee9zXnsKaBzpkcPq6-gdb_t3jKzKHEfe7UBXm6Y8iUCmpIcAAAJ4DyBmjIiyr96y5eW8rVtNWsu05ryw-dhFKxQW-XcqPjcqzvi9dGCwEHGc&cry=1&dbm_d=AKAmf-AZMDU49Fl0mnR6t8Q_KL-r1sEEcgFBizdYk32JksyCmHJv785pqyIOylByjiXmC_wvTYDSQOKKalUmOQ3mwc6XJnaARAkpF0vs35bQpRr5AMsHoelNI3-52Uek5wkTJfu8BUj2pMKK8OgIPqHnhhTfMHoAlarj67J4WDUE6zQzMUWqZW65NO8k_5j6GobubmIaAnuxJz9q530nBgkwmf5z2NZGrq701BFtIGitUMZ3_srRYWudw5rHL_RbWu7X2PN_T37k65sZozoqSJDr2YOdKTxk2FQO3BwAweZ8vixk2whuwt_ON24K8fx0rcyRDKqPiFrNVB7WO0XDI0gxHJAsiC4r6lqTFX6-HkZ2MFm8ueJemj6HTd6nwaXi4WrlB88wT5E3MZbVwpFkSpqLkDVlOP3GlxA286uf2EgLtRC4Fk5FRhqTx-eC7FxVzQARz926NVcoOtZOC3KVR6FUevVIMBV-_oRlDd6lzUN-Cai7RQzlw4VzztWHx4d6iwKcRLSRzTJsaz13ukvlMI-7uw1VKmrOGEPKShrDL_XROlCGEcwiO97BKCHca6Npp2FtkjDjH0Wro8B5qYucdqZN60R-L1ztA2LvufahhPqqee2FdBRJ43kWs9SjyHRAlAqBr68CDMZFo6R8sXZV-vgG1DI_lsAVQI8WHHJgYJu44q4Fz-rFH2XgMsSY4eRnMvB82dgnP_icjFeKkPMCIKAhZxSSl7S2zK3bCt4_iIBWM23lJUnA_pxMntbGAUiAOGmS6Z-euUIi29X2cib3vlV8wTMH5VOEs6miu5f_DNFAgj1slSnZgi5_uw7h7Afr0o3H8nYzvGyf93-faQ2CKZXraqRF6bP7DMm8GrkiFH9owHIT0V4IsXRoA6joN6USUVHSrtYml_gY9z2QH-3t8GStikkY_WZ7hnk195WnfJe0Ai-mcV8impRuo2365mhLuSXMVw6-QPaCAVOST40zMF9kSOE7IWZLfQZpIr9PM0e6KTFYVQf8uuNh1Hf5ETOg3G-FBo7N2sBwSl3LGHWP5wucHbxVs83kYE3Z5Qc8pPHzACOCajPFQZKhTsnEdDIwkAHqWY3ZLB-rzzVet9CTaKNP422TKC-8OkOcUBctf7KNGFnmj2uadGHsO1O6SM6AOSwM1Eo7_cFlIJ9UY4Mb0SmFJUort_mKuW4sa8z06yXAhZJWbbRXu1rMwjYTeQv_QK8LSxoep16DqkBGbZrur9FQWfgkQNd0DPfClpvPZAqRGsrnnYd9Xm_-htaWh-kjxNr_4bHv-Mu9yayAp2EZCYW7_V-lGeLfyai2Pu05kVQwaEMHlnXeqggppIeSiDPQxNGaTbv--PluInZ7zBu6lm2Ssh2-3BBdsiJXnanJ0SN5CPQ4w5JBMs-yyVwXLeQUCHVwQltE6ttOmTgv5o91U8Gd6NEVEwLB7mFm1lEyjcptx0n9eAZ8N9IoFUSjFDNLHhTaUkGsXc0Lkxq7dY0IEgCcs0FXf7Y5wBelOnFG3e1-fZ8pb6VPjDCC0WjgfH7bQqFGmWZWfDZV5zwL0-5wxZj5bv6Lof9RnkvYx9q8xP2Vrf5wVXwamzaEQT1LA-ZMpp9wZMPWj7cBWqlG3f0z7RsVaXxGCZElqMP5mY8bU34-Dm3K6HFwXdCPgktVWfhLq2D93lj7jlZKgQwMrxLCtM2CyUDaM1jZxa_hxmp9Hczi4PMLZfS8ArRVgC_mYHxEOtwCzLCkNueFGMLRr7ZqA4Tf09C6MXod1piyl_P-slyF_wLEiXIpIOsQdDizgz_sIMAbU_EIXycajlIBvf8xT8TTTdbth6wf3ccoht61UI16ys5UU8-hd99RJFayyZUE5X9U1GYJAXYfZKMbLhoQaj4jR98M_VhcTXfMaDNn2TU6E8PLxWGwf5YPcs499KzBdiaDWBJI8zehC-F2uSqV38YcngFakJS9U3cqD95u0o8cjaNvTptJX4_pz0w20dhqH5syWUJwx0hsbbXKNPpKcE_15AwFt70-v1ABPc0U1dI7qrKHnD5VrWFPvPl2Yn_GBq4jBF0UYv96-2r1Y7eoGCyF-JPCSaeb_-3eADVW5voKQ5wFwfWqjWTPwOx-Kd-MvIBKJR6ITUWQhz7su5ZmQPK5FMZXTAkPAnevBJCuIAxk50myuPqwBi-NTco8KEEIbRx9cX0cFNZy-ad1udVhhuHqZbW3vOGniyqG636nlDLYn4FkLx21r0auVyi3IMhKTDcuUQBLWo03KLDGM4V0Ghs4rhp_7S8Q1EcV_vkD78xpmYDqlngKTEByLJe5KxoJj7v-XSeZ8Xk8u_nCbv_F6P0E1EwAnU6pqDu7Au1sa6FnQAi6RSi-b9acy0CilnxwWfvUtiuTXQVTh_UckVfjEVNupc49D8H4EIRPakJS8R3m68Iv6SS6HxUyKlbg1OgLEOR9pY8MD_HLKCoRuvi2v8EiEIXHTBiVg81SNRoar6-3j4Q5aQZzPro5m7IoDoqlBFHTzRQTCl4K6oV7p7aUcqJ-xvMZdHsvclXVAlGEQPBCjF6AdtjpgIwx534ePPDYQgQ5aB0NIdtvySwPykyOu0l4lXOKED4BPFYe3mKV1C9KtL-SgbphXfhrZjFJr3RjMg1sHqtvIc246SaSqOogzlIaqzSZyut60o585MDv5EOeORkxE3wtC3fx7wADeeP7aDVbWaxzLmyQZzdgReplMMozwZX3E3MckFecILVqyJEROgpuLTRuH1QeBs4h7j8Xi-MXqKfGBcymkOLlQh3YHRlXJlEBTagb6OXNwPv0SN6Joku5usIuWuB3rKByG_qkpy3ezLkpei6SJGPh_HOF_qbmpQ3ihUo9bw8rtGQ_Bxu_UJ7BIwjPlqzCEKaQwCNQN_XmCJgn9_ZuLTroxgI5Q2PtULXYxdaUVD8isxY8bYCf58-OMkfuGrOcAhfHUYP90305-iIJGzTL_gYjJ4_sggxtrd9rOxGb6CJe2JTIF0NqkM1Cj-ds9sAoDJ4we4qBgSK25UaHGd_p5Z7nBZPL0eXrxujQ7bVN0yk5FXnFlxb50TvsIYU0OI2VN1xujIxVHsiNHxhPvdYykdjgiVBnGYSd2yBnWSzDC9_Pp3L-N8VsLla9Gg-R___UFFwwbzbqZ4caJnR5GAfIkm8PbLUZY8u_Sh-VVBzfDqwPX3MN0YvD8A7dxXn87r8vRwjord6Pga184gspGvUhq3AQyO85iqVOx9wtFfwqWLTpjvj-_K7Ab2VUmZbryCxL21ZCNA6l6Wdq2tifMLWsD3-5SYFUWPtXKMZmUZp4ZRgv1DRFSjQoD7MguEfzlo2irQxHT1V4616jH5cLKpOSs-U1w77uAH-it1FAJ5DO5SHKphyxqDrySJpagieSmn_9kbS3HA2LBojfM6KLRKyiYhHttGnoBt4_6iji-dMUuLIHUBNBN2T7LiBzlv6JWslAJh9tlktr3UYmaKmWm9qzlE0W0p2AAeMUFt2AtSX9rvRNhQ5Wm6l2l9KvQ-uvWb1Zjs36IuMpIrzk7Fzil5-O4d0Q0n92Nj0H1XKs8CfmCDnw1NBbX4T4HfIQ2O3ZCvA&cid=CAQSPABygQiDOitSGR7Q1DWnSPJ23cMlMcRCkjX2sSDAc1OZbV52PW38ilSj4qC24J3kHDnhrjAaIjhaVRgJUxgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.metropoles.com%2F&ds=l&xdt=1&iif=1&cor=17563541338858340000&adk=2004672170&idt=100&cac=0&dtd=23
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1984bcade00682d4adbc37692b809df958e92540ad5ada633edb488304e3a8c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17025
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dt
dt.adsafeprotected.com/ Frame B230 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1431402&asId=96b94ce7-a4b8-1036-3562-26144c501009&tv=%7Bc:fCPhtE,pingTime:-2,time:286,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:900,beZ:901,mfA:902,cmA:903,inA:904,inZ:907,prA:907,prZ:916,si:920,poA:921,poZ:939,cmZ:939,mfZ:939,loA:1099,loZ:1101,ltA:1186,ltZ:1186%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:300.250,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:20%7D,%7Br:r,w:300,h:250,t:189%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:286,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B281~0%5D,as:%5B185~0.0,96~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHgFKnw+11%7C12%7C13%7C14%7C15.1431402-70901275%7C151%7C152%7C153%7C16*.1431402-70901175%7C161%7C17.1431402-70901175%7C171%7C181%7C19.1431402-70901273%7C191%7C1a%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g1%7C1h1,idMap:16*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:svg.us,siq:21,sinceFw:264,readyFired:true%7D&br=c
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:6c5d:d5e1:5b59:447 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
nginx
x-server-name
dt24.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
gen_204
pagead2.googlesyndication.com/pagead/ Frame 644D 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9196131685966&version=m202301230201
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 644D 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9196131685966&version=m202301230201&ct=76&x=1&cor=17556787969673150000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame 644D 		87 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CIixutTsBTBHMd2qrnTLo8UirOzZeWAqms_Icii_Ui1SO4yph9-bPn4WNus185GoByLgRzKW8prI961UX5oetiSARBDJD6bwpd9TQwLTsdmb5zLh880f6RlW1a3FZthrt5D0mJsKT4SCpk52WXqGHP7qUN0xOVmFNsmHRnIJmJ7NvXxiI&dbm_d=AKAmf-CDOYvO9B8hC1wjZbV-FWEtH8uhRoNbMGM4oGXFa77SNK4KYJBsWQ8pEweclcV0qsJSERswmHdRKzahUSxgbpuzmcxhK9XaY_9npBH2cpsSIwjDIBoJe7heN6vWDdEBWFZmeav8POoxXtmHb8zPHofWzIGvHPI-6HMtbEzeXPoqjAcNbVOuo4MhfZ-XXO92BA8iFKUIPZobncnEOgXeSs0exfccgXLer-APgB-AFCloi-bUOyvyOi-nECD7iJcYNozq3JD_YGTSXD8yG47LEOEJrfAT9m_TLl30sjN5uAIzFAPra65pE4o7WokXf3cy5RNXzi8TOJdats86Jloa6lAOiySyPRCMN9N_DzuCRzw9pccavXduyDrWwnnfHZmVAL0JB1BEY817FQoKrdNqRZGryXd91rHFwmfEbZa6yQPb4qhS2ZRYHU_oXSNcCTvgT6SdPpkdlAD8k7TbNx6eoSocSuHsiqpQXxXbl6DjbPhq0qd6-Qql9w_gNY5-7r1CjBPI0NZmvHY5AC9qYoeco1wJ9i-cVk7MQVNJYkT5PGXvPzX_0FiMv9u7zw2n1FauTJfrc_JQc9Ip2xAdjRx--0KhJ_A2XL2WQTvxoOLUbXY9fjACGNLLn2N6ZqHyq2px9P5ZV-6C27tZGuQgLSTVQfiVDfHXzs3-rugjY-0B7oKs3JNO2JxINXUbzntReCwFisf9hzygDboHXOqqyS0qCvv35tiwfpYAPoUPTn-3G-06DVsmuJzabVNx5Dhoqcc66A7N8Qa23Tb3G3QLNzyCWgeX7FvTEryIz-rFe8HrzVvi1udL4X6LyUJZlQHTYkalubXPJRq8otJsyDbUUGHq_6R8rjHlYlhKqyb7kHYxv2dajMsHxzBYG92IY8eCg419M4YfZSnhAHxWzUTW7yeA5HnDGr03z54nqtQLidhitWVkCpRq_2KrLKEOI2kmUkAx6JhQz0i8YN4ghDTaHJf-SoItGyvU-nFF2WOg07cGQSWcZ94xH5RP-2e0QzK1S_y89Z_d-2Z3O6noaf_mlY6CLJCswyFcZ6QOvSBOYHqlH5UEg9U-ypfVWReMee1AFObOOgK5yy5KaHr7EnOy_1dXVEVVjipCIdJaVvHr39geL9aeYwPtyZr47EdOwMafB2BMB8smucNVo0s4OtAfCnqeoGGcNSpvpgb19MQg6gLfo8udpWG8rSMDVJs_i93lKodXudHkcP4TE_-u4LgRGtRbQskcN-pK9RNFc8ph6rUo_Vv4OzlqgvzlJnMEJzVB7TzAjc-ylLKUC6xCQJFhka72oLpD0ksDlh7WmTBCfnQacS41wbjW63zbSz2ZjjZwRKdAmRxioYaNYIioUAFgefIZFebLkFMlFxnzP_BR8_yXxYmT3YSiYPhHGs0-gRi8Gh-fEM03ZvVL1eyGEBipfK2wTSRR0NJ-JgX8c8u9Y0IzokCiYAxlHynksV1h1qQMKO83_czlqqxNUmfNQTVUHmvQskP2gwmTewemBLD6rBcmqhroN_zKEaBOUqcwslcK1gP_oASoMmGTtA6Vl4Re6O8HCmOr7Bz1gg3RLLnYtkAuwxC-gpvhVFxyYYgTdrRZPq-hjUmDwkrJYvY11H34fhnPnawp-GRUUJWdn4ZQgQIQ9AbFlDeixNxk9Yt69WE0m8jErmhA4npDcnFC8Mdz_QYL3IkK_HMiuLFB49BVtDLeyApd5wOMoQgBa-2iD_XqtRuHtC9-rw4yORdKc7IlodcMH8ClToRHZZLR3QNTH_mk3lj-fWzXXDjuqA9INKfLWYnGFPYMORapVIsE9COdIAqPahJ_7h21cNu4TydvABSUExijwZR4KwV2ovoKb0kqxTNM36E_QD1eks4wF7HXGkK8SXkyRNM5VyOM0VHqxPgMM1vHDOEdO7qYP9J3fsJ20Pd5ulVC19yXeScUUiMswXqODLgUeVc32fI4p21_4QDLBDZJ7yLJ87jREbtBCIPt6lWqGLHgmtsXvwb2du4sOi0Fbs4vTTJ2XKoYzLu3piaBI1egh1hkwPxaJkyTsBPj1jLc-qZSVCCsOtgzPBwJEa5vl6RJMq28VGhSCSQKAuSkuXrlRoAT7zTUHCdrwB3KV1FZmyeF5WVQNR4Rc7ctzcVHPDTOoC1-trTiSJfPj2Aqw1EvbBZpsVjq0375FdxQRjt_OzwJRTz0rUCWBQ2yt0shHukJKqHQI1JHY_1n5pFpLILsQat5j0Hs-vWn9ohlFtzBXtcemEigK90diSDycXAsYcEJtqDt_49Y20kP8fLf4Y7nTCT7AxyegfljdvzhHKk4s7fzjqQE7m6_T7LlZdxKhRnrsp-jcBx8xUueS9fhqYrAkU157FXXHKGPH1hwlKxOfXDi1SgP08U3P3uNN1D8-7Wq_uBhoEOMb8yGR8d3is5bZ1GVA8k6NnhmIPVeePrw0gj9R__cuOUnuxZ55sqaEWdMgcRHSPnptf8LrUh5BCwfSndTN0xaIpnnagRsKgouhMIiLDSN7UrmbLs4-IuJNPwjPUEMJqw0Qy3TC16SnEf_4dpCH4xVzFNkpzLJZOB9BWH0iup0mFQNQGcKWsiqPprs2PKaEiwJ_8S767oHTjc2Erf0ysvMXTAvmyv66Xp5Eh6gDDCms3Oiah5rc7UnSYsQRm9rxKKV2ag7qI1KCmCYDIbFTc_ZH3ZORaCan5a2N0cFD5YkcWRvVFGwo9PbNexihgWtfV_EFGG4tUTje6B279CAWauCWdfmXImFrd3hqpU8dqtbFfAmsuffr5lNk7hqKlb3tyaUcDnLglE8ijMcAoM2DU181xNtRT9ePIv0fUuutMlUUTXEEbH9KR9MseMSxAjZNQeDnCmnt0f6hmr-KlKnNFhHBbMiDbtaxuC1OyOVZ_qu-HasXsDXuW8A9HbczpFP0q1ZTBbu8WsSkY0GTWbPrcQd3FYNcEiMM5sa4pMQ22i1RfqaONGWv8HxV9cG-yExUt325Lruy4eQHePJxXrKzLFhWqZp27fO-Dq5rEljedz8QUlOU7bh_XxC2y-Q8abE4SDyvOtsrNoh2UHgFJp5QYTLqI3xHPttQgdw-W6Y0l9wHDNEkeHq2pUlIGfVCmgEaOKwBT6jWhHFciGOJcsj_kEpY_F-_Rtqsao2N8qpLsAgpYO9t9pjFQ8nQI4qGOZ69VhjHm69uUCC1FkiWaqY2C7zsFfOLbcKhUsMz3IfGe9iBDQbibmRpoEsu4VFuWmZliRTOZosVTz5jfIfptUMx1rGkKQ6PIKgbZgyoKDgjYmfhO7kbiaf3QwC4HSltsuHgQnO5_8TpuyMFCvU6XLwJSG8WibgzbTSevrtFVGlxb7kzFHJL8elRbFj0PAKi5OXVb9E8i6nkTvbXgZcUGcs7RM-ztaKqEIy4rQpuvjmTeHGZPvsvqMPeiDU_dAoSKgPehAv2kH2PV0o5cki5IWjhmiQPiq6opicKFim2I5iNbmtnsR3jq3PoglozngxUcIz5iUOwsS6WB-A8rrC12k3KE1uZYQAZNzvuIeiT7OiVTwhrhgpoNWrmfUiXAfODfWw73WGDgnsDR-Kylnfnjqwt258pfP3ZKbbCRK8y4bzGuDiGKy_cFLHgHRv9O5Z5GIeJaWm2IDyUU9nvBrJ-QVZpfoL4ZxBwoY0DgJn6qzKAg2A-idsqv0bRf_KRcXnM2I730cHVxWNLKNBI8cre7pQtHaTiO8s9uVKLBJTP-YXd_KtZPmWS1bremZuWrtei49Uz3IKTu2KuYBB4qlY9P9IRQLStnN7kqV1gTaEcepy55rkKE7YjvE0z4XD2FCH5ZGJdZKyPnUSKLFRxBpThIsDZbe5xNyZzMCaxN__ZA0uFwcx&cid=CAQSPABygQiDOitSGR7Q1DWnSPJ23cMlMcRCkjX2sSDAc1OZbV52PW38ilSj4qC24J3kHDnhrjAaIjhaVRgJUxgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.metropoles.com%2F&ds=l&xdt=1&iif=1&cor=17556787969673150000&adk=792902355&idt=166&cac=0&dtd=2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7b0b17c69b5da0e471caea0cb2aac11a0d13cc55d219cd3538b40119b209de75
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
36888
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dt
dt.adsafeprotected.com/ Frame E2DB 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1431402&asId=99468511-56ec-5d85-be60-f52d2985961a&tv=%7Bc:fCPhtM,pingTime:-2,time:232,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:942,beZ:943,mfA:945,cmA:946,inA:946,inZ:949,prA:949,prZ:968,si:972,poA:973,poZ:991,cmZ:991,mfZ:991,loA:1095,loZ:1098,ltA:1175,ltZ:1175%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:100.100,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:29%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:232,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:29,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B227~0%5D,as:%5B227~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHgFKnw+11%7C12%7C13%7C14%7C15.1431402-70901275%7C151%7C152%7C153%7C154%7C16.1431402-70901175%7C161%7C162%7C163%7C17.1431402-70901175%7C171%7C172%7C181%7C19*.1431402-70901273%7C191%7C1a%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g1%7C1h1,idMap:19*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:svg.us,siq:30,sinceFw:202,readyFired:true%7D&br=c
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:6c5d:d5e1:5b59:447 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
nginx
x-server-name
dt23.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
st
imprammp.taboola.com/ Frame 920B 		798 B
560 B 		Document
General
Check archive.org
Download Go to
Full URL
https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66370435&crid=5669305&dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&cmcv=&pix=undefined&cb=1686846915175&uv=3288&tms=1686846915175&abt=esv_vA!nonrv_vA!pl134314-482_vB!tbt_unit!ufm_vD&ru=https://us-central1-decisive-plasma-381522.cloudfunctions.net/&ft=0&su=3&unm=FEED_MANAGER&aure=false&agl=1&cirid=3e127f55-d02b-4eb1-9ad9-7cea141ae321&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Requested by
Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/4.0.2/UnitFeedManagerDesktop.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
34ddac822ac78109b5ec8bbff025dac602324d35a40f274ff0cc39a8455a9e60

Request headers

Referer
https://www.metropoles.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
content-encoding
gzip
content-type
text/html;charset=ISO-8859-1
date
Thu, 15 Jun 2023 16:35:15 GMT
server
nginx
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-fra-eddf8230082-FRA
x-timer
S1686846915.180607,VS0,VE10
st
am-vid-events.taboola.com/ 		0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://am-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66370435&crid=5669305&dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&cmcv=&pix=31589837&cb=1686846915175&uv=3288&tms=1686846915175&abt=esv_vA!nonrv_vA!pl134314-482_vB!tbt_unit!ufm_vD&ru=https://us-central1-decisive-plasma-381522.cloudfunctions.net/&ft=0&su=3&unm=FEED_MANAGER&debug=pn:!sqg:!torgn:1686846909727.1!ts:1686846915175&mntl=1
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
content-length
0
server
nginx
dt
dt.adsafeprotected.com/ Frame A085 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1431402&asId=c2d0b6e2-6e86-9160-8826-c76856bace0a&tv=%7Bc:fCPhu2,pingTime:-2,time:199,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:1004,beZ:1005,mfA:1007,cmA:1008,inA:1008,inZ:1011,prA:1011,prZ:1016,si:1021,poA:1022,poZ:1040,cmZ:1040,mfZ:1040,loA:1138,loZ:1140,ltA:1203,ltZ:1203%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:300.250,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:16%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:199,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:16,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B194~0%5D,as:%5B194~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tHgFKnw+11%7C12%7C13%7C14%7C15.1431402-70901275%7C151%7C152%7C153%7C154%7C16.1431402-70901175%7C161%7C162%7C163%7C17*.1431402-70901175%7C171%7C172%7C181%7C19.1431402-70901273%7C191%7C192%7C1a%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g1%7C1h1,idMap:17*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:DIV,siq:17,sinceFw:180,readyFired:true%7D&br=c
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:6c5d:d5e1:5b59:447 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
nginx
x-server-name
dt05.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
gsap_3.5.1_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame AB59 		0
0
style.css
s0.2mdn.net/sadbundle/8330602074580042046/CBV_MY24_Interactive_DE_300x600/ Frame AB59 		0
0
banner.js
s0.2mdn.net/sadbundle/8330602074580042046/CBV_MY24_Interactive_DE_300x600/ Frame AB59 		0
0
sync
am-match.taboola.com/ Frame 67C5 		798 B
893 B 		Document
General
Check archive.org
Download Go to
Full URL
https://am-match.taboola.com/sync?dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&excid=22&docw=0&cijs=1&nlb=true
Requested by
Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/4.0.2/UnitFeedManagerDesktop.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
20f92c263fd11bec93189841cd8edd219a5724dfcca780ab1e6a8565520c9c4a

Request headers

Referer
https://www.metropoles.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-type
text/html;charset=ISO-8859-1
date
Thu, 15 Jun 2023 16:35:15 GMT
machineid
3408
server
nginx
bulk
trc.taboola.com/metropolesdf/log/3/ 		0
284 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://trc.taboola.com/metropolesdf/log/3/bulk?tvi2=-2&route=AM%3AAM%3AV&lti=em-in-body-26_var&bulkSize=12
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.metropoles.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

x-vcl-time-ms
14
date
Thu, 15 Jun 2023 16:35:15 GMT
via
1.1 varnish
x-fastly-to-nlb-rtt
7536
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
x-service-version
v2
x-served-by
cache-fra-eddf8230082-FRA
pragma
no-cache
server
nginx
x-timer
S1686846915.242894,VS0,VE14
content-type
image/gif
access-control-allow-origin
https://www.metropoles.com
cache-control
no-cache
access-control-allow-credentials
true
accept-ranges
bytes
x-cache-hits
0
ws-ad.js
wfpscripts.webspectator.com/ Frame B51A 		21 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wfpscripts.webspectator.com/ws-ad.js
Requested by
Host: webservices.webspectator.com
URL: https://webservices.webspectator.com/adunitMapping?appId=2779&eaup=/21715141650,123935210/metropoles.com/desktop_under&eolid=null&eci=null&ct=%7B%22dk_refresh%22%3A%5B%22true%22%5D%2C%22index%22%3A%5B%221%22%5D%2C%22hostname%22%3A%5B%22www%22%2C%22metropoles%22%2C%22com%22%2C%22www.metropoles.com%22%5D%2C%22pathname%22%3A%5B%220%3Adistrito-federal%22%2C%221%3Ana-mira%22%2C%222%3Ahacker-ostentacao-deu-golpe-de-r-15-mi%22%2C%22%2Fdistrito-federal%2Fna-mira%2Fhacker-ostenta%22%5D%2C%22placement_name%22%3A%5B%22under%22%5D%2C%22keyword%22%3A%5B%22distrito%22%2C%22federal%22%2C%22mira%22%2C%22hacker%22%2C%22ostentacao%22%2C%22deu%22%2C%22golpe%22%2C%22atacadista%22%2C%22torrou%22%2C%22dinheiro%22%2C%22dubai%22%5D%2C%22secom%22%3A%5B%221%22%5D%2C%22tier%22%3A%5B%221%22%5D%2C%22bl%22%3A%5B%22secom%22%5D%2C%22amznbid%22%3A%5B%222%22%5D%2C%22amznp%22%3A%5B%222%22%5D%2C%22hb_adomain%22%3A%5B%5D%2C%22hb_format%22%3A%5B%22banner%22%5D%2C%22hb_source%22%3A%5B%5D%2C%22hb_size%22%3A%5B%22970x90%22%5D%2C%22hb_pb%22%3A%5B%220.00%22%5D%2C%22hb_adid%22%3A%5B%2225399c5fdf2bd89%22%5D%2C%22hb_bidder%22%3A%5B%22rubicon%22%5D%2C%22requested%22%3A%5B%22true%22%5D%7D&w=728&h=90&wsRotSlot=&isda=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.252.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-1-252-251.compute-1.amazonaws.com
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
9d02c3facc410ee6a9dceade80ce0bc710f6037df881453124d3f5c83a6241b5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
content-encoding
gzip
last-modified
Tue, 12 Feb 2019 15:34:42 GMT
server
nginx/1.10.3 (Ubuntu)
etag
"5134affc2f01c20ef17e399c5c7cbfbd"
x-cache-status
HIT
content-type
application/javascript
cache-control
max-age=300
content-length
8492
generic
match.adsrvr.org/track/cmf/ Frame 920B 		70 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
Requested by
Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66370435&crid=5669305&dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&cmcv=&pix=undefined&cb=1686846915175&uv=3288&tms=1686846915175&abt=esv_vA!nonrv_vA!pl134314-482_vB!tbt_unit!ufm_vD&ru=https://us-central1-decisive-plasma-381522.cloudfunctions.net/&ft=0&su=3&unm=FEED_MANAGER&aure=false&agl=1&cirid=3e127f55-d02b-4eb1-9ad9-7cea141ae321&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imprammp.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
/
sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/ Frame 920B
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/taboola/1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341?gdpr=1&us_privacy=1---
  • https://sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/?taboola_hm=y-DRBsniRE2oSDK_CkBz47SDb3kwucMn4KlebJXg--~A
0
99 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/?taboola_hm=y-DRBsniRE2oSDK_CkBz47SDb3kwucMn4KlebJXg--~A
Requested by
Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66370435&crid=5669305&dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&cmcv=&pix=undefined&cb=1686846915175&uv=3288&tms=1686846915175&abt=esv_vA!nonrv_vA!pl134314-482_vB!tbt_unit!ufm_vD&ru=https://us-central1-decisive-plasma-381522.cloudfunctions.net/&ft=0&su=3&unm=FEED_MANAGER&aure=false&agl=1&cirid=3e127f55-d02b-4eb1-9ad9-7cea141ae321&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Protocol
H2
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imprammp.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
13590

Redirect headers

date
Thu, 15 Jun 2023 16:35:15 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
location
https://sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/?taboola_hm=y-DRBsniRE2oSDK_CkBz47SDb3kwucMn4KlebJXg--~A
content-length
0
sync
x.bidswitch.net/ Frame 920B 		43 B
146 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
Requested by
Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66370435&crid=5669305&dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&cmcv=&pix=undefined&cb=1686846915175&uv=3288&tms=1686846915175&abt=esv_vA!nonrv_vA!pl134314-482_vB!tbt_unit!ufm_vD&ru=https://us-central1-decisive-plasma-381522.cloudfunctions.net/&ft=0&su=3&unm=FEED_MANAGER&aure=false&agl=1&cirid=3e127f55-d02b-4eb1-9ad9-7cea141ae321&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.120.73.159 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-120-73-159.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imprammp.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif
sync
ups.analytics.yahoo.com/ups/58785/ Frame 920B 		0
126 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/58785/sync?redir=true&gdpr=1&us_privacy=1---
Requested by
Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66370435&crid=5669305&dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&cmcv=&pix=undefined&cb=1686846915175&uv=3288&tms=1686846915175&abt=esv_vA!nonrv_vA!pl134314-482_vB!tbt_unit!ufm_vD&ru=https://us-central1-decisive-plasma-381522.cloudfunctions.net/&ft=0&su=3&unm=FEED_MANAGER&aure=false&agl=1&cirid=3e127f55-d02b-4eb1-9ad9-7cea141ae321&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-75-62-37.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.57 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imprammp.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.57
age
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
view
googleads4.g.doubleclick.net/pcs/ Frame 395B 		0
26 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvMjq9C8zMBYzFtjTztdv-I_bneWpwmo95ZlZAfFWkKaa859QlI_UjhlOl1bMnS_kl_Ef7XTuiZhx4JK_BhPFdmUHL26PcLohcmpgVaD9uXxv5coDmR-X7uP2-y_Fi3xhto8UWSM6VQNYGzZIvuzkuuGzNXst4DN-iTsiQ1LpW3JMbS&sai=AMfl-YRZiHaVrkbBteKrEbWF7l3nGKyDZoZuXr7rGGFnQ2momXtFncPQVwDVrtMq0wZXPBjyjpz8dkR1ovzxttKG8FBiHjkQhHgBfYrgerP9_1BGPYvMiQyaPlw-8nw_0Ew&sig=Cg0ArKJSzJwbF8cVSchbEAE&uach_m=[UACH]&urlfix=1&vt=13&adurl=
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
ws-ad.js
wfpscripts.webspectator.com/ Frame 0AF0 		21 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wfpscripts.webspectator.com/ws-ad.js
Requested by
Host: webservices.webspectator.com
URL: https://webservices.webspectator.com/adunitMapping?appId=2779&eaup=/21715141650,123935210/metropoles.com/desktop_side&eolid=null&eci=null&ct=%7B%22dk_refresh%22%3A%5B%22true%22%5D%2C%22index%22%3A%5B%221%22%5D%2C%22hostname%22%3A%5B%22www%22%2C%22metropoles%22%2C%22com%22%2C%22www.metropoles.com%22%5D%2C%22pathname%22%3A%5B%220%3Adistrito-federal%22%2C%221%3Ana-mira%22%2C%222%3Ahacker-ostentacao-deu-golpe-de-r-15-mi%22%2C%22%2Fdistrito-federal%2Fna-mira%2Fhacker-ostenta%22%5D%2C%22placement_name%22%3A%5B%22side%22%5D%2C%22keyword%22%3A%5B%22distrito%22%2C%22federal%22%2C%22mira%22%2C%22hacker%22%2C%22ostentacao%22%2C%22deu%22%2C%22golpe%22%2C%22atacadista%22%2C%22torrou%22%2C%22dinheiro%22%2C%22dubai%22%5D%2C%22secom%22%3A%5B%221%22%5D%2C%22tier%22%3A%5B%221%22%5D%2C%22bl%22%3A%5B%22secom%22%5D%2C%22amznbid%22%3A%5B%222%22%5D%2C%22amznp%22%3A%5B%222%22%5D%2C%22hb_adomain%22%3A%5B%5D%2C%22hb_format%22%3A%5B%22banner%22%5D%2C%22hb_source%22%3A%5B%5D%2C%22hb_size%22%3A%5B%22120x600%22%5D%2C%22hb_pb%22%3A%5B%220.01%22%5D%2C%22hb_adid%22%3A%5B%2226026df82c0695e%22%5D%2C%22hb_bidder%22%3A%5B%22rubicon%22%5D%2C%22requested%22%3A%5B%22true%22%5D%7D&w=120&h=600&wsRotSlot=&isda=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.252.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-1-252-251.compute-1.amazonaws.com
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
9d02c3facc410ee6a9dceade80ce0bc710f6037df881453124d3f5c83a6241b5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
content-encoding
gzip
last-modified
Tue, 12 Feb 2019 15:34:42 GMT
server
nginx/1.10.3 (Ubuntu)
etag
"5134affc2f01c20ef17e399c5c7cbfbd"
x-cache-status
HIT
content-type
application/javascript
cache-control
max-age=300
content-length
8492
F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js
pagead2.googlesyndication.com/bg/ Frame 9861 		37 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
176df1038f84f14d1d2ec33b51af8cef8034b6ebf27106f9b716f714d560e882
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 09:31:52 GMT
content-encoding
br
x-content-type-options
nosniff
age
25403
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14698
x-xss-protection
0
last-modified
Mon, 05 Jun 2023 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 14 Jun 2024 09:31:52 GMT
VideoBidRequestHandlerServlet
wf.taboola.com/ 		2 KB
792 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=700&height=393&pubid=169497&tagid=953497&crid=5669305&noaop=3&sortOrderType=0&cb=1686846915289&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=1&pv=134314482&pt=-2007382297&tz=0&viewable=true&ddast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&proto=2,3,5,6&encoded=1&pstn=1&callback=&wfv=1&amp=0&qsz=6&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=0&dtagid=2108235&dpubid=389905&abtst=esv_vA!nonrv_vA!pl134314-482_vB!tbt_unit!ufm_vD&mPre=0.033&cirf=https%3A%2F%2Fwww.metropoles.com&en=1&subu=3
Requested by
Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/4.0.2/UnitFeedManagerDesktop.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
24b45732e2be189ced35cf0e46e7bf37832b0395bd364568b56dcf13aab74c1f

Request headers

Referer
https://www.metropoles.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-type
text/plain

Response headers

x-cache-hits
0
date
Thu, 15 Jun 2023 16:35:15 GMT
content-encoding
gzip
via
1.1 varnish
machineid
1480
x-cache
MISS
x-served-by
cache-fra-eddf8230082-FRA
pragma
no-cache
server
nginx
x-timer
S1686846915.296517,VS0,VE94
vary
Accept-Encoding
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.metropoles.com
cache-control
no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials
true
accept-ranges
bytes
expires
Sat, 26 Jul 1997 05:00:00 GMT
generic
match.adsrvr.org/track/cmf/ Frame 67C5 		70 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
Requested by
Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&excid=22&docw=0&cijs=1&nlb=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://am-match.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
/
sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/ Frame 67C5
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/taboola/1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341?gdpr=1&us_privacy=1---
  • https://sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/?taboola_hm=y-DRBsniRE2oSDK_CkBz47SDb3kwucMn4KlebJXg--~A
0
99 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/?taboola_hm=y-DRBsniRE2oSDK_CkBz47SDb3kwucMn4KlebJXg--~A
Requested by
Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&excid=22&docw=0&cijs=1&nlb=true
Protocol
H2
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://am-match.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
13567

Redirect headers

date
Thu, 15 Jun 2023 16:35:15 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
location
https://sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/?taboola_hm=y-DRBsniRE2oSDK_CkBz47SDb3kwucMn4KlebJXg--~A
content-length
0
sync
x.bidswitch.net/ Frame 67C5 		43 B
147 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
Requested by
Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&excid=22&docw=0&cijs=1&nlb=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.120.73.159 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-120-73-159.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://am-match.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif
sync
ups.analytics.yahoo.com/ups/58785/ Frame 67C5 		0
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/58785/sync?redir=true&gdpr=1&us_privacy=1---
Requested by
Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&excid=22&docw=0&cijs=1&nlb=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-75-62-37.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.57 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://am-match.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.57
age
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
view
googleads4.g.doubleclick.net/pcs/ Frame E2DB 		0
26 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsumANV-MMeCUdWgSgH7KGe_B1ty4xOUhV4PPO_-2TRZ4Z8I2Gjbzi9qbhAXWhrsJ2LANfivphNqMe5SpZ1mdIfy5nGbDHfynyzyzLrxD1JX5RLKTkAg7RC5kVL9wtxUsNU__Z3CZuR38ng2I75hn4uhi6NQb4zQ2121zXwZpROLQNTx&sai=AMfl-YRKNuqGYhPM6YC4bkdhTwFOkXF-6oDJgha3paOYdGltqBZ94mO54JMNmK2nKzP2GXBX_wJ7nOxM3e38_-YS9GaFtIGTHhc0TRSeEE-1jA8fTAISHDVzT2aqHFcs980&sig=Cg0ArKJSzMoIt2P96raREAE&uach_m=[UACH]&urlfix=1&vt=13&adurl=
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
usync.html
eus.rubiconproject.com/ Frame 895E 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=16698&endpoint=us-east&gdpr=1&us_privacy=1---
Requested by
Host: imprammp.taboola.com
URL: https://imprammp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66370435&crid=5669305&dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&cmcv=&pix=undefined&cb=1686846915175&uv=3288&tms=1686846915175&abt=esv_vA!nonrv_vA!pl134314-482_vB!tbt_unit!ufm_vD&ru=https://us-central1-decisive-plasma-381522.cloudfunctions.net/&ft=0&su=3&unm=FEED_MANAGER&aure=false&agl=1&cirid=3e127f55-d02b-4eb1-9ad9-7cea141ae321&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.201.255.110 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-255-110.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://imprammp.taboola.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Thu, 15 Jun 2023 16:35:15 GMT
ETag
"403b9-119-5ec73a0a33d00"
Last-Modified
Wed, 02 Nov 2022 02:30:44 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
CbV_EX90_DE_300x250.json
s0.2mdn.net/sadbundle/9774328433567174441/CbV_EX90_DE_300x250/ Frame 55A4 		0
0
CbV_EX90_DE_300x250.json
s0.2mdn.net/sadbundle/9774328433567174441/CbV_EX90_DE_300x250/ Frame 0B29 		0
0
passback_970x250.js
static.adsafeprotected.com/ Frame 7A28 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/passback_970x250.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:7a00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5d5e0d3e1cbfadb5c7a63053b5339d06457fe7a66c344a970a762a56123c5ec0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id
.AUJIbFgg5lm.Sl5dxN6YT6RZNYioRMX
content-encoding
gzip
via
1.1 5c14dc328191a14142654d833f772c6c.cloudfront.net (CloudFront)
date
Mon, 12 Jun 2023 21:03:05 GMT
x-amz-cf-pop
FRA56-P5
age
243131
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Fri, 18 Feb 2022 23:29:56 GMT
server
AmazonS3
etag
W/"094948b2d1170876fb8e76e432d87da6"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800
x-amz-cf-id
XgRDIHmE3giwrALrfJpy3ynV6BnqkZGMxY4bLg6tePbAQFj1HIhPyw==
F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js
pagead2.googlesyndication.com/bg/ Frame 747D 		37 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
176df1038f84f14d1d2ec33b51af8cef8034b6ebf27106f9b716f714d560e882
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 09:31:52 GMT
content-encoding
br
x-content-type-options
nosniff
age
25403
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14698
x-xss-protection
0
last-modified
Mon, 05 Jun 2023 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 14 Jun 2024 09:31:52 GMT
usync.html
eus.rubiconproject.com/ Frame F891 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=16698&endpoint=us-east&gdpr=1&us_privacy=1---
Requested by
Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&excid=22&docw=0&cijs=1&nlb=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.201.255.110 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-255-110.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://am-match.taboola.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Thu, 15 Jun 2023 16:35:15 GMT
ETag
"403b9-119-5ec73a0a33d00"
Last-Modified
Wed, 02 Nov 2022 02:30:44 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20230613/r20110914/ Frame EBF4 		29 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20230613/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ADSGxMo_iXVgL1SBZjnvGq_LJt3CKSCecirhF9i6pYaostnike44CC4SKdsAFNciCv8Vuee9zXnsKaBzpkcPq6-gdb_t3jKzKHEfe7UBXm6Y8iUCmpIcAAAJ4DyBmjIiyr96y5eW8rVtNWsu05ryw-dhFKxQW-XcqPjcqzvi9dGCwEHGc&cry=1&dbm_d=AKAmf-AZMDU49Fl0mnR6t8Q_KL-r1sEEcgFBizdYk32JksyCmHJv785pqyIOylByjiXmC_wvTYDSQOKKalUmOQ3mwc6XJnaARAkpF0vs35bQpRr5AMsHoelNI3-52Uek5wkTJfu8BUj2pMKK8OgIPqHnhhTfMHoAlarj67J4WDUE6zQzMUWqZW65NO8k_5j6GobubmIaAnuxJz9q530nBgkwmf5z2NZGrq701BFtIGitUMZ3_srRYWudw5rHL_RbWu7X2PN_T37k65sZozoqSJDr2YOdKTxk2FQO3BwAweZ8vixk2whuwt_ON24K8fx0rcyRDKqPiFrNVB7WO0XDI0gxHJAsiC4r6lqTFX6-HkZ2MFm8ueJemj6HTd6nwaXi4WrlB88wT5E3MZbVwpFkSpqLkDVlOP3GlxA286uf2EgLtRC4Fk5FRhqTx-eC7FxVzQARz926NVcoOtZOC3KVR6FUevVIMBV-_oRlDd6lzUN-Cai7RQzlw4VzztWHx4d6iwKcRLSRzTJsaz13ukvlMI-7uw1VKmrOGEPKShrDL_XROlCGEcwiO97BKCHca6Npp2FtkjDjH0Wro8B5qYucdqZN60R-L1ztA2LvufahhPqqee2FdBRJ43kWs9SjyHRAlAqBr68CDMZFo6R8sXZV-vgG1DI_lsAVQI8WHHJgYJu44q4Fz-rFH2XgMsSY4eRnMvB82dgnP_icjFeKkPMCIKAhZxSSl7S2zK3bCt4_iIBWM23lJUnA_pxMntbGAUiAOGmS6Z-euUIi29X2cib3vlV8wTMH5VOEs6miu5f_DNFAgj1slSnZgi5_uw7h7Afr0o3H8nYzvGyf93-faQ2CKZXraqRF6bP7DMm8GrkiFH9owHIT0V4IsXRoA6joN6USUVHSrtYml_gY9z2QH-3t8GStikkY_WZ7hnk195WnfJe0Ai-mcV8impRuo2365mhLuSXMVw6-QPaCAVOST40zMF9kSOE7IWZLfQZpIr9PM0e6KTFYVQf8uuNh1Hf5ETOg3G-FBo7N2sBwSl3LGHWP5wucHbxVs83kYE3Z5Qc8pPHzACOCajPFQZKhTsnEdDIwkAHqWY3ZLB-rzzVet9CTaKNP422TKC-8OkOcUBctf7KNGFnmj2uadGHsO1O6SM6AOSwM1Eo7_cFlIJ9UY4Mb0SmFJUort_mKuW4sa8z06yXAhZJWbbRXu1rMwjYTeQv_QK8LSxoep16DqkBGbZrur9FQWfgkQNd0DPfClpvPZAqRGsrnnYd9Xm_-htaWh-kjxNr_4bHv-Mu9yayAp2EZCYW7_V-lGeLfyai2Pu05kVQwaEMHlnXeqggppIeSiDPQxNGaTbv--PluInZ7zBu6lm2Ssh2-3BBdsiJXnanJ0SN5CPQ4w5JBMs-yyVwXLeQUCHVwQltE6ttOmTgv5o91U8Gd6NEVEwLB7mFm1lEyjcptx0n9eAZ8N9IoFUSjFDNLHhTaUkGsXc0Lkxq7dY0IEgCcs0FXf7Y5wBelOnFG3e1-fZ8pb6VPjDCC0WjgfH7bQqFGmWZWfDZV5zwL0-5wxZj5bv6Lof9RnkvYx9q8xP2Vrf5wVXwamzaEQT1LA-ZMpp9wZMPWj7cBWqlG3f0z7RsVaXxGCZElqMP5mY8bU34-Dm3K6HFwXdCPgktVWfhLq2D93lj7jlZKgQwMrxLCtM2CyUDaM1jZxa_hxmp9Hczi4PMLZfS8ArRVgC_mYHxEOtwCzLCkNueFGMLRr7ZqA4Tf09C6MXod1piyl_P-slyF_wLEiXIpIOsQdDizgz_sIMAbU_EIXycajlIBvf8xT8TTTdbth6wf3ccoht61UI16ys5UU8-hd99RJFayyZUE5X9U1GYJAXYfZKMbLhoQaj4jR98M_VhcTXfMaDNn2TU6E8PLxWGwf5YPcs499KzBdiaDWBJI8zehC-F2uSqV38YcngFakJS9U3cqD95u0o8cjaNvTptJX4_pz0w20dhqH5syWUJwx0hsbbXKNPpKcE_15AwFt70-v1ABPc0U1dI7qrKHnD5VrWFPvPl2Yn_GBq4jBF0UYv96-2r1Y7eoGCyF-JPCSaeb_-3eADVW5voKQ5wFwfWqjWTPwOx-Kd-MvIBKJR6ITUWQhz7su5ZmQPK5FMZXTAkPAnevBJCuIAxk50myuPqwBi-NTco8KEEIbRx9cX0cFNZy-ad1udVhhuHqZbW3vOGniyqG636nlDLYn4FkLx21r0auVyi3IMhKTDcuUQBLWo03KLDGM4V0Ghs4rhp_7S8Q1EcV_vkD78xpmYDqlngKTEByLJe5KxoJj7v-XSeZ8Xk8u_nCbv_F6P0E1EwAnU6pqDu7Au1sa6FnQAi6RSi-b9acy0CilnxwWfvUtiuTXQVTh_UckVfjEVNupc49D8H4EIRPakJS8R3m68Iv6SS6HxUyKlbg1OgLEOR9pY8MD_HLKCoRuvi2v8EiEIXHTBiVg81SNRoar6-3j4Q5aQZzPro5m7IoDoqlBFHTzRQTCl4K6oV7p7aUcqJ-xvMZdHsvclXVAlGEQPBCjF6AdtjpgIwx534ePPDYQgQ5aB0NIdtvySwPykyOu0l4lXOKED4BPFYe3mKV1C9KtL-SgbphXfhrZjFJr3RjMg1sHqtvIc246SaSqOogzlIaqzSZyut60o585MDv5EOeORkxE3wtC3fx7wADeeP7aDVbWaxzLmyQZzdgReplMMozwZX3E3MckFecILVqyJEROgpuLTRuH1QeBs4h7j8Xi-MXqKfGBcymkOLlQh3YHRlXJlEBTagb6OXNwPv0SN6Joku5usIuWuB3rKByG_qkpy3ezLkpei6SJGPh_HOF_qbmpQ3ihUo9bw8rtGQ_Bxu_UJ7BIwjPlqzCEKaQwCNQN_XmCJgn9_ZuLTroxgI5Q2PtULXYxdaUVD8isxY8bYCf58-OMkfuGrOcAhfHUYP90305-iIJGzTL_gYjJ4_sggxtrd9rOxGb6CJe2JTIF0NqkM1Cj-ds9sAoDJ4we4qBgSK25UaHGd_p5Z7nBZPL0eXrxujQ7bVN0yk5FXnFlxb50TvsIYU0OI2VN1xujIxVHsiNHxhPvdYykdjgiVBnGYSd2yBnWSzDC9_Pp3L-N8VsLla9Gg-R___UFFwwbzbqZ4caJnR5GAfIkm8PbLUZY8u_Sh-VVBzfDqwPX3MN0YvD8A7dxXn87r8vRwjord6Pga184gspGvUhq3AQyO85iqVOx9wtFfwqWLTpjvj-_K7Ab2VUmZbryCxL21ZCNA6l6Wdq2tifMLWsD3-5SYFUWPtXKMZmUZp4ZRgv1DRFSjQoD7MguEfzlo2irQxHT1V4616jH5cLKpOSs-U1w77uAH-it1FAJ5DO5SHKphyxqDrySJpagieSmn_9kbS3HA2LBojfM6KLRKyiYhHttGnoBt4_6iji-dMUuLIHUBNBN2T7LiBzlv6JWslAJh9tlktr3UYmaKmWm9qzlE0W0p2AAeMUFt2AtSX9rvRNhQ5Wm6l2l9KvQ-uvWb1Zjs36IuMpIrzk7Fzil5-O4d0Q0n92Nj0H1XKs8CfmCDnw1NBbX4T4HfIQ2O3ZCvA&cid=CAQSPABygQiDOitSGR7Q1DWnSPJ23cMlMcRCkjX2sSDAc1OZbV52PW38ilSj4qC24J3kHDnhrjAaIjhaVRgJUxgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.metropoles.com%2F&ds=l&xdt=1&iif=1&cor=17563541338858340000&adk=2004672170&idt=100&cac=0&dtd=23
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bb86be0538b5ef8bb7fabe6cfdcc28f99687242fbecab81a9a2a72d92931594a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 15:48:09 GMT
content-encoding
br
x-content-type-options
nosniff
age
2826
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11316
x-xss-protection
0
server
cafe
etag
309758756414748794
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 29 Jun 2023 15:48:09 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame EBF4 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ADSGxMo_iXVgL1SBZjnvGq_LJt3CKSCecirhF9i6pYaostnike44CC4SKdsAFNciCv8Vuee9zXnsKaBzpkcPq6-gdb_t3jKzKHEfe7UBXm6Y8iUCmpIcAAAJ4DyBmjIiyr96y5eW8rVtNWsu05ryw-dhFKxQW-XcqPjcqzvi9dGCwEHGc&cry=1&dbm_d=AKAmf-AZMDU49Fl0mnR6t8Q_KL-r1sEEcgFBizdYk32JksyCmHJv785pqyIOylByjiXmC_wvTYDSQOKKalUmOQ3mwc6XJnaARAkpF0vs35bQpRr5AMsHoelNI3-52Uek5wkTJfu8BUj2pMKK8OgIPqHnhhTfMHoAlarj67J4WDUE6zQzMUWqZW65NO8k_5j6GobubmIaAnuxJz9q530nBgkwmf5z2NZGrq701BFtIGitUMZ3_srRYWudw5rHL_RbWu7X2PN_T37k65sZozoqSJDr2YOdKTxk2FQO3BwAweZ8vixk2whuwt_ON24K8fx0rcyRDKqPiFrNVB7WO0XDI0gxHJAsiC4r6lqTFX6-HkZ2MFm8ueJemj6HTd6nwaXi4WrlB88wT5E3MZbVwpFkSpqLkDVlOP3GlxA286uf2EgLtRC4Fk5FRhqTx-eC7FxVzQARz926NVcoOtZOC3KVR6FUevVIMBV-_oRlDd6lzUN-Cai7RQzlw4VzztWHx4d6iwKcRLSRzTJsaz13ukvlMI-7uw1VKmrOGEPKShrDL_XROlCGEcwiO97BKCHca6Npp2FtkjDjH0Wro8B5qYucdqZN60R-L1ztA2LvufahhPqqee2FdBRJ43kWs9SjyHRAlAqBr68CDMZFo6R8sXZV-vgG1DI_lsAVQI8WHHJgYJu44q4Fz-rFH2XgMsSY4eRnMvB82dgnP_icjFeKkPMCIKAhZxSSl7S2zK3bCt4_iIBWM23lJUnA_pxMntbGAUiAOGmS6Z-euUIi29X2cib3vlV8wTMH5VOEs6miu5f_DNFAgj1slSnZgi5_uw7h7Afr0o3H8nYzvGyf93-faQ2CKZXraqRF6bP7DMm8GrkiFH9owHIT0V4IsXRoA6joN6USUVHSrtYml_gY9z2QH-3t8GStikkY_WZ7hnk195WnfJe0Ai-mcV8impRuo2365mhLuSXMVw6-QPaCAVOST40zMF9kSOE7IWZLfQZpIr9PM0e6KTFYVQf8uuNh1Hf5ETOg3G-FBo7N2sBwSl3LGHWP5wucHbxVs83kYE3Z5Qc8pPHzACOCajPFQZKhTsnEdDIwkAHqWY3ZLB-rzzVet9CTaKNP422TKC-8OkOcUBctf7KNGFnmj2uadGHsO1O6SM6AOSwM1Eo7_cFlIJ9UY4Mb0SmFJUort_mKuW4sa8z06yXAhZJWbbRXu1rMwjYTeQv_QK8LSxoep16DqkBGbZrur9FQWfgkQNd0DPfClpvPZAqRGsrnnYd9Xm_-htaWh-kjxNr_4bHv-Mu9yayAp2EZCYW7_V-lGeLfyai2Pu05kVQwaEMHlnXeqggppIeSiDPQxNGaTbv--PluInZ7zBu6lm2Ssh2-3BBdsiJXnanJ0SN5CPQ4w5JBMs-yyVwXLeQUCHVwQltE6ttOmTgv5o91U8Gd6NEVEwLB7mFm1lEyjcptx0n9eAZ8N9IoFUSjFDNLHhTaUkGsXc0Lkxq7dY0IEgCcs0FXf7Y5wBelOnFG3e1-fZ8pb6VPjDCC0WjgfH7bQqFGmWZWfDZV5zwL0-5wxZj5bv6Lof9RnkvYx9q8xP2Vrf5wVXwamzaEQT1LA-ZMpp9wZMPWj7cBWqlG3f0z7RsVaXxGCZElqMP5mY8bU34-Dm3K6HFwXdCPgktVWfhLq2D93lj7jlZKgQwMrxLCtM2CyUDaM1jZxa_hxmp9Hczi4PMLZfS8ArRVgC_mYHxEOtwCzLCkNueFGMLRr7ZqA4Tf09C6MXod1piyl_P-slyF_wLEiXIpIOsQdDizgz_sIMAbU_EIXycajlIBvf8xT8TTTdbth6wf3ccoht61UI16ys5UU8-hd99RJFayyZUE5X9U1GYJAXYfZKMbLhoQaj4jR98M_VhcTXfMaDNn2TU6E8PLxWGwf5YPcs499KzBdiaDWBJI8zehC-F2uSqV38YcngFakJS9U3cqD95u0o8cjaNvTptJX4_pz0w20dhqH5syWUJwx0hsbbXKNPpKcE_15AwFt70-v1ABPc0U1dI7qrKHnD5VrWFPvPl2Yn_GBq4jBF0UYv96-2r1Y7eoGCyF-JPCSaeb_-3eADVW5voKQ5wFwfWqjWTPwOx-Kd-MvIBKJR6ITUWQhz7su5ZmQPK5FMZXTAkPAnevBJCuIAxk50myuPqwBi-NTco8KEEIbRx9cX0cFNZy-ad1udVhhuHqZbW3vOGniyqG636nlDLYn4FkLx21r0auVyi3IMhKTDcuUQBLWo03KLDGM4V0Ghs4rhp_7S8Q1EcV_vkD78xpmYDqlngKTEByLJe5KxoJj7v-XSeZ8Xk8u_nCbv_F6P0E1EwAnU6pqDu7Au1sa6FnQAi6RSi-b9acy0CilnxwWfvUtiuTXQVTh_UckVfjEVNupc49D8H4EIRPakJS8R3m68Iv6SS6HxUyKlbg1OgLEOR9pY8MD_HLKCoRuvi2v8EiEIXHTBiVg81SNRoar6-3j4Q5aQZzPro5m7IoDoqlBFHTzRQTCl4K6oV7p7aUcqJ-xvMZdHsvclXVAlGEQPBCjF6AdtjpgIwx534ePPDYQgQ5aB0NIdtvySwPykyOu0l4lXOKED4BPFYe3mKV1C9KtL-SgbphXfhrZjFJr3RjMg1sHqtvIc246SaSqOogzlIaqzSZyut60o585MDv5EOeORkxE3wtC3fx7wADeeP7aDVbWaxzLmyQZzdgReplMMozwZX3E3MckFecILVqyJEROgpuLTRuH1QeBs4h7j8Xi-MXqKfGBcymkOLlQh3YHRlXJlEBTagb6OXNwPv0SN6Joku5usIuWuB3rKByG_qkpy3ezLkpei6SJGPh_HOF_qbmpQ3ihUo9bw8rtGQ_Bxu_UJ7BIwjPlqzCEKaQwCNQN_XmCJgn9_ZuLTroxgI5Q2PtULXYxdaUVD8isxY8bYCf58-OMkfuGrOcAhfHUYP90305-iIJGzTL_gYjJ4_sggxtrd9rOxGb6CJe2JTIF0NqkM1Cj-ds9sAoDJ4we4qBgSK25UaHGd_p5Z7nBZPL0eXrxujQ7bVN0yk5FXnFlxb50TvsIYU0OI2VN1xujIxVHsiNHxhPvdYykdjgiVBnGYSd2yBnWSzDC9_Pp3L-N8VsLla9Gg-R___UFFwwbzbqZ4caJnR5GAfIkm8PbLUZY8u_Sh-VVBzfDqwPX3MN0YvD8A7dxXn87r8vRwjord6Pga184gspGvUhq3AQyO85iqVOx9wtFfwqWLTpjvj-_K7Ab2VUmZbryCxL21ZCNA6l6Wdq2tifMLWsD3-5SYFUWPtXKMZmUZp4ZRgv1DRFSjQoD7MguEfzlo2irQxHT1V4616jH5cLKpOSs-U1w77uAH-it1FAJ5DO5SHKphyxqDrySJpagieSmn_9kbS3HA2LBojfM6KLRKyiYhHttGnoBt4_6iji-dMUuLIHUBNBN2T7LiBzlv6JWslAJh9tlktr3UYmaKmWm9qzlE0W0p2AAeMUFt2AtSX9rvRNhQ5Wm6l2l9KvQ-uvWb1Zjs36IuMpIrzk7Fzil5-O4d0Q0n92Nj0H1XKs8CfmCDnw1NBbX4T4HfIQ2O3ZCvA&cid=CAQSPABygQiDOitSGR7Q1DWnSPJ23cMlMcRCkjX2sSDAc1OZbV52PW38ilSj4qC24J3kHDnhrjAaIjhaVRgJUxgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.metropoles.com%2F&ds=l&xdt=1&iif=1&cor=17563541338858340000&adk=2004672170&idt=100&cac=0&dtd=23
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Tue, 13 Jun 2023 07:39:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
204942
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 12 Jun 2024 07:39:33 GMT
html_inpage_rendering_lib_200_278.js
s0.2mdn.net/879366/ Frame 644D 		172 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
Origin
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 10:17:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
22671
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
61485
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 18:43:57 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 16 Jun 2023 10:17:24 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20230613/r20110914/elements/html/ Frame 644D 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20230613/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CIixutTsBTBHMd2qrnTLo8UirOzZeWAqms_Icii_Ui1SO4yph9-bPn4WNus185GoByLgRzKW8prI961UX5oetiSARBDJD6bwpd9TQwLTsdmb5zLh880f6RlW1a3FZthrt5D0mJsKT4SCpk52WXqGHP7qUN0xOVmFNsmHRnIJmJ7NvXxiI&dbm_d=AKAmf-CDOYvO9B8hC1wjZbV-FWEtH8uhRoNbMGM4oGXFa77SNK4KYJBsWQ8pEweclcV0qsJSERswmHdRKzahUSxgbpuzmcxhK9XaY_9npBH2cpsSIwjDIBoJe7heN6vWDdEBWFZmeav8POoxXtmHb8zPHofWzIGvHPI-6HMtbEzeXPoqjAcNbVOuo4MhfZ-XXO92BA8iFKUIPZobncnEOgXeSs0exfccgXLer-APgB-AFCloi-bUOyvyOi-nECD7iJcYNozq3JD_YGTSXD8yG47LEOEJrfAT9m_TLl30sjN5uAIzFAPra65pE4o7WokXf3cy5RNXzi8TOJdats86Jloa6lAOiySyPRCMN9N_DzuCRzw9pccavXduyDrWwnnfHZmVAL0JB1BEY817FQoKrdNqRZGryXd91rHFwmfEbZa6yQPb4qhS2ZRYHU_oXSNcCTvgT6SdPpkdlAD8k7TbNx6eoSocSuHsiqpQXxXbl6DjbPhq0qd6-Qql9w_gNY5-7r1CjBPI0NZmvHY5AC9qYoeco1wJ9i-cVk7MQVNJYkT5PGXvPzX_0FiMv9u7zw2n1FauTJfrc_JQc9Ip2xAdjRx--0KhJ_A2XL2WQTvxoOLUbXY9fjACGNLLn2N6ZqHyq2px9P5ZV-6C27tZGuQgLSTVQfiVDfHXzs3-rugjY-0B7oKs3JNO2JxINXUbzntReCwFisf9hzygDboHXOqqyS0qCvv35tiwfpYAPoUPTn-3G-06DVsmuJzabVNx5Dhoqcc66A7N8Qa23Tb3G3QLNzyCWgeX7FvTEryIz-rFe8HrzVvi1udL4X6LyUJZlQHTYkalubXPJRq8otJsyDbUUGHq_6R8rjHlYlhKqyb7kHYxv2dajMsHxzBYG92IY8eCg419M4YfZSnhAHxWzUTW7yeA5HnDGr03z54nqtQLidhitWVkCpRq_2KrLKEOI2kmUkAx6JhQz0i8YN4ghDTaHJf-SoItGyvU-nFF2WOg07cGQSWcZ94xH5RP-2e0QzK1S_y89Z_d-2Z3O6noaf_mlY6CLJCswyFcZ6QOvSBOYHqlH5UEg9U-ypfVWReMee1AFObOOgK5yy5KaHr7EnOy_1dXVEVVjipCIdJaVvHr39geL9aeYwPtyZr47EdOwMafB2BMB8smucNVo0s4OtAfCnqeoGGcNSpvpgb19MQg6gLfo8udpWG8rSMDVJs_i93lKodXudHkcP4TE_-u4LgRGtRbQskcN-pK9RNFc8ph6rUo_Vv4OzlqgvzlJnMEJzVB7TzAjc-ylLKUC6xCQJFhka72oLpD0ksDlh7WmTBCfnQacS41wbjW63zbSz2ZjjZwRKdAmRxioYaNYIioUAFgefIZFebLkFMlFxnzP_BR8_yXxYmT3YSiYPhHGs0-gRi8Gh-fEM03ZvVL1eyGEBipfK2wTSRR0NJ-JgX8c8u9Y0IzokCiYAxlHynksV1h1qQMKO83_czlqqxNUmfNQTVUHmvQskP2gwmTewemBLD6rBcmqhroN_zKEaBOUqcwslcK1gP_oASoMmGTtA6Vl4Re6O8HCmOr7Bz1gg3RLLnYtkAuwxC-gpvhVFxyYYgTdrRZPq-hjUmDwkrJYvY11H34fhnPnawp-GRUUJWdn4ZQgQIQ9AbFlDeixNxk9Yt69WE0m8jErmhA4npDcnFC8Mdz_QYL3IkK_HMiuLFB49BVtDLeyApd5wOMoQgBa-2iD_XqtRuHtC9-rw4yORdKc7IlodcMH8ClToRHZZLR3QNTH_mk3lj-fWzXXDjuqA9INKfLWYnGFPYMORapVIsE9COdIAqPahJ_7h21cNu4TydvABSUExijwZR4KwV2ovoKb0kqxTNM36E_QD1eks4wF7HXGkK8SXkyRNM5VyOM0VHqxPgMM1vHDOEdO7qYP9J3fsJ20Pd5ulVC19yXeScUUiMswXqODLgUeVc32fI4p21_4QDLBDZJ7yLJ87jREbtBCIPt6lWqGLHgmtsXvwb2du4sOi0Fbs4vTTJ2XKoYzLu3piaBI1egh1hkwPxaJkyTsBPj1jLc-qZSVCCsOtgzPBwJEa5vl6RJMq28VGhSCSQKAuSkuXrlRoAT7zTUHCdrwB3KV1FZmyeF5WVQNR4Rc7ctzcVHPDTOoC1-trTiSJfPj2Aqw1EvbBZpsVjq0375FdxQRjt_OzwJRTz0rUCWBQ2yt0shHukJKqHQI1JHY_1n5pFpLILsQat5j0Hs-vWn9ohlFtzBXtcemEigK90diSDycXAsYcEJtqDt_49Y20kP8fLf4Y7nTCT7AxyegfljdvzhHKk4s7fzjqQE7m6_T7LlZdxKhRnrsp-jcBx8xUueS9fhqYrAkU157FXXHKGPH1hwlKxOfXDi1SgP08U3P3uNN1D8-7Wq_uBhoEOMb8yGR8d3is5bZ1GVA8k6NnhmIPVeePrw0gj9R__cuOUnuxZ55sqaEWdMgcRHSPnptf8LrUh5BCwfSndTN0xaIpnnagRsKgouhMIiLDSN7UrmbLs4-IuJNPwjPUEMJqw0Qy3TC16SnEf_4dpCH4xVzFNkpzLJZOB9BWH0iup0mFQNQGcKWsiqPprs2PKaEiwJ_8S767oHTjc2Erf0ysvMXTAvmyv66Xp5Eh6gDDCms3Oiah5rc7UnSYsQRm9rxKKV2ag7qI1KCmCYDIbFTc_ZH3ZORaCan5a2N0cFD5YkcWRvVFGwo9PbNexihgWtfV_EFGG4tUTje6B279CAWauCWdfmXImFrd3hqpU8dqtbFfAmsuffr5lNk7hqKlb3tyaUcDnLglE8ijMcAoM2DU181xNtRT9ePIv0fUuutMlUUTXEEbH9KR9MseMSxAjZNQeDnCmnt0f6hmr-KlKnNFhHBbMiDbtaxuC1OyOVZ_qu-HasXsDXuW8A9HbczpFP0q1ZTBbu8WsSkY0GTWbPrcQd3FYNcEiMM5sa4pMQ22i1RfqaONGWv8HxV9cG-yExUt325Lruy4eQHePJxXrKzLFhWqZp27fO-Dq5rEljedz8QUlOU7bh_XxC2y-Q8abE4SDyvOtsrNoh2UHgFJp5QYTLqI3xHPttQgdw-W6Y0l9wHDNEkeHq2pUlIGfVCmgEaOKwBT6jWhHFciGOJcsj_kEpY_F-_Rtqsao2N8qpLsAgpYO9t9pjFQ8nQI4qGOZ69VhjHm69uUCC1FkiWaqY2C7zsFfOLbcKhUsMz3IfGe9iBDQbibmRpoEsu4VFuWmZliRTOZosVTz5jfIfptUMx1rGkKQ6PIKgbZgyoKDgjYmfhO7kbiaf3QwC4HSltsuHgQnO5_8TpuyMFCvU6XLwJSG8WibgzbTSevrtFVGlxb7kzFHJL8elRbFj0PAKi5OXVb9E8i6nkTvbXgZcUGcs7RM-ztaKqEIy4rQpuvjmTeHGZPvsvqMPeiDU_dAoSKgPehAv2kH2PV0o5cki5IWjhmiQPiq6opicKFim2I5iNbmtnsR3jq3PoglozngxUcIz5iUOwsS6WB-A8rrC12k3KE1uZYQAZNzvuIeiT7OiVTwhrhgpoNWrmfUiXAfODfWw73WGDgnsDR-Kylnfnjqwt258pfP3ZKbbCRK8y4bzGuDiGKy_cFLHgHRv9O5Z5GIeJaWm2IDyUU9nvBrJ-QVZpfoL4ZxBwoY0DgJn6qzKAg2A-idsqv0bRf_KRcXnM2I730cHVxWNLKNBI8cre7pQtHaTiO8s9uVKLBJTP-YXd_KtZPmWS1bremZuWrtei49Uz3IKTu2KuYBB4qlY9P9IRQLStnN7kqV1gTaEcepy55rkKE7YjvE0z4XD2FCH5ZGJdZKyPnUSKLFRxBpThIsDZbe5xNyZzMCaxN__ZA0uFwcx&cid=CAQSPABygQiDOitSGR7Q1DWnSPJ23cMlMcRCkjX2sSDAc1OZbV52PW38ilSj4qC24J3kHDnhrjAaIjhaVRgJUxgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.metropoles.com%2F&ds=l&xdt=1&iif=1&cor=17556787969673150000&adk=792902355&idt=166&cac=0&dtd=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 15:48:09 GMT
content-encoding
br
x-content-type-options
nosniff
age
2826
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4172
x-xss-protection
0
server
cafe
etag
5499578052516643378
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 29 Jun 2023 15:48:09 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20230613/r20110914/ Frame 644D 		29 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20230613/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CIixutTsBTBHMd2qrnTLo8UirOzZeWAqms_Icii_Ui1SO4yph9-bPn4WNus185GoByLgRzKW8prI961UX5oetiSARBDJD6bwpd9TQwLTsdmb5zLh880f6RlW1a3FZthrt5D0mJsKT4SCpk52WXqGHP7qUN0xOVmFNsmHRnIJmJ7NvXxiI&dbm_d=AKAmf-CDOYvO9B8hC1wjZbV-FWEtH8uhRoNbMGM4oGXFa77SNK4KYJBsWQ8pEweclcV0qsJSERswmHdRKzahUSxgbpuzmcxhK9XaY_9npBH2cpsSIwjDIBoJe7heN6vWDdEBWFZmeav8POoxXtmHb8zPHofWzIGvHPI-6HMtbEzeXPoqjAcNbVOuo4MhfZ-XXO92BA8iFKUIPZobncnEOgXeSs0exfccgXLer-APgB-AFCloi-bUOyvyOi-nECD7iJcYNozq3JD_YGTSXD8yG47LEOEJrfAT9m_TLl30sjN5uAIzFAPra65pE4o7WokXf3cy5RNXzi8TOJdats86Jloa6lAOiySyPRCMN9N_DzuCRzw9pccavXduyDrWwnnfHZmVAL0JB1BEY817FQoKrdNqRZGryXd91rHFwmfEbZa6yQPb4qhS2ZRYHU_oXSNcCTvgT6SdPpkdlAD8k7TbNx6eoSocSuHsiqpQXxXbl6DjbPhq0qd6-Qql9w_gNY5-7r1CjBPI0NZmvHY5AC9qYoeco1wJ9i-cVk7MQVNJYkT5PGXvPzX_0FiMv9u7zw2n1FauTJfrc_JQc9Ip2xAdjRx--0KhJ_A2XL2WQTvxoOLUbXY9fjACGNLLn2N6ZqHyq2px9P5ZV-6C27tZGuQgLSTVQfiVDfHXzs3-rugjY-0B7oKs3JNO2JxINXUbzntReCwFisf9hzygDboHXOqqyS0qCvv35tiwfpYAPoUPTn-3G-06DVsmuJzabVNx5Dhoqcc66A7N8Qa23Tb3G3QLNzyCWgeX7FvTEryIz-rFe8HrzVvi1udL4X6LyUJZlQHTYkalubXPJRq8otJsyDbUUGHq_6R8rjHlYlhKqyb7kHYxv2dajMsHxzBYG92IY8eCg419M4YfZSnhAHxWzUTW7yeA5HnDGr03z54nqtQLidhitWVkCpRq_2KrLKEOI2kmUkAx6JhQz0i8YN4ghDTaHJf-SoItGyvU-nFF2WOg07cGQSWcZ94xH5RP-2e0QzK1S_y89Z_d-2Z3O6noaf_mlY6CLJCswyFcZ6QOvSBOYHqlH5UEg9U-ypfVWReMee1AFObOOgK5yy5KaHr7EnOy_1dXVEVVjipCIdJaVvHr39geL9aeYwPtyZr47EdOwMafB2BMB8smucNVo0s4OtAfCnqeoGGcNSpvpgb19MQg6gLfo8udpWG8rSMDVJs_i93lKodXudHkcP4TE_-u4LgRGtRbQskcN-pK9RNFc8ph6rUo_Vv4OzlqgvzlJnMEJzVB7TzAjc-ylLKUC6xCQJFhka72oLpD0ksDlh7WmTBCfnQacS41wbjW63zbSz2ZjjZwRKdAmRxioYaNYIioUAFgefIZFebLkFMlFxnzP_BR8_yXxYmT3YSiYPhHGs0-gRi8Gh-fEM03ZvVL1eyGEBipfK2wTSRR0NJ-JgX8c8u9Y0IzokCiYAxlHynksV1h1qQMKO83_czlqqxNUmfNQTVUHmvQskP2gwmTewemBLD6rBcmqhroN_zKEaBOUqcwslcK1gP_oASoMmGTtA6Vl4Re6O8HCmOr7Bz1gg3RLLnYtkAuwxC-gpvhVFxyYYgTdrRZPq-hjUmDwkrJYvY11H34fhnPnawp-GRUUJWdn4ZQgQIQ9AbFlDeixNxk9Yt69WE0m8jErmhA4npDcnFC8Mdz_QYL3IkK_HMiuLFB49BVtDLeyApd5wOMoQgBa-2iD_XqtRuHtC9-rw4yORdKc7IlodcMH8ClToRHZZLR3QNTH_mk3lj-fWzXXDjuqA9INKfLWYnGFPYMORapVIsE9COdIAqPahJ_7h21cNu4TydvABSUExijwZR4KwV2ovoKb0kqxTNM36E_QD1eks4wF7HXGkK8SXkyRNM5VyOM0VHqxPgMM1vHDOEdO7qYP9J3fsJ20Pd5ulVC19yXeScUUiMswXqODLgUeVc32fI4p21_4QDLBDZJ7yLJ87jREbtBCIPt6lWqGLHgmtsXvwb2du4sOi0Fbs4vTTJ2XKoYzLu3piaBI1egh1hkwPxaJkyTsBPj1jLc-qZSVCCsOtgzPBwJEa5vl6RJMq28VGhSCSQKAuSkuXrlRoAT7zTUHCdrwB3KV1FZmyeF5WVQNR4Rc7ctzcVHPDTOoC1-trTiSJfPj2Aqw1EvbBZpsVjq0375FdxQRjt_OzwJRTz0rUCWBQ2yt0shHukJKqHQI1JHY_1n5pFpLILsQat5j0Hs-vWn9ohlFtzBXtcemEigK90diSDycXAsYcEJtqDt_49Y20kP8fLf4Y7nTCT7AxyegfljdvzhHKk4s7fzjqQE7m6_T7LlZdxKhRnrsp-jcBx8xUueS9fhqYrAkU157FXXHKGPH1hwlKxOfXDi1SgP08U3P3uNN1D8-7Wq_uBhoEOMb8yGR8d3is5bZ1GVA8k6NnhmIPVeePrw0gj9R__cuOUnuxZ55sqaEWdMgcRHSPnptf8LrUh5BCwfSndTN0xaIpnnagRsKgouhMIiLDSN7UrmbLs4-IuJNPwjPUEMJqw0Qy3TC16SnEf_4dpCH4xVzFNkpzLJZOB9BWH0iup0mFQNQGcKWsiqPprs2PKaEiwJ_8S767oHTjc2Erf0ysvMXTAvmyv66Xp5Eh6gDDCms3Oiah5rc7UnSYsQRm9rxKKV2ag7qI1KCmCYDIbFTc_ZH3ZORaCan5a2N0cFD5YkcWRvVFGwo9PbNexihgWtfV_EFGG4tUTje6B279CAWauCWdfmXImFrd3hqpU8dqtbFfAmsuffr5lNk7hqKlb3tyaUcDnLglE8ijMcAoM2DU181xNtRT9ePIv0fUuutMlUUTXEEbH9KR9MseMSxAjZNQeDnCmnt0f6hmr-KlKnNFhHBbMiDbtaxuC1OyOVZ_qu-HasXsDXuW8A9HbczpFP0q1ZTBbu8WsSkY0GTWbPrcQd3FYNcEiMM5sa4pMQ22i1RfqaONGWv8HxV9cG-yExUt325Lruy4eQHePJxXrKzLFhWqZp27fO-Dq5rEljedz8QUlOU7bh_XxC2y-Q8abE4SDyvOtsrNoh2UHgFJp5QYTLqI3xHPttQgdw-W6Y0l9wHDNEkeHq2pUlIGfVCmgEaOKwBT6jWhHFciGOJcsj_kEpY_F-_Rtqsao2N8qpLsAgpYO9t9pjFQ8nQI4qGOZ69VhjHm69uUCC1FkiWaqY2C7zsFfOLbcKhUsMz3IfGe9iBDQbibmRpoEsu4VFuWmZliRTOZosVTz5jfIfptUMx1rGkKQ6PIKgbZgyoKDgjYmfhO7kbiaf3QwC4HSltsuHgQnO5_8TpuyMFCvU6XLwJSG8WibgzbTSevrtFVGlxb7kzFHJL8elRbFj0PAKi5OXVb9E8i6nkTvbXgZcUGcs7RM-ztaKqEIy4rQpuvjmTeHGZPvsvqMPeiDU_dAoSKgPehAv2kH2PV0o5cki5IWjhmiQPiq6opicKFim2I5iNbmtnsR3jq3PoglozngxUcIz5iUOwsS6WB-A8rrC12k3KE1uZYQAZNzvuIeiT7OiVTwhrhgpoNWrmfUiXAfODfWw73WGDgnsDR-Kylnfnjqwt258pfP3ZKbbCRK8y4bzGuDiGKy_cFLHgHRv9O5Z5GIeJaWm2IDyUU9nvBrJ-QVZpfoL4ZxBwoY0DgJn6qzKAg2A-idsqv0bRf_KRcXnM2I730cHVxWNLKNBI8cre7pQtHaTiO8s9uVKLBJTP-YXd_KtZPmWS1bremZuWrtei49Uz3IKTu2KuYBB4qlY9P9IRQLStnN7kqV1gTaEcepy55rkKE7YjvE0z4XD2FCH5ZGJdZKyPnUSKLFRxBpThIsDZbe5xNyZzMCaxN__ZA0uFwcx&cid=CAQSPABygQiDOitSGR7Q1DWnSPJ23cMlMcRCkjX2sSDAc1OZbV52PW38ilSj4qC24J3kHDnhrjAaIjhaVRgJUxgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.metropoles.com%2F&ds=l&xdt=1&iif=1&cor=17556787969673150000&adk=792902355&idt=166&cac=0&dtd=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bb86be0538b5ef8bb7fabe6cfdcc28f99687242fbecab81a9a2a72d92931594a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 15:48:09 GMT
content-encoding
br
x-content-type-options
nosniff
age
2826
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11316
x-xss-protection
0
server
cafe
etag
309758756414748794
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 29 Jun 2023 15:48:09 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 644D 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Tue, 13 Jun 2023 07:39:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
204942
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 12 Jun 2024 07:39:33 GMT
F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js
pagead2.googlesyndication.com/bg/ Frame FA06 		37 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
176df1038f84f14d1d2ec33b51af8cef8034b6ebf27106f9b716f714d560e882
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 09:31:52 GMT
content-encoding
br
x-content-type-options
nosniff
age
25403
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14698
x-xss-protection
0
last-modified
Mon, 05 Jun 2023 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 14 Jun 2024 09:31:52 GMT
passback_300x600.js
static.adsafeprotected.com/ Frame 83FA 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/passback_300x600.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:7a00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5b542fa63865c7855e651a48910a341dfdd0508ec6f293e1253537b2778e2742

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sat, 10 Jun 2023 01:14:19 GMT
x-amz-version-id
kTzCLI3J0Rawp2tFRAwfopfiJxzrNFGH
content-encoding
gzip
via
1.1 5c14dc328191a14142654d833f772c6c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
487257
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Fri, 18 Feb 2022 23:29:42 GMT
server
AmazonS3
etag
W/"439e58c5a30158dbdc47481bb170410a"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800
x-amz-cf-id
yG7pt1WlnCcUbEXXXuR6b2McpZpWwc2---oS085DxqES1K5Z9W-t1A==
view
googleads4.g.doubleclick.net/pcs/ Frame A085 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuWf796tmej2L-nPILeBAYydf8wm03v2EKHaODp8cDlQN-d1yuli2O8QkAyVncan-ZrxcRcjTlPXmS2FD5afIaRGz_W9kqxu33IOaR-hTjKl1qroLNiHE76xjkAytyKq_oBGqpji0skgt4Cuarq0c-P9TrztvcqLwcMwOENnn-I79V6xKsx0XqATErjpRgsTMCLb-l5-OnbDRYwl4UOC7_lNDwKTQ_-PXIxqvgvoYTb69JyxI-WLwUohE2JmXehRnlGQh_N0RGGH7yaIphgVEYsCLa_g8GoAdG5EW0uT_7kCNjLYWheSZbJDV4XAXfg3Og0Cz-vqiyg5SrRfJjkTAmjn_QXR4ipO-Fy_2b48vDT-fG7TpSslncVY9_rE-_iuv5-FBF5hViXJWIS-vzUPrHt6tQ4Hn2J_25RLRYHikxuYKBV_z3GHDrW56KteZPDnQzTlmBTup339uznWYY8yoQWIyMgW3WZR7WOusbNeGkV-iMZFf2B4X3ioOwRxMADjpy5llMmV_37E9xQ0xmFsQJz7BSuLxIK9qpTnFqAZB-kt2fj7ELgm-djw_8QlaUSXqrZfC44v1CbydvNeeGmGuz7V7LuUobA2B3WxioG8vWnoFQa6WfrmF5w2KYk0f56KDO5jMonDaNkEUgmgN8aPRXCI2MF2XxhgeNCkGSebwyJz3YrqVcknL_KVd590_J_TDhCwzy-n6NMvfUMMuHGz3l84Jub9czrc03Rw5b1d5IwQMWTkrJ0weFH_uGRNGNG36nTJjsl_cgue6uxhYWZcd4evUZtB4ImEcTXmvR1cjZBUaCR6q5TguTjAC4aNvl6vrcIEbbiXOpnWxW9uqGMciamYbBwfXVWE0VyLo_r_SjW4_qJJpjGSHNJy1Rg31rqBZgxy9s7GIagej_UWxgndikcklWPJXTTnS7QxcyyJwcz14Ze6fjNe0dH4ytB2fpmUJh_C1B3u3tYnSmEkyuoP2_dr6TNjpZ_xehU5C7xB41TpeLp8CLRPqSAC-prx18lCkECfX2vkmn8lTTw7My4e-DIRNAkjjzk_x3BfIFERHCtQhcYMECsKvlXnX0d39ZPEH1V4JIhBwXls-_fkxSl1hR3KJ9uPAYTTeLwV42kEO-Yk5Wqv8ZQbnhxSyyPrL8HgRBrqSHRB7H9qIhBjnZjRRl2hePLfvj-i3mJQdLHLSAmQ8ecvKDKYA_OcWENzQiB9rKcpIR51167WObYjjmNuZU5xj7mjzMU0wlBKunHF7Vce800SzoaVaavSlOCh8g9UxdHelzfZbJX2G_VEfNgel0onZUVS3q22Q&sai=AMfl-YRa4ZX7xMHoVT6GQfiB-0RMxrP_WLOVf0EHG2pOxHEBcQ7gKq5yhq12qyjxyJgim9GYwBHhveADWuVcUAnnEml7DlH-InuMJtjhrEYHimLsMqmi0xX68AzbkRr5F0JfbqwUkn62cb62sQNthEEJDdSC-ZyZYEYuIRa7gR9vM0zz8kjeSUibgzKoQmj_TI-omMPPl-UvGG2X3-_yEpdbzrpy_676UyNBTX4XH4MdYU5IGsASvrEWNpAsd3ZUrV8FxrO10SXSAeb1IlLGWOpIj9l0wyO8_dD6-rI9&sig=Cg0ArKJSzLUZOcm1RiokEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=721&vt=11&dtpt=393&dett=3&cstd=327&cisv=r20230613.34363&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Thu, 15 Jun 2023 16:35:15 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame B230 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv1c31r9l8jLmxP423HirgxZsU7nZCszowr-_eMreB4jtF7f9jDz5WfX_0JUf-BV_x5yl5zPcumvZs1nplO4JPmgSUZNJPtv6UVhHmKLyUBRken3s3mrSJEO6hV2PfIi6ZpkWKTwR_qMm-ekxUvfSjcKY8_7K8jwLY6cv5dmZDnGOCqJCj7r7KCSc-1SD4hDFcTvwPt6qr3uiiJ2i4oy245zNob8cPxAXapJspZzW4tcVw-CHIrbI7Jo25y-8OqfiJ5tQZPgggEVo5Wn0S0EgJVnpgwsvWTOHO8PU2XIvTjnpM0HIvfX5gQ6FsoV_iHSMmlbIvBK1SXNkwN83fXrnGn0aMty9CObKrvW6WoEyx8RbVZA4ELvtu2XIOlbsriDRLcNw1_hzNuXmN_kC8eziFRLoxARE-gzILgm3HxSwWegd6vN_s8_VMfD3mDlObbRQX7qv3_ZJzVD4Rt6_esrtHhpGqh58HzmrYY9JU8XIMhuiwo3a3LVYpCExPQEwXgCGjJhuizn7LxpvXq2uOS0q_tT3tFElRYpxLYOr8VnP1rq3syKVtt0F-pPXoA2r_8K1rH0124yGDMbSEMW7lvw9vRTjvZn7xDrCOEwjU2OzRqUJbXW8EKKRCETg66BJfjmx_cV-nCYvEs59zQbrRGcaXaecmlTGM3XFu7GAaUmvsNUn3n1ecZSQ7T7wDXhEk_sz3JmEifbHN0UwAjvlXQK1a7ZYh_bZUtcExh-vjWmx5L5KXR6IoVSaQ1l7L8ajF4zak4HGtIxyoI5CmvAKS-Ym8icbuU8H_TylA0FN7BnAkmRf_TlA_y-_H-7qsaKUjLFXZLqxQTkn5DNatqEH4AL0rBLsGtoU6ILbiqlFvDRLbKWpajQekUwObncxRUL12wTpgUWg4TOVjZMR89hK-H84P_43iE3QEnaEgXnmkdTutQZ2a4LzmRTcG3fybHIDAYQYI1CC16n8ndh50SH7G6DXR2LXTxDrmMvskHcei8TJfBJ-VmDfBicaiD2TmnleXV57T70EDBaUlbU0J9tw9z9BLfDtU5VhcrpRx4RUoIb7slNFPDE2BJobxA3vL8v9w4UjJiJ6HgnuabOHWc0EkNc-pa_jC86eEEFj_qzjIoD8E7POTZu-sa4MiBawfl9Y2fNE1WFl0zzvs1LfAp1c36EQ-WWhd5qL1qlj5bcXyGvtvbqJz-YxDzF8CE74y1BbGQH4-TSXLPO5ALDmG0uIxl-RCRieIKO7PiWr4Ex1TaK7snHo62m_QklkFNMpz8AOXNDcCZeNpAI0EQ2ZbXjdYS2BdytK0kf1lnlg&sai=AMfl-YTSGJHQjMTe6O2EDcKSN-wvGCjC8bdwDhmVW5b9SfL0dzXUh1_1WxwIEVjbqtMIr29r3nwpH7R37XOkPecuMxNDNXW3_xT33AVwXjs1QRhVqGbGr5LlnLF1IFF7CtwUPBjWp2O2MNnLLqkukKNNPHXPWYxHhT2ZpyKYQ6_J7wRYGRAepYR1E-X1XfJolfKZlt3-Y6K8377PQos81-LD6B_t7ff6pv-Ofl1Ew8DEvH-YzeR-bI-gnPNnPAatWdRAGIsmLEvFWHNLntMgfEbO8Yx-246-HuUyAPWw&sig=Cg0ArKJSzMQpvV3aFTaFEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=758&vt=11&dtpt=398&dett=3&cstd=358&cisv=r20230613.57419&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Thu, 15 Jun 2023 16:35:15 GMT
F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js
pagead2.googlesyndication.com/bg/ Frame E21C 		37 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
176df1038f84f14d1d2ec33b51af8cef8034b6ebf27106f9b716f714d560e882
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 09:31:52 GMT
content-encoding
br
x-content-type-options
nosniff
age
25403
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14698
x-xss-protection
0
last-modified
Mon, 05 Jun 2023 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 14 Jun 2024 09:31:52 GMT
usync.js
eus.rubiconproject.com/ Frame 895E 		34 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=16698&endpoint=us-east&gdpr=1&us_privacy=1---
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.201.255.110 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-255-110.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
e688988e1a802a298ca327000a3266be6af64da0c6f6a48dd38dfd4bc30fa951

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=16698&endpoint=us-east&gdpr=1&us_privacy=1---
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Thu, 15 Jun 2023 16:35:15 GMT
Content-Encoding
gzip
Last-Modified
Wed, 14 Jun 2023 19:18:58 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=9765
Connection
keep-alive
Content-Length
10113
Expires
Thu, 15 Jun 2023 19:18:00 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 594E 		1 KB
643 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
11663
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=86400
content-encoding
br
content-length
618
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 15 Jun 2023 13:20:52 GMT
etag
48472445140208031
expires
Fri, 16 Jun 2023 13:20:52 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame EBF4 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cb7b4adef5f51b771b03fc0aa0285669fc6af91b69081e27e56d2aec902a40d5

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/png
usync.js
eus.rubiconproject.com/ Frame F891 		34 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=16698&endpoint=us-east&gdpr=1&us_privacy=1---
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.201.255.110 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-255-110.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
e688988e1a802a298ca327000a3266be6af64da0c6f6a48dd38dfd4bc30fa951

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=16698&endpoint=us-east&gdpr=1&us_privacy=1---
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Thu, 15 Jun 2023 16:35:15 GMT
Content-Encoding
gzip
Last-Modified
Wed, 14 Jun 2023 19:18:58 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=9765
Connection
keep-alive
Content-Length
10113
Expires
Thu, 15 Jun 2023 19:18:00 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 7FA5 		1 KB
643 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
11663
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=86400
content-encoding
br
content-length
618
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 15 Jun 2023 13:20:52 GMT
etag
48472445140208031
expires
Fri, 16 Jun 2023 13:20:52 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame 644D 		211 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4b945a1c700cf05cef9292b5e9597ee3413e359fa3f39f6c4781d05549140af4

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/png
gen_204
pagead2.googlesyndication.com/pagead/ Frame A085 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=pvtw&eid=wj2LZO3BGcel9u8PuNaV6Ao&p=ias&bl=1&twt=785&st=418
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame A085 		0
26 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuVAP9sEArIXqjGRmcymfFZNb2ELleaQ9yO_E6RKxSIHwmI2QZSu4HwTyFwxfu1ie1LfvT9WVw1usUWvd4Y977DwtLIUXWaqHZGKsrvwnADFDdjtE06_bhbh2jCSs65O8yLhlLuzlH1oD1crEBrj-SUYdm5VrYm9ZZ0zSNGRJ9upSJX&sai=AMfl-YTSxb8awUYMLte-zL9uwL8_XK66RTTJ5eWGjOSpiJi-GnpGeii5ciUI1VaWgv0AOJ2ZKfb2ZX_lbxv5V2-WscottwqA8WIHyfowmE6NodxWhs_1cvBU7pviGIGzO9M&sig=Cg0ArKJSzHrM1IRC1pdZEAE&uach_m=[UACH]&urlfix=1&vt=13&adurl=
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame B230 		0
26 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuugnHry9ybt67srZISfDMeS-ppAZP5E_a_h7t-AYdPprK3TjajWC-Fb20aUe-tOql-A7k4HD5xtOPm7-wOTtKd11jYcz0JEPeDujop32-Pf_17udMpPdhiYv1Lj4XmfJqAG4xjse3ErmYjoAbVC1Fya94xuNYUHs7rrmdAnc_q_NvO&sai=AMfl-YQ1f-tsyu9fdI1UD40dUKTgyeumH_2Efqsk1BHIXGgkCqL7SIr0K7k8jNJNMnRbU6qCi1pcmzoGKqbjG91yt6uXgNu4GpyIAcHFxMVajJ8-70oyJGys2w2m3MW6_Dc&sig=Cg0ArKJSzA08-SeZ1PnIEAE&uach_m=[UACH]&urlfix=1&vt=13&adurl=
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
IAS_PassbackAds_970x250.png
static.adsafeprotected.com/ Frame 7A28 		28 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.adsafeprotected.com/IAS_PassbackAds_970x250.png
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:7a00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7be9364f21808a881f4530002ab0363deabf7de3321a1356984e88fb316ac165

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id
pdWOnfKbVAXycyDHbhFI_OqkWBFerFwW
date
Fri, 09 Jun 2023 16:53:15 GMT
via
1.1 5c14dc328191a14142654d833f772c6c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
517321
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
28949
last-modified
Fri, 18 Feb 2022 23:29:18 GMT
server
AmazonS3
etag
"9d3f43da9d0d0679ec0dfea58b2f1d45"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=604800
accept-ranges
bytes
x-amz-cf-id
AC-zjTQqYFGvCKlKo9UdO_-XHxPzBbk4yxtFvIQgvap8NylqVl0D3g==
r62eglto.js
ad4m.at/ Frame EBF4 		25 KB
10 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://ad4m.at/r62eglto.js
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d5e67a38c9a11424cac19ce192c9fd124a6d74e64d3791a01561dbd3e39c0b4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 14 Mar 2023 13:45:21 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
182959
etag
W/"fcb2a26b07bd76d9a925cae661d6d94d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vFRj%2BnFfsqECSa6H4Jtf5MEyBebYzD2hDBDY9yWV%2Fu%2B4KN7ytJuqlj%2Bje%2BgUubvVbWqSRorn4F1U78Gf5ey99EhAPgV4WSo7gpkV%2FIJFdRuAMFyYM%2BYzPrYA5cYdgnRKuSP4i%2Bc%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray
7d7c39a548a3367f-FRA
alt-svc
h3=":443"; ma=86400
expires
Tue, 06 Jun 2023 13:46:12 GMT
passback_300x250.js
static.adsafeprotected.com/ Frame 1DA0 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/passback_300x250.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:7a00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6005e56ab3043d83726d25b0d17458e35b72355a81ca3230cc9de9058ee8b1f0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id
vr1Fa3eAVtG7AGe6kPa1Y0WAZAHvQkII
content-encoding
gzip
via
1.1 5c14dc328191a14142654d833f772c6c.cloudfront.net (CloudFront)
date
Wed, 14 Jun 2023 07:44:58 GMT
x-amz-cf-pop
FRA56-P5
age
118218
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Fri, 18 Feb 2022 23:29:42 GMT
server
AmazonS3
etag
W/"44f0ac540dc9c11f94344414c879b658"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800
x-amz-cf-id
tTjxqAxBNOhBBT_sueItBmgh6XyvyzAy6v54OcoNsV0nNGaPVWj9VA==
cmTagFEED_MANAGER.js
vidstat.taboola.com/vpaid/units/32_8_8/infra/ 		887 KB
147 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vidstat.taboola.com/vpaid/units/32_8_8/infra/cmTagFEED_MANAGER.js
Requested by
Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/4.0.2/UnitFeedManagerDesktop.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3-br /
Resource Hash
c6806f8379c0a4da9fa955f55465b1babb9c824187e711495d3a619546a36483

Request headers

Referer
https://www.metropoles.com/
Origin
https://www.metropoles.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-meta-mtime
1685956623
date
Thu, 15 Jun 2023 16:35:15 GMT
via
1.1 varnish
content-encoding
br
x-amz-request-id
QGVTFBBC8E9CP3K7
age
890173
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-meta-ctime
1685956624
x-amz-meta-mode
33188
content-length
150072
x-amz-id-2
aleayPJZVWL0pxyliM8TdhK02NCzbyn9wOSpORbqYM+lUYzF3JgUsWy3seIa9qhZrGreDh195BY=
x-served-by
cache-fra-eddf8230091-FRA
last-modified
Mon, 05 Jun 2023 09:17:05 GMT
server
AmazonS3-br
x-timer
S1686846915.438428,VS0,VE0
etag
"81348113b2ca9b12b7205372f6653437"
x-amz-meta-uid
0
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
x-amz-meta-gid
0
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
access-control-allow-headers
*
x-cache-hits
183565
cmOsUnit.css
vidstat.taboola.com/vpaid/units/32_8_8/assets/css/ 		60 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://vidstat.taboola.com/vpaid/units/32_8_8/assets/css/cmOsUnit.css
Requested by
Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/4.0.2/UnitFeedManagerDesktop.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3-br /
Resource Hash
a6571199455f009b27bb8719e76ab06240bb4c9246f6b8915e3119ced168c132

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-meta-mtime
1685956642
date
Thu, 15 Jun 2023 16:35:15 GMT
via
1.1 varnish
content-encoding
br
x-amz-request-id
88G1W7FC0N0XDB2B
age
890173
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-meta-ctime
1685956642
x-amz-meta-mode
33188
content-length
7877
x-amz-id-2
GcCXD8KdYBb+g5Vtk9wQ4x27v2HOc+dszuQv5xGzqSXRFMrTMu5VUVKloNv8X7kjr+70Cn2r9zI=
x-served-by
cache-fra-eddf8230082-FRA
last-modified
Mon, 05 Jun 2023 09:17:24 GMT
server
AmazonS3-br
x-timer
S1686846915.423274,VS0,VE0
etag
"92502277b3d6d05481ffd7687771377e"
x-amz-meta-uid
0
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
x-amz-meta-gid
0
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
access-control-allow-headers
*
x-cache-hits
520356
passback_300x250.js
static.adsafeprotected.com/ Frame CBCF 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/passback_300x250.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:7a00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6005e56ab3043d83726d25b0d17458e35b72355a81ca3230cc9de9058ee8b1f0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id
vr1Fa3eAVtG7AGe6kPa1Y0WAZAHvQkII
content-encoding
gzip
via
1.1 5c14dc328191a14142654d833f772c6c.cloudfront.net (CloudFront)
date
Wed, 14 Jun 2023 07:44:58 GMT
x-amz-cf-pop
FRA56-P5
age
118218
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Fri, 18 Feb 2022 23:29:42 GMT
server
AmazonS3
etag
W/"44f0ac540dc9c11f94344414c879b658"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800
x-amz-cf-id
OztqujcB9qLZEcmc226Fvf_h29AW21HVs-sPaqHegEV2kb-DfWASZQ==
IAS_PassbackAds_300x600.png
static.adsafeprotected.com/ Frame 83FA 		34 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.adsafeprotected.com/IAS_PassbackAds_300x600.png
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:7a00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8e503fe67eef6d53b7297abd5062e4db7a6b381eaa7d4ac4f8c53a9bb08e248c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id
tQgHbMfZoUlj3hcvrSYdqixcUVtCIeBK
date
Sun, 11 Jun 2023 23:01:38 GMT
via
1.1 5c14dc328191a14142654d833f772c6c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
322418
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
34357
last-modified
Fri, 18 Feb 2022 23:29:00 GMT
server
AmazonS3
etag
"26e2b461771f6fb855141aa77c859584"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=604800
accept-ranges
bytes
x-amz-cf-id
LvwEjXg25qIofqT__70nSJ8vkOSWfPP5eZ1dmTFk9iITq36UU-l_qg==
sync.php
pixel-us-east.rubiconproject.com/exchange/ Frame 895E 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=16698&gdpr=1&us_privacy=1---&gdpr=1&us_privacy=1---&khaos=LIXD3KQF-L-AV6P
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=16698&endpoint=us-east&gdpr=1&us_privacy=1---
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
8.43.72.98 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
2dd9fa24169fa04536d533da131679f8
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
frame.html
ad4m.at/ Frame 918D 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ad4m.at/frame.html
Requested by
Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab

Request headers

Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1568003
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=3600
cf-cache-status
HIT
cf-ray
7d7c39a60fa11981-FRA
content-encoding
br
content-language
en
content-type
text/html; charset=utf-8
date
Thu, 15 Jun 2023 16:35:15 GMT
expires
Mon, 08 May 2023 00:16:30 GMT
last-modified
Thu, 25 Aug 2022 14:12:41 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zkkhaJ5t7awcyY5tQWzOYhQGgHwn%2FvGWRqYq1RcQi1BIWjkTiZARQR4O2ybfxjKHWT2ZBhR564Z%2BY9jyUQUVCF2pli%2BIycEvqEtkBnhAsfyUc46%2BfGExn1oY%2Bt0RTemDiR5o%2Fo0%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/941279407/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/941279407/?random=1686846915529&cv=9&fst=1686846915529&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603261%2C466465925%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&ref=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&tiba=V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai%20%7C%20Metr%C3%B3poles&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2ba074f5804a1b235b2c3dbb30991c64fd85ffd163bb3264aafa7450a78cc3b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1581
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame D409 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
468668
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 10 Jun 2023 06:24:07 GMT
expires
Sun, 09 Jun 2024 06:24:07 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 1699 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
468668
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 10 Jun 2023 06:24:07 GMT
expires
Sun, 09 Jun 2024 06:24:07 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
pixel
cm.g.doubleclick.net/ Frame 594E
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEGRXelbiRLzcUY27NLSVGQQ&google_cver=1&google_push=ATf1kGOSBO-WwRj6TK0ikqk6r7bGfkhCTSQlbry8w1D_e4ezQWYzshaIlSOxlmDCQFoF4Cd7C6cWpREu-f-xoKYa...
  • https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGOSBO-WwRj6TK0ikqk6r7bGfkhCTSQlbry8w1D_e4ezQWYzshaIlSOxlmDCQFoF4Cd7C6cWpREu-f-xoKYacFTowVnZcWnU
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGOSBO-WwRj6TK0ikqk6r7bGfkhCTSQlbry8w1D_e4ezQWYzshaIlSOxlmDCQFoF4Cd7C6cWpREu-f-xoKYacFTowVnZcWnU
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Thu, 15 Jun 2023 16:35:15 GMT
Server
MT3 1031 59fd23a master zrh zrh-pixel-x10 config_version:"1524"
Content-Type
image/gif
Access-Control-Allow-Origin
*
location
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=ATf1kGOSBO-WwRj6TK0ikqk6r7bGfkhCTSQlbry8w1D_e4ezQWYzshaIlSOxlmDCQFoF4Cd7C6cWpREu-f-xoKYacFTowVnZcWnU
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 15 Jun 2023 16:35:14 GMT
pixel
cm.g.doubleclick.net/ Frame 594E
Redirect Chain
  • https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESEMNdTz-rE9yZ3Egx99TAQ38&google_cver=1&google_push=ATf1kGOtKELHlIGL0-FcMh3omy_IlClPNpGnVukh--qY1Hu0-I01TWTj-V1NfAKI9rPZ0nlWs6rTc2XIy4d...
  • https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=ATf1kGOtKELHlIGL0-FcMh3omy_IlClPNpGnVukh--qY1Hu0-I01TWTj-V1NfAKI9rPZ0nlWs6rTc2XIy4dD3SdlOZIhOK5VlUsW
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=ATf1kGOtKELHlIGL0-FcMh3omy_IlClPNpGnVukh--qY1Hu0-I01TWTj-V1NfAKI9rPZ0nlWs6rTc2XIy4dD3SdlOZIhOK5VlUsW
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=ATf1kGOtKELHlIGL0-FcMh3omy_IlClPNpGnVukh--qY1Hu0-I01TWTj-V1NfAKI9rPZ0nlWs6rTc2XIy4dD3SdlOZIhOK5VlUsW
Date
Thu, 15 Jun 2023 16:35:15 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=3000
Content-Length
0
P3P
policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"
pixel
cm.g.doubleclick.net/ Frame 594E
Redirect Chain
  • https://a.c.appier.net/gcm?google_gid=CAESELp6r9qp75U7Iue9sFP3v64&google_cver=1&google_push=ATf1kGMVbT1mjso8pcYPtvddS4tpRB-3Q6oCmVfFQFSz7Z_-ks-T4SIhZbQFfiMFjyTR2JRiVcaHqBvBg1HXHR2oXZAEBVt33qah
  • https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=Rzh0dnFneTRCQnlHcnR6RHhEMkxaQQ%3D%3D&google_push=ATf1kGMVbT1mjso8pcYPtvddS4tpRB-3Q6oCmVfFQFSz7Z_-ks-T4SIhZbQFfiMFjyTR2JRiVcaHqBvBg1HXH...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=Rzh0dnFneTRCQnlHcnR6RHhEMkxaQQ%3D%3D&google_push=ATf1kGMVbT1mjso8pcYPtvddS4tpRB-3Q6oCmVfFQFSz7Z_-ks-T4SIhZbQFfiMFjyTR2JRiVcaHqBvBg1HXHR2oXZAEBVt33qah
Protocol
H3
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:16 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Thu, 15 Jun 2023 16:35:16 GMT
server
nginx
accept-ch
Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
p3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=Rzh0dnFneTRCQnlHcnR6RHhEMkxaQQ%3D%3D&google_push=ATf1kGMVbT1mjso8pcYPtvddS4tpRB-3Q6oCmVfFQFSz7Z_-ks-T4SIhZbQFfiMFjyTR2JRiVcaHqBvBg1HXHR2oXZAEBVt33qah
content-type
text/html; charset=utf-8
cache-control
no-store
content-length
243
pixel
cm.g.doubleclick.net/ Frame 594E
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEBCRdquU7Pv3PNwLxF2DWvo&google_cver=1&google_push=ATf1kGNGXb1B8PPKNGKrwwvdnuqJXQlQkkbgni7tifEjMaAPebhsaW1jHA40pYV1wkZD_Sg66z6CnPlsY7YLowiXLdWF...
  • https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEBCRdquU7Pv3PNwLxF2DWvo&google_cver=1&google_push=ATf1kGNGXb1B8PPKNGKrwwvdnuqJXQlQkkbgni7tifEjMaAPebhsaW1jHA40pYV1wkZD_Sg66z6CnPlsY7YLow...
  • https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGNGXb1B8PPKNGKrwwvdnuqJXQlQkkbgni7tifEjMaAPebhsaW1jHA40pYV1wkZD_Sg66z6CnPlsY7YLowiXLdWFsdjtVY8&google_hm=o4Y_h9PYShaLn181Xhtfbw==
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGNGXb1B8PPKNGKrwwvdnuqJXQlQkkbgni7tifEjMaAPebhsaW1jHA40pYV1wkZD_Sg66z6CnPlsY7YLowiXLdWFsdjtVY8&google_hm=o4Y_h9PYShaLn181Xhtfbw==
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
//cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGNGXb1B8PPKNGKrwwvdnuqJXQlQkkbgni7tifEjMaAPebhsaW1jHA40pYV1wkZD_Sg66z6CnPlsY7YLowiXLdWFsdjtVY8&google_hm=o4Y_h9PYShaLn181Xhtfbw==
date
Thu, 15 Jun 2023 16:35:15 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
pixel
cm.g.doubleclick.net/ Frame 594E
Redirect Chain
  • https://d5p.de17a.com/cookies/google?google_gid=CAESEAdyVoMSsJrR0uf9qnSyjkI&google_cver=1&google_push=ATf1kGO81CM6pzc61tDIivXFOWfpjOC2utZlrIkAB1-Kw4OT0es_lbnToMPsbY5DKP4NjRAnkyV5gfxFF9sSowSeItvz3JD...
  • https://d5p.de17a.com/cookies/google;c?google_gid=CAESEAdyVoMSsJrR0uf9qnSyjkI&google_cver=1&google_push=ATf1kGO81CM6pzc61tDIivXFOWfpjOC2utZlrIkAB1-Kw4OT0es_lbnToMPsbY5DKP4NjRAnkyV5gfxFF9sSowSeItvz3...
  • https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGO81CM6pzc61tDIivXFOWfpjOC2utZlrIkAB1-Kw4OT0es_lbnToMPsbY5DKP4NjRAnkyV5gfxFF9sSowSeItvz3JDFb-fe
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGO81CM6pzc61tDIivXFOWfpjOC2utZlrIkAB1-Kw4OT0es_lbnToMPsbY5DKP4NjRAnkyV5gfxFF9sSowSeItvz3JDFb-fe
Protocol
H3
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGO81CM6pzc61tDIivXFOWfpjOC2utZlrIkAB1-Kw4OT0es_lbnToMPsbY5DKP4NjRAnkyV5gfxFF9sSowSeItvz3JDFb-fe
content-length
0
p3p
CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV
pixel
cm.g.doubleclick.net/ Frame 594E
Redirect Chain
  • https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEG7fA3AO1k0nI-2xjav0QTk&google_cver=1&google_push=ATf1kGPLh1SaFXc1Qc6Zch47gfl5DaiYr4-eATvloQl9SB8ZppKYz6xZAkmQs2vpCnYIqnBywlRuRq9r...
  • https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEG7fA3AO1k0nI-2xjav0QTk&google_cver=1&google_push=ATf1kGPLh1SaFXc1Qc6Zch47gfl5DaiYr4-eATvloQl9SB8ZppKYz6xZAkmQs2vpCnYIqnBywlR...
  • https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODE5Njc5ODI4MDYxMjcwNDg0Mg&google_push=ATf1kGPLh1SaFXc1Qc6Zch47gfl5DaiYr4-eATvloQl9SB8ZppKYz6xZAkmQs2vpCnYIqnBywlRuRq...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODE5Njc5ODI4MDYxMjcwNDg0Mg&google_push=ATf1kGPLh1SaFXc1Qc6Zch47gfl5DaiYr4-eATvloQl9SB8ZppKYz6xZAkmQs2vpCnYIqnBywlRuRq9r3hWGpYXaMlsz3z_5yfqG
Protocol
H3
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age
86400
access-control-allow-methods
GET
location
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODE5Njc5ODI4MDYxMjcwNDg0Mg&google_push=ATf1kGPLh1SaFXc1Qc6Zch47gfl5DaiYr4-eATvloQl9SB8ZppKYz6xZAkmQs2vpCnYIqnBywlRuRq9r3hWGpYXaMlsz3z_5yfqG
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
pixel
cm.g.doubleclick.net/ Frame 594E
Redirect Chain
  • https://b1sync.zemanta.com/usersync/googleopenbidding/?google_gid=CAESEJ-1_x9YGZ4OL-wJApVptcw&google_cver=1&google_push=ATf1kGP_oq4jRrvCB_NJxmXlvp2EKz2GJkWyw2zN11jKJtqNmJkuLxZYJ9iXUyuQ0kuWpLzpmLydO...
  • https://b1sync.zemanta.com/usersync/googleopenbidding/?google_cver=1&google_gid=CAESEJ-1_x9YGZ4OL-wJApVptcw&google_push=ATf1kGP_oq4jRrvCB_NJxmXlvp2EKz2GJkWyw2zN11jKJtqNmJkuLxZYJ9iXUyuQ0kuWpLzpmLydO...
  • https://cm.g.doubleclick.net/pixel?google_nid=outbrain_eb&google_push=ATf1kGP_oq4jRrvCB_NJxmXlvp2EKz2GJkWyw2zN11jKJtqNmJkuLxZYJ9iXUyuQ0kuWpLzpmLydOsQk9MRRZnYC6M7z7gcFhpHd&google_hm=c01mMEJvOEVDZDM1...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=outbrain_eb&google_push=ATf1kGP_oq4jRrvCB_NJxmXlvp2EKz2GJkWyw2zN11jKJtqNmJkuLxZYJ9iXUyuQ0kuWpLzpmLydOsQk9MRRZnYC6M7z7gcFhpHd&google_hm=c01mMEJvOEVDZDM1enFIN1g5My0=
Protocol
H3
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:16 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:16 GMT
Content-Type
text/html; charset=utf-8
Location
https://cm.g.doubleclick.net/pixel?google_nid=outbrain_eb&google_push=ATf1kGP_oq4jRrvCB_NJxmXlvp2EKz2GJkWyw2zN11jKJtqNmJkuLxZYJ9iXUyuQ0kuWpLzpmLydOsQk9MRRZnYC6M7z7gcFhpHd&google_hm=c01mMEJvOEVDZDM1enFIN1g5My0=
P3p
CP="We do not support P3P header."
Cache-Control
no-cache, no-store, must-revalidate
Content-Length
240
Expires
Thu, 01 Dec 1994 16:00:00 GMT
attr
cm.g.doubleclick.net/pixel/ Frame 594E 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Ixu9tqsMT93ixw-2JwicujqECvuQHmWn4lOa1N1lheeLO1TPRAsgSBuU8IyjYO5ZJVd-4zWg
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html
index.html
s0.2mdn.net/sadbundle/9170381621892120779/ Frame EC83 		13 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/9170381621892120779/index.html?e=69&leftOffset=0&topOffset=0&c=TyK1T8CvsJ&t=1&renderingType=2&ev=01_250
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
691257cf7d510da3434f5eedca2b2e0137949c698e3750c7705526a1ee75684c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
2744
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Thu, 15 Jun 2023 16:35:15 GMT
expires
Fri, 14 Jun 2024 16:35:15 GMT
last-modified
Thu, 30 Mar 2023 10:59:14 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 644D 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu_s6OiU2dNAkmiqlGf2jAMLJrCUS76mwDCIpfJ2H2RR9-0MpZNkVFxuMlHPwUnwEmMQdjH3McJbEehqihYOUcRoISXsJlEbeT9ssnBYkIWzylyH5fcAesDkdYEY_bWB-3OldbvARRhI112nkp6sXjjY2YDmZH1BFNXuAvfVLD-sTXY_w5NvfBlwuRLfVe2oVCZ-rubsWuSNJokgV9XE9gKA8zYZ6UYMBcq4gr8lDiAlouRXlAAW1LcAI0eRpqkZIt7iGuGzNJ1SdA_tHU3dZP6c47qyn0W8mRffk5sjXxqgU_M1ZsxzW0dkEDedc2xt4ccapRasOSAXH4DJ17vGZc1gdSAZQsZyZ41KoiBmAuV4rZz856mRiS5qSTN6Cay0_e2SIY54A6IxYPX_Oac3Yyvg1obliISMRvWdS1bEtCA_W6V6pJgU-cG96NyyY4IaawAwZP_XNgufmfGs6jUvzFPWZkiQGERYnKu2DxCO4ZVx0ntN65N8RKwSQsdO1Pzjp9W0QFKKgpjPWd8ngNdCU_vfR2WeYepykJ_wflyEEcNdYiFew4u4OJU7TDLk0SFNx9kU6dnyX7V-t1_MkQOhDvUz2zqjVGjJ9-FVQFWWOlEFGTI2qbAS28uC8aShcRv8QCY_2cuJjrA2qGlfR7oSBRq9GwJB3RjXo80N8Mf18TzoDczloCtZLBEhfURukgS8lkkzXXiwiMWsQeCGlUTzalPV1wZunxgsyziZDKw-JPdolmgBo8zL51dMbQ1t5RR8mxE5aFBmTpPAVE3yE2Iuxm0OAe2y9u4ViZhGkjKASIN2xvTSoxhKSw5sDj84sQY48r--E44x0y5uKqTsq_lyrfRBsQ-1vUC--NwgnXJbWmPSzIPfT_FyY7pYlIY-uhNhTsBuGGdHEYYbcvemxDIWcFsU6TjQV92RszZG-aq2Re6ogV3xcp-jqnqmyI6qDcWXR8C8zht0BX6ehnPZKa6EhzFLDKvh516vTDGF_WYgZbBpmZdnK31Gnr9tNLmXf2usl9C0N4jZsVSi1wvtkx8KmZ_AeRCaix_sdeF3Fg01zeW8bKq58Rm1h9Sj5zXw0Ctj--ky6lUiersEj5-Fl6MUNyaPAa5zC8fVaagN9COw_DfTJzc6CO5RGAPGAgwG2CTBi_bplekp-fMQTvjNh4aQciVbMqw5DOvCN3yFI9-So1-gl4WcHU6A6ETyj8V32gm_oeu4TBWWg7tW1q8yG8ooBmHA1i2lLTOYVuWqgz_rUi75Jf-3eFIOFBwY7hKbMTQ8KLtIMEDM9G_bMcvYYxZUoI2448P5VU54oibA5CGr3HuzbM9t23SkTDZxddTOvFpPK-sV5DhFqze0gxlg-hneUy2OOuZJhmt8yN3&sai=AMfl-YRsxPonHOmjqamXCILKhBPY_EGBOGqDjbeyLJ8Afv3IIYjgSFS7263bX1uQE7JLKX2BrK8YdX3WjKRrRjUVMAtm3XOHWl-nayLUI5NnpUrAX0iFt67OLwrfnlsLmHewZxy6weWMAnmamziM8Crk7uDkmC0c43Q0aYyhWDwC4tEhWShWHGszktM4F8fMzbgj_ALXUTAVj7z37FMF0n2093hKMLmEfH58KqyCIMzwWsPQ4C96h9uVVl3iDtBkhSioBZh9tKC2yjMgPUBEy3ldMYKdSiKHMTyC&sig=Cg0ArKJSzNEKLrsYUFgXEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=303&cbvp=1&cstd=295&cisv=r20230613.03837&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Thu, 15 Jun 2023 16:35:15 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
cache-control
private
access-control-allow-credentials
true
timing-allow-origin
*
expires
Thu, 15 Jun 2023 16:35:15 GMT
IAS_PassbackAds_300x250.png
static.adsafeprotected.com/ Frame 1DA0 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.adsafeprotected.com/IAS_PassbackAds_300x250.png
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:7a00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f6adb794eda0e31a163ed517d8e63d388dbb762031a189349c72af2bc37bb4f2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id
5gVOAFoF.BCvnrybv6D.a4lGJXzJNSyO
date
Wed, 14 Jun 2023 16:02:14 GMT
via
1.1 5c14dc328191a14142654d833f772c6c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
413437
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
14233
last-modified
Fri, 18 Feb 2022 23:28:59 GMT
server
AmazonS3
etag
"65a8b98b798ce416d94c2847aca40c71"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=604800
accept-ranges
bytes
x-amz-cf-id
Rd0uRphgiEAGMvCbp6TbkASdpqsFpmntxax4ziKB7jMpiQ0BsUit1g==
pixel
cm.g.doubleclick.net/ Frame 7FA5
Redirect Chain
  • https://fksnk.com/cs/google?google_gid=CAESEPiz8cTRhil9ra73L9MNtMA&google_cver=1&google_push=ATf1kGN-Chlj_MqzDTbWS7xP-LjivNGc_UUdqkpouquwQb7LV2nbU8Lbg8AKTD0-lI6a5VgK0Qr8aBdZ3e16_Q_b29629rsgQMxwDfXz...
  • https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=QjIyQkYyODIzQjhBQzdFMQ==
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=QjIyQkYyODIzQjhBQzdFMQ==
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:16 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=QjIyQkYyODIzQjhBQzdFMQ==
date
Thu, 15 Jun 2023 16:35:15 GMT
content-language
en-US
content-type
text/html;charset=ISO-8859-1
pixel
cm.g.doubleclick.net/ Frame 7FA5
Redirect Chain
  • https://a.c.appier.net/gcm?google_gid=CAESELp6r9qp75U7Iue9sFP3v64&google_cver=1&google_push=ATf1kGPbnzjERDXUDHgriMo0uCKOylsShg20f0nzYgDN61CLW-TH7GXFgSxmuP2pghaD9rFgGgY8r4dDkBAtYPt7Rm-NIb5a90GV0jHJn...
  • https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=Q2lHd0xrQk9Eb21VZDNNMHhEMkxaQQ%3D%3D&google_push=ATf1kGPbnzjERDXUDHgriMo0uCKOylsShg20f0nzYgDN61CLW-TH7GXFgSxmuP2pghaD9rFgGgY8r4dDkBAtY...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=Q2lHd0xrQk9Eb21VZDNNMHhEMkxaQQ%3D%3D&google_push=ATf1kGPbnzjERDXUDHgriMo0uCKOylsShg20f0nzYgDN61CLW-TH7GXFgSxmuP2pghaD9rFgGgY8r4dDkBAtYPt7Rm-NIb5a90GV0jHJnthiwBDxjr9sBK3xbOsLjnDhhIt1pCYQY1Fl4vHO
Protocol
H3
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:16 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Thu, 15 Jun 2023 16:35:16 GMT
server
nginx
accept-ch
Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
p3p
CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=Q2lHd0xrQk9Eb21VZDNNMHhEMkxaQQ%3D%3D&google_push=ATf1kGPbnzjERDXUDHgriMo0uCKOylsShg20f0nzYgDN61CLW-TH7GXFgSxmuP2pghaD9rFgGgY8r4dDkBAtYPt7Rm-NIb5a90GV0jHJnthiwBDxjr9sBK3xbOsLjnDhhIt1pCYQY1Fl4vHO
content-type
text/html; charset=utf-8
cache-control
no-store
content-length
287
pixel
cm.g.doubleclick.net/ Frame 7FA5
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEBCRdquU7Pv3PNwLxF2DWvo&google_cver=1&google_push=ATf1kGPA-siLFcPDuaZkX0eZEILZ1NO5Tzu2WEVKYsrOUe7Wbrgaupl5aQ5DEpmYMTPHR-riwYIw29IIBOsbpY1qwz1V...
  • https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=google&bsw_custom_parameter=a3863f87-d3d8-4a16-8b9f-5f355e1b5f6f
  • https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=google&bsw_custom_parameter=a3863f87-d3d8-4a16-8b9f-5f355e1b5f6f
  • https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=d9ebacb1-dc79-4b7a-898d-f62177c41ce6&user_group=1&ssp=google&bsw_param=a3863f87-d3d8-4a16-8b9f-5f355e1b5f6f
  • https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGNGXb1B8PPKNGKrwwvdnuqJXQlQkkbgni7tifEjMaAPebhsaW1jHA40pYV1wkZD_Sg66z6CnPlsY7YLowiXLdWFsdjtVY8&google_hm=o4Y_h9PYShaLn181Xhtfbw==
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGNGXb1B8PPKNGKrwwvdnuqJXQlQkkbgni7tifEjMaAPebhsaW1jHA40pYV1wkZD_Sg66z6CnPlsY7YLowiXLdWFsdjtVY8&google_hm=o4Y_h9PYShaLn181Xhtfbw==
Protocol
H3
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:16 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
//cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGNGXb1B8PPKNGKrwwvdnuqJXQlQkkbgni7tifEjMaAPebhsaW1jHA40pYV1wkZD_Sg66z6CnPlsY7YLowiXLdWFsdjtVY8&google_hm=o4Y_h9PYShaLn181Xhtfbw==
date
Thu, 15 Jun 2023 16:35:16 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
pixel
cm.g.doubleclick.net/ Frame 7FA5
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESELPfcnLPIfizE4VjyPgZMxc&google_cver=1&google_push=ATf1kGOW91Dkna4iCYbggyL1JkuxIBVtvp07Ocdp3GnLeJ2TjC1LnlgTc7oDmx8b6b2B5PxqzxLYKFQWO4UsN5K...
  • https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=nDLHiWVDVPJlvqBFltsLG7nVm7E&google_push=ATf1kGOW91Dkna4iCYbggyL1JkuxIBVtvp07Ocdp3GnLeJ2TjC1LnlgTc7oDmx8b6b2B5PxqzxLYKFQWO4UsN5...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=nDLHiWVDVPJlvqBFltsLG7nVm7E&google_push=ATf1kGOW91Dkna4iCYbggyL1JkuxIBVtvp07Ocdp3GnLeJ2TjC1LnlgTc7oDmx8b6b2B5PxqzxLYKFQWO4UsN5KgzRtgT7_7rKiLU4Lj3wOO3ekV1t9zx8n5SyHNFt6Uv2jj2fD_PL-YVKW8
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:16 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=nDLHiWVDVPJlvqBFltsLG7nVm7E&google_push=ATf1kGOW91Dkna4iCYbggyL1JkuxIBVtvp07Ocdp3GnLeJ2TjC1LnlgTc7oDmx8b6b2B5PxqzxLYKFQWO4UsN5KgzRtgT7_7rKiLU4Lj3wOO3ekV1t9zx8n5SyHNFt6Uv2jj2fD_PL-YVKW8
Date
Thu, 15 Jun 2023 16:35:16 GMT
Connection
keep-alive
Content-Length
286
Content-Type
text/html; charset=utf-8
pixel
cm.g.doubleclick.net/ Frame 7FA5
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEIvT60W1o3S7C9a82hIGAD0&google_cver=1&googl...
  • https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEIvT60W1o3S7C9a82hIGAD0&google_hm=ZIs9wmfzYpvegbKk6y3eUwAACJgAAAAB&google_nid=index&google_push=ATf1kGPoimV0TxLACdOPzqlVWPx9ebR3qDP-q...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEIvT60W1o3S7C9a82hIGAD0&google_hm=ZIs9wmfzYpvegbKk6y3eUwAACJgAAAAB&google_nid=index&google_push=ATf1kGPoimV0TxLACdOPzqlVWPx9ebR3qDP-qyJXprigDSoOCys6hkK7yOM-jAekKO_yhNxF6NL5cW32ggvmDFG_WeUOcyK_jhr6gkPSPjIIzE5SACb-s_R0b5ND-BLNPYu-8ipS59kGfoPS
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:15 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEIvT60W1o3S7C9a82hIGAD0&google_hm=ZIs9wmfzYpvegbKk6y3eUwAACJgAAAAB&google_nid=index&google_push=ATf1kGPoimV0TxLACdOPzqlVWPx9ebR3qDP-qyJXprigDSoOCys6hkK7yOM-jAekKO_yhNxF6NL5cW32ggvmDFG_WeUOcyK_jhr6gkPSPjIIzE5SACb-s_R0b5ND-BLNPYu-8ipS59kGfoPS
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=500
Content-Length
0
Expires
0
pixel
cm.g.doubleclick.net/ Frame 7FA5
Redirect Chain
  • https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEDFu-saPazDad-nDT6ui9LQ&google_cver=1&google_push=ATf1kGNPsT-vV5nYjN-Gv_s8aWYW9y_xDUkUDlnZ1Ko3i6GmVAzsqQQKJOQcCbUqxFlCpRUorPOdxxBLWowBeXF_MHgjrFMWOW...
  • https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=ATf1kGNPsT-vV5nYjN-Gv_s8aWYW9y_xDUkUDlnZ1Ko3i6GmVAzsqQQKJOQcCbUqxFlCpRUorPOdxxBLWowBeXF_MHgjrFMWOWo...
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDAzMDk5NTc1NTQzMDQwMzAxNDYzNA%3D%3D&google_push=ATf1kGNPsT-vV5nYjN-Gv_s8aWYW9y_xDUkUDlnZ1Ko3i6GmVAzsqQQK...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDAzMDk5NTc1NTQzMDQwMzAxNDYzNA%3D%3D&google_push=ATf1kGNPsT-vV5nYjN-Gv_s8aWYW9y_xDUkUDlnZ1Ko3i6GmVAzsqQQKJOQcCbUqxFlCpRUorPOdxxBLWowBeXF_MHgjrFMWOWoemf6P9gGFNFakUZR4cO8Mil05StprvM1aS4gt6mhEqvW-
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDAzMDk5NTc1NTQzMDQwMzAxNDYzNA%3D%3D&google_push=ATf1kGNPsT-vV5nYjN-Gv_s8aWYW9y_xDUkUDlnZ1Ko3i6GmVAzsqQQKJOQcCbUqxFlCpRUorPOdxxBLWowBeXF_MHgjrFMWOWoemf6P9gGFNFakUZR4cO8Mil05StprvM1aS4gt6mhEqvW-
date
Thu, 15 Jun 2023 16:35:15 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
v1
match.sharethrough.com/E4rooAtA/ Frame 7FA5 		0
360 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.sharethrough.com/E4rooAtA/v1?google_gid=CAESEAJ-GsayIcgmdxXvbBsM9f0&google_cver=1&google_push=ATf1kGNSwY5IpfS8NLe7eKvm_bu4SSQJSvFnyZpfjIVCd1g9zx8rK1IbFAVhWMSaL9aO-D6DJ2luIG_omF50AQcQXwAdJFyIJBS0W2cHnbtrwYpKxJQ5Wu6Jboue4OPvq5VzfnFyUVS_-KxD7Q
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.130.194 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-130-194.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
attr
cm.g.doubleclick.net/pixel/ Frame 7FA5 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J9LDbEQBqZC8azprghUiE-5ISW51PwfxRKe0hJtgMd1JiUgjvfNDsA7_rxc3whG3qMatBGgA
Requested by
Host: e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
URL: https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s42-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html
IAS_PassbackAds_300x250.png
static.adsafeprotected.com/ Frame CBCF 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.adsafeprotected.com/IAS_PassbackAds_300x250.png
Requested by
Host: static.adsafeprotected.com
URL: https://static.adsafeprotected.com/passback_300x250.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:7a00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f6adb794eda0e31a163ed517d8e63d388dbb762031a189349c72af2bc37bb4f2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id
5gVOAFoF.BCvnrybv6D.a4lGJXzJNSyO
date
Wed, 14 Jun 2023 16:02:14 GMT
via
1.1 5c14dc328191a14142654d833f772c6c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
413437
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
14233
last-modified
Fri, 18 Feb 2022 23:28:59 GMT
server
AmazonS3
etag
"65a8b98b798ce416d94c2847aca40c71"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=604800
accept-ranges
bytes
x-amz-cf-id
9fS-jRCDrWYR2jxLju1Lt4GmEaTgtQbKVdT-YvkcQ7A17viuJd0SsA==
sync
app.retargetly.com/ Frame 08F7
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=retargetly_ddp&google_hm=OTU2N2RiZmUtNDFlNS00OTliLWEzNzktOTlkNmE4ZDgyMjU1&google_cm
  • https://app.retargetly.com/sync?pid=11&google_gid=CAESEFWf3TfrJFQ1HoZvyDuCQ7M&google_cver=1
68 B
418 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.retargetly.com/sync?pid=11&google_gid=CAESEFWf3TfrJFQ1HoZvyDuCQ7M&google_cver=1
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=3368&src=0&url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&browserUrl=undefined&ref=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&utmz=&n=V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai%20%7C%20Metr%C3%B3poles&md=Investigados%20responder%C3%A3o%20por%20furto%20qualificado%2C%20pelo%20uso%20de%20recursos%20cibern%C3%A9tico%2C%20al%C3%A9m%20de%20lavagem%20de%20dinheiro%20e%20organiza%C3%A7%C3%A3o%20criminosa&mk=&il=0&limit_drop=&userid=9567dbfe-41e5-499b-a379-99d6a8d82255&idx=&fullVersionList=&platform=&_rlid=9567dbfe-41e5-499b-a379-99d6a8d82255
Protocol
H2
Server
2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4443eccbe460b086b56483fdbfdaafca2c11c369a796a56c097997b15c160660

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
cf-cache-status
DYNAMIC
server
cloudflare
content-type
image/png
access-control-allow-origin
*
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control
no-cache
cf-ray
7d7c39a81d2d3a57-FRA
expires
0

Redirect headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://app.retargetly.com/sync?pid=11&google_gid=CAESEFWf3TfrJFQ1HoZvyDuCQ7M&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
296
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
m
cm.mgid.com/ Frame 08F7 		43 B
434 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.mgid.com/m?cdsp=712808&adu=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%7Bmuidn%7D%26pid%3D70
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=3368&src=0&url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&browserUrl=undefined&ref=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&utmz=&n=V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai%20%7C%20Metr%C3%B3poles&md=Investigados%20responder%C3%A3o%20por%20furto%20qualificado%2C%20pelo%20uso%20de%20recursos%20cibern%C3%A9tico%2C%20al%C3%A9m%20de%20lavagem%20de%20dinheiro%20e%20organiza%C3%A7%C3%A3o%20criminosa&mk=&il=0&limit_drop=&userid=9567dbfe-41e5-499b-a379-99d6a8d82255&idx=&fullVersionList=&platform=&_rlid=9567dbfe-41e5-499b-a379-99d6a8d82255
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:1::6813:884e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
cf-cache-status
DYNAMIC
server
cloudflare
content-type
image/gif
cache-control
no-store, no-cache, must-revalidate, max-age=0
cf-ray
7d7c39a74eb22ba8-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
js
pixel.mathtag.com/sync/ Frame 08F7 		643 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pixel.mathtag.com/sync/js?mt_lim=12&sync=auto&exsync=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%5BMM_UUID%5D%26pid%3D10
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=3368&src=0&url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&browserUrl=undefined&ref=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&utmz=&n=V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai%20%7C%20Metr%C3%B3poles&md=Investigados%20responder%C3%A3o%20por%20furto%20qualificado%2C%20pelo%20uso%20de%20recursos%20cibern%C3%A9tico%2C%20al%C3%A9m%20de%20lavagem%20de%20dinheiro%20e%20organiza%C3%A7%C3%A3o%20criminosa&mk=&il=0&limit_drop=&userid=9567dbfe-41e5-499b-a379-99d6a8d82255&idx=&fullVersionList=&platform=&_rlid=9567dbfe-41e5-499b-a379-99d6a8d82255
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.20.207 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-20-207.deploy.static.akamaitechnologies.com
Software
MT3 1031 59fd23a master cdg cdg-pixel-x25 config_version:"1438" /
Resource Hash
59b18cedd72766a0c2ab958a6683365999cd94563b2c1ed9387463b21a3edbbf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Thu, 15 Jun 2023 16:35:15 GMT
Server
MT3 1031 59fd23a master cdg cdg-pixel-x25 config_version:"1438"
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
*
Content-Type
text/javascript
Cache-Control
no-cache
Connection
keep-alive
Content-Length
643
Expires
Thu, 15 Jun 2023 16:35:14 GMT
check
pixel.tapad.com/idsync/ex/receive/ Frame 08F7
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3012&partner_device_id=9567dbfe-41e5-499b-a379-99d6a8d82255&_rand=1686846915486
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3012&partner_device_id=9567dbfe-41e5-499b-a379-99d6a8d82255&_rand=1686846915486
95 B
418 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3012&partner_device_id=9567dbfe-41e5-499b-a379-99d6a8d82255&_rand=1686846915486
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=3368&src=0&url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&browserUrl=undefined&ref=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&utmz=&n=V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai%20%7C%20Metr%C3%B3poles&md=Investigados%20responder%C3%A3o%20por%20furto%20qualificado%2C%20pelo%20uso%20de%20recursos%20cibern%C3%A9tico%2C%20al%C3%A9m%20de%20lavagem%20de%20dinheiro%20e%20organiza%C3%A7%C3%A3o%20criminosa&mk=&il=0&limit_drop=&userid=9567dbfe-41e5-499b-a379-99d6a8d82255&idx=&fullVersionList=&platform=&_rlid=9567dbfe-41e5-499b-a379-99d6a8d82255
Protocol
H2
Server
34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
62.113.111.34.bc.googleusercontent.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
strict-transport-security
max-age=31536000
via
1.1 google
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
content-type
image/png
access-control-allow-origin
*
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
95

Redirect headers

date
Thu, 15 Jun 2023 16:35:15 GMT
strict-transport-security
max-age=31536000
via
1.1 google
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin
*
location
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3012&partner_device_id=9567dbfe-41e5-499b-a379-99d6a8d82255&_rand=1686846915486
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
28347
tags.bluekai.com/site/ Frame 08F7 		62 B
219 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.bluekai.com/site/28347?limit=0&id=9567dbfe-41e5-499b-a379-99d6a8d82255&redir=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%24_BK_UUID%26pid%3D9
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=3368&src=0&url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&browserUrl=undefined&ref=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&utmz=&n=V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai%20%7C%20Metr%C3%B3poles&md=Investigados%20responder%C3%A3o%20por%20furto%20qualificado%2C%20pelo%20uso%20de%20recursos%20cibern%C3%A9tico%2C%20al%C3%A9m%20de%20lavagem%20de%20dinheiro%20e%20organiza%C3%A7%C3%A3o%20criminosa&mk=&il=0&limit_drop=&userid=9567dbfe-41e5-499b-a379-99d6a8d82255&idx=&fullVersionList=&platform=&_rlid=9567dbfe-41e5-499b-a379-99d6a8d82255
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.192.153.172 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-192-153-172.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date
Thu, 15 Jun 2023 16:35:16 GMT
content-length
62
content-type
image/gif
generic
match.adsrvr.org/track/cmf/ Frame 08F7 		70 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=83i98y4&ttd_tpi=1
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=3368&src=0&url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&browserUrl=undefined&ref=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&utmz=&n=V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai%20%7C%20Metr%C3%B3poles&md=Investigados%20responder%C3%A3o%20por%20furto%20qualificado%2C%20pelo%20uso%20de%20recursos%20cibern%C3%A9tico%2C%20al%C3%A9m%20de%20lavagem%20de%20dinheiro%20e%20organiza%C3%A7%C3%A3o%20criminosa&mk=&il=0&limit_drop=&userid=9567dbfe-41e5-499b-a379-99d6a8d82255&idx=&fullVersionList=&platform=&_rlid=9567dbfe-41e5-499b-a379-99d6a8d82255
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
usersync
pixel-sync.sitescout.com/connectors/retargetly/ Frame 08F7 		0
187 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel-sync.sitescout.com/connectors/retargetly/usersync?redir=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%7BuserId%7D%26pid%3D23
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=3368&src=0&url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&browserUrl=undefined&ref=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&utmz=&n=V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai%20%7C%20Metr%C3%B3poles&md=Investigados%20responder%C3%A3o%20por%20furto%20qualificado%2C%20pelo%20uso%20de%20recursos%20cibern%C3%A9tico%2C%20al%C3%A9m%20de%20lavagem%20de%20dinheiro%20e%20organiza%C3%A7%C3%A3o%20criminosa&mk=&il=0&limit_drop=&userid=9567dbfe-41e5-499b-a379-99d6a8d82255&idx=&fullVersionList=&platform=&_rlid=9567dbfe-41e5-499b-a379-99d6a8d82255
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
98.98.134.242 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software
A /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
cache-control
max-age=0,no-cache,no-store
server
A
expires
Tue, 11 Oct 1977 12:34:56 GMT
sync
app.retargetly.com/ Frame 08F7
Redirect Chain
  • https://secure.adnxs.com/getuid?https://app.retargetly.com/sync?sid=$UID&pid=2
  • https://app.retargetly.com/sync?sid=4680200359325399449&pid=2
68 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.retargetly.com/sync?sid=4680200359325399449&pid=2
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=3368&src=0&url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&browserUrl=undefined&ref=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&utmz=&n=V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai%20%7C%20Metr%C3%B3poles&md=Investigados%20responder%C3%A3o%20por%20furto%20qualificado%2C%20pelo%20uso%20de%20recursos%20cibern%C3%A9tico%2C%20al%C3%A9m%20de%20lavagem%20de%20dinheiro%20e%20organiza%C3%A7%C3%A3o%20criminosa&mk=&il=0&limit_drop=&userid=9567dbfe-41e5-499b-a379-99d6a8d82255&idx=&fullVersionList=&platform=&_rlid=9567dbfe-41e5-499b-a379-99d6a8d82255
Protocol
H2
Server
2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4443eccbe460b086b56483fdbfdaafca2c11c369a796a56c097997b15c160660

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:16 GMT
cf-cache-status
DYNAMIC
server
cloudflare
content-type
image/png
access-control-allow-origin
*
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control
no-cache
cf-ray
7d7c39a87da03a57-FRA
expires
0

Redirect headers

Date
Thu, 15 Jun 2023 16:35:15 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
185.213.155.177; 185.213.155.177; 961.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
52fea90e-4fe4-4762-98bd-86e059d1e6f0
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://app.retargetly.com/sync?sid=4680200359325399449&pid=2
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
app.retargetly.com/ Frame 08F7
Redirect Chain
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3a%2f%2fapp.retargetly.com%2fsync%3fpid%3d14%26sid%3d%23PM_USER_ID
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3a%2f%2fapp.retargetly.com%2fsync%3fpid%3d14%26sid%3d%23PM_USER_ID&rdf=1
  • https://app.retargetly.com/sync?pid=14&sid=C92F18E6-8F70-4B94-9A72-5AD9E80057A9
68 B
593 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.retargetly.com/sync?pid=14&sid=C92F18E6-8F70-4B94-9A72-5AD9E80057A9
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=3368&src=0&url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&browserUrl=undefined&ref=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&utmz=&n=V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai%20%7C%20Metr%C3%B3poles&md=Investigados%20responder%C3%A3o%20por%20furto%20qualificado%2C%20pelo%20uso%20de%20recursos%20cibern%C3%A9tico%2C%20al%C3%A9m%20de%20lavagem%20de%20dinheiro%20e%20organiza%C3%A7%C3%A3o%20criminosa&mk=&il=0&limit_drop=&userid=9567dbfe-41e5-499b-a379-99d6a8d82255&idx=&fullVersionList=&platform=&_rlid=9567dbfe-41e5-499b-a379-99d6a8d82255
Protocol
H2
Server
2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4443eccbe460b086b56483fdbfdaafca2c11c369a796a56c097997b15c160660

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:16 GMT
cf-cache-status
DYNAMIC
server
cloudflare
content-type
image/png
access-control-allow-origin
*
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control
no-cache
cf-ray
7d7c39a8ee043a57-FRA
expires
0

Redirect headers

location
https://app.retargetly.com/sync?pid=14&sid=C92F18E6-8F70-4B94-9A72-5AD9E80057A9
date
Thu, 15 Jun 2023 16:35:14 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
tpid=9567dbfe-41e5-499b-a379-99d6a8d82255
bcp.crwdcntrl.net/map/c=11530/tp=RTRG/ Frame 08F7 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bcp.crwdcntrl.net/map/c=11530/tp=RTRG/tpid=9567dbfe-41e5-499b-a379-99d6a8d82255
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=3368&src=0&url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&browserUrl=undefined&ref=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&utmz=&n=V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai%20%7C%20Metr%C3%B3poles&md=Investigados%20responder%C3%A3o%20por%20furto%20qualificado%2C%20pelo%20uso%20de%20recursos%20cibern%C3%A9tico%2C%20al%C3%A9m%20de%20lavagem%20de%20dinheiro%20e%20organiza%C3%A7%C3%A3o%20criminosa&mk=&il=0&limit_drop=&userid=9567dbfe-41e5-499b-a379-99d6a8d82255&idx=&fullVersionList=&platform=&_rlid=9567dbfe-41e5-499b-a379-99d6a8d82255
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.32.67.140 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-67-140.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers
sync
sync.teads.tv/rt/ Frame 08F7 		2 B
155 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.teads.tv/rt/sync?vid=9567dbfe-41e5-499b-a379-99d6a8d82255&gdpr=0&us_privacy=%221-N-%22
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=3368&src=0&url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&browserUrl=undefined&ref=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&utmz=&n=V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai%20%7C%20Metr%C3%B3poles&md=Investigados%20responder%C3%A3o%20por%20furto%20qualificado%2C%20pelo%20uso%20de%20recursos%20cibern%C3%A9tico%2C%20al%C3%A9m%20de%20lavagem%20de%20dinheiro%20e%20organiza%C3%A7%C3%A3o%20criminosa&mk=&il=0&limit_drop=&userid=9567dbfe-41e5-499b-a379-99d6a8d82255&idx=&fullVersionList=&platform=&_rlid=9567dbfe-41e5-499b-a379-99d6a8d82255
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.102.35.84 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-102-35-84.deploy.static.akamaitechnologies.com
Software
akka-http/10.2.10 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

expires
Thu, 15 Jun 2023 16:35:15 GMT
pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
cache-control
max-age=0, no-cache, no-store
server
akka-http/10.2.10
content-length
2
content-type
text/plain; charset=UTF-8
sync
app.retargetly.com/ Frame 08F7
Redirect Chain
  • https://sync.smartadserver.com/getuid?gdpr=0&url=https%3A%2F%2Fapp.retargetly.com%2Fsync%3Fsid%3D%5Bsas_uid%5D%26pid%3D63
  • https://sync.smartadserver.com/getuid?gdpr=0&url=https://app.retargetly.com/sync?sid=[sas_uid]&pid=63&cklb=1
  • https://app.retargetly.com/sync?sid=394514084000236299
68 B
208 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.retargetly.com/sync?sid=394514084000236299
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=3368&src=0&url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&browserUrl=undefined&ref=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&utmz=&n=V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai%20%7C%20Metr%C3%B3poles&md=Investigados%20responder%C3%A3o%20por%20furto%20qualificado%2C%20pelo%20uso%20de%20recursos%20cibern%C3%A9tico%2C%20al%C3%A9m%20de%20lavagem%20de%20dinheiro%20e%20organiza%C3%A7%C3%A3o%20criminosa&mk=&il=0&limit_drop=&userid=9567dbfe-41e5-499b-a379-99d6a8d82255&idx=&fullVersionList=&platform=&_rlid=9567dbfe-41e5-499b-a379-99d6a8d82255
Protocol
H2
Server
2606:4700:10::6816:118d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4443eccbe460b086b56483fdbfdaafca2c11c369a796a56c097997b15c160660

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:16 GMT
cf-cache-status
DYNAMIC
server
cloudflare
content-type
image/png
access-control-allow-origin
*
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
cache-control
no-cache
cf-ray
7d7c39a8ee063a57-FRA
expires
0

Redirect headers

location
https://app.retargetly.com/sync?sid=394514084000236299
pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
cache-control
no-cache,no-store
content-length
0
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
current
retargetly-match.dotomi.com/match/bounce/ Frame 08F7 		0
105 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://retargetly-match.dotomi.com/match/bounce/current?networkId=95012&version=1&nuid=9567dbfe-41e5-499b-a379-99d6a8d82255
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=3368&src=0&url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&browserUrl=undefined&ref=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&utmz=&n=V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai%20%7C%20Metr%C3%B3poles&md=Investigados%20responder%C3%A3o%20por%20furto%20qualificado%2C%20pelo%20uso%20de%20recursos%20cibern%C3%A9tico%2C%20al%C3%A9m%20de%20lavagem%20de%20dinheiro%20e%20organiza%C3%A7%C3%A3o%20criminosa&mk=&il=0&limit_drop=&userid=9567dbfe-41e5-499b-a379-99d6a8d82255&idx=&fullVersionList=&platform=&_rlid=9567dbfe-41e5-499b-a379-99d6a8d82255
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:16::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
tap.php
pixel.rubiconproject.com/ Frame 895E
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/rp?bee_sync_partners=rp&gdpr=1&us_privacy=1---
  • https://match.prod.bidr.io/cookie-sync/rp?bee_sync_partners=rp&gdpr=1&us_privacy=1---&_bee_ppp=1
  • https://pixel.rubiconproject.com/tap.php?v=183462&nid=4114&put=AABIpU7JFnwAACCD0sUPmw&expires=30&gdpr=1
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=183462&nid=4114&put=AABIpU7JFnwAACCD0sUPmw&expires=30&gdpr=1
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=16698&endpoint=us-east&gdpr=1&us_privacy=1---
Protocol
HTTP/1.1
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

location
https://pixel.rubiconproject.com/tap.php?v=183462&nid=4114&put=AABIpU7JFnwAACCD0sUPmw&expires=30&gdpr=1
Date
Thu, 15 Jun 2023 16:35:15 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
Connection
keep-alive
Content-Length
0
tap.php
pixel.rubiconproject.com/ Frame 895E
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=${ADELPHIC_CUID}&expires=30&gdpr=1&us_privacy=1---
  • https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=57f74d17-7129-4222-b766-dbb645ce37a0&expires=30&gdpr=1&us_privacy=1---
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=57f74d17-7129-4222-b766-dbb645ce37a0&expires=30&gdpr=1&us_privacy=1---
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=16698&endpoint=us-east&gdpr=1&us_privacy=1---
Protocol
HTTP/1.1
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

Location
https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=57f74d17-7129-4222-b766-dbb645ce37a0&expires=30&gdpr=1&us_privacy=1---
Date
Thu, 15 Jun 2023 16:35:16 GMT
Connection
keep-alive
X-CI-RTID
ff94bd1d-2a81-497c-9944-3f3e0a265d6b
Content-Length
175
Content-Type
text/html; charset=utf-8
check
pixel.tapad.com/idsync/ex/receive/ Frame 895E
Redirect Chain
  • https://token.rubiconproject.com/token?pid=37556&a=1&gdpr=1&us_privacy=1---
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3355&partner_device_id=LIXD3KQF-L-AV6P&gdpr=1&us_privacy=1---
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3355&partner_device_id=LIXD3KQF-L-AV6P&gdpr=1&us_privacy=1---
95 B
429 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3355&partner_device_id=LIXD3KQF-L-AV6P&gdpr=1&us_privacy=1---
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=16698&endpoint=us-east&gdpr=1&us_privacy=1---
Protocol
H2
Server
34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
62.113.111.34.bc.googleusercontent.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
strict-transport-security
max-age=31536000
via
1.1 google
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
content-type
image/png
access-control-allow-origin
*
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
95

Redirect headers

date
Thu, 15 Jun 2023 16:35:15 GMT
strict-transport-security
max-age=31536000
via
1.1 google
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin
*
location
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3355&partner_device_id=LIXD3KQF-L-AV6P&gdpr=1&us_privacy=1---
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
img
sync.mathtag.com/sync/ Frame 895E 		43 B
443 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D&gdpr=1&us_privacy=1---
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=16698&endpoint=us-east&gdpr=1&us_privacy=1---
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.29.132.241 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software
MT3 1031 59fd23a master zrh zrh-pixel-x24 config_version:"1524" /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Thu, 15 Jun 2023 16:35:15 GMT
Server
MT3 1031 59fd23a master zrh zrh-pixel-x24 config_version:"1524"
Content-Type
image/gif
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
43
Expires
Thu, 15 Jun 2023 16:35:14 GMT
sync
ups.analytics.yahoo.com/ups/58160/ Frame 895E
Redirect Chain
  • https://token.rubiconproject.com/token?pid=26594&gdpr=1&us_privacy=1---
  • https://ups.analytics.yahoo.com/ups/58160/sync?_origin=1&uid=LIXD3KQF-L-AV6P&gdpr=1&us_privacy=1---
0
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/58160/sync?_origin=1&uid=LIXD3KQF-L-AV6P&gdpr=1&us_privacy=1---
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=16698&endpoint=us-east&gdpr=1&us_privacy=1---
Protocol
H2
Server
3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-75-62-37.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.57 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.57
age
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

Location
https://ups.analytics.yahoo.com/ups/58160/sync?_origin=1&uid=LIXD3KQF-L-AV6P&gdpr=1&us_privacy=1---
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
e06182bf224d96e6550f4595601cdb0b
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame 895E
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=14&gdpr=1&us_privacy=1---
  • https://pixel.rubiconproject.com/tap.php?v=731524&nid=3858&put=nDLHiWVDVPJlvqBFltsLG7nVm7E
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=731524&nid=3858&put=nDLHiWVDVPJlvqBFltsLG7nVm7E
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=16698&endpoint=us-east&gdpr=1&us_privacy=1---
Protocol
HTTP/1.1
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

Location
https://pixel.rubiconproject.com/tap.php?v=731524&nid=3858&put=nDLHiWVDVPJlvqBFltsLG7nVm7E
Date
Thu, 15 Jun 2023 16:35:16 GMT
Connection
keep-alive
Content-Length
121
Content-Type
text/html; charset=utf-8
cookiesync
bttrack.com/pixel/ Frame 895E 		35 B
164 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bttrack.com/pixel/cookiesync?source=c91bfcce-bb43-46f7-b14e-567c0a4332b3&gdpr=1&us_privacy=1---
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=16698&endpoint=us-east&gdpr=1&us_privacy=1---
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS
46.bidtellect.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-servername
Track004-iad
pragma
no-cache
date
Thu, 15 Jun 2023 16:34:14 GMT
strict-transport-security
max-age=31536000;
content-type
image/gif
cache-control
private,no-cache
content-length
35
expires
-1
tap.php
pixel.rubiconproject.com/ Frame 895E
Redirect Chain
  • https://dis.criteo.com/dis/usersync.aspx?r=6&p=70&cp=Rubicon&cu=1&url=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D6434%26nid%3D2149%26put%3D%40%40CRITEO_USERID%40%40&gdpr=1&us_privacy=1---
  • https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=eea43453-97d9-48ce-aef8-82b708b00aa7&gdpr=1&us_privacy=1---
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=eea43453-97d9-48ce-aef8-82b708b00aa7&gdpr=1&us_privacy=1---
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=16698&endpoint=us-east&gdpr=1&us_privacy=1---
Protocol
HTTP/1.1
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
x-errorlevel
0
strict-transport-security
max-age=31536000; preload;
server
Kestrel
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=eea43453-97d9-48ce-aef8-82b708b00aa7&gdpr=1&us_privacy=1---
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
1422920
content-length
0
expires
Thu, 15 Jun 2023 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 395B 		42 B
175 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvd8_KCpZDWgzUfn0f3WVqlvvzdWFXI1nWCDGVeBTzVx3glzpuTScT15phkDXfETWzqKen3qbKSd3PbM2efSu0Ohbj5Z9HZ-FFmQlNjjm00lC3bCDMNw4cPgcNooVcMpSq4bFHmwelfS8yN&sai=AMfl-YQlp8YRz2ElhDtgFKiJle13IuG1VJBpSnuSX1fwsB-7JqyPk_qC5agJUg6wlesBKsLtdBM1qPfsJ-3d49i_km-ot98E9ES8F0FePR_G7WpuAooRUg2M59jeB_1wO2EyjjlS5n_gTkWPcz69Jw&sig=Cg0ArKJSzCeW9WbuntutEAE&cid=CAQSTABygQiDbbxzMUVnTGrMTZmSyBmuIzPqBKuQxShYlndOu8CSMgGeJ9rkryuKxm4A8Qm_uWESyKAb4fukkGpnybkUt-QhSVwzBIm0w0YYAQ&id=lidar2&mcvt=1094&p=102,152,352,1122&mtos=1094,1094,1094,1094,1094&tos=1094,0,0,0,0&v=20230614&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1917955322&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1686846913965&rpt=627&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=14
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 395B 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssqHz4rKIbxZQ-Y08Uv7CncHTzEgZHsJ81kvAWhgVRLR3LJ1y7DYLdoUTG9NLcrE8yKomVZyDoq29T0XX8ncr5EHrkO1rwYmEEMDENEtTdGiA1teF1iW-Pr31zkweI7h_S4NPUMSkPl98-EYyRpCSTT6Jcl97-Lri3cGsCAbQRr9rES2-W6eyrllxRRXH2aQeJ6d1DWJ6o1RNIqJseudj2yhrk-wquRbSPnUf1R14f1DFJwZ3E1W6NjEEYhKi4dYRj9sb_CfAxnh5gk1EWyteKTbT-i1k3DgV7vopggtq_fcm-aRDgGwbIN-LG9ZK5yrLHxaywRIhEgMbUPh1stmEWt7o9lZoDMSo2D8Uq_mE20sqNPFHDBshpfo-xxLBmUeZaZWcsnRKlxTRGYPEylh5Dc1NDFygni8DdKLNe0dZiMXlRt-w4yTQmUJBTP3JuWxJREltGeBFIuQOSx7FdinFwAIJK_AMQgHUSuZCV4VFbCNAghv5zrblTKkIA5mWgo4kw5_wjwsItqphuZEnW6mbfBcWdfyG03cmQsgbCW-9qpK-TNygQp33GZtbZ1eeFpPCWJAeRFz4Oyfl60FLCStouiBeHkXSf9yfJFyCQPAYPQswptv74ao7Zgz79LUuwt3Brv97db08kP6F8or17P9wdDqVCUi1v6jpQyMMYdLexfe-IyWRISR9cGs5ojCs42RJSi_pdrooXGSMG2j0TEmtiS_QFWDc4EChRBxr0saxxZYBqFdFtuRdLsXhxyJt0GhWnH9GeWJEXTaQwg2h8RXGTQBMI8JlJ8KMOF4b7fh5ny-4D0kx-khYFHd3ZUNi8LdUeQUTA5yA-wi0gluj283POu7fWFqqdlCXvHO4Zlmv3dBsee2Ax4FtHosKnakznYP5RHYbs4n5qdktCysHKlDHf1Zwu44VK2Bb72ScALrb8MQUXaTDbcprCC0pMLNzrOb-uREUQ5u5STNr3amcC6vzg146f4YDWnnws513n5dmC_CpHRtZ6662MkjBKPb2ak3qVPy5muX81PU9DqdG6SogNGWv7nOkuHcbd0PYo8nCqZP0zVgFlHntq7zdVUjkljxTKBZ82SXAC7FHu7Y1YncTGDfT9QCoeLAJ9vb1YZCOZjESzPAWpBb9rYQ8Ncmiy8bLpn4J4zS0SY9aAH98zZiubvgYc8rTKocXp5yGPuOoOrcohY3oFvdxHTiRZNOl1vqKQ8y_BeLYokm-7GxUz0Py_GPnRiqwt088RzYIMMPcHnesVNN4HSlWk9-iVo7wdbf7VL2rkxZ_An4uH5_dyYp1le1EXl&sai=AMfl-YR-Sj-wbHM5nizWzCblTMdF567ba79Te2DEX-5IbX-rMr4ikvpzP-YY8jcPRPnu-2rMfEvBsZSMg65R7bwt3LjBvXAtGVYu4p89MdYXI66ULyszlkp84d3L2MEiG0vRcghCLmINEUPsZ32_J_RDBiDv-kwuVPNf66ThXeQ0IEUr94Y4FyGScauYWinosByC4Xsx-tpkz_E5n79lAOJHlKSomEpAMLkkxzceo1ZSS1HrRdsrfUvj250n7lDXPNjIqtZE4tYIhGnvt4dh8MLOHzGeRpfAO0mVwv7i&sig=Cg0ArKJSzGccRbWr0ht9EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1217&vt=11&dtpt=849&dett=4&cstd=366&cisv=r20230613.17265&vwbs=2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Thu, 15 Jun 2023 16:35:15 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame E2DB 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsue0oEHS_nT5f7gw2lD60TVIezfaTBkk8x3bbum5lgoNGwctKSZnEfLKZNnQXpJsRB5N6x3Uda2crPJSgH2RCWEkZyFRBQ6QDAehIEz4Mjpd7vJ1xucEE6IP0AIKpKCCaUhOmFbsGrGJSFV2oKNZDbRgYl3a6-V8ps4MpPi2hZKGF4XrtmeGQP27Sia5f7CWNq4MIG9z9f2AozwthPp0VHmmxPVKjk_--6Yn0BbiaNE46tJQeZct6he3OI0tsQjUJm5EB5YHKPVgPU0TWC5tDHd_uYG8LP-Rd7YHZ5MguorxZycmriy5834JIbodJQUtxYupyFAknosyhhO5Ah3b7On8wDJthtaN0ftpR37YXS-H_Bfgnkxsrz8nC5vjJLTTkY2Ir6CLdIRkywR_MUc62zsHGxh0lwYxBQbu2cjw2cslVIi8rKN_IBaHOWVThnnXoxamPnqfNBYHdUj73iSysXsvEu6x86hm5UKMCuIN_b5sBHn4ta7DKSASzPxTenOQPAWgtpqTlTEXqiRJx8kAyjEvMVtbUO3V6s_qOeTOAjSINExR9YYRn-XgMNNhhT4460ZHwpa0P60EdeIJo9yOWrOZ8J3J6DHNdzKiTM1v3PEa4t85uLeBKcGo9-jYNX4MDb3SRHDolGg7hqoWzmfmMwHvVJSa7ySrPbDJPqAlCk2BlQQ9foSP420IPX987C61ztc7Dosd27OGR0yzK8v3eZZrBZ8BnZZWLY1xOouUSRYMnRTL9cEj51vo5Jq3Ta4IzUSEGAbhE6It-7CfpBf5s1plbIMslvTB0NXG4GIS6MXs1JjRwh-R4p2rJXbCaKJRrdjhS15lCwoiCa387FdxgYqIL3Fat813MZ8c-oEeZc75orNGvgZfo4A6bPYhRVZt9W6JvWzJ_0vusROG_UtZTGKlv1jEGzf6UwWBRN9qYX5dzta9u031RDMAG0jfOVJcjZUqduN0M845R2THf0lbOoo4pHE9_R4yq3E-Yo5NDQ-6f8JOVYjZ3ViJ0jBKs7Krxs5jNUzGDTUuK6atHuZ--I_OD7cIPdmpT_cffOwiIrzpD3iiJ-4Z2R63j3xutMSOsohGC7sNMXE3DWQtjK7Y5udqW_9ZDytV9jEYsrTJZswGoIv_fKruPDePiw5XFGOiHWf-RwN8YPgW0pbxSmaczuCATJ4xA-WFDIMXdmFlX1Wtdd7h6HOpi-4iOKQeQuigu9WkNUIuiKLWxHC_gx9g1jrvCT7SukHS8bDM9VdmM63kncDknRQ5uH2LSkSpAeTvBz5eLKsIpo9FohMVWJajwe-gTzl9vUzPw&sai=AMfl-YRueEY8f1web2UzJYmHiwR5ar0WGc5vQ6jJ7kXcsQyLCZIOx9uqKYZY5EJ8F9O-2bFxOPKutuVS3O5HKysBf5dpJkfnVCZokSlKPRuy6_9mvwnnCNS2wsfembGcNPN0UaL219ZNLrHEPki5qUAlKQ4nxjFG3yXX1LjqSzkHdhQg1psco_PBhLwiML8i-liENWIj73KYIU5KbVkMqsVXCdRhv5LH4SgsYeNW988zOUhttPvEQBzkionErF_ccbQ4WnoglxJ8A9wX-z4NkRDOhoJ5zmXwyGmfhDWI&sig=Cg0ArKJSzAb2yxlm38GZEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1081&vt=11&dtpt=590&dett=4&cstd=489&cisv=r20230613.28082&vwbs=2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Thu, 15 Jun 2023 16:35:15 GMT
styles.css
s0.2mdn.net/sadbundle/9170381621892120779/css/ Frame EC83 		6 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/9170381621892120779/css/styles.css
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9170381621892120779/index.html?e=69&leftOffset=0&topOffset=0&c=TyK1T8CvsJ&t=1&renderingType=2&ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
101470fcde40e5ad29c691a0cc4276b7e311972a8e02a684f19db29fd4698645
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9170381621892120779/index.html?e=69&leftOffset=0&topOffset=0&c=TyK1T8CvsJ&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sat, 10 Jun 2023 19:36:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
421141
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1483
x-xss-protection
0
last-modified
Thu, 30 Mar 2023 10:59:14 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sun, 09 Jun 2024 19:36:14 GMT
Enabler_01_247.js
s0.2mdn.net/879366/ Frame EC83 		118 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/Enabler_01_247.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9170381621892120779/index.html?e=69&leftOffset=0&topOffset=0&c=TyK1T8CvsJ&t=1&renderingType=2&ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9170381621892120779/index.html?e=69&leftOffset=0&topOffset=0&c=TyK1T8CvsJ&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 10:36:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
21534
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
41099
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:45:07 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 16 Jun 2023 10:36:21 GMT
overlay.png
s0.2mdn.net/sadbundle/9170381621892120779/img/ Frame EC83 		95 B
122 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/9170381621892120779/img/overlay.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9170381621892120779/index.html?e=69&leftOffset=0&topOffset=0&c=TyK1T8CvsJ&t=1&renderingType=2&ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9170381621892120779/index.html?e=69&leftOffset=0&topOffset=0&c=TyK1T8CvsJ&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sat, 10 Jun 2023 11:53:47 GMT
x-content-type-options
nosniff
age
448888
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
95
x-xss-protection
0
last-modified
Thu, 30 Mar 2023 10:59:14 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sun, 09 Jun 2024 11:53:47 GMT
logo.svg
s0.2mdn.net/sadbundle/9170381621892120779/img/ Frame EC83 		6 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/9170381621892120779/img/logo.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9170381621892120779/index.html?e=69&leftOffset=0&topOffset=0&c=TyK1T8CvsJ&t=1&renderingType=2&ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7b1bfbac0178604f4dce665117d962743d2916a2a37968438f3d49d7e9c04445
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9170381621892120779/index.html?e=69&leftOffset=0&topOffset=0&c=TyK1T8CvsJ&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 15:17:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
523072
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2563
x-xss-protection
0
last-modified
Thu, 30 Mar 2023 10:59:14 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 08 Jun 2024 15:17:24 GMT
gsap_3.5.1_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame EC83 		60 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9170381621892120779/index.html?e=69&leftOffset=0&topOffset=0&c=TyK1T8CvsJ&t=1&renderingType=2&ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9170381621892120779/index.html?e=69&leftOffset=0&topOffset=0&c=TyK1T8CvsJ&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24155
x-xss-protection
0
last-modified
Mon, 31 Aug 2020 21:23:17 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 15 Jun 2023 16:35:15 GMT
dt
dt.adsafeprotected.com/ Frame 395B 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1431402&asId=e2bd2d95-91a4-35d4-cd95-594460564c44&tv=%7Bc:fCPhE8,pingTime:-10,time:994,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTE0LjAuNTczNS4xMzMgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1686846915811%7C%7C8cbbdd747955d9e7d630055db1c1d472%7C%7C8623b242deb4313525321dba17b62725%7C%7C44809376f18f336d9f21787ce8461045%7C%7Ccac9c96b1f880ff618be04bee5c2b05d%7C%7C6e5b77b375133b96090db67cd9085a72%7C%7C9102e711377addb62ad8a9307f38cda6%7C%7C7dea137f5041eaafae1a643a63c972d6%7C%7C1663701684%7D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:6c5d:d5e1:5b59:447 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
server
nginx
x-server-name
dt11.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
content_v3.js
vidstat.taboola.com/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vidstat.taboola.com/content_v3.js
Requested by
Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/32_8_8/infra/cmTagFEED_MANAGER.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
12af7975664854ca36da674714083fa05297940fce71e42dabf688e2eb19a0f1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
via
1.1 857b0dca772798c338c78a1be69c955c.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
x-amz-cf-pop
FRA60-P1
age
2827257
x-cache
Hit from cloudfront, HIT
content-length
4839
x-served-by
cache-fra-eddf8230082-FRA
last-modified
Wed, 20 Jul 2022 13:23:50 GMT
server
AmazonS3
x-timer
S1686846916.865268,VS0,VE0
etag
"f7533e747bb02a8eb527ada4f2749620"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
access-control-allow-headers
*
x-amz-cf-id
WPQDSHjI0-yBKHiRyp0A6R83yvp_1Crbueri-3T9dZgaMPkT7wTTlA==
x-cache-hits
124772
sync
am-match.taboola.com/ Frame 7476 		798 B
893 B 		Document
General
Check archive.org
Download Go to
Full URL
https://am-match.taboola.com/sync?dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&excid=22&docw=0&cijs=1&nlb=true
Requested by
Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/32_8_8/infra/cmTagFEED_MANAGER.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
9869c301404d1bbc40d8b9843806889ca9609bd0be3919887355cc80d6269c25

Request headers

Referer
https://www.metropoles.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-type
text/html;charset=ISO-8859-1
date
Thu, 15 Jun 2023 16:35:15 GMT
machineid
3407
server
nginx
/
www.google.com/pagead/1p-user-list/941279407/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/941279407/?random=1686846915529&cv=9&fst=1686844800000&num=1&guid=ON&eid=375603261%2C466465925%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&ref=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&tiba=V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai%20%7C%20Metr%C3%B3poles&fmt=3&is_vtc=1&random=138878703&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/941279407/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/941279407/?random=1686846915529&cv=9&fst=1686844800000&num=1&guid=ON&eid=375603261%2C466465925%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&ref=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&tiba=V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai%20%7C%20Metr%C3%B3poles&fmt=3&is_vtc=1&random=138878703&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
blackScreen5.mp4
vidstatb.taboola.com/vid/ 		89 KB
89 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://vidstatb.taboola.com/vid/blackScreen5.mp4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0407dafc112212a135d1aa4dd9b40ba0208c6bb6b1959f5535af093254189d66

Request headers

Referer
https://www.metropoles.com/
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Range
bytes=0-

Response headers

x-amz-meta-mtime
1497790207
date
Thu, 15 Jun 2023 16:35:15 GMT
via
1.1 8f6bdaf52990daaab8fe7162027bdec4.cloudfront.net (CloudFront), 1.1 varnish
x-amz-cf-pop
VIE50-C2
age
2386208
x-cache
Hit from cloudfront, HIT
Content-Range
bytes 0-90783/90784
x-amz-meta-mode
33188
Content-Length
90784
x-served-by
cache-fra-eddf8230082-FRA
last-modified
Sun, 02 Jul 2017 20:40:57 GMT
server
AmazonS3
x-timer
S1686846916.918661,VS0,VE0
etag
"b2b087fe4ae638c533731c347fcd4df8"
x-amz-meta-uid
0
access-control-allow-methods
GET, OPTIONS, HEAD
x-amz-meta-gid
0
content-type
video/mp4
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
access-control-allow-headers
*
x-amz-cf-id
KeRHC3LKLO0XQKojJBbD0tHrBXvvLrHwZKSWav-ATh5HE9Ep3r-cOw==
x-cache-hits
345779
OvaMediaPlayer.js
vidstat.taboola.com/vpaid/vPlayer/player/v134314.482/ 		447 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vidstat.taboola.com/vpaid/vPlayer/player/v134314.482/OvaMediaPlayer.js
Requested by
Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/32_8_8/infra/cmTagFEED_MANAGER.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3-br /
Resource Hash
093357d224912c722d9208fe8d0a996b214f4088d62b30de65f6aaefef45b532

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-meta-mtime
1686824727
date
Thu, 15 Jun 2023 16:35:15 GMT
via
1.1 varnish
content-encoding
br
x-amz-request-id
RVY8BSR57FR60QM2
age
22122
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-meta-ctime
1686824740
x-amz-meta-mode
33188
content-length
85321
x-amz-id-2
232lkVQP7CiS3tJg5tG1oloNia9HpMfLDd5X7HdbzFiE7zZQu+TlPgTHTPmuyp03WhcICbSdt8Y=
x-served-by
cache-fra-eddf8230082-FRA
last-modified
Thu, 15 Jun 2023 10:25:41 GMT
server
AmazonS3-br
x-timer
S1686846916.930366,VS0,VE0
etag
"1597cc153701e013ac45680b08dabf26"
x-amz-meta-uid
0
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
x-amz-meta-gid
0
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
access-control-allow-headers
*
x-cache-hits
4403
st
am-vid-events.taboola.com/ 		0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://am-vid-events.taboola.com/st?cijs=convusmp&ttype=16&cisd=convusmp&cipid=66370435&crid=5669305&dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&cmcv=&pix=31579697&cb=1686846915931&uv=3288&tms=1686846915931&su=3&abt=esv_vA!nonrv_vA!pl134314-482_vB!tbt_unit!ufm_vG&ru=https://us-central1-decisive-plasma-381522.cloudfunctions.net/&ft=0&unm=FEED_MANAGER&su=3&
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
content-length
0
server
nginx
F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js
pagead2.googlesyndication.com/bg/ Frame D409 		37 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
176df1038f84f14d1d2ec33b51af8cef8034b6ebf27106f9b716f714d560e882
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 09:31:52 GMT
content-encoding
br
x-content-type-options
nosniff
age
25403
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14698
x-xss-protection
0
last-modified
Mon, 05 Jun 2023 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 14 Jun 2024 09:31:52 GMT
generic
match.adsrvr.org/track/cmf/ Frame 7476 		70 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
Requested by
Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&excid=22&docw=0&cijs=1&nlb=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://am-match.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Thu, 15 Jun 2023 16:35:15 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
/
sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/ Frame 7476
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/taboola/1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341?gdpr=1&us_privacy=1---
  • https://sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/?taboola_hm=y-DRBsniRE2oSDK_CkBz47SDb3kwucMn4KlebJXg--~A
0
99 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/?taboola_hm=y-DRBsniRE2oSDK_CkBz47SDb3kwucMn4KlebJXg--~A
Requested by
Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&excid=22&docw=0&cijs=1&nlb=true
Protocol
H2
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://am-match.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:16 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
13511

Redirect headers

date
Thu, 15 Jun 2023 16:35:15 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
location
https://sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/?taboola_hm=y-DRBsniRE2oSDK_CkBz47SDb3kwucMn4KlebJXg--~A
content-length
0
sync
ups.analytics.yahoo.com/ups/58785/ Frame 7476 		0
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/58785/sync?redir=true&gdpr=1&us_privacy=1---
Requested by
Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&excid=22&docw=0&cijs=1&nlb=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-75-62-37.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.57 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://am-match.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.57
age
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
sync
x.bidswitch.net/ Frame 7476 		43 B
146 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
Requested by
Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&excid=22&docw=0&cijs=1&nlb=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.120.73.159 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-120-73-159.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://am-match.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:15 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif
F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js
pagead2.googlesyndication.com/bg/ Frame 1699 		37 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
176df1038f84f14d1d2ec33b51af8cef8034b6ebf27106f9b716f714d560e882
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 09:31:52 GMT
content-encoding
br
x-content-type-options
nosniff
age
25403
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14698
x-xss-protection
0
last-modified
Mon, 05 Jun 2023 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 14 Jun 2024 09:31:52 GMT
usync.html
eus.rubiconproject.com/ Frame C5CA 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=16698&endpoint=us-east&gdpr=1&us_privacy=1---
Requested by
Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&excid=22&docw=0&cijs=1&nlb=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.201.255.110 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-255-110.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://am-match.taboola.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Thu, 15 Jun 2023 16:35:15 GMT
ETag
"403b9-119-5ec73a0a33d00"
Last-Modified
Wed, 02 Nov 2022 02:30:44 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
dt
dt.adsafeprotected.com/ Frame E2DB 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1431402&asId=99468511-56ec-5d85-be60-f52d2985961a&tv=%7Bc:fCPhH1,pingTime:-10,time:1053,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTE0LjAuNTczNS4xMzMgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1686846915811%7C%7C8cbbdd747955d9e7d630055db1c1d472%7C%7C8623b242deb4313525321dba17b62725%7C%7C44809376f18f336d9f21787ce8461045%7C%7Ccac9c96b1f880ff618be04bee5c2b05d%7C%7C6e5b77b375133b96090db67cd9085a72%7C%7C9102e711377addb62ad8a9307f38cda6%7C%7C7dea137f5041eaafae1a643a63c972d6%7C%7C1663701684,sca:%7Bspg:e2bd2d95-91a4-35d4-cd95-594460564c44%7D%7D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:6c5d:d5e1:5b59:447 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:16 GMT
server
nginx
x-server-name
dt17.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
img
pixel.mathtag.com/comp/ Frame 08F7 		0
520 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.mathtag.com/comp/img?mt_id=99&ns=xx&bcdv=0
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=3368&src=0&url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&browserUrl=undefined&ref=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&utmz=&n=V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai%20%7C%20Metr%C3%B3poles&md=Investigados%20responder%C3%A3o%20por%20furto%20qualificado%2C%20pelo%20uso%20de%20recursos%20cibern%C3%A9tico%2C%20al%C3%A9m%20de%20lavagem%20de%20dinheiro%20e%20organiza%C3%A7%C3%A3o%20criminosa&mk=&il=0&limit_drop=&userid=9567dbfe-41e5-499b-a379-99d6a8d82255&idx=&fullVersionList=&platform=&_rlid=9567dbfe-41e5-499b-a379-99d6a8d82255
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.20.207 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-20-207.deploy.static.akamaitechnologies.com
Software
MT3 1031 59fd23a master cdg cdg-pixel-x31 config_version:"1438" /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Thu, 15 Jun 2023 16:35:16 GMT
Server
MT3 1031 59fd23a master cdg cdg-pixel-x31 config_version:"1438"
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
*
Content-Type
image/gif
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Expires
Thu, 15 Jun 2023 16:35:15 GMT
fbevents.js
connect.facebook.net/en_US/ Frame 08F7 		108 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=3368&src=0&url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&browserUrl=undefined&ref=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&utmz=&n=V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai%20%7C%20Metr%C3%B3poles&md=Investigados%20responder%C3%A3o%20por%20furto%20qualificado%2C%20pelo%20uso%20de%20recursos%20cibern%C3%A9tico%2C%20al%C3%A9m%20de%20lavagem%20de%20dinheiro%20e%20organiza%C3%A7%C3%A3o%20criminosa&mk=&il=0&limit_drop=&userid=9567dbfe-41e5-499b-a379-99d6a8d82255&idx=&fullVersionList=&platform=&_rlid=9567dbfe-41e5-499b-a379-99d6a8d82255
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
64816ef42196992f1120608cafa36df8e03c81064551abb6f23bc00f69bf6727
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 15 Jun 2023 16:35:16 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27810
x-xss-protection
0
pragma
public
x-fb-debug
fMcQAV0hEmOEssdCoTVOKjzB/i8oaSOlhEHJqXtUolx4I0DNPzTLWyoYQSPBHyYni8pKpDVJY/NQ4msVTbIthw==
x-fb-trip-id
1679558926
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires
Sat, 01 Jan 2000 00:00:00 GMT
usync.js
eus.rubiconproject.com/ Frame C5CA 		34 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=16698&endpoint=us-east&gdpr=1&us_privacy=1---
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.201.255.110 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-255-110.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
e688988e1a802a298ca327000a3266be6af64da0c6f6a48dd38dfd4bc30fa951

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=16698&endpoint=us-east&gdpr=1&us_privacy=1---
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Thu, 15 Jun 2023 16:35:16 GMT
Content-Encoding
gzip
Last-Modified
Wed, 14 Jun 2023 19:18:58 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=9764
Connection
keep-alive
Content-Length
10113
Expires
Thu, 15 Jun 2023 19:18:00 GMT
FordAntennaCondMedium.subline.woff
s0.2mdn.net/sadbundle/9170381621892120779/fonts/ Frame EC83 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/9170381621892120779/fonts/FordAntennaCondMedium.subline.woff
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9170381621892120779/css/styles.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9e83314d333416d003a14ff991793feefefe12184980a4f081c0465cda5dc8da
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/9170381621892120779/css/styles.css
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 05:37:35 GMT
x-content-type-options
nosniff
age
39461
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13336
x-xss-protection
0
last-modified
Thu, 30 Mar 2023 10:59:14 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 14 Jun 2024 05:37:35 GMT
FordAntennaBlack.headline.woff
s0.2mdn.net/sadbundle/9170381621892120779/fonts/ Frame EC83 		12 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/9170381621892120779/fonts/FordAntennaBlack.headline.woff
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9170381621892120779/css/styles.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4d97d2f204c48ceadcc2f5b86ba6bf25987c6f7c43c8dd7fee7a2847e6a71f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/9170381621892120779/css/styles.css
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sat, 10 Jun 2023 09:45:44 GMT
x-content-type-options
nosniff
age
456572
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11876
x-xss-protection
0
last-modified
Thu, 30 Mar 2023 10:59:14 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sun, 09 Jun 2024 09:45:44 GMT
FordAntennaRegular.legal.woff
s0.2mdn.net/sadbundle/9170381621892120779/fonts/ Frame EC83 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/9170381621892120779/fonts/FordAntennaRegular.legal.woff
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9170381621892120779/css/styles.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff1ea82759f4df729f7ee24dac62805f05a2fc79c7ca4cb518a072a11835e884
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/9170381621892120779/css/styles.css
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Tue, 13 Jun 2023 20:35:20 GMT
x-content-type-options
nosniff
age
158396
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14468
x-xss-protection
0
last-modified
Thu, 30 Mar 2023 10:59:14 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 12 Jun 2024 20:35:20 GMT
api.gif
tags.denakop.com/ 		0
209 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.denakop.com/api.gif?a=10057&d=desktop&b=Chrome&o=Windows&v=4.18.8&sw=1600&sh=1200&ac=v&p=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&t=1686846916062&cb=0.2653393908920876&aa=under&da=rubicon&dcpm=0.008&r=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:170e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:16 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
x-frame-options
DENY
content-type
image/gif
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
cf-ray
7d7c39a96e0237fb-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
expires
Sun, 01 Jan 2014 00:00:00 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 644D 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu_s6OiU2dNAkmiqlGf2jAMLJrCUS76mwDCIpfJ2H2RR9-0MpZNkVFxuMlHPwUnwEmMQdjH3McJbEehqihYOUcRoISXsJlEbeT9ssnBYkIWzylyH5fcAesDkdYEY_bWB-3OldbvARRhI112nkp6sXjjY2YDmZH1BFNXuAvfVLD-sTXY_w5NvfBlwuRLfVe2oVCZ-rubsWuSNJokgV9XE9gKA8zYZ6UYMBcq4gr8lDiAlouRXlAAW1LcAI0eRpqkZIt7iGuGzNJ1SdA_tHU3dZP6c47qyn0W8mRffk5sjXxqgU_M1ZsxzW0dkEDedc2xt4ccapRasOSAXH4DJ17vGZc1gdSAZQsZyZ41KoiBmAuV4rZz856mRiS5qSTN6Cay0_e2SIY54A6IxYPX_Oac3Yyvg1obliISMRvWdS1bEtCA_W6V6pJgU-cG96NyyY4IaawAwZP_XNgufmfGs6jUvzFPWZkiQGERYnKu2DxCO4ZVx0ntN65N8RKwSQsdO1Pzjp9W0QFKKgpjPWd8ngNdCU_vfR2WeYepykJ_wflyEEcNdYiFew4u4OJU7TDLk0SFNx9kU6dnyX7V-t1_MkQOhDvUz2zqjVGjJ9-FVQFWWOlEFGTI2qbAS28uC8aShcRv8QCY_2cuJjrA2qGlfR7oSBRq9GwJB3RjXo80N8Mf18TzoDczloCtZLBEhfURukgS8lkkzXXiwiMWsQeCGlUTzalPV1wZunxgsyziZDKw-JPdolmgBo8zL51dMbQ1t5RR8mxE5aFBmTpPAVE3yE2Iuxm0OAe2y9u4ViZhGkjKASIN2xvTSoxhKSw5sDj84sQY48r--E44x0y5uKqTsq_lyrfRBsQ-1vUC--NwgnXJbWmPSzIPfT_FyY7pYlIY-uhNhTsBuGGdHEYYbcvemxDIWcFsU6TjQV92RszZG-aq2Re6ogV3xcp-jqnqmyI6qDcWXR8C8zht0BX6ehnPZKa6EhzFLDKvh516vTDGF_WYgZbBpmZdnK31Gnr9tNLmXf2usl9C0N4jZsVSi1wvtkx8KmZ_AeRCaix_sdeF3Fg01zeW8bKq58Rm1h9Sj5zXw0Ctj--ky6lUiersEj5-Fl6MUNyaPAa5zC8fVaagN9COw_DfTJzc6CO5RGAPGAgwG2CTBi_bplekp-fMQTvjNh4aQciVbMqw5DOvCN3yFI9-So1-gl4WcHU6A6ETyj8V32gm_oeu4TBWWg7tW1q8yG8ooBmHA1i2lLTOYVuWqgz_rUi75Jf-3eFIOFBwY7hKbMTQ8KLtIMEDM9G_bMcvYYxZUoI2448P5VU54oibA5CGr3HuzbM9t23SkTDZxddTOvFpPK-sV5DhFqze0gxlg-hneUy2OOuZJhmt8yN3&sai=AMfl-YRsxPonHOmjqamXCILKhBPY_EGBOGqDjbeyLJ8Afv3IIYjgSFS7263bX1uQE7JLKX2BrK8YdX3WjKRrRjUVMAtm3XOHWl-nayLUI5NnpUrAX0iFt67OLwrfnlsLmHewZxy6weWMAnmamziM8Crk7uDkmC0c43Q0aYyhWDwC4tEhWShWHGszktM4F8fMzbgj_ALXUTAVj7z37FMF0n2093hKMLmEfH58KqyCIMzwWsPQ4C96h9uVVl3iDtBkhSioBZh9tKC2yjMgPUBEy3ldMYKdSiKHMTyC&sig=Cg0ArKJSzNEKLrsYUFgXEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=805&vt=11&dtpt=502&dett=3&cstd=295&cisv=r20230613.03837&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:16 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Thu, 15 Jun 2023 16:35:16 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame EC83 		7 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e5bb1dfb95a1e6a46c4609b43efe53f3526d44a292202a004ffc15ee5505130f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:16 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5662
x-xss-protection
0
cds-pips.js
cdn.taboola.com/scripts/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/scripts/cds-pips.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3e7d49f24d56db02c7baca8ae3a17555c2e527571450e8c24c77b453407e267a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id
z5FoayaLm_Bvew3pbkytkoHczFCvkPwT
content-encoding
gzip
via
1.1 varnish
date
Thu, 15 Jun 2023 16:35:16 GMT
x-amz-request-id
1V3JN4Z08BWJNCK3
age
3239
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
1340
x-amz-id-2
yvDfBoaedLRfPwP0+zgbFCFLRwR4EiC1X5itZ+rLiciBisyuBdOMxzu1/H2ZTO40ir0cZXkf7JA=
x-served-by
cache-fra-eddf8230082-FRA
last-modified
Wed, 12 Oct 2022 13:57:57 GMT
server
AmazonS3
x-timer
S1686846916.148808,VS0,VE0
etag
"383fa66d2a0a09f4a6e64a9593ad43bb"
vary
Accept-Encoding
content-type
application/javascript
abp
1
access-control-allow-origin
*
cache-control
private, max-age=3600
accept-ranges
bytes
x-cache-hits
13171
visual.jpg
s0.2mdn.net/sadbundle/9170381621892120779/img/ Frame EC83 		92 KB
92 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/9170381621892120779/img/visual.jpg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fb578159169bb38173ca68b7f9ce061b18af4e4e6724bf3c9c3e745cc954f177
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9170381621892120779/index.html?e=69&leftOffset=0&topOffset=0&c=TyK1T8CvsJ&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sat, 10 Jun 2023 14:34:02 GMT
x-content-type-options
nosniff
age
439274
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
94238
x-xss-protection
0
last-modified
Thu, 30 Mar 2023 10:59:14 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sun, 09 Jun 2024 14:34:02 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 9861 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BGtWQwj2LZIq-EJC39u8PsMaEuAsAAAAAOAHgBAI&bg=!3d6l3orNAAaGYqkwpmI7ADkAdvg8Wp2aSOFKJpEKl2YpyAtTBk-Emd2o5k10pTlIYKvQBh9KNRMbMgRTJO6BF8Y2_RgTPi8_IBwCAAACbVIAAAAEaAEHmQNAFz41pZw1bXVHwq83HNNKHGr7cBvbYUW1zZMK8gD8u_kJVyen1x9Sy0XlORTTkPbKBwYLZmCdmEC5q4BPukoIehTEilcU7lVBy7Z4taiyyx1hj4UIu9Zz2spe3bRTcw6YNFC4hm-nfmdWfsWYfPZKtfMFOBMEnfZLun0mgUV8Ti8CBn9oPBKYMjaFUYc8T7IpZIcUkwoQDrw6E1TeelHlLoLXsf6kaho1zWqYzU3PVGnYbWDR0FIh0bwBn_4CBos1j1kiXS4eaQsevuRgNY-At51XlKOH60yIiakI50eBGjala2GFJg7M-7T4etGWIvq7334buUb5iOptb776uxTie6g_JPXS_3bWvVZQrjqyEQA1m9L4FtfNas3VnwF-g9Au_wpZLXuMU7KIWFIKunlu_6k1ktMAb5djtBMMKyXHFfI4dqIJV9WSWpT4rdf8GxUivDkRbX2mS_cBtUXFDoshn5mn6WBQCQ6Lt69LymrMNjo0OFkrXpX0o_O2bBpNmBT9KSYlPTG9Qu-W8xALzGulPbHuVp_D1uSHlEX-bi47NnCO48VR4uTylvC5U2vZ2XU4rBcdyyKHFpp1pCJi7a6h-NcEQ8vwTXOShQMUwbpppvX0BPUF0O2MV8pmjHly0-GQXTwOyeV8qPJnTVTCnDfHkKJvomC45jYvIWZc7DNvu0Kj_HHP79RZxr6B0h2O4IkhXOtJmeBjvgvZLnJZp0zjsyxaTwsjxLE3f3OduCUgk-yG2mG_iDj9BYFnxguvLdnLQCy09LUuMYNXDwBF5mpUFugV0UOum8cpedDS5PajkgmXycn7q0WVHH2FNLWqgEFP1SOeGjbHvAcEemmW8q00vFtyBgGoiYTGBCNR-Keq73QxmMVm-1nPruyiW_JfsyWo6jgkOG-kG3XMUB4MHRtl21IEVT67kGERMY0Ug5T9o6OaDxasSVogNDs1NplazPfmUhcj91Z7zTEm3ikQR5lM8Vl4kXqkKGf2FnSSq01I08P2Lj94-2RsLzEfMwODwN4WTg4o2M0Lo1Jc7hDy3GPxzYrHvMaZo9ILEu-EpU5A7D_pGvlEEi6ddacKvpBKS33vhWHN8a8xZVvLz1t683k-_A
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
337522080014293
connect.facebook.net/signals/config/ Frame 08F7 		378 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/337522080014293?v=2.9.107&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
6a9134d9b9c7d3039829666585cc5c34ebcef3ca810d217f9e04cd1029fe650d
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 15 Jun 2023 16:35:16 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
110859
x-xss-protection
0
pragma
public
x-fb-debug
8jM0kQEkwAOR2LKgWvKW894YcEsKZ18LTHP7R1D+j12NfMas0Ry/DBPN4zXAbJiN50XIGmpIHNFC1kTAMOen0w==
x-fb-trip-id
1679558926
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires
Sat, 01 Jan 2000 00:00:00 GMT
rs
ad4m.at/ Frame EBF4 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ad4m.at/rs
Requested by
Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7f58772b6cf26ee70cca8c3095f908bda63521d5ef779ad41e78bc0b6e8a4b0

Request headers

Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 15 Jun 2023 16:35:16 GMT
via
1.1 google
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8gGHVh%2BoTQbl4M168dhwpEM0HPB1SZv%2FNjWBjf002nyxK8gHLX0ZaRhtThMgNqImwZkuvPKBH0Q6Xfu%2B8ta9HUrDCPchp7IasoCYj9SIKScsWz1JLrV7%2FxdDMzZN0Rh8BGYvJ1g%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain
access-control-allow-origin
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
access-control-allow-credentials
true
cf-ray
7d7c39aaadb9380f-FRA
x-backend-server
aa-reachservice-group-europe-west1-jtm5
alt-svc
h3=":443"; ma=86400
rs
ad4m.at/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ad4m.at/rs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
access-control-max-age
1800
allow
HEAD,POST,GET,OPTIONS
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7d7c39aa6d52380f-FRA
content-length
24
content-type
text/plain
date
Thu, 15 Jun 2023 16:35:16 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xQKLWLVKDy5tVWVw4xPVdKlrqFzSzRS8HqtzVgatZWdzjKf9J89cn3Ee8mGo%2FHevMSIWMFciMsb7VNM1QgGghu7AADUP6pdC2UTkDAiTumnscfK746Nh7KZqMmNFdtJ%2FG%2FHFTy4%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
via
1.1 google
x-backend-server
aa-reachservice-group-europe-west1-jtm5
gen_204
pagead2.googlesyndication.com/pagead/ Frame 747D 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B5EqPwj2LZJaBFfOn9u8P--6WiAcAAAAAOAHgBAI&bg=!XF-lXwvNAAaGYqkwpmI7ADkAdvg8WlwjwH2IrB74v2lMjqeA5li3qpjZ_w9FD8e9j0E5k2_w4pwURXwBtUEqj_CB1hbN8D5td3cCAAACSVIAAAACaAEHmQMh2bLnY6-_oos05oh526YrIE3x9gZlf0dMjMo36JlwBTL6i65imAgXN-ulg0OMf9HzgtlbQ_hWY-mMDwvlNbBmRhiOERQHAHqpPMrAi0vhGkmhUwWbR9E3WcjPm03gH-OPIwpQiC3hZWnt4e6s9iLqH3pojATaOMLUolTUQS1VIip7gW3tj4-W51D1kEjOU9V5RENNuo1c4y7jyqF3tdit8gKDVMzkh_wes5gHJYx4yjek6CPXoTBX6OB0yR8XX6MlO6IwwU6XraLI97UVQL1LY-f1_3N7XhcXHa-Lfx5nGovaDWFCMWobm0uMoS-ADUeBHvuZqGslQXFIxL6hcgv3MkOnDwMrkjFbmEDgWABLdbvYOcdwjY0V2zdfH_-9REllK7SEToZY5EaGJvgGOVAZ1jJAkJ4XrE6IYSKcq68BY7_B0RDKEIzsDgMOzuSPKSPEZtRa_48oBz8fcmM1_P_TMSRM5KLnFQd1D0qS6GY2yV6B4GOYcA1mbsFmAsWFBi-m_g4o3bhPRiWcfztCuTuEUY5C3KfGNOEI9PkwLRx02ymCpy1E7cJCu_qgp_wePZxv248uVQg2gUvKYeBU2Ng1d-92qbDEE3OENCi1Y_r5qkBWKamLomoaTZkahyS4CONhOVRy3_AIw0DeJV1zXhu3XxeRpFMQb8AvNOIltDfHG_N3WZSP_7LvLpc5CS8HUujKTUsgxotOaur3xdpH9ad5laQnNFG7aM_dbChVRTbXNMh4e4Qo0-QmmbQWkMNsfe1ZWeGb4A4iCARt0CARx5ybMZZjxXmqlvzAyNxQKA2joB73OMY4njravfV2STas6kNcqvXaZMt8rw0DDsY4JdvV-iiXAFHyxjzI9vUZN-ViqjY1mhGjJ9eKKI8W0CuhDye96B1WJl48u0qWEi4ARs51AFnaVAWDLl1SBxG8n3q9MsdxJA4VK_qSoPjwO_X9swDcEr9n_aimxheF2xp91eBmilOCHMMzb9S7awZ9x1z1Bov6nF3oA4wteYg0YExUgaxdz1MklMHrDnzgv10zc35J_Yyjf6fT2Otsx2Iz9iYOKPi-
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame FA06 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BqBuCwj2LZO3BGcel9u8PuNaV6AoAAAAAOAHgBAI&bg=!iomlid3NAAaGYqkwpmI7ADkAdvg8WmtzUDj3HC5xFPftvD_pExX2sSmxiayN9QdaN4yefnLuduCOS6XmjHHIicIWN7TnFajvpJQCAAACQFIAAAACaAEHmQNPy_r9FnBnIh0RhWuP6nNx7J9qzBk5niLRg39fuqRgjDh3EzTqBC3afk7gNQkEZEPWKhAJaT6vaYk2LhIPR32T0CMV8lqYhKlMJzer-0fHfeVbOSbsmauPpFilPYLASiVGOVIHekfL1qR5nId5IK7QmYeOdO3tVDEfPJfvStunmdVEvAJHcakrtFqG83X7vzPLG919CK9dMi_XDyVjN7lCv_SMP9l2-Fs5zPTMl5dveb9e7hbnRB0V_pXn-Lay6td-4GwiJUKMHwhb6bWgkv_6BQiAb4SriUreSkWtOpM1X_z_5ss2d-T8ijvsRTuSk1k5H5Ve61QK14SiG_RQOZgC8z0gXN8pRiOE4lK2fP3JQnoVtIwu1aWWSSKfZDXw2oA6NZrU0czqNys726Ddsv6g2Ijzn3OOCN7yAJq9caCj4Tvk5Aa6M2s7ebeYZIMLt48H_15H02JbIxNoCqzDKm1BCoTfDdXteQijvImn1uLkPo_JyJW4suEJXpDGt59Y9_IQ31d33mJmNOt4nDWI69Ms28eMIJyZCdyvi7Kn0_-cgFZywLuhmiZNZa6koRh4k92zHOGMNM5aUYtESt8bVBkM3R0j1oaAVEhmV2XoPtkEyebVmi_q5EV60W0q-zAAKS5W6knFKgzLSNFircT_3agDxbkpEcZi7ltf7izTP0l61JtIW-plFtGsMUT91-b8pGJb3KGPlAM3QG8adCaygVOvxoJp0zioynNidow8EhZK4r5uwWgnFbM6a1k8UdVcfgfIkqpmiOhEBwGSYKi_QPEQkqxVRNJQC4bY1hSouEs5Qg6Cy3gsyib2rOhE1S2KylPKU_9BGH8xRZyIo6PR9CcOf9Zl3mu3lzuKSkD8UlIfkOOFFiSdvChNmCMM6bST2r6kgG45c4WSuTzIqidHXqKaalYuqY6b7j6tCdXhntlsJxqcsMolAzu9iIZtdJzxTR5FUOONFNniPsST0N5o3O3vMxr6vsb_KLsldzTW7v0hU3U-Ba1jxohwE3xnB_hpP5yHD4N7VUj1ArKpSzWRhas6dbiikYl_or_szxqU5F314IY2rchKxZRCUwa8hwxoioLgWiZ_kUr68itmPRqxVnXlE5pU4Gqa6Ih7x1kRwRsF0w
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
pips.taboola.com/ 		4 B
125 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pips.taboola.com/
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
fb329000228cc5a24c264c57139de8bf854fc86fc18bf1c04ab61a2b5cb4b921

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-served-by
cache-fra-eddf8230091-FRA
date
Thu, 15 Jun 2023 16:35:16 GMT
via
1.1 varnish
server
Varnish
access-control-allow-methods
GET
x-cache
HIT
access-control-allow-origin
https://www.metropoles.com
cache-control
no-store
accept-ranges
bytes
content-length
4
retry-after
0
x-cache-hits
0
sodar2.js
tpc.googlesyndication.com/sodar/ Frame EC83 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 15 Jun 2023 16:35:16 GMT
/
www.facebook.com/tr/ Frame 08F7 		0
186 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=337522080014293&ev=RelySync&dl=https%3A%2F%2Fapi.retargetly.com%2Fapi%3Fid%3D3368%26src%3D0%26url%3Dhttps%253A%252F%252Fwww.metropoles.com%252Fdistrito-federal%252Fna-mira%252Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai%26browserUrl%3Dundefined%26ref%3Dhttps%253A%252F%252Fus-central1-decisive-plasma-381522.cloudfunctions.net%252F%26utmz%3D%26n%3D_removed_%26md%3D_removed_%26mk%3D%26il%3D0%26limit_drop%3D%26userid%3D9567dbfe-41e5-499b-a379-99d6a8d82255%26idx%3D%26fullVersionList%3D%26platform%3D%26_rlid%3D9567dbfe-41e5-499b-a379-99d6a8d82255%26_filteredParams%3D%257B%2522unwantedParams%2522%253A%255B%255D%252C%2522restrictedParams%2522%253A%255B%25221b16b1df538ba12dc3f97edbb85caa7050d46c148134290feba80f8236c83db9%2522%252C%252221262a3cb5337627b0fad9d891c16adb40706bd3e57534416dd02bbe5917d184%2522%255D%257D&rl=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai%3F_filteredParams%3D%257B%2522unwantedParams%2522%253A%255B%255D%252C%2522restrictedParams%2522%253A%255B%255D%257D&if=true&ts=1686846916277&cd[rely_sg]=%2C26%2C32%2C129%2C245%2C560%2C563%2C569%2C1089%2C3077%2C3086%2C4121%2C4125%2C1148591%2C1148605%2C&sw=1600&sh=1200&v=2.9.107&r=stable&ec=0&o=30&it=1686846916196&coo=false&rqm=GET
Requested by
Host: api.retargetly.com
URL: https://api.retargetly.com/api?id=3368&src=0&url=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&browserUrl=undefined&ref=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F&utmz=&n=V%C3%ADdeos%3A%20hacker%20ostenta%C3%A7%C3%A3o%20deu%20golpe%20de%20R%24%201%2C5%20mi%20em%20atacadista%20do%20DF%20e%20torrou%20dinheiro%20em%20Dubai%20%7C%20Metr%C3%B3poles&md=Investigados%20responder%C3%A3o%20por%20furto%20qualificado%2C%20pelo%20uso%20de%20recursos%20cibern%C3%A9tico%2C%20al%C3%A9m%20de%20lavagem%20de%20dinheiro%20e%20organiza%C3%A7%C3%A3o%20criminosa&mk=&il=0&limit_drop=&userid=9567dbfe-41e5-499b-a379-99d6a8d82255&idx=&fullVersionList=&platform=&_rlid=9567dbfe-41e5-499b-a379-99d6a8d82255
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 15 Jun 2023 16:35:16 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame E21C 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B8SSiwj2LZLyBGv279u8Pnruj4A0AAAAAOAHgBAI&bg=!RkWlRRHNAAaGYqkwpmI7ADkAdvg8Wl-j8LQcp2mfWbo9tp-uy7jPYT-TlqRanVwONxbHerZ9KFDvRYYKTmiM4-5ASYy56a6MlQQCAAACl1IAAAADaAEHCgAoee8zyviJcU01Zjdx33-Cy1U3PaNN3Qz1b3lYRYo6o6jDEv4gEwwYt5kDIYRHqIaOWV_Iw49f6FTUnkXjjZi92pBl5DavQ4wKThvWdLaJGfRfYWQJZUCVvNTT2HXWVxnbtLon1DJCZvODgEDkM_RSSr4b3F6XdBNW_Khig5o9u8WTUWsl1qXXU9duKZ6R0yPvua4S0EMM1nuqNqdOCNHa7Dh5OeSu7e2iuaXaVZskJktv2pFn3x5XrxPAXQFNY_rUwVplkRDvylrsJ7d1BO-2T-zbp4BvYcfymTCZU7Xz3pl307Br9WirIP5svGXOtGssB8NjtkOQdHswiysc-VxPqBjdHa9SfXgsQzjtvZeq1KWumGEvDobw8oudh3AMjoXxWVgq4oB3zIgsLkmFhGTHL220Bbbd5R4GplYK3u2F97KpA8R3JEFFBtYzhz7X9pRt6jmdfEYjh2O44Eq_F_ymun6mjFGqmRSIxyOwXNAUI3QXG5BlAkEfGV1veCvDaEIPULF-YJGX12_8d_YG1v-JwvHZ7NJYIgf6H4HfqqHMuNj8GJpb-u5MK-opvykwPboYLEpu30LL8l1k6z0JGqvIpDCu05NYWy7gmmx0Jd-0jaSom87PZvBa00gaG-m91TjlLVdz0B4Y080CphyKqFqTLTjeF57VC0PWIkZjyW-_tueAsc3OUMwKaLwxmotr5ivaWoARHMDWmn4WFPqDDHaSzQlXZTbqYWBVD8taMaYpBDdVNe8NTJUjU-AJiCZ6MIbhuyT0kjrpSlduOPdSIVDfxJ6KeSA1Um1HMnf9Qu1ASC3dd1__F7SfKoxSkxWU9RaR2W0wCIgHv6DJtNG1ZDYW3MS768WN5i2gff3DJEfr7AVGbBnSdEfiU20plX78LYEXMlrn3H3BouNzs719VYMt-3koiNyO_u4qaoXX3vlLOe9eGxs0bYKn6C_oxprcfwd8CoLGwywU6RyervLN8VK4vMf6pmjIm3d4txZ7duLHCbQ1GRb_eN1GluosC0Y94pG6oVOJHIoai0ADBWi8cgvGicFY7AbODTzKC3ZazifVc2qNS1-FqxkeOLWKUtSPHtPRybhA5VXw7nfcYAHCy1hjvhy2RbWwxU4zN4w1EQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
cds.taboola.com/ 		0
83 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cds.taboola.com/?uid=1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341&mbl=ZmFsc2U=
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.32 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 15 Jun 2023 16:35:16 GMT
cache-control
no-store
server
nginx
rar
as.ad4m.at/ad/ Frame 6395 		1008 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://as.ad4m.at/ad/rar?a=200349&b=wAkUdfRR55UQdr9cEH7CwuXtxZ8UKTATzDF5&f=gVWH8fBBwwaY5P8fPH5CmuxCz8GudTQT7mhe&c=120&d=600&e=&g=2c799f5a5d7a376de4f2dba11d33f951%2F10989457752402410445&i=25174&j=16&k=0&l=0&m=0&n=&p=&q=&o=dbmRTXL_desktop&r=1686846916256&h=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DCP9Ejwj2LZOyhB5TX1gbU14jQBKOgpo5xpdbKkJYM8C4QASCq04xoYJXikIKgB6ABkJPOxgPIAQmpAvENXVuMMLI-qAMBqgT2AU_QMzovio4qVobe-NxR-hUjChPQ2r5e7lwp_xuS-KMf7QC5M76KI0bZXwLQ-cbbpKSV4MAcbyem-UDHT8ZSf_nfKmVktcEdpu033RuKNuxfhCY8wQzv8inxIYzd5W5aQ5zvmYWrCnSnGSrRx7deL-5bELpc65esjYz7kTPVtUsTSfv-dWWKnDXNCJ5NuBK_xB-FStp3kd8hLmFatWgNNX_McK1KHRcpjxCh6FiAaxseBEtXipqr1S2BVtCUVfoFoW0A_9qacjbqY-nBs4la79YJuaOyV9N8kHNgcc71guKQH5cWFnW-_xApIVkfSKvFE05uwYSFK8AEz9aT_ZED4AQDkAYBoAZNgAfY7LE5qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTg4OTkxNTk0NjMwMTExNjeACgOYCwHICwGADAGwE9Wx-BLQEwDYEwPYFAHQFQH4FgGAFwE%2526ae%253D1%2526num%253D1%2526cid%253DCAQSPABygQiDOitSGR7Q1DWnSPJ23cMlMcRCkjX2sSDAc1OZbV52PW38ilSj4qC24J3kHDnhrjAaIjhaVRgJUxgB%2526sig%253DAOD64_1C1IhyHLWxEZbr32fZ4y_fBqqdtA%2526client%253Dca-pub-8170966538152543%2526dbm_c%253DAKAmf-AHEgK8BJ0ztX0w2P7i2NEp3XT0WSEK_QHYWTdQS1bCYRCQ3iw-sO3Uh9peqsr1anVtE6BB_n-GDXhUIa4JgbID6o5fxI577cz3ftLAeSa_iNrUAk4lIlb1GX79tm4lDWwSqQD8xpuCtt0RbkTl0uX6hKC01didvxqhCuYGDvaFbTvOa7c%2526cry%253D1%2526dbm_d%253DAKAmf-BmT0htdcTXnfEC6gjvo1taWVqzBNRxKVsyCTyHhJxZciaq2LcGPQ0_nFEpV_k58wJzne3qR3h2IJbkYFtBcmTOfo52x1Ts98d1cHMXryo0HAEyusmOVHjbJyPvp7wRnIPbjUFBSak5QrH088q4MDmOTOT79yoJFsdBifBYnfUDXoaL7muktsA1X8_v8_ajwEdPu3OxL4X-sSgkPo2rcLhQpOjdl2y4eh6XazV1Z3pPsjzRXzHyRdPvxBATHdXoJsUxyI6xR5qBmB0E6EZCzvz-IQmlqRj222K3bliKKBTayMVP6zD0Wpp-rDsHfGblV9wgyAQkic5h4mHSm0615JcVhjl4_OKXV8E20mXS72lp1_kQ0K2SBJvUlJ3UjfhuHfMECFdsHCV-ee1P9l_NAwaCGYieGyjTDMDFPyXwIYvVwrDJbk5ZcUy1EpWiftxymisa4Z-D7pu17J2hviJZtv1povAOComrspzy6Q-dFkTVc0R_pXW5eVU29ei70HxoEQlgkvjJh7S7LpHtfXeKoEP_8q91OwFgb4kIIQCeVnZVUOGa4yZoynpCgbVQYUEBiCPtxPCN2RTq0F6JhIB4zOPM1bV-nu4YAO5vPBLhcIZxPI9i3BSPzWHyiPrEm02ygLu69MEmfhqyJBQAB2mF7QdcsrkhGtchF-UuhMMbAh9VKpQLGa_K1XleM8O4paVf43XNKPwr%2526adurl%253D&y=1&s=&z=0
Requested by
Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
056b34d0602bcfdd2fe2030448fc22e88f3525ba323b86cfe730560bf67b0b41
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-src *;img-src * data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security max-age=86400; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status
DYNAMIC
cf-ray
7d7c39ab3949367f-FRA
content-encoding
br
content-security-policy
block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-src *;img-src * data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
unsafe-none
cross-origin-opener-policy
unsafe-none
cross-origin-resource-policy
cross-origin
date
Thu, 15 Jun 2023 16:35:16 GMT
expires
0
feature-policy
geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel
{"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma
no-cache
referrer-policy
same-origin
report-to
{"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server
cloudflare
strict-transport-security
max-age=86400; includeSubDomains; preload
surrogate-control
no-store
vary
accept-encoding
via
1.1 google
x-content-type-options
nosniff
x-download-options
noopen
x-xss-protection
1; mode=block
F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js
pagead2.googlesyndication.com/bg/ Frame 4F26 		37 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
176df1038f84f14d1d2ec33b51af8cef8034b6ebf27106f9b716f714d560e882
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 09:31:52 GMT
content-encoding
br
x-content-type-options
nosniff
age
25404
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14698
x-xss-protection
0
last-modified
Mon, 05 Jun 2023 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 14 Jun 2024 09:31:52 GMT
dt
dt.adsafeprotected.com/ Frame A085 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1431402&asId=c2d0b6e2-6e86-9160-8826-c76856bace0a&tv=%7Bc:fCPhMV,pingTime:-10,time:1370,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTE0LjAuNTczNS4xMzMgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1686846915811%7C%7C8cbbdd747955d9e7d630055db1c1d472%7C%7C8623b242deb4313525321dba17b62725%7C%7C44809376f18f336d9f21787ce8461045%7C%7Ccac9c96b1f880ff618be04bee5c2b05d%7C%7C6e5b77b375133b96090db67cd9085a72%7C%7C9102e711377addb62ad8a9307f38cda6%7C%7C7dea137f5041eaafae1a643a63c972d6%7C%7C1663701684,sca:%7Bspg:e2bd2d95-91a4-35d4-cd95-594460564c44%7D%7D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:6c5d:d5e1:5b59:447 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:16 GMT
server
nginx
x-server-name
dt09.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
gen_204
pagead2.googlesyndication.com/pagead/ Frame D409 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B2Zs3wz2LZMTnC5Dy3wOKnqi4CwAAAAA4AeAEAg&bg=!nZ6lnsrNAAaGYqkwpmI7ADkAdvg8Wul9haX_Ngf_eB9hQQ-tD-F2FrG9NPlGtsTaFgbmutl_5uzKn0R00ZEas8oc1LD5qQc1c_ICAAAA6VIAAAACaAEHmQMdjNW6Dqg4BpqTgyLik0DIJYBC6i8UiEePK4HRnaCJlDqxQSR9eLhZ-09_yDptR-3iAxPvKt9g4gIIIYt0Wc2_HJPYMSfxVrVxQPH2Xf2i6fn9bABLM-_CWXoWQnCA_ucDlr4KnyeJdTj0yxZ5dvhv376xDhlupoT_jMy9LIrQwdXJl47pJVjsOMvMAXV5oVJQfVbIttz2eQyvlDRBnlB9xqZp8oWm8Pb8h6DPCQZ5T7ZHxdj3hGsOpPB57jK8Ri8n-TIAOrDDaK9SICjGGtIGnS9TvesVYZwiOoXOnG8zoDPLkvO6-ZArVH_B2P67RqPFhvyuN_s5Z-fhFR1Ehvu_9twnJqxHo3d3qOJFbTvGAUAfEuI36NCcvfjgAzv7m_3SEsT6emz95lUvOPpUoZ7j-K4jWjm2XiZD_CBJ2oGiqx0MArrHdWxaxM5ShjD2XuJOUmUd221DjKY5XHi0g7_C9RrgTLhFf_Fa-isY2CylmttYx5cKtDhxWOIarz4fgB22FU3HJGXlstR0MUQ8dMkV6IxEkm0ohJapbB3tsHvfw7iG34rwnm6mWNZ8NfcCX5k6dBkRy_cysd8wOeOfrTgfXWLHJoRl8Z3jbPQOiBco8-tg3KhOwlEQzscOxiVtJZtUVtUhYlWye3qyp7791SBNDGgrmJHwuCD6Thv-8LC3p6r9Ea5zpm1Mccqy3J5SDCAPLjb3b83mLmAdzUF2g133XZzrU8zS_CQ1nyuAg2DOSGqvuPHABs2CKpCUdq1FQ_rcjYPTHVOzlaZa-jyf6HLxBWuNah5b-k4nqKVZoq9MPVXMb3cBUP0V07ky3ahOF967GI72qy8xVALWLOHsadoTt0J5g8x5wG87-Y5L-I42ysE2jVBgN5eMs0mSxMykunfdTFuWswYxJIGeww-MtoD85y1Uf10eALAVDXg7TmJj6_9Zl289gV35ILWIuFsCsK4WYD8EjR0tg_PjEC8xz7YADoppPiEjwS22Mo1V4ptaI8h24EfygMMir3C5UvuI6y4qqYxI7_c6kZOiCPdh89Snc7PEdrwTBCdEjkgq2e0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
default.css
as.ad4m.at/ad/style/0.1.42/one-ad/ Frame 6395 		106 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://as.ad4m.at/ad/style/0.1.42/one-ad/default.css
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=200349&b=wAkUdfRR55UQdr9cEH7CwuXtxZ8UKTATzDF5&f=gVWH8fBBwwaY5P8fPH5CmuxCz8GudTQT7mhe&c=120&d=600&e=&g=2c799f5a5d7a376de4f2dba11d33f951%2F10989457752402410445&i=25174&j=16&k=0&l=0&m=0&n=&p=&q=&o=dbmRTXL_desktop&r=1686846916256&h=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DCP9Ejwj2LZOyhB5TX1gbU14jQBKOgpo5xpdbKkJYM8C4QASCq04xoYJXikIKgB6ABkJPOxgPIAQmpAvENXVuMMLI-qAMBqgT2AU_QMzovio4qVobe-NxR-hUjChPQ2r5e7lwp_xuS-KMf7QC5M76KI0bZXwLQ-cbbpKSV4MAcbyem-UDHT8ZSf_nfKmVktcEdpu033RuKNuxfhCY8wQzv8inxIYzd5W5aQ5zvmYWrCnSnGSrRx7deL-5bELpc65esjYz7kTPVtUsTSfv-dWWKnDXNCJ5NuBK_xB-FStp3kd8hLmFatWgNNX_McK1KHRcpjxCh6FiAaxseBEtXipqr1S2BVtCUVfoFoW0A_9qacjbqY-nBs4la79YJuaOyV9N8kHNgcc71guKQH5cWFnW-_xApIVkfSKvFE05uwYSFK8AEz9aT_ZED4AQDkAYBoAZNgAfY7LE5qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTg4OTkxNTk0NjMwMTExNjeACgOYCwHICwGADAGwE9Wx-BLQEwDYEwPYFAHQFQH4FgGAFwE%2526ae%253D1%2526num%253D1%2526cid%253DCAQSPABygQiDOitSGR7Q1DWnSPJ23cMlMcRCkjX2sSDAc1OZbV52PW38ilSj4qC24J3kHDnhrjAaIjhaVRgJUxgB%2526sig%253DAOD64_1C1IhyHLWxEZbr32fZ4y_fBqqdtA%2526client%253Dca-pub-8170966538152543%2526dbm_c%253DAKAmf-AHEgK8BJ0ztX0w2P7i2NEp3XT0WSEK_QHYWTdQS1bCYRCQ3iw-sO3Uh9peqsr1anVtE6BB_n-GDXhUIa4JgbID6o5fxI577cz3ftLAeSa_iNrUAk4lIlb1GX79tm4lDWwSqQD8xpuCtt0RbkTl0uX6hKC01didvxqhCuYGDvaFbTvOa7c%2526cry%253D1%2526dbm_d%253DAKAmf-BmT0htdcTXnfEC6gjvo1taWVqzBNRxKVsyCTyHhJxZciaq2LcGPQ0_nFEpV_k58wJzne3qR3h2IJbkYFtBcmTOfo52x1Ts98d1cHMXryo0HAEyusmOVHjbJyPvp7wRnIPbjUFBSak5QrH088q4MDmOTOT79yoJFsdBifBYnfUDXoaL7muktsA1X8_v8_ajwEdPu3OxL4X-sSgkPo2rcLhQpOjdl2y4eh6XazV1Z3pPsjzRXzHyRdPvxBATHdXoJsUxyI6xR5qBmB0E6EZCzvz-IQmlqRj222K3bliKKBTayMVP6zD0Wpp-rDsHfGblV9wgyAQkic5h4mHSm0615JcVhjl4_OKXV8E20mXS72lp1_kQ0K2SBJvUlJ3UjfhuHfMECFdsHCV-ee1P9l_NAwaCGYieGyjTDMDFPyXwIYvVwrDJbk5ZcUy1EpWiftxymisa4Z-D7pu17J2hviJZtv1povAOComrspzy6Q-dFkTVc0R_pXW5eVU29ei70HxoEQlgkvjJh7S7LpHtfXeKoEP_8q91OwFgb4kIIQCeVnZVUOGa4yZoynpCgbVQYUEBiCPtxPCN2RTq0F6JhIB4zOPM1bV-nu4YAO5vPBLhcIZxPI9i3BSPzWHyiPrEm02ygLu69MEmfhqyJBQAB2mF7QdcsrkhGtchF-UuhMMbAh9VKpQLGa_K1XleM8O4paVf43XNKPwr%2526adurl%253D&y=1&s=&z=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3dbe73a90f1370d3bdefdeb5ccca6a4f3c6edb2bc1b06c47b7e5ae2457bc58ab

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://as.ad4m.at/ad/rar?a=200349&b=wAkUdfRR55UQdr9cEH7CwuXtxZ8UKTATzDF5&f=gVWH8fBBwwaY5P8fPH5CmuxCz8GudTQT7mhe&c=120&d=600&e=&g=2c799f5a5d7a376de4f2dba11d33f951%2F10989457752402410445&i=25174&j=16&k=0&l=0&m=0&n=&p=&q=&o=dbmRTXL_desktop&r=1686846916256&h=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DCP9Ejwj2LZOyhB5TX1gbU14jQBKOgpo5xpdbKkJYM8C4QASCq04xoYJXikIKgB6ABkJPOxgPIAQmpAvENXVuMMLI-qAMBqgT2AU_QMzovio4qVobe-NxR-hUjChPQ2r5e7lwp_xuS-KMf7QC5M76KI0bZXwLQ-cbbpKSV4MAcbyem-UDHT8ZSf_nfKmVktcEdpu033RuKNuxfhCY8wQzv8inxIYzd5W5aQ5zvmYWrCnSnGSrRx7deL-5bELpc65esjYz7kTPVtUsTSfv-dWWKnDXNCJ5NuBK_xB-FStp3kd8hLmFatWgNNX_McK1KHRcpjxCh6FiAaxseBEtXipqr1S2BVtCUVfoFoW0A_9qacjbqY-nBs4la79YJuaOyV9N8kHNgcc71guKQH5cWFnW-_xApIVkfSKvFE05uwYSFK8AEz9aT_ZED4AQDkAYBoAZNgAfY7LE5qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTg4OTkxNTk0NjMwMTExNjeACgOYCwHICwGADAGwE9Wx-BLQEwDYEwPYFAHQFQH4FgGAFwE%2526ae%253D1%2526num%253D1%2526cid%253DCAQSPABygQiDOitSGR7Q1DWnSPJ23cMlMcRCkjX2sSDAc1OZbV52PW38ilSj4qC24J3kHDnhrjAaIjhaVRgJUxgB%2526sig%253DAOD64_1C1IhyHLWxEZbr32fZ4y_fBqqdtA%2526client%253Dca-pub-8170966538152543%2526dbm_c%253DAKAmf-AHEgK8BJ0ztX0w2P7i2NEp3XT0WSEK_QHYWTdQS1bCYRCQ3iw-sO3Uh9peqsr1anVtE6BB_n-GDXhUIa4JgbID6o5fxI577cz3ftLAeSa_iNrUAk4lIlb1GX79tm4lDWwSqQD8xpuCtt0RbkTl0uX6hKC01didvxqhCuYGDvaFbTvOa7c%2526cry%253D1%2526dbm_d%253DAKAmf-BmT0htdcTXnfEC6gjvo1taWVqzBNRxKVsyCTyHhJxZciaq2LcGPQ0_nFEpV_k58wJzne3qR3h2IJbkYFtBcmTOfo52x1Ts98d1cHMXryo0HAEyusmOVHjbJyPvp7wRnIPbjUFBSak5QrH088q4MDmOTOT79yoJFsdBifBYnfUDXoaL7muktsA1X8_v8_ajwEdPu3OxL4X-sSgkPo2rcLhQpOjdl2y4eh6XazV1Z3pPsjzRXzHyRdPvxBATHdXoJsUxyI6xR5qBmB0E6EZCzvz-IQmlqRj222K3bliKKBTayMVP6zD0Wpp-rDsHfGblV9wgyAQkic5h4mHSm0615JcVhjl4_OKXV8E20mXS72lp1_kQ0K2SBJvUlJ3UjfhuHfMECFdsHCV-ee1P9l_NAwaCGYieGyjTDMDFPyXwIYvVwrDJbk5ZcUy1EpWiftxymisa4Z-D7pu17J2hviJZtv1povAOComrspzy6Q-dFkTVc0R_pXW5eVU29ei70HxoEQlgkvjJh7S7LpHtfXeKoEP_8q91OwFgb4kIIQCeVnZVUOGa4yZoynpCgbVQYUEBiCPtxPCN2RTq0F6JhIB4zOPM1bV-nu4YAO5vPBLhcIZxPI9i3BSPzWHyiPrEm02ygLu69MEmfhqyJBQAB2mF7QdcsrkhGtchF-UuhMMbAh9VKpQLGa_K1XleM8O4paVf43XNKPwr%2526adurl%253D&y=1&s=&z=0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:16 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime
1686312358
age
534251
cf-polished
origSize=108907
x-guploader-uploadid
ADPycds4BaPB2cnNKfGCpO0DHbi1YsFTcCTGXC9fJnH_NboEzcGfHcnLXlcIvq2iasQ1ZmCVOJqaFT1yvUfFyfqQRQlEfuWooABE
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Fri, 09 Jun 2023 12:06:25 GMT
server
cloudflare
etag
W/"913a188acf4937267d989357edafdccf"
vary
Accept-Encoding
x-goog-generation
1686312385390155
content-type
text/css
x-goog-hash
crc32c=+kWf1Q==, md5=kToYis9JNyZ9mJNX7a/czw==
cache-control
public, max-age=3600
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QjTafT11bEhn5bpH9PuTCzwb9B8cY8JynbELFS5zB3yYhnWQ3JFhE4P0Buyjai0cBiODVwZr9gRK5UzbZHXzgC3%2Fp%2FuHOb43TEwR6XuMId5QFw5vY9eEZpFs2CVU%2BtpVkuyTzeBj%2FLA%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
108907
cf-ray
7d7c39ab6f6f1981-FRA
expires
Thu, 15 Jun 2023 17:35:16 GMT
cawshow.php
www.awin1.com/ Frame 6395 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.awin1.com/cawshow.php?v=11938&s=2542096&q=373618&r=412863&clickref=&pref3=oneidgVWH8fBBwwaY5P8fPH5CmuxCz8GudTQT7mheoneid__dbmRTXL_desktop&gdpr_consent=&gdpr=0&gdpr_pd=0
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=200349&b=wAkUdfRR55UQdr9cEH7CwuXtxZ8UKTATzDF5&f=gVWH8fBBwwaY5P8fPH5CmuxCz8GudTQT7mhe&c=120&d=600&e=&g=2c799f5a5d7a376de4f2dba11d33f951%2F10989457752402410445&i=25174&j=16&k=0&l=0&m=0&n=&p=&q=&o=dbmRTXL_desktop&r=1686846916256&h=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DCP9Ejwj2LZOyhB5TX1gbU14jQBKOgpo5xpdbKkJYM8C4QASCq04xoYJXikIKgB6ABkJPOxgPIAQmpAvENXVuMMLI-qAMBqgT2AU_QMzovio4qVobe-NxR-hUjChPQ2r5e7lwp_xuS-KMf7QC5M76KI0bZXwLQ-cbbpKSV4MAcbyem-UDHT8ZSf_nfKmVktcEdpu033RuKNuxfhCY8wQzv8inxIYzd5W5aQ5zvmYWrCnSnGSrRx7deL-5bELpc65esjYz7kTPVtUsTSfv-dWWKnDXNCJ5NuBK_xB-FStp3kd8hLmFatWgNNX_McK1KHRcpjxCh6FiAaxseBEtXipqr1S2BVtCUVfoFoW0A_9qacjbqY-nBs4la79YJuaOyV9N8kHNgcc71guKQH5cWFnW-_xApIVkfSKvFE05uwYSFK8AEz9aT_ZED4AQDkAYBoAZNgAfY7LE5qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTg4OTkxNTk0NjMwMTExNjeACgOYCwHICwGADAGwE9Wx-BLQEwDYEwPYFAHQFQH4FgGAFwE%2526ae%253D1%2526num%253D1%2526cid%253DCAQSPABygQiDOitSGR7Q1DWnSPJ23cMlMcRCkjX2sSDAc1OZbV52PW38ilSj4qC24J3kHDnhrjAaIjhaVRgJUxgB%2526sig%253DAOD64_1C1IhyHLWxEZbr32fZ4y_fBqqdtA%2526client%253Dca-pub-8170966538152543%2526dbm_c%253DAKAmf-AHEgK8BJ0ztX0w2P7i2NEp3XT0WSEK_QHYWTdQS1bCYRCQ3iw-sO3Uh9peqsr1anVtE6BB_n-GDXhUIa4JgbID6o5fxI577cz3ftLAeSa_iNrUAk4lIlb1GX79tm4lDWwSqQD8xpuCtt0RbkTl0uX6hKC01didvxqhCuYGDvaFbTvOa7c%2526cry%253D1%2526dbm_d%253DAKAmf-BmT0htdcTXnfEC6gjvo1taWVqzBNRxKVsyCTyHhJxZciaq2LcGPQ0_nFEpV_k58wJzne3qR3h2IJbkYFtBcmTOfo52x1Ts98d1cHMXryo0HAEyusmOVHjbJyPvp7wRnIPbjUFBSak5QrH088q4MDmOTOT79yoJFsdBifBYnfUDXoaL7muktsA1X8_v8_ajwEdPu3OxL4X-sSgkPo2rcLhQpOjdl2y4eh6XazV1Z3pPsjzRXzHyRdPvxBATHdXoJsUxyI6xR5qBmB0E6EZCzvz-IQmlqRj222K3bliKKBTayMVP6zD0Wpp-rDsHfGblV9wgyAQkic5h4mHSm0615JcVhjl4_OKXV8E20mXS72lp1_kQ0K2SBJvUlJ3UjfhuHfMECFdsHCV-ee1P9l_NAwaCGYieGyjTDMDFPyXwIYvVwrDJbk5ZcUy1EpWiftxymisa4Z-D7pu17J2hviJZtv1povAOComrspzy6Q-dFkTVc0R_pXW5eVU29ei70HxoEQlgkvjJh7S7LpHtfXeKoEP_8q91OwFgb4kIIQCeVnZVUOGa4yZoynpCgbVQYUEBiCPtxPCN2RTq0F6JhIB4zOPM1bV-nu4YAO5vPBLhcIZxPI9i3BSPzWHyiPrEm02ygLu69MEmfhqyJBQAB2mF7QdcsrkhGtchF-UuhMMbAh9VKpQLGa_K1XleM8O4paVf43XNKPwr%2526adurl%253D&y=1&s=&z=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.102.45.165 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-102-45-165.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
69c54c90b1b8bfda76607141dfc0da3a504fc58e6ad4b482fa0ac8d475618396
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:16 GMT
Strict-Transport-Security
max-age=86400
Last-Modified
Thu, 15-Jun-2023 16:35:16 UTC
Allow
GET
Node
Helix
Content-Type
text/html
P3P
policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control
no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set
default
Connection
keep-alive
Content-Length
1367
Expires
Thu, 15-Jun-2023 16:35:16 UTC
/
banner.congstar.de/cookie/ Frame 6395
Redirect Chain
  • https://www.awin1.com/cawshow.php?v=11938&s=2542096&q=373618&r=412863&pv=1&pref3=oneidwAkUdfRR55UQdr9cEH7CwuXtxZ8UKTATzDF5oneid__dbmRTXL_desktop&gdpr_consent=&gdpr=0&gdpr_pd=0
  • https://banner.congstar.de/cookie/?sp=awin&spfr=412863&awc=11938_412863_1686846916_9bfa10f0-0b9a-11ee-87f6-2265f034cf4c
0
550 B 		Script
General
Check archive.org
Download Go to
Full URL
https://banner.congstar.de/cookie/?sp=awin&spfr=412863&awc=11938_412863_1686846916_9bfa10f0-0b9a-11ee-87f6-2265f034cf4c
Requested by
Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=200349&b=wAkUdfRR55UQdr9cEH7CwuXtxZ8UKTATzDF5&f=gVWH8fBBwwaY5P8fPH5CmuxCz8GudTQT7mhe&c=120&d=600&e=&g=2c799f5a5d7a376de4f2dba11d33f951%2F10989457752402410445&i=25174&j=16&k=0&l=0&m=0&n=&p=&q=&o=dbmRTXL_desktop&r=1686846916256&h=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DCP9Ejwj2LZOyhB5TX1gbU14jQBKOgpo5xpdbKkJYM8C4QASCq04xoYJXikIKgB6ABkJPOxgPIAQmpAvENXVuMMLI-qAMBqgT2AU_QMzovio4qVobe-NxR-hUjChPQ2r5e7lwp_xuS-KMf7QC5M76KI0bZXwLQ-cbbpKSV4MAcbyem-UDHT8ZSf_nfKmVktcEdpu033RuKNuxfhCY8wQzv8inxIYzd5W5aQ5zvmYWrCnSnGSrRx7deL-5bELpc65esjYz7kTPVtUsTSfv-dWWKnDXNCJ5NuBK_xB-FStp3kd8hLmFatWgNNX_McK1KHRcpjxCh6FiAaxseBEtXipqr1S2BVtCUVfoFoW0A_9qacjbqY-nBs4la79YJuaOyV9N8kHNgcc71guKQH5cWFnW-_xApIVkfSKvFE05uwYSFK8AEz9aT_ZED4AQDkAYBoAZNgAfY7LE5qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTg4OTkxNTk0NjMwMTExNjeACgOYCwHICwGADAGwE9Wx-BLQEwDYEwPYFAHQFQH4FgGAFwE%2526ae%253D1%2526num%253D1%2526cid%253DCAQSPABygQiDOitSGR7Q1DWnSPJ23cMlMcRCkjX2sSDAc1OZbV52PW38ilSj4qC24J3kHDnhrjAaIjhaVRgJUxgB%2526sig%253DAOD64_1C1IhyHLWxEZbr32fZ4y_fBqqdtA%2526client%253Dca-pub-8170966538152543%2526dbm_c%253DAKAmf-AHEgK8BJ0ztX0w2P7i2NEp3XT0WSEK_QHYWTdQS1bCYRCQ3iw-sO3Uh9peqsr1anVtE6BB_n-GDXhUIa4JgbID6o5fxI577cz3ftLAeSa_iNrUAk4lIlb1GX79tm4lDWwSqQD8xpuCtt0RbkTl0uX6hKC01didvxqhCuYGDvaFbTvOa7c%2526cry%253D1%2526dbm_d%253DAKAmf-BmT0htdcTXnfEC6gjvo1taWVqzBNRxKVsyCTyHhJxZciaq2LcGPQ0_nFEpV_k58wJzne3qR3h2IJbkYFtBcmTOfo52x1Ts98d1cHMXryo0HAEyusmOVHjbJyPvp7wRnIPbjUFBSak5QrH088q4MDmOTOT79yoJFsdBifBYnfUDXoaL7muktsA1X8_v8_ajwEdPu3OxL4X-sSgkPo2rcLhQpOjdl2y4eh6XazV1Z3pPsjzRXzHyRdPvxBATHdXoJsUxyI6xR5qBmB0E6EZCzvz-IQmlqRj222K3bliKKBTayMVP6zD0Wpp-rDsHfGblV9wgyAQkic5h4mHSm0615JcVhjl4_OKXV8E20mXS72lp1_kQ0K2SBJvUlJ3UjfhuHfMECFdsHCV-ee1P9l_NAwaCGYieGyjTDMDFPyXwIYvVwrDJbk5ZcUy1EpWiftxymisa4Z-D7pu17J2hviJZtv1povAOComrspzy6Q-dFkTVc0R_pXW5eVU29ei70HxoEQlgkvjJh7S7LpHtfXeKoEP_8q91OwFgb4kIIQCeVnZVUOGa4yZoynpCgbVQYUEBiCPtxPCN2RTq0F6JhIB4zOPM1bV-nu4YAO5vPBLhcIZxPI9i3BSPzWHyiPrEm02ygLu69MEmfhqyJBQAB2mF7QdcsrkhGtchF-UuhMMbAh9VKpQLGa_K1XleM8O4paVf43XNKPwr%2526adurl%253D&y=1&s=&z=0
Protocol
HTTP/1.1
Server
87.118.116.9 , Germany, ASN31103 (KEYWEB-AS, DE),
Reverse DNS
km36617.keymachine.de
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:15 GMT
Server
Apache
P3P
CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
0

Redirect headers

Date
Thu, 15 Jun 2023 16:35:16 GMT
Strict-Transport-Security
max-age=86400
Node
Helix
P3P
policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location
https://banner.congstar.de/cookie/?sp=awin&spfr=412863&awc=11938_412863_1686846916_9bfa10f0-0b9a-11ee-87f6-2265f034cf4c
Awin-Akamai-Rule-Set
default
Connection
keep-alive
Content-Length
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame 1699 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bl2u7wz2LZIrVC8uQjuwPpOe9yA4AAAAAOAHgBAI&bg=!39yl3IjNAAaGYqkwpmI7ADkAdvg8WsMUV7efio4YLWXs750CVAUONoXjAlBJwonv8WX-Q3vDb-VgMRYUsNFyVz-VWJIOI7PZwUACAAAA11IAAAACaAEHmQMgbeBraysKyd2-47wGe0itlFT3rv6mFu8O2TrjewRkU5rZRNrlgRwAP76R9cekczlITIEUDnvRWXj8QGRF9N6syXtkR-wwazMLh48bNgW5cphHuLMo5CvWALzrUvei2b8Qx-bp56zWBPQNXBEPLY_7B-SNJKErQx-_sDrSaiDugh5yMY9Fk3iDpN4Io6I7Dhwf9sUURb_TZ4W_TrW_sJ9PV-tW6srnfdtgNOCBrSyAt4jOj4idMjuK9T1dbYAcQUxaW7rWCx7_vCwnAI2OGJKEN9ZxaQrDTXekx5s0JUxjoN1vATYb-VUlmj0KlIoVScYMsSPFBjj0uhveqd12S7kcLQIYIyFuabzOM_YCY9RtvVjNebYWWW301UjW4B7h8ABLznSCw762ZAzpdX8YvUgOV4ojjQmXlDNiKntnACcysRUkiSJCa0VhL4IyN2X2pr_l7lW4_Wt4KP_yPPY_rpO7p3XET9zKor2llIFXCNjHJfNj592I2m9DP-4Yjyrljdkyb22XErL_i3kram1EiEb6UkuvD_1jNltnRyvlsEctRnjXRWgGaor6EmFq64EMaAgmNi5S7gAUeUmxOyiIksbgrq9Tudf9zNvJg6Mq-4BGAc26bkZjg_ebrTI8KpDEud-itC7AyyiX5jO82de2HyjKn-QjG0fBL8JVrWzMjwdPdmLVlossiEKl1mgnNmpO8Afly59WYszeQi_MiEAP36V0HBMLRdb-5VMCmk3BZGsjgMRYCydz0nCn1FarMZIUlKy2Z_dUQAQNvTzeBmeoofbc7xc1eVxakWs3VAr2cTK3zpYlUqWel4RSUzuFXmgFev_AM0Q0i6cxoT1f0xIy2LMpAV26RzZlyo_vk1Y-tXWCLppdnMfXX1_XRfuOx-BEorgHnIHYxtHSCwcbp0ZBLWQ2xeZru3JSbgTkxA746snFiRWOCMxs-sttuKA7gJc26r5z4MQHOgAolqAbAIYdzTGCoRnn8zlSKh1yLL-jFCeuxH6bxdOSepKSNUPeeYC8kK-TxTTYgHR9LGSRqFY8q0X8uOXK1siwx4I3IHAHrIVaOs8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 644D 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssUMXwp0jJ7xGikCkhaAE7DoYrkUfHRfT8zH98jG7Zs6h57MZrRcg-8H9xWH9-4gn33G3JOFvijFVCeMZHI73Ba6yCC776XJwatdmIMauWvLaPdyV_D_YNd4evFuGzT_uUcoS3JBftI9WrF&sai=AMfl-YQGgXeGQqmEO21zClcl2okZ_moz2ZDcGd2Q3CAZDMenZL7RJ4K5SvnWDS8zGXP3SlBt6ovwNXOEigzD7CGmHpLfi0GKX1ssKpqOsiM_tJMTCvI-yMC7Q8dhgnC0&sig=Cg0ArKJSzIEFDc6tmDPKEAE&cid=CAQSPABygQiDOitSGR7Q1DWnSPJ23cMlMcRCkjX2sSDAc1OZbV52PW38ilSj4qC24J3kHDnhrjAaIjhaVRgJUxgB&id=lidar2&mcvt=1012&p=1110,436,1200,1164&mtos=1012,1012,1012,1012,1012&tos=1012,0,0,0,0&v=20230614&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3021073091&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1686846914634&rpt=746&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=14
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dt
dt.adsafeprotected.com/ Frame B230 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1431402&asId=96b94ce7-a4b8-1036-3562-26144c501009&tv=%7Bc:fCPhOX,pingTime:-10,time:1607,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTE0LjAuNTczNS4xMzMgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1686846915811%7C%7C8cbbdd747955d9e7d630055db1c1d472%7C%7C8623b242deb4313525321dba17b62725%7C%7C44809376f18f336d9f21787ce8461045%7C%7Ccac9c96b1f880ff618be04bee5c2b05d%7C%7C6e5b77b375133b96090db67cd9085a72%7C%7C9102e711377addb62ad8a9307f38cda6%7C%7C7dea137f5041eaafae1a643a63c972d6%7C%7C1663701684,sca:%7Bspg:e2bd2d95-91a4-35d4-cd95-594460564c44%7D%7D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4280:6c5d:d5e1:5b59:447 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:16 GMT
server
nginx
x-server-name
dt26.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
OneSignalSDKStyles.css
onesignal.com/sdks/ 		82 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://onesignal.com/sdks/OneSignalSDKStyles.css?v=2
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151601
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:d73b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:16 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
age
606
etag
W/"4e9aaefffd5f8ae7dc83361aa2294190"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=2592000
cf-ray
7d7c39ac3dd7383e-FRA
access-control-allow-headers
OneSignal-Subscription-Id
alt-svc
h3=":443"; ma=86400
expires
Sat, 15 Jul 2023 16:35:16 GMT
dcmads.js
www.googletagservices.com/dcm/ Frame 6395 		16 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/dcm/dcmads.js
Requested by
Host: www.awin1.com
URL: https://www.awin1.com/cawshow.php?v=11938&s=2542096&q=373618&r=412863&clickref=&pref3=oneidgVWH8fBBwwaY5P8fPH5CmuxCz8GudTQT7mheoneid__dbmRTXL_desktop&gdpr_consent=&gdpr=0&gdpr_pd=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d72c9fb59846aff6405d2973c81bd8da823493502fab893e026a736a1ba01838
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:11:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1427
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6830
x-xss-protection
0
last-modified
Wed, 24 May 2023 18:59:20 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-dcm-tag"
vary
Accept-Encoding
report-to
{"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Thu, 15 Jun 2023 17:11:29 GMT
icon
onesignal.com/api/v1/apps/759c7003-d177-4bb0-a963-17f076743060/ 		140 B
741 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://onesignal.com/api/v1/apps/759c7003-d177-4bb0-a963-17f076743060/icon
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151601
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:d73b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9af0e0dd6d9d1fb1865970130076d77574fb776f6a5da59fa0794b0105b2be47
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:16 GMT
via
1.1 google
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
content-encoding
br
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=15552000; includeSubDomains
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
99a52c0b-920c-49b4-a53e-4df0ac7a64bb
x-runtime
0.011442
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"9af0e0dd6d9d1fb1865970130076d775"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept, Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=0, private, must-revalidate
cf-ray
7d7c39ac7b43995a-FRA
access-control-allow-headers
SDK-Version
impl_v96.js
www.googletagservices.com/dcm/ Frame 6395 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/dcm/impl_v96.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
843dea1d022be79c95643821b1140cc2d081094ee77ccf7a1f637a1ad8fca33f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Mon, 12 Jun 2023 16:55:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
257989
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20157
x-xss-protection
0
last-modified
Mon, 22 May 2023 16:41:33 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-dcm-tag"
vary
Accept-Encoding
report-to
{"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 11 Jun 2024 16:55:27 GMT
B22989180.252529620;dc_ver=96.284;sz=120x600;u_sd=1;campaign=affiliate-channel;motive_name=congstar-x;dc_adk=3921940206;ord=kvn3ig;click=https%3A%2F%2Fwww.awin1.com%2Fawclick.php%3Fmid%3D11938%26id...
ad.doubleclick.net/ddm/adj/N38306.140903ZANOX.COMDE/ Frame 6395 		75 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ad.doubleclick.net/ddm/adj/N38306.140903ZANOX.COMDE/B22989180.252529620;dc_ver=96.284;sz=120x600;u_sd=1;campaign=affiliate-channel;motive_name=congstar-x;dc_adk=3921940206;ord=kvn3ig;click=https%3A%2F%2Fwww.awin1.com%2Fawclick.php%3Fmid%3D11938%26id%3D412863%26gid%3D373618%26linkid%3D2542096%26p%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=2,https%3A%2F%2Fwww.metropoles.com$2,https%3A%2F%2Fe0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com%2F$0;xdt=1;crlt=Je')NdpYMd;stc=1;chaa=1;sttr=58;prcl=s
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v96.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f6.1e100.net
Software
cafe /
Resource Hash
d2b4316e9c4e8b95d45e7e338362f07fcb9461caa64873bad2b232cf8f0cd8c9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:16 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30867
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
icon.png
files.metropoles.com/imagens/push/ 		344 B
604 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://files.metropoles.com/imagens/push/icon.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
179.191.182.65 Offenbach, Germany, ASN52580 (Azion Technologies Ltda., BR),
Reverse DNS
Software
Azion IMS /
Resource Hash
13d87bc61a038efc8fb42f7ad42e75f758e843de9c64ab9956a8e79912c8892b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:16 GMT
server
Azion IMS
x-original-image-size
1475
etag
"0118daacac125c2938698eeb7662155ebf2c3ce8"
vary
Accept
content-type
image/webp
x-ims
Enabled
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
content-length
344
expires
Fri, 14 Jun 2024 16:35:16 GMT
api.gif
tags.denakop.com/ 		0
209 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.denakop.com/api.gif?a=10057&d=desktop&b=Chrome&o=Windows&v=4.18.8&sw=1600&sh=1200&ac=v&p=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&t=1686846916633&cb=0.1744287984756161&aa=side&r=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:170e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:16 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
x-frame-options
DENY
content-type
image/gif
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
cf-ray
7d7c39acfb4d37fb-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
expires
Sun, 01 Jan 2014 00:00:00 GMT
api.gif
tags.denakop.com/ 		0
209 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tags.denakop.com/api.gif?a=10057&d=desktop&b=Chrome&o=Windows&v=4.18.8&sw=1600&sh=1200&ac=r&p=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&t=1686846916639&cb=0.4011169993948427&aa=under&r=https%3A%2F%2Fus-central1-decisive-plasma-381522.cloudfunctions.net%2F
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:170e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:16 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
x-frame-options
DENY
content-type
image/gif
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
cf-ray
7d7c39ad0b5e37fb-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
expires
Sun, 01 Jan 2014 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 395B 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5406348589404&version=m202301230201&ct=76&x=1&cor=12261841391918152000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame E2DB 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4256196999775&version=m202301230201&ct=76&x=1&cor=8605657849199250000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame A085 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3084885249374&version=m202301230201&ct=76&x=1&cor=6075511303309777000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame B230 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3416228772813&version=m202301230201&ct=76&x=1&cor=14372604510407956000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
html_inpage_rendering_lib_200_278.js
s0.2mdn.net/879366/ Frame 6395 		172 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
https://as.ad4m.at
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 10:17:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
22672
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
61485
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 18:43:57 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 16 Jun 2023 10:17:24 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20230613/r20110914/elements/html/ Frame 6395 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20230613/r20110914/elements/html/omrhp.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N38306.140903ZANOX.COMDE/B22989180.252529620;dc_ver=96.284;sz=120x600;u_sd=1;campaign=affiliate-channel;motive_name=congstar-x;dc_adk=3921940206;ord=kvn3ig;click=https%3A%2F%2Fwww.awin1.com%2Fawclick.php%3Fmid%3D11938%26id%3D412863%26gid%3D373618%26linkid%3D2542096%26p%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..;dc_rfl=2,https%3A%2F%2Fwww.metropoles.com$2,https%3A%2F%2Fe0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com%2F$0;xdt=1;crlt=Je')NdpYMd;stc=1;chaa=1;sttr=58;prcl=s
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 15:48:09 GMT
content-encoding
br
x-content-type-options
nosniff
age
2827
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4172
x-xss-protection
0
server
cafe
etag
5499578052516643378
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 29 Jun 2023 15:48:09 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 6395 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Tue, 13 Jun 2023 07:39:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
204943
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 12 Jun 2024 07:39:33 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame EBF4 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8225011881339&version=m202301230201&ct=77&x=1&cor=17563541338858340000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
newsroom.js
c2.taboola.com/nr/metropolesdf/ 		64 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c2.taboola.com/nr/metropolesdf/newsroom.js
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9ad03b679d47a8195b31afca4cf9fe5fea586c6da701000bc1fc182aa7d3e06e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-amz-version-id
null
content-encoding
gzip
via
1.1 varnish
date
Thu, 15 Jun 2023 16:35:16 GMT
x-amz-request-id
2P5TFRGRP1EVXYXF
age
60
x-cache
HIT
content-length
17828
x-amz-id-2
tCcQMawpcKOdslOEiOwuadnaEGRxmCs5/Ixv4QCP0JYHr6L6N/bdf492f9zxiNjayLLO07EPCyI=
x-served-by
cache-fra-eddf8230082-FRA
last-modified
Wed, 30 Nov 2022 08:35:49 GMT
server
AmazonS3
x-timer
S1686846917.916928,VS0,VE1
etag
"a0af54fd92064e49b6d51ecdc55224b2"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=14400
accept-ranges
bytes
x-cache-hits
1
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame C3BC 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
468669
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 10 Jun 2023 06:24:07 GMT
expires
Sun, 09 Jun 2024 06:24:07 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 6395 		178 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57029
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1686742752845198"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 15 Jun 2023 16:35:16 GMT
index.html
s0.2mdn.net/sadbundle/276555277389937048/ Frame 436F 		15 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/276555277389937048/index.html?e=69&leftOffset=0&topOffset=0&c=xxjgY8lJhG&t=1&renderingType=2&ev=01_250
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
52fcf9ab6d40dae8ccdb14001de9f88166f017e719830277e869cbb73baf400f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
2272
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Thu, 15 Jun 2023 16:35:16 GMT
expires
Fri, 14 Jun 2024 16:35:16 GMT
last-modified
Fri, 17 Feb 2023 08:36:15 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 6395 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuB4ruvB0jI37ODQgTNdAhBpvwt0KRnb17Jh5ZE3b5E6nsE3n3I9HOape_l0dHIS9W3XKIaWHNqgrMt8ZK_PJLi0yTDOczvBnzt1FJb9-p5S2HEy-fy1XD_9j8z3Zvo7Dp4QLf-3dk4VylSfItX95z9YKmzbyJJS0P1XurtdgRsXAaf8dGNYrOhXn-07mY&sai=AMfl-YQ1MtXST3Dsf3p5fUZh33JT-VwmbZ-LCMEij_edjYBZkvAN0gKF_PbyTQKF0p1PDQ_l8zQy-OJSBm1sFOWgzTuLvOGoPRkXTn_fww&sig=Cg0ArKJSzDHI_dxaNgvHEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=67&cbvp=1&cstd=58&cisv=r20230613.67502&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:16 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Thu, 15 Jun 2023 16:35:16 GMT
F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js
pagead2.googlesyndication.com/bg/ Frame C3BC 		37 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
176df1038f84f14d1d2ec33b51af8cef8034b6ebf27106f9b716f714d560e882
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 09:31:52 GMT
content-encoding
br
x-content-type-options
nosniff
age
25404
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14698
x-xss-protection
0
last-modified
Mon, 05 Jun 2023 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 14 Jun 2024 09:31:52 GMT
1676550659977.css
s0.2mdn.net/sadbundle/276555277389937048/ Frame 436F 		8 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/276555277389937048/1676550659977.css
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/276555277389937048/index.html?e=69&leftOffset=0&topOffset=0&c=xxjgY8lJhG&t=1&renderingType=2&ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f7ffa6fea5799287955bbccb8247344d1b93a2e2becfc2c7ccd92b44b9279bee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/276555277389937048/index.html?e=69&leftOffset=0&topOffset=0&c=xxjgY8lJhG&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sat, 10 Jun 2023 19:25:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
421797
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2295
x-xss-protection
0
last-modified
Fri, 17 Feb 2023 08:36:15 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sun, 09 Jun 2024 19:25:20 GMT
Enabler_01_247.js
s0.2mdn.net/879366/ Frame 436F 		118 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/Enabler_01_247.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/276555277389937048/index.html?e=69&leftOffset=0&topOffset=0&c=xxjgY8lJhG&t=1&renderingType=2&ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/276555277389937048/index.html?e=69&leftOffset=0&topOffset=0&c=xxjgY8lJhG&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 10:36:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
21536
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
41099
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:45:07 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 16 Jun 2023 10:36:21 GMT
1676550659977.js
s0.2mdn.net/sadbundle/276555277389937048/ Frame 436F 		20 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/276555277389937048/1676550659977.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/276555277389937048/index.html?e=69&leftOffset=0&topOffset=0&c=xxjgY8lJhG&t=1&renderingType=2&ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cff8001763a4cb0cb81352e07fb9927790673baaeda29140c072f30c5933cf10
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/276555277389937048/index.html?e=69&leftOffset=0&topOffset=0&c=xxjgY8lJhG&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 02:03:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
138705
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5491
x-xss-protection
0
last-modified
Fri, 17 Feb 2023 08:36:15 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 13 Jun 2024 02:03:32 GMT
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.metropoles.com%2F&domain=www.metropoles.com&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:d::d , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://www.metropoles.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
https://www.metropoles.com
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Thu, 15 Jun 2023 16:35:16 GMT
expires
0
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
177612
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
json
gum.criteo.com/sid/ 		2 B
376 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.metropoles.com%2F&domain=www.metropoles.com&cw=1&lsw=1
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:d::d , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://www.metropoles.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
application/json

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:16 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.metropoles.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
194214
expires
0
envelope
api.rlcdn.com/api/identity/ 		0
256 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.rlcdn.com/api/identity/envelope?pid=13756
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.133.55 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
55.133.120.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.metropoles.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 15 Jun 2023 16:35:17 GMT
via
1.1 google
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://www.metropoles.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
access-control-allow-headers
Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
content-length
0
/
csync.smilewanted.com/ Frame 183A 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://csync.smilewanted.com/
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.69.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e42869601ae87a83476b74dbfb615c3acde329931afc04beea4bd387f3703c7e

Request headers

Referer
https://www.metropoles.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
cf-cache-status
DYNAMIC
cf-ray
7d7c39af99bfbb35-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 15 Jun 2023 16:35:17 GMT
server
cloudflare
vary
Accept-Encoding
/
onetag-sys.com/usync/ Frame 6B67 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?cb=1686846913679
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://www.metropoles.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store
strict-transport-security
max-age=15552000
async_usersync.html
acdn.adnxs.com/dmp/ Frame A1EE 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.218.208.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-208-187.deploy.static.akamaitechnologies.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://www.metropoles.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Thu, 15 Jun 2023 16:35:17 GMT
ETag
"623de86a-cf34"
Expires
Fri, 16 Jun 2023 16:35:19 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame 27F1 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.201.255.110 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-255-110.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://www.metropoles.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Thu, 15 Jun 2023 16:35:17 GMT
ETag
"403b9-119-5ec73a0a33d00"
Last-Modified
Wed, 02 Nov 2022 02:30:44 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/dmp/ Frame 203B 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.218.208.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-208-187.deploy.static.akamaitechnologies.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://www.metropoles.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Thu, 15 Jun 2023 16:35:17 GMT
ETag
"623de86a-cf34"
Expires
Fri, 16 Jun 2023 16:35:19 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
usync.js
eus.rubiconproject.com/ Frame 27F1 		34 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.201.255.110 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-255-110.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
e688988e1a802a298ca327000a3266be6af64da0c6f6a48dd38dfd4bc30fa951

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Thu, 15 Jun 2023 16:35:17 GMT
Content-Encoding
gzip
Last-Modified
Wed, 14 Jun 2023 19:18:58 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=9763
Connection
keep-alive
Content-Length
10113
Expires
Thu, 15 Jun 2023 19:18:00 GMT
logo.svg
s0.2mdn.net/sadbundle/276555277389937048/ Frame 436F 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/276555277389937048/logo.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/276555277389937048/1676550659977.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ac1f8c2a4ee7c0ee40acb4937d0459e1e290abfa8229c4b7fc4d7992858e1cd9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/276555277389937048/1676550659977.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sun, 11 Jun 2023 01:55:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
398375
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1365
x-xss-protection
0
last-modified
Fri, 17 Feb 2023 08:36:15 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 10 Jun 2024 01:55:42 GMT
async_usersync
ib.adnxs.com/ Frame 203B 		0
863 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.141 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:17 GMT
AN-X-Request-Uuid
259d1d1d-56e2-4f9b-827b-b46d9f57e07a
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
185.213.155.177; 185.213.155.177; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame A1EE 		0
863 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.141 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:17 GMT
AN-X-Request-Uuid
41eec171-06a4-407b-a6b1-ba16e65c4391
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
185.213.155.177; 185.213.155.177; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 644D 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=9196131685966&version=m202301230201&ct=76&x=1&cor=17556787969673150000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:17 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
decode_consent.js
static.smilewanted.com/js/decode_consent/ Frame 183A 		48 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.smilewanted.com/js/decode_consent/decode_consent.js
Requested by
Host: csync.smilewanted.com
URL: https://csync.smilewanted.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.69.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eb4db95cf7c97ce22bd98d1b95dfd82204843cc8854cbe0b3b6b93be4fa41a2f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://csync.smilewanted.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
age
708883
x-xss-protection
1; mode=block
referrer-policy
strict-origin
last-modified
Thu, 15 Apr 2021 17:11:55 GMT
server
cloudflare
etag
W/"607873db-c1ce"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
cf-ray
7d7c39b08bb3bb35-FRA
expires
Thu, 31 Dec 2037 23:55:55 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 6395 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuB4ruvB0jI37ODQgTNdAhBpvwt0KRnb17Jh5ZE3b5E6nsE3n3I9HOape_l0dHIS9W3XKIaWHNqgrMt8ZK_PJLi0yTDOczvBnzt1FJb9-p5S2HEy-fy1XD_9j8z3Zvo7Dp4QLf-3dk4VylSfItX95z9YKmzbyJJS0P1XurtdgRsXAaf8dGNYrOhXn-07mY&sai=AMfl-YQ1MtXST3Dsf3p5fUZh33JT-VwmbZ-LCMEij_edjYBZkvAN0gKF_PbyTQKF0p1PDQ_l8zQy-OJSBm1sFOWgzTuLvOGoPRkXTn_fww&sig=Cg0ArKJSzDHI_dxaNgvHEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=325&vt=11&dtpt=258&dett=3&cstd=58&cisv=r20230613.67502&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:17 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Thu, 15 Jun 2023 16:35:17 GMT
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1/ Frame 436F 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/276555277389937048/1676550659977.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 09:51:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
24240
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5437
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 14 Jun 2024 09:51:17 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame 436F 		7 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e2f9e7451c409ae273daa6e8df97f00867cc9aaf3800efc58a9503c8c8cf4480
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:17 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5626
x-xss-protection
0
drop_cookie_sw.php
csync.smilewanted.com/ Frame CEBF 		0
327 B 		Document
General
Check archive.org
Download Go to
Full URL
https://csync.smilewanted.com/drop_cookie_sw.php
Requested by
Host: csync.smilewanted.com
URL: https://csync.smilewanted.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.69.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://csync.smilewanted.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
cf-cache-status
DYNAMIC
cf-ray
7d7c39b0cbfabb35-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 15 Jun 2023 16:35:17 GMT
server
cloudflare
vary
Accept-Encoding
pixel
ap.lijit.com/ Frame A0E3 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/pixel?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fcsync.smilewanted.com%2Fset_partner_userid_get%2Fsovrn%2F%24UID
Requested by
Host: csync.smilewanted.com
URL: https://csync.smilewanted.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.30 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://csync.smilewanted.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Access-Control-Allow-Origin
*
Date
Thu, 15 Jun 2023 16:35:17 GMT
X-Sovrn-Pod
ad_ap6ams1
congstarfont.woff2
s0.2mdn.net/creatives/assets/4234010/ Frame 436F 		98 KB
98 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/creatives/assets/4234010/congstarfont.woff2
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/276555277389937048/1676550659977.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/276555277389937048/1676550659977.css
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:27:19 GMT
x-content-type-options
nosniff
age
478
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100772
x-xss-protection
0
last-modified
Thu, 05 Aug 2021 09:13:07 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 15 Jun 2023 16:42:19 GMT
86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
s0.2mdn.net/creatives/assets/1881029/ Frame 436F 		57 KB
57 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/creatives/assets/1881029/86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/276555277389937048/1676550659977.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/276555277389937048/1676550659977.css
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:24:41 GMT
x-content-type-options
nosniff
age
636
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
58447
x-xss-protection
0
last-modified
Wed, 15 Feb 2017 10:23:50 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 15 Jun 2023 16:39:41 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame C3BC 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B_UdkxD2LZO7tLfaXjuwPwtaj8AgAAAAAOAHgBAI&bg=!dXaldiLNAAaGYqkwpmI7ADkAdvg8WiSAYoPoIrSL0Vg_TualFAJGErWf00gN4GE-1e1V2fLiZ2QpaGxcwzfEahIyL_pZ6IJSQLwCAAAA8VIAAAADaAEHmQMsaFXOTpDLdkxkdSizldtUlf2mk8ZrwWk6mubIycgi8jkujH95sSEvbrU40ER33i_Up0lOxwStfy6xzxm4lo3BWYTLNRAvmGr4mhahLcvoRgftRIYtMG7aOoSdHDUKvShmVQMgDxILnqtBA6S-_GG5Naundlsw27m3_XZf-DhiZ8YQp0Zw2Lti-KNm6qW188RCWht1kqijraHPGXAXGNSXcEEipH8WxyZYHBCvyl2v4_fmF_2xJLQWOVkPdB4Vk6bjpXmGdBSZuLJ_ME_dsbn6PJQF_CFv1u-8bRWs0hvvV6932XiMN1RbKspCsxu-jaA2Sl2R8jpK1Ii6-cB_6gHSd1Rptwe1S24X2syt8Ma5MQW0iNdqPeBZDc_zp5u_ojRyMZl7JJu86a_g8RS5djjwUMhY-k3vVGIxmcQENnPOWbTfN1Rto5FcawoO-k-FXGcnLNGliSadUz1TIFyXPJRm2Iml360QG1Qu-dLBHfbJ-INg8qE478xZrk7p-BZR0vTGi9w2WOhEReNEgVs2c4a76YU16uVSic0DwYgP6DQEsHQphPAjayh_2vsXJdZ6CNxLAtUa2SAmcIiFxpRM3pRbyes-EkvYrofdcw57shPXfOwHFRO-xobckpx_SiSpumFUb3mnWCtFVBi1kPyVb3PoikEXiI9zz33EGkzXxwftDvWTgASJfIKtUbQFLh1SRWMbHTR66FOxER9v84SW7xcwrAt0lWtjHIOFhrj5lodwIps-_OfFhH6n6pKN0qNO_KNgA-SDjV1l7GN9Aidl3DGzA20Meh43wCcSfa0LFjTJXDZNb01HAgtzmLS9pYpBB2laRpRELpCbKVwWJcbbzG5uAS7O-AMQ1WqCziASuqQtmYnEPkpUlzWmqbTjQ6TXzZ0vPcKaqjOGLBGqL4c4wftg7g4ep_IgKWYpdoc9IVbQgvh77HBmcC4VjKJc15T-Jtc2Fl6InamOC5d7d8CKbYfLLZtD55cSBfIMN9Vf9DHfX1_IY1bvi4jAwjQqU3qXIB0uy29b3eRt9e_Kx-Z_CP2YgZ0N1qywHYJULif-ggYwEuAfFir2Pt04DGA5tNA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:17 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 436F 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 15 Jun 2023 16:35:17 GMT
/
sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/ Frame 510B
Redirect Chain
  • https://sync.richaudience.com/f7872c90c5d3791e2b51f7edce1a0a5d/?p=ns9qrKJLKD&consentString=&r=https%3A%2F%2Fcsync.smilewanted.com%2Fset_partner_userid_get%2Frichaudience%2F%5BPDID%5D
  • https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fcsync.smilewanted.com%2F
95 B
242 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fcsync.smilewanted.com%2F
Requested by
Host: csync.smilewanted.com
URL: https://csync.smilewanted.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
157.90.211.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.246.211.90.157.clients.your-server.de
Software
nginx/1.14.1 / PHP/8.2.4
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer
https://csync.smilewanted.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-type
image/png
date
Thu, 15 Jun 2023 16:35:16 GMT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
server
nginx/1.14.1
x-powered-by
PHP/8.2.4

Redirect headers

content-type
text/html; charset=UTF-8
date
Thu, 15 Jun 2023 16:35:16 GMT
location
https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fcsync.smilewanted.com%2F
server
nginx/1.14.1
x-powered-by
PHP/8.2.4
03032023-031219390-240_1200_vertikal_congstar-x8cbc85d6-d390-44ae-9c23-0f21b30ab351.png
s0.2mdn.net/4528404/ Frame 436F 		184 KB
184 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/4528404/03032023-031219390-240_1200_vertikal_congstar-x8cbc85d6-d390-44ae-9c23-0f21b30ab351.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
35e7927b53b4e2c801df795f65a9fa9097afb0d1f61957a62c5d9ee86c43c446
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/276555277389937048/index.html?e=69&leftOffset=0&topOffset=0&c=xxjgY8lJhG&t=1&renderingType=2&ev=01_250
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 11:28:08 GMT
x-content-type-options
nosniff
age
18429
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
188157
x-xss-protection
0
last-modified
Fri, 03 Mar 2023 11:12:19 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 16 Jun 2023 11:28:08 GMT
03032023-031224562-240_1200_vertikal_congstar-x_ohnexc7febedb-d28d-4ad7-b34c-3d11ea92a189.png
s0.2mdn.net/4528404/ Frame 436F 		112 KB
112 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/4528404/03032023-031224562-240_1200_vertikal_congstar-x_ohnexc7febedb-d28d-4ad7-b34c-3d11ea92a189.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1eb09874e96e9102ddae4adeb9fbf519e58f8797bee76e737f537aaddbbb987b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/276555277389937048/index.html?e=69&leftOffset=0&topOffset=0&c=xxjgY8lJhG&t=1&renderingType=2&ev=01_250
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 12:12:08 GMT
x-content-type-options
nosniff
age
15789
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
114747
x-xss-protection
0
last-modified
Fri, 03 Mar 2023 11:12:24 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 16 Jun 2023 12:12:08 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame EBF4 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst_NBpcN4kA_D373LbcPayehActT50j6174L5D_fYVrLciYr1nZqACf7QVFNbAAqND9SF0K_MCWP68bEwpHm25YMv8APMOup_rVfXFKhh2SnKENDpPnBWpw7LKoCSQRgmkvpOFB36eC9KiK&sai=AMfl-YSku_nloXA8WOVfBAyCXYw5nH-zPCN7edVSowhisX2uLyNTVngpSEUJRk7Vv-Y1gyi4pLBRbh0UUMuRKsYp5zCsM1YzN-ssTatB1kqjCw1_u2J5KufELd0bdmqb&sig=Cg0ArKJSzBR5lq4G-RqFEAE&cid=CAQSPABygQiDOitSGR7Q1DWnSPJ23cMlMcRCkjX2sSDAc1OZbV52PW38ilSj4qC24J3kHDnhrjAaIjhaVRgJUxgB&id=lidar2&mcvt=1000&p=300,1559,340,1600&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230614&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1371935244&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1686846914628&rpt=725&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=14
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:17 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
RX-344c46db-0904-4152-a98e-a01be2142fa8-003
csync.smilewanted.com/set_partner_userid_get/unruly/ Frame B604
Redirect Chain
  • https://sync.1rx.io/usersync2/rmpssp?sub=smilewanted
  • https://sync.1rx.io/usersync2/rmpssp?sub=smilewanted&zcc=1&cb=1686846917392
  • https://ad.turn.com/r/cs?pid=45&rndcb=2414923286
  • https://sync.1rx.io/usersync/turn/7108919932890832803?dspret=1&gdpr=&gdpr_consent=&us_privacy=
  • https://sync.targeting.unrulymedia.com/csync/RX-344c46db-0904-4152-a98e-a01be2142fa8-003?redir=https%3A%2F%2Fcsync.smilewanted.com%2Fset_partner_userid_get%2Funruly%2FRX-344c46db-0904-4152-a98e-a01...
  • https://csync.smilewanted.com/set_partner_userid_get/unruly/RX-344c46db-0904-4152-a98e-a01be2142fa8-003
0
447 B 		Document
General
Check archive.org
Download Go to
Full URL
https://csync.smilewanted.com/set_partner_userid_get/unruly/RX-344c46db-0904-4152-a98e-a01be2142fa8-003
Requested by
Host: csync.smilewanted.com
URL: https://csync.smilewanted.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.69.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://csync.smilewanted.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
cf-cache-status
DYNAMIC
cf-ray
7d7c39b3efd1bb35-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 15 Jun 2023 16:35:17 GMT
server
cloudflare
vary
Accept-Encoding

Redirect headers

content-type
text/html
date
Thu, 15 Jun 2023 16:35:17 GMT
etag
RX344c46db09044152a98ea01be2142fa8003
location
https://csync.smilewanted.com/set_partner_userid_get/unruly/RX-344c46db-0904-4152-a98e-a01be2142fa8-003
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js
pagead2.googlesyndication.com/bg/ Frame 9F54 		37 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/F23xA4-E8U0dLsM7Ua-M74A0tuvycQb5txb3FNVg6II.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
176df1038f84f14d1d2ec33b51af8cef8034b6ebf27106f9b716f714d560e882
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 09:31:52 GMT
content-encoding
br
x-content-type-options
nosniff
age
25405
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14698
x-xss-protection
0
last-modified
Mon, 05 Jun 2023 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 14 Jun 2024 09:31:52 GMT
bac365e9-1492-52a6-80b7-2640e43c1b85
csync.smilewanted.com/set_partner_userid_get/betweenx/ Frame 1E1F
Redirect Chain
  • https://ads.betweendigital.com/match?bidder_id=45128&callback_url=https%3A%2F%2Fcsync.smilewanted.com%2Fset_partner_userid_get%2Fbetweenx%2F${USER_ID}
  • https://ads.betweendigital.com/match?bidder_id=45128&callback_url=https%3A%2F%2Fcsync.smilewanted.com%2Fset_partner_userid_get%2Fbetweenx%2F${USER_ID}&crf=1
  • https://csync.smilewanted.com/set_partner_userid_get/betweenx/bac365e9-1492-52a6-80b7-2640e43c1b85
0
405 B 		Document
General
Check archive.org
Download Go to
Full URL
https://csync.smilewanted.com/set_partner_userid_get/betweenx/bac365e9-1492-52a6-80b7-2640e43c1b85
Requested by
Host: csync.smilewanted.com
URL: https://csync.smilewanted.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.69.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://csync.smilewanted.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
cf-cache-status
DYNAMIC
cf-ray
7d7c39b36f3fbb35-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 15 Jun 2023 16:35:17 GMT
server
cloudflare
vary
Accept-Encoding

Redirect headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
location
https://csync.smilewanted.com/set_partner_userid_get/betweenx/bac365e9-1492-52a6-80b7-2640e43c1b85
03032023-031219390-240_1200_vertikal_congstar-x8cbc85d6-d390-44ae-9c23-0f21b30ab351.png
s0.2mdn.net/4528404/ Frame 436F 		184 KB
184 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/4528404/03032023-031219390-240_1200_vertikal_congstar-x8cbc85d6-d390-44ae-9c23-0f21b30ab351.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
35e7927b53b4e2c801df795f65a9fa9097afb0d1f61957a62c5d9ee86c43c446
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/276555277389937048/index.html?e=69&leftOffset=0&topOffset=0&c=xxjgY8lJhG&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 11:28:08 GMT
x-content-type-options
nosniff
age
18429
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
188157
x-xss-protection
0
last-modified
Fri, 03 Mar 2023 11:12:19 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 16 Jun 2023 11:28:08 GMT
smwt256.gif
us.ck-ie.com/ Frame D3BE 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://us.ck-ie.com/smwt256.gif?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fcsync.smilewanted.com%2Fset_partner_userid_get%2Fbizzclick%2F%7B%24PARTNER_UID%7D
Requested by
Host: csync.smilewanted.com
URL: https://csync.smilewanted.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
8.2.108.194 , United States, ASN46636 (NATCOWEB, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
https://csync.smilewanted.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Type
text/plain
Date
Thu, 15 Jun 2023 16:35:17 GMT
Server
nginx
8196798280612704842
csync.smilewanted.com/set_partner_userid_get/adform/ Frame C4B9
Redirect Chain
  • https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fcsync.smilewanted.com%2Fset_partner_userid_get%2Fadform%2F%24UID
  • https://csync.smilewanted.com/set_partner_userid_get/adform/8196798280612704842
0
439 B 		Document
General
Check archive.org
Download Go to
Full URL
https://csync.smilewanted.com/set_partner_userid_get/adform/8196798280612704842
Requested by
Host: csync.smilewanted.com
URL: https://csync.smilewanted.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.69.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://csync.smilewanted.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
cf-cache-status
DYNAMIC
cf-ray
7d7c39b3cfadbb35-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 15 Jun 2023 16:35:17 GMT
server
cloudflare
vary
Accept-Encoding

Redirect headers

content-length
0
content-type
text/plain
date
Thu, 15 Jun 2023 16:35:17 GMT
location
https://csync.smilewanted.com/set_partner_userid_get/adform/8196798280612704842
server
nginx
702b5873a612f85ce8a9eff1811697cd
csync.smilewanted.com/set_partner_userid_get/freewheel/ Frame 401E
Redirect Chain
  • https://ads.stickyadstv.com/user-matching?id=3602&gdpr=0&gdpr_consent=
  • https://csync.smilewanted.com/set_partner_userid_get/freewheel/702b5873a612f85ce8a9eff1811697cd?gdpr_consent=&gdpr=0
0
576 B 		Document
General
Check archive.org
Download Go to
Full URL
https://csync.smilewanted.com/set_partner_userid_get/freewheel/702b5873a612f85ce8a9eff1811697cd?gdpr_consent=&gdpr=0
Requested by
Host: csync.smilewanted.com
URL: https://csync.smilewanted.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.69.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://csync.smilewanted.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
cf-cache-status
DYNAMIC
cf-ray
7d7c39b4b8cbbb35-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 15 Jun 2023 16:35:17 GMT
server
cloudflare
vary
Accept-Encoding

Redirect headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
0
Date
Thu, 15 Jun 2023 16:35:17 GMT
Expires
Thu, 15 Jun 2023 16:35:17 GMT
Location
https://csync.smilewanted.com/set_partner_userid_get/freewheel/702b5873a612f85ce8a9eff1811697cd?gdpr_consent=&gdpr=0
Pragma
no-cache
Server
nginx
x-sticky-vk
1686846917830046-401
v1
match.sharethrough.com/universal/ Frame A9B8 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://match.sharethrough.com/universal/v1?supply_id=GmfSCHMu&gdpr=0&gdpr_consent=
Requested by
Host: csync.smilewanted.com
URL: https://csync.smilewanted.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.130.194 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-130-194.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
https://csync.smilewanted.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Thu, 15 Jun 2023 16:35:17 GMT
smw888.gif
us.ck-ie.com/ Frame 0F25 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://us.ck-ie.com/smw888.gif?gdpr=0&gdpr_consent=&us_privacy={$USPrivacy}&coppa={$COPPA}&puid={$PARTNER_UID}
Requested by
Host: csync.smilewanted.com
URL: https://csync.smilewanted.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
8.2.108.194 , United States, ASN46636 (NATCOWEB, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
https://csync.smilewanted.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Type
text/plain
Date
Thu, 15 Jun 2023 16:35:17 GMT
Server
nginx
rUyfr0rfrd01P2dB7jsx
csync.smilewanted.com/set_partner_userid_get/rtbhouse/ Frame 0170
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=smilewanted
  • https://creativecdn.com/cm-notify?pi=smilewanted&tc=1
  • https://csync.smilewanted.com/set_partner_userid_get/rtbhouse/rUyfr0rfrd01P2dB7jsx?pi=smilewanted&tc=1
0
656 B 		Document
General
Check archive.org
Download Go to
Full URL
https://csync.smilewanted.com/set_partner_userid_get/rtbhouse/rUyfr0rfrd01P2dB7jsx?pi=smilewanted&tc=1
Requested by
Host: csync.smilewanted.com
URL: https://csync.smilewanted.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.69.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://csync.smilewanted.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
cf-cache-status
DYNAMIC
cf-ray
7d7c39b40ffabb35-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 15 Jun 2023 16:35:17 GMT
server
cloudflare
vary
Accept-Encoding

Redirect headers

cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
date
Thu, 15 Jun 2023 16:35:17 GMT Thu, 15 Jun 2023 16:35:17 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://csync.smilewanted.com/set_partner_userid_get/rtbhouse/rUyfr0rfrd01P2dB7jsx?pi=smilewanted&tc=1
pragma
no-cache
/
www.facebook.com/tr/ Frame 08F7 		0
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=337522080014293&ev=Microdata&dl=https%3A%2F%2Fapi.retargetly.com%2Fapi%3Fid%3D3368%26src%3D0%26url%3Dhttps%253A%252F%252Fwww.metropoles.com%252Fdistrito-federal%252Fna-mira%252Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai%26browserUrl%3Dundefined%26ref%3Dhttps%253A%252F%252Fus-central1-decisive-plasma-381522.cloudfunctions.net%252F%26utmz%3D%26n%3DV%25C3%25ADdeos%253A%2520hacker%2520ostenta%25C3%25A7%25C3%25A3o%2520deu%2520golpe%2520de%2520R%2524%25201%252C5%2520mi%2520em%2520atacadista%2520do%2520DF%2520e%2520torrou%2520dinheiro%2520em%2520Dubai%2520%257C%2520Metr%25C3%25B3poles%26md%3DInvestigados%2520responder%25C3%25A3o%2520por%2520furto%2520qualificado%252C%2520pelo%2520uso%2520de%2520recursos%2520cibern%25C3%25A9tico%252C%2520al%25C3%25A9m%2520de%2520lavagem%2520de%2520dinheiro%2520e%2520organiza%25C3%25A7%25C3%25A3o%2520criminosa%26mk%3D%26il%3D0%26limit_drop%3D%26userid%3D9567dbfe-41e5-499b-a379-99d6a8d82255%26idx%3D%26fullVersionList%3D%26platform%3D%26_rlid%3D9567dbfe-41e5-499b-a379-99d6a8d82255&rl=https%3A%2F%2Fwww.metropoles.com%2Fdistrito-federal%2Fna-mira%2Fhacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai&if=true&ts=1686846917780&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Retargetly!%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.107&r=stable&ec=1&o=30&it=1686846916196&coo=false&es=automatic&tm=3&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 15 Jun 2023 16:35:17 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
activeview
pagead2.googlesyndication.com/pcs/ Frame 6395 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuE_VQAZOA6irBPKpfQxr0_UgHe_UnmByRHD4RJxT_jwvTRTtosKQW7GMwEI-djHDDkZz5Oe7nZ8BwKeowYUcnPWLnf6B2d9tA&sig=Cg0ArKJSzM3hkLLFiGMuEAE&id=lidar2&mcvt=1000&p=1,1,601,121&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20230614&bin=7&avms=nio&bs=0,0&mc=0.98&if=1&vu=1&app=0&itpl=34&adk=3921940206&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1686846916331&rpt=770&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=14
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:18 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 203B 		0
863 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.141 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:18 GMT
AN-X-Request-Uuid
b1be10e3-3ed9-4f13-b708-fa34969e1ca0
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
185.213.155.177; 185.213.155.177; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame A1EE 		0
863 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.210.141 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:18 GMT
AN-X-Request-Uuid
41d59400-e0de-4390-8678-6ab797367bad
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
185.213.155.177; 185.213.155.177; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
VideoBidRequestHandlerServlet
wf.taboola.com/ 		2 KB
897 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=700&height=393&pubid=169497&tagid=953497&crid=5669305&noaop=3&sortOrderType=0&cb=1686846918320&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=2&pv=134314482&pt=290494301&tz=0&viewable=true&ddast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&proto=2,3,5,6&encoded=1&pstn=1&callback=&wfv=1&amp=0&qsz=6&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=1&dtagid=2108235&dpubid=389905&abtst=esv_vA!nonrv_vA!pl134314-482_vB!tbt_unit!ufm_vG&mPre=0.033&cirf=https%3A%2F%2Fwww.metropoles.com&en=1&subu=3
Requested by
Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/4.0.2/UnitFeedManagerDesktop.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
2ace214c0b56b7cb5f16588c75a0252459d27cb5bc4cdc8c9dfe9517d9bcf78f

Request headers

Referer
https://www.metropoles.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-type
text/plain

Response headers

x-cache-hits
0
date
Thu, 15 Jun 2023 16:35:18 GMT
content-encoding
gzip
via
1.1 varnish
machineid
1437
x-cache
MISS
x-served-by
cache-fra-eddf8230082-FRA
pragma
no-cache
server
nginx
x-timer
S1686846918.322409,VS0,VE70
vary
Accept-Encoding
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.metropoles.com
cache-control
no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials
true
accept-ranges
bytes
expires
Sat, 26 Jul 1997 05:00:00 GMT
injector.js
tag.goadopt.io/ 		269 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.goadopt.io/injector.js?website_code=5988c232-b8a1-41ac-a667-3f3f6ee1df61
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:1e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
04f7ca464949ddc37a51897226a8b3c38c141c5639685607afc7c13b244837f2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:18 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
248173
cf-polished
origSize=275323
x-powered-by
Express
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Mon, 12 Jun 2023 19:39:05 GMT
server
cloudflare
vary
Origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=64Nhr9EBM1F6GEmulXDtA7nT7DCvFCEOme4yStK82DbpSIpG9JEGGITGXM41L094d1t7Bo9yZpp08lS6fdF0sdy5c8JBF%2BsA3ndJnaWxqpymH0C9ZDXoizq%2FAnoCOXvgwXXEpBtSmZBQ%2F3gq"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript; charset=utf-8
cache-control
max-age=120
access-control-allow-credentials
true
cf-ray
7d7c39bb6f4403f4-FRA
t3m.js
tags.t.tailtarget.com/ 		15 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.t.tailtarget.com/t3m.js?i=TT-11749-8/CT-701
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.123.184 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
184.123.201.35.bc.googleusercontent.com
Software
nginx/1.8.1 /
Resource Hash
0a80175cf0e8d7d7f09c39d63ea73525fe69972b39f0c02a32f0f2079be47ecd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 14:38:30 GMT
via
1.1 google
age
7008
x-guploader-uploadid
ADPycduuEOOMgygQAlSg0uuMBvz0eXz9GoiiD6oGnhrUVv_jbU-qMuQLdfcSOhc9xWWxVRqkH9eCY8nrhiIRjL4PlVU9Vw
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15606
last-modified
Fri, 25 Oct 2019 18:18:49 GMT
server
nginx/1.8.1
etag
"1681b8554c7e33b844b72d1a09ab2b61"
vary
Accept-Encoding
x-goog-generation
1572027529419262
x-goog-hash
md5=FoG4VUx+M7hEty0aCasrYQ==
content-type
application/javascript
cache-control
max-age=7200,public
x-goog-stored-content-length
15606
accept-ranges
bytes
expires
Thu, 15 Jun 2023 16:38:30 GMT
get-consent
disclaimer-api.goadopt.io/api/tag/ 		109 B
680 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://disclaimer-api.goadopt.io/api/tag/get-consent
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:1e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
3b64582266b46c418dca2ca32a6daa7e77570e3950662ee706166abb31400d49

Request headers

Referer
https://www.metropoles.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 15 Jun 2023 16:35:19 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
alt-svc
h3=":443"; ma=86400
content-length
109
server
cloudflare
etag
W/"6d-Am/9wmnpsahN3QbtC7eurlZnYmc"
vary
Origin
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.metropoles.com
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eZSbp69vTllkzYbMcSoLpQ6V1D3kV5LDhUJ7Tr23p43Jp0WBH2gxAKm386cb5y2r05QiHg%2FuLpD70JOdVCGmxfgtrjAYw7P9gFZiQIoqi78mWMDsCjq2Mus1ZWuTEJglbzh%2FZSKqPzTnW1dvKxH2inIpH1Ek%2BcM%3D"}],"group":"cf-nel","max_age":604800}
access-control-max-age
5
access-control-allow-credentials
true
cf-ray
7d7c39bc186b03f4-FRA
access-control-allow-headers
Accept,Accept-Charset,Accept-Encoding,Authorization,Content-Type,Cookie,Set-Cookie,User-Agent,X-XSRF-TOKEN,adopt-lang
conversion.js
d.tailtarget.com/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d.tailtarget.com/conversion.js
Requested by
Host: us-central1-decisive-plasma-381522.cloudfunctions.net
URL: https://us-central1-decisive-plasma-381522.cloudfunctions.net/function-mp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.123.184 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
184.123.201.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
f3d70165d1438b13b94b2aebf55f853777b6f44c8ca0b3473728bfefa90b115f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 18:33:32 GMT
content-encoding
gzip
age
79307
x-guploader-uploadid
ADPycdsZEo60MeTIvXFO1GzpKg1CIawBsrv33HKbb97zWyEsIVDk6z_GNZuO1FN8IXqJsUKI85uSVn3a-hr9d-LyK_2TVg
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6114
last-modified
Mon, 19 Sep 2022 18:20:35 GMT
server
UploadServer
etag
"1f6a2c178b385e908b632664e93aed26"
x-goog-hash
crc32c=vQZHMA==, md5=H2osF4s4XpCLYyZk6TrtJg==
x-goog-generation
1663611635525811
content-language
en
content-type
application/javascript
cache-control
public, max-age=86400,no-transform
x-goog-stored-content-length
6114
accept-ranges
bytes
expires
Thu, 15 Jun 2023 18:33:32 GMT
base.js
d.tailtarget.com/ 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d.tailtarget.com/base.js
Requested by
Host: d.tailtarget.com
URL: https://d.tailtarget.com/conversion.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.123.184 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
184.123.201.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
54930f8d5930ea73a5643b6e7cd4f3e5142609ed371fd9d1969ad38dba591ab4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 18:34:37 GMT
content-encoding
gzip
age
79242
x-guploader-uploadid
ADPycdt6soEFglNNUyiv8H4B1OuRcWU2SCU3vpCuD-nDJWIiE7XV_qaDkBe2_cIQoOV6Qa19aKdTlojwH-WIdkwdmvt5ZA
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8332
last-modified
Mon, 19 Sep 2022 18:20:35 GMT
server
UploadServer
etag
"e3068e8113c8f02d9b9a31f913c7a062"
x-goog-hash
crc32c=mUroJg==, md5=4waOgRPI8C2bmjH5E8egYg==
x-goog-generation
1663611635449519
content-language
en
content-type
application/javascript
cache-control
public, max-age=86400,no-transform
x-goog-stored-content-length
8332
accept-ranges
bytes
expires
Thu, 15 Jun 2023 18:34:37 GMT
trk
tt-11749-8.seg.t.tailtarget.com/ 		70 B
612 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tt-11749-8.seg.t.tailtarget.com/trk?tA=TT-11749-8&tJ=_channel:metro-distrito-federal:1&tK=1686846919&tM=referral&tL=referral&tN=referral&tY=3&tZ=952992286
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.185.99 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
99.185.102.34.bc.googleusercontent.com
Software
nginx/1.17.8 /
Resource Hash
e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:19 GMT
via
1.1 google
server
nginx/1.17.8
p3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/png
cache-control
no-cache, private, proxy-revalidate
content-disposition
inline
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
70
u
b.t.tailtarget.com/ 		74 B
507 B 		Script
General
Check archive.org
Download Go to
Full URL
https://b.t.tailtarget.com/u?env=_ttq_tt_metrop
Requested by
Host: d.tailtarget.com
URL: https://d.tailtarget.com/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.185.99 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
99.185.102.34.bc.googleusercontent.com
Software
nginx/1.17.8 /
Resource Hash
f0c1ddaa56262c182d7cc687a6b8fb1543422120ee1ec17129ef18fd2e6f8304

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:19 GMT
content-encoding
gzip
via
1.1 google
server
nginx/1.17.8
vary
Accept-Encoding, Accept-Encoding
p3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
application/x-javascript
cache-control
private, proxy-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
b
b.t.tailtarget.com/ 		154 B
591 B 		Script
General
Check archive.org
Download Go to
Full URL
https://b.t.tailtarget.com/b?tA=TT-11749-8&tY=1&tS=3&tU=0100007FC73D8B64AD064CA602296C03&tX=b.52&tZ=853626250&env=_ttq_tt_metrop
Requested by
Host: d.tailtarget.com
URL: https://d.tailtarget.com/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.185.99 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
99.185.102.34.bc.googleusercontent.com
Software
nginx/1.17.8 /
Resource Hash
cbbbad4c99b22f1ba0c1f9bebf1772ffaf1efdae17acc93b4abc4c98c45c5f1a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:19 GMT
content-encoding
gzip
via
1.1 google
server
nginx/1.17.8
vary
Accept-Encoding, Accept-Encoding
p3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
application/javascript
cache-control
no-cache, private, proxy-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ca
tt-11749-8.seg.t.tailtarget.com/ 		81 B
119 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tt-11749-8.seg.t.tailtarget.com/ca?tZ=840217882&env=_ttq_tt_metrop
Requested by
Host: d.tailtarget.com
URL: https://d.tailtarget.com/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.102.185.99 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
99.185.102.34.bc.googleusercontent.com
Software
nginx/1.17.8 /
Resource Hash
d4dd6b615ad0482deb600673aa2d9a1261a0b67263c498887c90b9a5adb49b78

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:19 GMT
content-encoding
gzip
via
1.1 google
server
nginx/1.17.8
vary
Accept-Encoding, Accept-Encoding
p3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
application/javascript
cache-control
no-cache, private, proxy-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
__tt.gif
t.tailtarget.com/ 		43 B
291 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.tailtarget.com/__tt.gif?tA=TT-11749-8&tE=0&tF=&tI=_frankfurt%20am%20main_hesse_de_1686846919493_3117783985&tJ=&tQ=metro-distrito-federal&tU=0100007FC73D8B64AD064CA602296C03&tX=b.52&tY=1&tZ=554110109
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.185.99 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
99.185.102.34.bc.googleusercontent.com
Software
nginx/1.17.8 /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:19 GMT
via
1.1 google
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
server
nginx/1.17.8
p3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/gif
cache-control
no-cache, private, proxy-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Thu, 01 Jan 1970 00:00:01 GMT
03032023-031224562-240_1200_vertikal_congstar-x_ohnexc7febedb-d28d-4ad7-b34c-3d11ea92a189.png
s0.2mdn.net/4528404/ Frame 436F 		112 KB
112 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/4528404/03032023-031224562-240_1200_vertikal_congstar-x_ohnexc7febedb-d28d-4ad7-b34c-3d11ea92a189.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1eb09874e96e9102ddae4adeb9fbf519e58f8797bee76e737f537aaddbbb987b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/276555277389937048/index.html?e=69&leftOffset=0&topOffset=0&c=xxjgY8lJhG&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 12:12:08 GMT
x-content-type-options
nosniff
age
15792
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
114747
x-xss-protection
0
last-modified
Fri, 03 Mar 2023 11:12:24 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 16 Jun 2023 12:12:08 GMT
dc_oe=ChMI7t-NutrF_wIV9ouDBx1C6wiOEAAYACCguYBP;stragg=1;&timestamp=1686846920427;str=Show%20Slide%200;strtype=1
ade.googlesyndication.com/ddm/activity/ Frame 6395 		42 B
401 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI7t-NutrF_wIV9ouDBx1C6wiOEAAYACCguYBP;stragg=1;&timestamp=1686846920427;str=Show%20Slide%200;strtype=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:20 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
VideoBidRequestHandlerServlet
am-wf.taboola.com/ 		2 KB
909 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://am-wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=700&height=393&pubid=169497&tagid=953497&crid=5669305&noaop=3&sortOrderType=0&cb=1686846921321&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=3&pv=134314482&pt=290494301&tz=0&viewable=true&ddast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&proto=2,3,5,6&encoded=1&pstn=1&callback=&wfv=1&amp=0&qsz=6&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=1&dtagid=2108235&dpubid=389905&abtst=esv_vA!nonrv_vA!pl134314-482_vB!tbt_unit!ufm_vG&mPre=0.033&cirf=https%3A%2F%2Fwww.metropoles.com&en=1&subu=3
Requested by
Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/4.0.2/UnitFeedManagerDesktop.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
8ef139298f06aa7b44807ff738e0ecfc7029f48916dfa065997f5b83b1f424c9

Request headers

Referer
https://www.metropoles.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-type
text/plain

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:21 GMT
content-encoding
gzip
server
nginx
machineid
1417
vary
Accept-Encoding
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.metropoles.com
cache-control
no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials
true
expires
Sat, 26 Jul 1997 05:00:00 GMT
VideoBidRequestHandlerServlet
am-wf.taboola.com/ 		2 KB
910 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://am-wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=700&height=393&pubid=169497&tagid=953497&crid=5669305&noaop=3&sortOrderType=0&cb=1686846924329&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=4&pv=134314482&pt=290494301&tz=0&viewable=true&ddast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&proto=2,3,5,6&encoded=1&pstn=1&callback=&wfv=1&amp=0&qsz=6&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=1&dtagid=2108235&dpubid=389905&abtst=esv_vA!nonrv_vA!pl134314-482_vB!tbt_unit!ufm_vG&mPre=0.033&cirf=https%3A%2F%2Fwww.metropoles.com&en=1&subu=3
Requested by
Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/4.0.2/UnitFeedManagerDesktop.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
8ef139298f06aa7b44807ff738e0ecfc7029f48916dfa065997f5b83b1f424c9

Request headers

Referer
https://www.metropoles.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-type
text/plain

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:24 GMT
content-encoding
gzip
server
nginx
machineid
1434
vary
Accept-Encoding
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.metropoles.com
cache-control
no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials
true
expires
Sat, 26 Jul 1997 05:00:00 GMT
dc_oe=ChMIiqf2uNrF_wIVkJv9Bx0wIwG3EAAYACCNoYlbQhMIuJu7uNrF_wIVQczVCh1mfgG8;met=1;&timestamp=1686846925725;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 395B 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIiqf2uNrF_wIVkJv9Bx0wIwG3EAAYACCNoYlbQhMIuJu7uNrF_wIVQczVCh1mfgG8;met=1;&timestamp=1686846925725;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:25 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dc_oe=ChMIvOr_uNrF_wIV_Z39Bx2e3QjcEAAYACD-rIlbQhMIv5u7uNrF_wIVQczVCh1mfgG8;met=1;&timestamp=1686846925726;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame E2DB 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIvOr_uNrF_wIV_Z39Bx2e3QjcEAAYACD-rIlbQhMIv5u7uNrF_wIVQczVCh1mfgG8;met=1;&timestamp=1686846925726;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:25 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dc_oe=ChMI7ar_uNrF_wIVx5L9Bx04awWtEAAYACCfgfRaQhMIvJu7uNrF_wIVQczVCh1mfgG8;met=1;&timestamp=1686846925835;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame A085 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI7ar_uNrF_wIVx5L9Bx04awWtEAAYACCfgfRaQhMIvJu7uNrF_wIVQczVCh1mfgG8;met=1;&timestamp=1686846925835;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:25 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dc_oe=ChMIlur6uNrF_wIV85P9Bx17twVxEAAYACCfgfRaQhMIu5u7uNrF_wIVQczVCh1mfgG8;met=1;&timestamp=1686846925837;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame B230 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIlur6uNrF_wIV85P9Bx17twVxEAAYACCfgfRaQhMIu5u7uNrF_wIVQczVCh1mfgG8;met=1;&timestamp=1686846925837;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:25 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
img
pixel.mathtag.com/comp/ Frame 08F7 		0
503 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.mathtag.com/comp/img?mt_id=99&ns=xx&bcdv=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.20.207 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-20-207.deploy.static.akamaitechnologies.com
Software
MT3 1031 59fd23a master cdg cdg-pixel-x29 config_version:"1438" /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.retargetly.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Thu, 15 Jun 2023 16:35:25 GMT
Server
MT3 1031 59fd23a master cdg cdg-pixel-x29 config_version:"1438"
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
*
Content-Type
image/gif
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Expires
Thu, 15 Jun 2023 16:35:24 GMT
dc_oe=ChMIysKuudrF_wIVS4iDBx2kcw_pEAAYACDHrcBaQhMI7YrtuNrF_wIVlKvVCh3UKwJK;met=1;&timestamp=1686846926203;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 644D 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIysKuudrF_wIVS4iDBx2kcw_pEAAYACDHrcBaQhMI7YrtuNrF_wIVlKvVCh3UKwJK;met=1;&timestamp=1686846926203;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:26 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dc_oe=ChMI7t-NutrF_wIV9ouDBx1C6wiOEAAYACCguYBP;met=1;&timestamp=1686846927231;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 6395 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI7t-NutrF_wIV9ouDBx1C6wiOEAAYACCguYBP;met=1;&timestamp=1686846927231;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:27 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
VideoBidRequestHandlerServlet
am-wf.taboola.com/ 		2 KB
910 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://am-wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=700&height=393&pubid=169497&tagid=953497&crid=5669305&noaop=3&sortOrderType=0&cb=1686846927332&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=5&pv=134314482&pt=290494301&tz=0&viewable=true&ddast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&proto=2,3,5,6&encoded=1&pstn=1&callback=&wfv=1&amp=0&qsz=6&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=1&dtagid=2108235&dpubid=389905&abtst=esv_vA!nonrv_vA!pl134314-482_vB!tbt_unit!ufm_vG&mPre=0.033&cirf=https%3A%2F%2Fwww.metropoles.com&en=1&subu=3
Requested by
Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/4.0.2/UnitFeedManagerDesktop.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
8ef139298f06aa7b44807ff738e0ecfc7029f48916dfa065997f5b83b1f424c9

Request headers

Referer
https://www.metropoles.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-type
text/plain

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:27 GMT
content-encoding
gzip
server
nginx
machineid
1409
vary
Accept-Encoding
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.metropoles.com
cache-control
no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials
true
expires
Sat, 26 Jul 1997 05:00:00 GMT
VideoBidRequestHandlerServlet
am-wf.taboola.com/ 		2 KB
907 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://am-wf.taboola.com/VideoBidRequestHandlerServlet?oid=15&width=700&height=393&pubid=169497&tagid=953497&crid=5669305&noaop=3&sortOrderType=0&cb=1686846930334&mimes=5,10,11,12&isvideo=0&plmd=2&mindur=1&maxdur=210&minbr=1&maxbr=10000&st=0&seq=6&pv=134314482&pt=290494301&tz=0&viewable=true&ddast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&proto=2,3,5,6&encoded=1&pstn=1&callback=&wfv=1&amp=0&qsz=6&ft=0&pb=0&pagg=1&sd=undefined&ctsldr=1&dtagid=2108235&dpubid=389905&abtst=esv_vA!nonrv_vA!pl134314-482_vB!tbt_unit!ufm_vG&mPre=0.033&cirf=https%3A%2F%2Fwww.metropoles.com&en=1&subu=3
Requested by
Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/lite-unit/4.0.2/UnitFeedManagerDesktop.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
7e30ee4f7ae5bdbdad18cef31e1bbccfcbb61c38416dec7bde5bed544cafc289

Request headers

Referer
https://www.metropoles.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-type
text/plain

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:30 GMT
content-encoding
gzip
server
nginx
machineid
1479
vary
Accept-Encoding
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.metropoles.com
cache-control
no-cache,must-revalidate,no-store,max-age=0,s-maxage=0
access-control-allow-credentials
true
expires
Sat, 26 Jul 1997 05:00:00 GMT
ad
webservices.webspectator.com/ Frame 270E 		194 B
590 B 		Script
General
Check archive.org
Download Go to
Full URL
https://webservices.webspectator.com/ad?auid=1457537&sz=%5B%5B728%2C90%5D%5D&pl=%7B%7D&dm=2&ci=0&is=1&piv=100&ts=1686846930432&cc=DE&rc=HE&sid=30A0B7F38F84E171&ct=%7B%22refresh%22%3A%5B%22true%22%5D%2C%22refreshed_slot%22%3A%5B%22false%22%5D%7D&s=4898
Requested by
Host: wfpscripts.webspectator.com
URL: https://wfpscripts.webspectator.com/ws-ad.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.192.67.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-67-210.compute-1.amazonaws.com
Software
WildFly/10 / Undertow/1
Resource Hash
3bb2a4b1af9521de10b8b7267160cf739bc8317226a954f7f341ab1367281711

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:30 GMT
Server
WildFly/10
X-Powered-By
Undertow/1
X-NoCache
true
Cache-Control
no-cache, no-store, must-revalidate
Content-Length
194
Expires
Thu, 01 Jan 1970 00:00:00 GMT
blank
webservices.webspectator.com/ 		0
248 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://webservices.webspectator.com/blank?appid=2779&auid=1457537&acid=548&iid=p0b47113d8efd472744324f8c44e687fb268c405aa6&is=1&m=0&ts=1686846931083&s=4898
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.192.67.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-67-210.compute-1.amazonaws.com
Software
WildFly/10 / Undertow/1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.metropoles.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 15 Jun 2023 16:35:31 GMT
Server
WildFly/10
X-Powered-By
Undertow/1
X-NoCache
true
Cache-Control
no-cache, no-store, must-revalidate
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
dc_oe=ChMIiqf2uNrF_wIVkJv9Bx0wIwG3EAAYACCNoYlbQhMIuJu7uNrF_wIVQczVCh1mfgG8;met=1;&timestamp=1686846935724;eid1=2;ecn1=0;etm1=10;
ade.googlesyndication.com/ddm/activity/ Frame 395B 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIiqf2uNrF_wIVkJv9Bx0wIwG3EAAYACCNoYlbQhMIuJu7uNrF_wIVQczVCh1mfgG8;met=1;&timestamp=1686846935724;eid1=2;ecn1=0;etm1=10;
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:35 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dc_oe=ChMIvOr_uNrF_wIV_Z39Bx2e3QjcEAAYACD-rIlbQhMIv5u7uNrF_wIVQczVCh1mfgG8;met=1;&timestamp=1686846935726;eid1=2;ecn1=0;etm1=10;
ade.googlesyndication.com/ddm/activity/ Frame E2DB 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIvOr_uNrF_wIV_Z39Bx2e3QjcEAAYACD-rIlbQhMIv5u7uNrF_wIVQczVCh1mfgG8;met=1;&timestamp=1686846935726;eid1=2;ecn1=0;etm1=10;
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:35 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dc_oe=ChMI7ar_uNrF_wIVx5L9Bx04awWtEAAYACCfgfRaQhMIvJu7uNrF_wIVQczVCh1mfgG8;met=1;&timestamp=1686846935835;eid1=2;ecn1=0;etm1=10;
ade.googlesyndication.com/ddm/activity/ Frame A085 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI7ar_uNrF_wIVx5L9Bx04awWtEAAYACCfgfRaQhMIvJu7uNrF_wIVQczVCh1mfgG8;met=1;&timestamp=1686846935835;eid1=2;ecn1=0;etm1=10;
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:35 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dc_oe=ChMIlur6uNrF_wIV85P9Bx17twVxEAAYACCfgfRaQhMIu5u7uNrF_wIVQczVCh1mfgG8;met=1;&timestamp=1686846935837;eid1=2;ecn1=0;etm1=10;
ade.googlesyndication.com/ddm/activity/ Frame B230 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIlur6uNrF_wIV85P9Bx17twVxEAAYACCfgfRaQhMIu5u7uNrF_wIVQczVCh1mfgG8;met=1;&timestamp=1686846935837;eid1=2;ecn1=0;etm1=10;
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:35 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sync
am-match.taboola.com/ Frame 5887 		798 B
884 B 		Document
General
Check archive.org
Download Go to
Full URL
https://am-match.taboola.com/sync?dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&excid=22&docw=0&cijs=1&nlb=true
Requested by
Host: vidstat.taboola.com
URL: https://vidstat.taboola.com/vpaid/units/32_8_8/infra/cmTagFEED_MANAGER.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
9f1015a7efe1228aa67672ce5a1f4e423b30c12c9705659a186004961462a293

Request headers

Referer
https://www.metropoles.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-type
text/html;charset=ISO-8859-1
date
Thu, 15 Jun 2023 16:35:35 GMT
machineid
3407
server
nginx
generic
match.adsrvr.org/track/cmf/ Frame 5887 		70 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?gdpr=1&ttd_pid=054f32o&us_privacy=1---&ttd_tpi=1
Requested by
Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&excid=22&docw=0&cijs=1&nlb=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://am-match.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Thu, 15 Jun 2023 16:35:35 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
/
sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/ Frame 5887
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/taboola/1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341?gdpr=1&us_privacy=1---
  • https://sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/?taboola_hm=y-DRBsniRE2oSDK_CkBz47SDb3kwucMn4KlebJXg--~A
0
99 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/?taboola_hm=y-DRBsniRE2oSDK_CkBz47SDb3kwucMn4KlebJXg--~A
Requested by
Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&excid=22&docw=0&cijs=1&nlb=true
Protocol
H2
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://am-match.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:35 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
18048

Redirect headers

date
Thu, 15 Jun 2023 16:35:35 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
location
https://sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/?taboola_hm=y-DRBsniRE2oSDK_CkBz47SDb3kwucMn4KlebJXg--~A
content-length
0
sync
ups.analytics.yahoo.com/ups/58785/ Frame 5887 		0
39 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/58785/sync?redir=true&gdpr=1&us_privacy=1---
Requested by
Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&excid=22&docw=0&cijs=1&nlb=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-75-62-37.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.57 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://am-match.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:35 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.57
age
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
sync
x.bidswitch.net/ Frame 5887 		43 B
147 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?gdpr=1&us_privacy=1---&ssp=taboola
Requested by
Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&excid=22&docw=0&cijs=1&nlb=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.120.73.159 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-120-73-159.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://am-match.taboola.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Thu, 15 Jun 2023 16:35:35 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif
usync.html
eus.rubiconproject.com/ Frame 1D30 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=16698&endpoint=us-east&gdpr=1&us_privacy=1---
Requested by
Host: am-match.taboola.com
URL: https://am-match.taboola.com/sync?dast=V8keoCLAbgxNyYszsNohPAibkxZ3caRC8AAABgYID-AMmsHJPdzLVaiwyTiVu0sjjWyoXJudZtXA7HaLFweSaLISAx58SxWsxMbs1wNVqLFsaVW2IZ7dYqh2PlMiyXm5HFZQUfxnKZDGqBhGX2-w4KyunpMbsMoqLrbbE7nGbPGwQmoul0-Fz3et3vd1e7TJe_4W92ee4av9svcnpOl6fp75a5TC7Lw-yXO9xqp-XhFzo8XpflrfecXnbTw-Pwu0Uu11vnNxtebpHLLXkrVmu1061yuxWmh8dhcnpOD7fI7xbZ3Cq36G-5_F1vkdNudDktf7fK7Ra5Lg6nHQAAAAA8ALAKzIXwAwgAEAEAAABAAgAAAACFgAr_FgQuAAAAAGAAQBBu1QAAxaGA_Ua7yx8AAB4gQAAACGCQACiYjygBALKydAIAAAAAAAAAgMX___9_jAH63UEZACQOpT0AHnwAPBApEC3CCAAAAEBu9WbskUk6QcWiCgAAQboVgCsAAAGIv-k-d2EAAAAGxIg3rNujOSF4jVmgh8XvNzvsGr_bZQAAAAAAAAAAzPyf-UcjBCX8mCaIAcVezS8gAMCaX0AAADbqBgDgjQCckOODptPhc93rVZ-3xmU3XR5mx1rk8jg9T9vLLTg7PG-HWzNcrCaTucbsd51srrvH9PTbPXe5y_QXHYJWDAaroxCTzWa3XC6Xy9kBAAAAuPP___-PR7xh3R7NCcFLD8hYZobhYrfcjBYbm2u1WY6MC4trZhgsRs7dwjHznsV4nCZ2tvjCPiHCMvt9BwXl9PSYXQZR0fW22B1Os-cgPmgYlpNBMD8TthitJpPNcjhbLiaD4Wg4Gu3PQCxGAzQRg-VyMllMdqvRarQZ7kazwQIJxGCCKFo0mKxGo8liMlyNJqvZcrHbbRBFq1az0WYwXM0ms91uNRwMl6MRmrDFaDWZbJbD2XIxGQxHw9FoiGBiY5kNhsuNWzZZbtai1WS0VphGlrVmMfKYFg7TZmYZuUWvj-liHG08o8UWCQYY7kVwkU7ULtPlb_ibXZ6TzSKWaE4W6UR22XcsM8NwsVtuRouNzbXaLEfGhcU1MwwWI-du4Zj5GxvLbDBcbtyyyXKzFq0mo7XCNLKsNYuRx7RwmDYzy8gten1MF-No4xkt9o3ZcDYczZaLzb4xG86Go9lysdl3-LzV1vhmFG0jM49QOQwObTGb06BwGSzen8S0mHZnB9PJd3S6vMJkUWf0-_1-v9_v9_v9foPWczAbFL7n8iu-LbbV9e9ZOYgNBkUsEZwu0onoZTxdxBLJ0yKdqAarzW4ysViMm9HCshlZRpbJbLYxjkyGlW85M03EEqXpIp3oRU7P6fI0_d0yl8lleZj9codb7bQ8_EKHx-uyvPWe08tuengcfrfI5Xrr_GbDyy1yuSVvxWqtdrpVbrfC9PA4TE7P6eEW-d0im1vlFv0tl7_rLXLajS6n5e9Wud0i18XhtKj_6CGGq7lksZkrVqu5YrdbJQAAAAAAAAAASzDNdBMAAAAAJ4MZLpeD1XIBSEwf6vo5fMIipSSA3lWSwfgewt1uX6yxxxjaZbr8DX-zy3OyWRmAhdMSs808I4i1Wi1rAAAAAtgAAAACuOnGm4DzSs4-oCo33Kj1wg9-BTEYDif7B6BCrNVq-XyxVqsF!&excid=22&docw=0&cijs=1&nlb=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.201.255.110 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-255-110.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://am-match.taboola.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Thu, 15 Jun 2023 16:35:35 GMT
ETag
"403b9-119-5ec73a0a33d00"
Last-Modified
Wed, 02 Nov 2022 02:30:44 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
usync.js
eus.rubiconproject.com/ Frame 1D30 		34 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=16698&endpoint=us-east&gdpr=1&us_privacy=1---
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.201.255.110 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-255-110.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
e688988e1a802a298ca327000a3266be6af64da0c6f6a48dd38dfd4bc30fa951

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=16698&endpoint=us-east&gdpr=1&us_privacy=1---
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Thu, 15 Jun 2023 16:35:36 GMT
Content-Encoding
gzip
Last-Modified
Wed, 14 Jun 2023 19:18:58 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=9744
Connection
keep-alive
Content-Length
10113
Expires
Thu, 15 Jun 2023 19:18:00 GMT
dc_oe=ChMIysKuudrF_wIVS4iDBx2kcw_pEAAYACDHrcBaQhMI7YrtuNrF_wIVlKvVCh3UKwJK;met=1;&timestamp=1686846936203;eid1=2;ecn1=0;etm1=10;
ade.googlesyndication.com/ddm/activity/ Frame 644D 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIysKuudrF_wIVS4iDBx2kcw_pEAAYACDHrcBaQhMI7YrtuNrF_wIVlKvVCh3UKwJK;met=1;&timestamp=1686846936203;eid1=2;ecn1=0;etm1=10;
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:36 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dc_oe=ChMI7t-NutrF_wIV9ouDBx1C6wiOEAAYACCguYBP;met=1;&timestamp=1686846937225;eid1=2;ecn1=0;etm1=10;
ade.googlesyndication.com/ddm/activity/ Frame 6395 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI7t-NutrF_wIV9ouDBx1C6wiOEAAYACCguYBP;met=1;&timestamp=1686846937225;eid1=2;ecn1=0;etm1=10;
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 15 Jun 2023 16:35:37 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
c.amazon-adsystem.com
URL
https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.metropoles.com&pubid=2bb0a508-595f-49a8-87af-9e3915fc9884
Domain
cdn.taboola.com
URL
https://cdn.taboola.com/libtrc/feed-card-placeholder.20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79.es6.js
Domain
cdn.taboola.com
URL
https://cdn.taboola.com/libtrc/userx.20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79.es6.js
Domain
cdn.taboola.com
URL
https://cdn.taboola.com/libtrc/distance-from-article.20230613-45_b2-PR-57457-DEV-135277-em-display-try-to-implement-one-of-the-suggested-solutions-4cb457b6e79.es6.js
Domain
static.criteo.net
URL
https://static.criteo.net/animejs/animejs.js
Domain
pixel.rubiconproject.com
URL
https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJvWI-rEml3vRu5sUE49s90&google_cver=1
Domain
aax-eu.amazon-adsystem.com
URL
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
Domain
pr-bh.ybp.yahoo.com
URL
https://pr-bh.ybp.yahoo.com/sync/rubicon/9RGvM21E7Pkw2IdleeGWAA?csrc=
Domain
s.amazon-adsystem.com
URL
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
Domain
pixel.rubiconproject.com
URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEAndXHZ705D4iVw9MbDpj5s&google_cver=1
Domain
px.ads.linkedin.com
URL
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LIXD3KQF-L-AV6P
Domain
s0.2mdn.net
URL
https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js
Domain
s0.2mdn.net
URL
https://s0.2mdn.net/sadbundle/8330602074580042046/CBV_MY24_Interactive_DE_300x600/style.css?cachebust=1679494247618
Domain
s0.2mdn.net
URL
https://s0.2mdn.net/sadbundle/8330602074580042046/CBV_MY24_Interactive_DE_300x600/banner.js?cachebust=1679494247618
Domain
s0.2mdn.net
URL
https://s0.2mdn.net/sadbundle/9774328433567174441/CbV_EX90_DE_300x250/CbV_EX90_DE_300x250.json
Domain
s0.2mdn.net
URL
https://s0.2mdn.net/sadbundle/9774328433567174441/CbV_EX90_DE_300x250/CbV_EX90_DE_300x250.json

Verdicts & Comments Add Verdict or Comment

324 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| 25 object| 26 object| 27 object| 28 object| 29 object| 30 boolean| credentialless object| onbeforetoggle object| onscrollend object| _taboola object| webpackChunk_N_E object| regeneratorRuntime function| __next_require__ object| next object| __NEXT_DATA__ function| __SSG_MANIFEST_CB object| __NEXT_P object| _N_E function| __NEXT_PRELOADREADY function| _ function| DOMPurify object| __MIDDLEWARE_MATCHERS object| __BUILD_MANIFEST object| __SSG_MANIFEST function| ga function| OneSignal object| googletag object| ggeac object| google_tag_data object| google_js_reporting_queue number| __oneSignalSdkLoadCount function| __jp0 undefined| google_measure_js_timing object| gaplugins object| gaGlobal object| gaData object| CleverCore boolean| CleverCoreLoaded object| dataLayer object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_conversion_id object| google_custom_params object| google_remarketing_only object| getUrl string| slot_ad number| tamanhoUrl function| getTailTargetParam object| _ttprofilescache object| a object| c object| d object| denakop function| processGoogleToken object| googleToken object| googleIMState number| google_unique_id object| apstag function| onYouTubeIframeAPIReady object| TRC object| _tblConsole undefined| msg string| pm_pgtp object| _comscore object| dkpbjs object| dkpbjsChunk boolean| apstagLOADED object| _aps object| apscustom object| COMSCORE object| ns_p boolean| _tb_dis string| pm_ppy string| _pmep string| _pmep_geo string| _pmpmk boolean| _pmasync boolean| _pmoptimization boolean| _pmoptimizationmanipulation boolean| _pmhp boolean| _pmsb object| pmk object| pmglb object| pmfa object| pmad object| pmdebug_c object| _pmenv object| _pma undefined| _tb_d undefined| _tb_rand object| _pm_ecd string| _tb_vpx boolean| _tb_vautop function| _pmloadfile function| pmws_request_done function| _tb_getUrlParameter function| __trcCopyProps function| __trcFromError function| __trcClientTimestamp function| __trcLog function| __trcError function| __trcDebug function| __trcInfo function| __trcWarn function| __trcWarnUsingBeacon function| __trcDOMWalker function| __trcJSONify function| __trcUnJSONify function| __trcTrim function| __trcGetElementsByClass function| __trcToArray function| __trcObjectCreate function| PageManager function| addHashParam number| trc_debug_level string| trc_article_id object| TRCImpl number| taboola_view_id object| GoogleGcLKhOms object| _pmk function| TBWidgetFacebook function| TBVideoElem function| TBVideoEvents function| TBOptimizationAutoPlayInfoFromXPathAndURL function| TBWidgetVideoPlayer function| TBGenericVideoModule function| TBOtherPlayer function| TBVideoMetaData function| TBVideo function| TBVideoDetectionYoutubeAPI function| TBOptimizationTouchAndClickEventTracker function| TBWidgetStorage object| PMFileLoader object| PMPage object| PMTemplate function| PMTracking function| PMUniversalGA function| PMMdotLabs function| PMComScore function| PMPublisher function| TBOptimization function| PMGlobal function| pmws_getlocation_done object| pmdebug object| pmws object| pi object| _pm_mcg object| image object| tempwin string| wsHost object| s object| x object| _qevents function| e function| h object| win number| __WS_BOOT function| quantserve function| __qc object| ezt object| _qoptions object| __wsconf function| ws_fpVal object| s0 object| s1 object| s2 object| s3 object| s4 object| swfobject object| google_image_requests string| nam object| placementData string| IbtRealTimeSJType function| loadOrtcFactory function| OrtcFactory function| OrtcError function| ortcIsValidUrl function| ortcIsValidInput function| ortcIsValidBoolean function| ortcIsFunction function| ortcIsString function| ortcIsArray function| ortcStrToArray function| IbtRealTimeSJ function| SockJS function| adBlockDetected function| createModal function| adBlockNotDetected function| isNewDailyVisitor function| createBlockingCookie function| deleteBlockingCookie function| blockingCookieExists function| logBlockedEvent function| logUnblockedEvent function| setCookie function| getCookie function| sendToLog function| BlockAdBlock object| blockAdBlock function| EventEmitter object| __WSAPI string| mappingUrl boolean| __WSLoaded number| connectionMetadataMaxSize object| ws_zones number| _rl_cn string| _rl_ptc object| _rl_ids object| _rely object| tbopt object| cmTag function| scriptHasBeenDefined object| _w object| _d string| eventMethod function| eventer string| messageEvent string| SOCKET_SERVER object| _cm_wfCounters string| lastWfUrl function| GooglemKTybQhCsO object| google_conversion_date object| google_conversion_time number| google_conversion_snippets number| google_conversion_first_time object| google_conversion_js_version object| google_conversion_format object| google_enable_display_cookie_match object| google_conversion_type object| google_conversion_order_id object| google_conversion_language object| google_conversion_value object| google_conversion_currency object| google_conversion_domain object| google_conversion_label object| google_conversion_color object| google_disable_viewthrough object| google_gtag_event_data object| google_conversion_linker object| google_tag_for_child_directed_treatment object| google_tag_for_under_age_of_consent object| google_allow_ad_personalization_signals object| google_restricted_data_processing object| google_conversion_items object| google_conversion_merchant_id object| google_user_id object| onload_callback object| opt_image_generator object| google_gtm_url_processor object| google_conversion_page_url object| google_conversion_referrer_url object| google_gtm object| google_gcl_cookie_prefix object| google_gcl_cookie_path object| google_gcl_cookie_flags object| google_gcl_cookie_domain object| google_gcl_cookie_max_age_seconds object| google_read_gcl_cookie_opt_out object| google_basket_feed_country object| google_basket_feed_language object| google_basket_discount object| google_basket_transaction_type object| google_additional_conversion_params object| google_additional_params object| google_transport_url object| google_gtm_experiments function| webpackHotUpdate function| startCMTagMain string| category function| shuffle object| entertainment object| arrToUse object| playlist function| OvaMediaPlayer object| _newsroom number| newsroomStartsLoadingTime object| tbNewsroom object| teads_analytics object| adoptApp string| disclaimerStatus function| sendAdoptCommand object| TTTagManager function| TTTagManagerError object| _ttq_tt_metrop string| n object| cmds object| _tt_metrop object| ttcNamespace string| version string| _ttcNamespace string| _ttqNamespace function| TTConversionBase function| ttConversionBaseE object| _ttconversionHolder object| ttqNamespace function| TTBase function| ttBaseE object| _ttqHolder

104 Cookies

Domain/Path Name / Value
.onesignal.com/ Name: __cf_bm
Value: RTg_Nr.RAgUZng7ko8GTse3ddDD.9HcoThLddntx.Hc-1686846911-0-AW4M2G8RMr4BLVehBX+sbBMX+YhJAasgSuTt/TbuhmS0bQogp7TuJlDAZ9ojHwsH4YzMhnqHQzgrKG/+BzUYxOs=
.metropoles.com/ Name: _gid
Value: GA1.2.990935115.1686846911
.metropoles.com/ Name: _gat
Value: 1
.metropoles.com/ Name: _ga_JKHLW29XV9
Value: GS1.1.1686846913.1.0.1686846913.60.0.0
.metropoles.com/ Name: _ga
Value: GA1.1.221450224.1686846911
www.metropoles.com/ Name: denakop_freq
Value: {}
www.metropoles.com/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
.denakop.com/ Name: uxid
Value: UX0nCNP0SSm%2FEbG8H3cZ3w%2F0
.quantserve.com/ Name: mc
Value: 648b3dc1-6b6d7-3ed92-483c6
.metropoles.com/ Name: __qca
Value: P0-1893435488-1686846913372
.webspectator.com/ Name: ___ws_gid
Value: 30A0B7F38F84E171
.metropoles.com/ Name: ___ws_ses
Value: 30A0B7F38F84E171.1
.metropoles.com/ Name: ___ws-sr
Value: https://us-central1-decisive-plasma-381522.cloudfunctions.net/
.metropoles.com/ Name: ___ws_vis
Value: 30A0B7F38F84E171.1686846913727
.metropoles.com/ Name: ___ws_ses_sec
Value: 4898:1686846913727
.metropoles.com/ Name: ___ws_vis_sec
Value: 4898:1686846913727
.metropoles.com/ Name: __gads
Value: ID=dd86525f3e549161:T=1686846912:RT=1686846912:S=ALNI_MZZbtAM5CE_o62-pXjdhh3k1cAdqA
.metropoles.com/ Name: __gpi
Value: UID=00000c484b572faf:T=1686846912:RT=1686846912:S=ALNI_MZK5nz7d6Y6ti8sHKERKAOP1P9wqA
.rubiconproject.com/ Name: khaos
Value: LIXD3KQF-L-AV6P
.rubiconproject.com/ Name: audit
Value: 1|naVuGyos1qohKM6RS83I9D5APvdogVCbaTd6KyMQnau+SmvwaNDOnlCNmtOmLG8u28Dmys2/cEszF7tJjY0HZWjYHTlS9mMvkbWKGMgPPHuyqVI1k5poNA==
www.metropoles.com/ Name: trc_cookie_storage
Value: taboola%2520global%253Auser-id%3D1c26089c-6293-4524-a4d2-31dc4aa43f2d-tuctb84c341
.criteo.com/ Name: uid
Value: eea43453-97d9-48ce-aef8-82b708b00aa7
www.metropoles.com/ Name: ___ws_d_st
Value: {}
www.metropoles.com/ Name: ws-refr
Value: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
.amazon-adsystem.com/ Name: ad-id
Value: AzwT75PD5ky9jmpig8Qdj9Q|t
.casalemedia.com/ Name: CMID
Value: ZIs9wmfzYpvegbKk6y3eUwAA
.casalemedia.com/ Name: CMPS
Value: 2200
.casalemedia.com/ Name: CMPRO
Value: 2200
.doubleclick.net/ Name: IDE
Value: AHWqTUkVG_vVecTLrY9ZP1vcvPf_uP1QB4N1f4zFM2HCIR5nQ37pSX9ehhM3u35xzIE
.adnxs.com/ Name: uuid2
Value: 4680200359325399449
.yahoo.com/ Name: A3
Value: d=AQABBMI9i2QCEHjoNO_ulH3hFer613noqtoFEgEBAQGPjGSVZAAAAAAA_eMAAA&S=AQAAApdzbgzSVCOAgu1iKfrnUwA
.retargetly.com/ Name: _rlid
Value: 9567dbfe-41e5-499b-a379-99d6a8d82255
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2HbzwX7H0!A#FA(<j<dINiYhTyXnfi8FW//Qxv8Y-vKC2Rq*se:w8Ocw7sohuL``rprgo/X%W#.wL4W1Qw1a6$8!f
.bidswitch.net/ Name: tuuid
Value: a3863f87-d3d8-4a16-8b9f-5f355e1b5f6f
.bidswitch.net/ Name: c
Value: 1686846915
.bidswitch.net/ Name: tuuid_lu
Value: 1686846915
.mathtag.com/ Name: mt_mop
Value: 4:1686846916
.adsby.bidtheatre.com/ Name: __kuid
Value: d46f7ea1-dab6-4c1c-9d53-cd8fdaf5c792.456060915
.3lift.com/ Name: tluid
Value: 4030995755430403014634
.adform.net/ Name: C
Value: 1
.de17a.com/ Name: guid
Value: 1.4655723396800250883
.mgid.com/ Name: __cf_bm
Value: KNrAmjjhFlIITcf06U1hwXdEvMvte2JY7PBak5MzLqk-1686846915-0-AV4PA8e5ZrG7jRBc050Jm6Y/tg5vjBOqi4GRvBKJ/3UYvBCMg4t92LtBUPRRYenYdUIZDjlmi3G8PRRwDgAJh6c=
.adform.net/ Name: uid
Value: 8196798280612704842
.pubmatic.com/ Name: KTPCACOOKIE
Value: YES
.tapad.com/ Name: TapAd_TS
Value: 1686846915834
.tapad.com/ Name: TapAd_DID
Value: 037fad9b-a895-41a7-bed3-5d03b8672ad3
.smartadserver.com/ Name: TestIfCookieP
Value: ok
.smartadserver.com/ Name: pbw
Value: %24b%3d16999%3b%24o%3d11100
www.metropoles.com/ Name: ortcsession-w5tlOg-s
Value: 32ee1167f0894ea9
.pubmatic.com/ Name: KADUSERCOOKIE
Value: C92F18E6-8F70-4B94-9A72-5AD9E80057A9
.bidr.io/ Name: bito
Value: AABIpU7JFnwAACCD0sUPmw
.bidr.io/ Name: bitoIsSecure
Value: ok
.smartadserver.com/ Name: pid
Value: 394514084000236299
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value:
fksnk.com/ Name: AWSALBCORS
Value: 98Qaei6SIYhuIdpISonkebJR2FcHfCLK/lDpWlxDVYXCWo438xhpv9B790MRkvpP3bOofuf2rHglXRKr5QIeYxt8tDnlm0HFmuz60uqLxBbBh2r4Ex/2O1CXKk6A
.fksnk.com/ Name: f_001
Value: B22BF2823B8AC7E1
.fksnk.com/ Name: g_001
Value: 1
pool.admedo.com/ Name: tuuid
Value: d9ebacb1-dc79-4b7a-898d-f62177c41ce6
pool.admedo.com/ Name: c
Value: 1686846916
pool.admedo.com/ Name: tuuid_lu
Value: 1686846916
.zemanta.com/ Name: zuid
Value: sMf0Bo8ECd35zqH7X93-
.mathtag.com/ Name: uuid
Value: 01f6648b-3dc4-4e00-90a1-2bf6d3907f7c
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-9c32c789-6543-54f2-65be-a04596db0b1b.fFGbGR9yJQuwBSfwQO%2F9M42ghUpT4x%2BRHMsHBXN5UNQ
sync.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AnDLHiWVDVPJlvqBFltsLG7nVm7E.72vj%2FOMzOGQYTuOl5Vq3XmT%2BUv%2FSGDz68AHyzEm7fEg
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AnDLHiWVDVPJlvqBFltsLG7nVm7E.72vj%2FOMzOGQYTuOl5Vq3XmT%2BUv%2FSGDz68AHyzEm7fEg
www.metropoles.com/ Name: ortcsession-w5tlOg
Value: 32ee1167f0894ea9
.retargetly.com/ Name: _rlmp1
Value: 2||1686846915&&9||1686846915&&10||1686846915&&11||1686846915&&13||1686846915&&14|C92F18E6-8F70-4B94-9A72-5AD9E80057A9|1686846915&&23||1686846915&&24||1686846915&&27||1686846915&&36||1686846915&&51||1686846915&&63||1686846915&&70||1686846915&&72||1686846915
.ipredictive.com/ Name: cu
Value: 57f74d17-7129-4222-b766-dbb645ce37a0|1686846916068
.awin1.com/ Name: AWSESS
Value: 373618:2542096
.awin1.com/ Name: awpv11938
Value: 412863|1686846916|9bfad440-0b9a-11ee-87f6-2265f034cf4c
.c.appier.net/ Name: _gu
Value: CAESELp6r9qp75U7Iue9sFP3v64
.c.appier.net/ Name: _auid
Value: G8tvqgy4BByGrtzDxD2LZA
.congstar.de/ Name: staticentry
Value: %7B%22spfr%22%3A%22412863%22%2C%22awc%22%3A%2211938_412863_1686846916_9bfa10f0-0b9a-11ee-87f6-2265f034cf4c%22%2C%22sp%22%3A%22awin%22%7D
www.metropoles.com/ Name: _lr_retry_request
Value: true
www.metropoles.com/ Name: _lr_env_src_ats
Value: false
.betweendigital.com/ Name: dc
Value: lux1
.betweendigital.com/ Name: tuuid
Value: bac365e9-1492-52a6-80b7-2640e43c1b85
.betweendigital.com/ Name: ss
Value: 1
.betweendigital.com/ Name: ut
Value: ZIs9xQAKBmimyosJMMzvfjorO1HBnWZvdbOgWg==
match.sharethrough.com/ Name: AWSALBCORS
Value: kaZJ4CGB8wHH/WW2dW+5Rg/gyUjY0iao7adCuX/Tl641VGLIKMCN4v5VRUlRIdbq2O291Q+6RJYEmGd9Twpwy2sOpRaBykxqJOjcg2zG6jKuUcCDsGx0lk1jfv42
.turn.com/ Name: uid
Value: 7108919932890832803
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-344c46db-0904-4152-a98e-a01be2142fa8-003%22%2C%22nxtrdr%22%3Afalse%7D
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-344c46db-0904-4152-a98e-a01be2142fa8-003%22%7D
.creativecdn.com/ Name: u
Value: rUyfr0rfrd01P2dB7jsx
.creativecdn.com/ Name: ts
Value: 1686846917
.smilewanted.com/ Name: sw_user_params_infos
Value: uCCDhvZwBMt9YsOvyzKoh0HkiI%2FF4%2FolRcrL13Y63VZG0RMABM8HG0dTqb81LDC39379D0Hlvlce%2BUVOA6cXFaE40sUZAjT6NWpx2XlFKN1svIOZ1KxxyvT3fWRkgUDahyBLo3Yg88Zf0vLZUGjy2jrX8sKl9WUIgASs7mb0Jb%2BcbXQfaVr0ED5nrcRiy0bUog2vQB4QH6%2FWD1y1VECcJwEUbTD%2FmImk40RVQGTNmUMcR0yYmDv%2Bgal2JcnCS8QAS5spIsJojaMEtjd91MlLrBU%2Bs2583hEk70F6xkokVrfIlXGr6cCa5jmkIZk1r612zzTEPdXB1KB2WuJ2KR1C3vrjCjoFfh46ZuO419tpMJwJ%2FyAlEpUs4MJupXFMk9ho
.www.metropoles.com/ Name: AdoptVisitorId
Value:
www.metropoles.com/ Name: tt_c_vmt
Value: 1686846919
www.metropoles.com/ Name: tt_c_c
Value: referral
www.metropoles.com/ Name: tt_c_s
Value: referral
www.metropoles.com/ Name: tt_c_m
Value: referral
www.metropoles.com/ Name: _ttuu.s
Value: 1686846919193
.tt-11749-8.seg.t.tailtarget.com/ Name: trk
Value: m/NcaVBhXb5thpeAy4hLsNG81XR7gcMt8BX/NKKryFA=
.t.tailtarget.com/ Name: _ssc
Value: y
.t.tailtarget.com/ Name: u
Value: fwAAAWSLPcemTAatA2wpAgB=
www.metropoles.com/ Name: tt.u
Value: 0100007FC73D8B64AD064CA602296C03
.t.tailtarget.com/ Name: ttbprf
Value: _frankfurt am main_hesse_de_1686846919493_3117783985
.t.tailtarget.com/ Name: ttc
Value: 1
.t.tailtarget.com/ Name: ttnprf
Value:
www.metropoles.com/ Name: tt.nprf
Value:
.tt-11749-8.seg.t.tailtarget.com/ Name: ttca
Value: _1686846919
.www.metropoles.com/ Name: _ttdmp
Value: |LS:
.t.tailtarget.com/ Name: n
Value: 1686846919
.mathtag.com/ Name: mt_misc
Value: mt_bt:1686846925

11 Console Messages

Source Level URL
Text
javascript error URL: https://www.metropoles.com/distrito-federal/na-mira/hacker-ostentacao-deu-golpe-de-r-15-mi-em-atacadista-do-df-e-torrou-dinheiro-em-dubai
Message:
Access to XMLHttpRequest at 'https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.metropoles.com&pubid=2bb0a508-595f-49a8-87af-9e3915fc9884' from origin 'https://www.metropoles.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.metropoles.com&pubid=2bb0a508-595f-49a8-87af-9e3915fc9884
Message:
Failed to load resource: net::ERR_FAILED
other warning (Line 1)
Message:
Origin trial controlled feature not enabled: 'attribution-reporting'.
javascript warning URL: https://www.googleadservices.com/pagead/conversion.js(Line 28)
Message:
Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
network error URL: https://bcp.crwdcntrl.net/map/c=11530/tp=RTRG/tpid=9567dbfe-41e5-499b-a379-99d6a8d82255
Message:
Failed to load resource: the server responded with a status of 400 ()
security error URL: https://as.ad4m.at/ad/rar?a=200349&b=wAkUdfRR55UQdr9cEH7CwuXtxZ8UKTATzDF5&f=gVWH8fBBwwaY5P8fPH5CmuxCz8GudTQT7mhe&c=120&d=600&e=&g=2c799f5a5d7a376de4f2dba11d33f951%2F10989457752402410445&i=25174&j=16&k=0&l=0&m=0&n=&p=&q=&o=dbmRTXL_desktop&r=1686846916256&h=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%253Fsa%253DL%2526ai%253DCP9Ejwj2LZOyhB5TX1gbU14jQBKOgpo5xpdbKkJYM8C4QASCq04xoYJXikIKgB6ABkJPOxgPIAQmpAvENXVuMMLI-qAMBqgT2AU_QMzovio4qVobe-NxR-hUjChPQ2r5e7lwp_xuS-KMf7QC5M76KI0bZXwLQ-cbbpKSV4MAcbyem-UDHT8ZSf_nfKmVktcEdpu033RuKNuxfhCY8wQzv8inxIYzd5W5aQ5zvmYWrCnSnGSrRx7deL-5bELpc65esjYz7kTPVtUsTSfv-dWWKnDXNCJ5NuBK_xB-FStp3kd8hLmFatWgNNX_McK1KHRcpjxCh6FiAaxseBEtXipqr1S2BVtCUVfoFoW0A_9qacjbqY-nBs4la79YJuaOyV9N8kHNgcc71guKQH5cWFnW-_xApIVkfSKvFE05uwYSFK8AEz9aT_ZED4AQDkAYBoAZNgAfY7LE5qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTg4OTkxNTk0NjMwMTExNjeACgOYCwHICwGADAGwE9Wx-BLQEwDYEwPYFAHQFQH4FgGAFwE%2526ae%253D1%2526num%253D1%2526cid%253DCAQSPABygQiDOitSGR7Q1DWnSPJ23cMlMcRCkjX2sSDAc1OZbV52PW38ilSj4qC24J3kHDnhrjAaIjhaVRgJUxgB%2526sig%253DAOD64_1C1IhyHLWxEZbr32fZ4y_fBqqdtA%2526client%253Dca-pub-8170966538152543%2526dbm_c%253DAKAmf-AHEgK8BJ0ztX0w2P7i2NEp3XT0WSEK_QHYWTdQS1bCYRCQ3iw-sO3Uh9peqsr1anVtE6BB_n-GDXhUIa4JgbID6o5fxI577cz3ftLAeSa_iNrUAk4lIlb1GX79tm4lDWwSqQD8xpuCtt0RbkTl0uX6hKC01didvxqhCuYGDvaFbTvOa7c%2526cry%253D1%2526dbm_d%253DAKAmf-BmT0htdcTXnfEC6gjvo1taWVqzBNRxKVsyCTyHhJxZciaq2LcGPQ0_nFEpV_k58wJzne3qR3h2IJbkYFtBcmTOfo52x1Ts98d1cHMXryo0HAEyusmOVHjbJyPvp7wRnIPbjUFBSak5QrH088q4MDmOTOT79yoJFsdBifBYnfUDXoaL7muktsA1X8_v8_ajwEdPu3OxL4X-sSgkPo2rcLhQpOjdl2y4eh6XazV1Z3pPsjzRXzHyRdPvxBATHdXoJsUxyI6xR5qBmB0E6EZCzvz-IQmlqRj222K3bliKKBTayMVP6zD0Wpp-rDsHfGblV9wgyAQkic5h4mHSm0615JcVhjl4_OKXV8E20mXS72lp1_kQ0K2SBJvUlJ3UjfhuHfMECFdsHCV-ee1P9l_NAwaCGYieGyjTDMDFPyXwIYvVwrDJbk5ZcUy1EpWiftxymisa4Z-D7pu17J2hviJZtv1povAOComrspzy6Q-dFkTVc0R_pXW5eVU29ei70HxoEQlgkvjJh7S7LpHtfXeKoEP_8q91OwFgb4kIIQCeVnZVUOGa4yZoynpCgbVQYUEBiCPtxPCN2RTq0F6JhIB4zOPM1bV-nu4YAO5vPBLhcIZxPI9i3BSPzWHyiPrEm02ygLu69MEmfhqyJBQAB2mF7QdcsrkhGtchF-UuhMMbAh9VKpQLGa_K1XleM8O4paVf43XNKPwr%2526adurl%253D&y=1&s=&z=0
Message:
Ignoring duplicate Content-Security-Policy directive 'worker-src'.
other warning URL: https://www.googletagservices.com/dcm/impl_v96.js(Line 77)
Message:
Unrecognized feature: 'attribution-reporting'.
security error URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js(Line 68)
Message:
Ignoring duplicate Content-Security-Policy directive 'worker-src'.
security error URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js(Line 268)
Message:
Ignoring duplicate Content-Security-Policy directive 'worker-src'.
network error URL: https://api.rlcdn.com/api/identity/envelope?pid=13756
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://disclaimer-api.goadopt.io/api/tag/get-consent
Message:
Failed to load resource: the server responded with a status of 400 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

15.taboola.com
a.c.appier.net
a.teads.tv
aax-eu.amazon-adsystem.com
aax.amazon-adsystem.com
acdn.adnxs.com
ad.doubleclick.net
ad.turn.com
ad4m.at
ade.googlesyndication.com
ads.betweendigital.com
ads.eu.criteo.com
ads.stickyadstv.com
adservice.google.com
ajax.googleapis.com
am-match.taboola.com
am-trc-events.taboola.com
am-vid-events.taboola.com
am-wf.taboola.com
ap.lijit.com
api.retargetly.com
api.rlcdn.com
app.retargetly.com
as.ad4m.at
assets-jpcust.jwpsrv.com
at.teads.tv
b.t.tailtarget.com
b1sync.zemanta.com
banner.congstar.de
bcp.crwdcntrl.net
beacon-ams3.rubiconproject.com
bttrack.com
c.amazon-adsystem.com
c1.adform.net
c2.taboola.com
call.cleverwebserver.com
cat.fr3.eu.criteo.com
cdn.jwplayer.com
cdn.onesignal.com
cdn.taboola.com
cdnjs.cloudflare.com
cds.taboola.com
cm.adform.net
cm.g.doubleclick.net
cm.mgid.com
connect.facebook.net
content.jwplatform.com
cpm.denakop.com
creativecdn.com
csm.eu.criteo.net
csync.smilewanted.com
d.tailtarget.com
d5p.de17a.com
dis.criteo.com
disclaimer-api.goadopt.io
dsum-sec.casalemedia.com
dt.adsafeprotected.com
e0d9d30b14e46f1648527c9601038252.safeframe.googlesyndication.com
eb2.3lift.com
eus.rubiconproject.com
fastlane.rubiconproject.com
files.metropoles.com
fksnk.com
fonts.googleapis.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
ib.adnxs.com
image6.pubmatic.com
imageproxy.eu.criteo.net
images.taboola.com
imprammp.taboola.com
loadus.exelator.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.prod.bidr.io
match.sharethrough.com
msgws.webspectator.com
onesignal.com
onetag-sys.com
pagead2.googlesyndication.com
pips.taboola.com
pixel-sync.sitescout.com
pixel-us-east.rubiconproject.com
pixel.mathtag.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.tapad.com
pm-widget.taboola.com
pool.admedo.com
pr-bh.ybp.yahoo.com
prd.jwpltx.com
prebid-us.creativecdn.com
prebid.smilewanted.com
prg.smartadserver.com
px.ads.linkedin.com
region1.analytics.google.com
retargetly-match.dotomi.com
rtb.fr3.eu.criteo.com
rules.quantcount.com
s.amazon-adsystem.com
s0.2mdn.net
sb.scorecardresearch.com
scripts.cleverwebserver.com
secure.adnxs.com
secure.quantserve.com
securepubads.g.doubleclick.net
ssl.p.jwpcdn.com
ssum-sec.casalemedia.com
static.adsafeprotected.com
static.criteo.net
static.smilewanted.com
stats.g.doubleclick.net
stellate.metropoles.com
sync.1rx.io
sync.ipredictive.com
sync.mathtag.com
sync.richaudience.com
sync.smartadserver.com
sync.srv.stackadapt.com
sync.taboola.com
sync.targeting.unrulymedia.com
sync.teads.tv
t.tailtarget.com
tag.goadopt.io
tags.bluekai.com
tags.denakop.com
tags.t.tailtarget.com
token.rubiconproject.com
tpc.googlesyndication.com
trc.taboola.com
tt-11749-8.seg.t.tailtarget.com
ui.cleverwebserver.com
ups.analytics.yahoo.com
us-central1-decisive-plasma-381522.cloudfunctions.net
us.ck-ie.com
videos-cloudfront-usp.jwpsrv.com
vidstat.taboola.com
vidstatb.taboola.com
webservices.webspectator.com
wf.taboola.com
wfpscripts.webspectator.com
widget.fr3.eu.criteo.com
www.awin1.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.metropoles.com
x.bidswitch.net
aax-eu.amazon-adsystem.com
c.amazon-adsystem.com
cdn.taboola.com
pixel.rubiconproject.com
pr-bh.ybp.yahoo.com
px.ads.linkedin.com
s.amazon-adsystem.com
s0.2mdn.net
static.criteo.net
104.102.35.84
104.102.45.165
104.22.69.131
139.162.78.222
141.226.224.32
141.226.228.48
142.250.185.226
142.250.186.134
142.250.186.98
15.197.193.217
151.101.1.44
151.101.65.44
157.90.211.246
172.217.16.130
172.217.18.98
178.250.1.9
178.250.7.11
178.250.7.9
179.191.182.65
18.155.146.78
18.195.130.194
184.30.20.207
185.184.10.30
185.184.8.90
185.29.132.241
185.80.39.216
185.86.138.153
185.89.210.141
185.89.211.132
188.42.34.65
192.132.33.46
198.47.127.19
2001:4860:4802:34::36
2001:4860:4802:36::36
2001:678:cb4:bbbb::11
213.155.156.169
216.52.2.30
23.192.153.172
23.201.255.110
23.218.208.187
23.32.238.145
2600:1f18:1aca:4280:6c5d:d5e1:5b59:447
2600:9000:2016:6a00:1:a3fa:7cc0:93a1
2600:9000:223c:6800:6:44e3:f8c0:93a1
2600:9000:223f:7a00:8:48e:53c0:93a1
2600:9000:225e:3600:1:a3fa:7cc0:93a1
2600:9000:2491:3e00:2:cecb:23c0:93a1
2602:803:c003:200::51
2602:803:c003:200::57
2606:4700:10::6816:118d
2606:4700:1::6813:884e
2606:4700:20::681a:1e8
2606:4700:20::ac43:4a81
2606:4700::6811:180e
2606:4700::6812:170e
2606:4700::6812:18f6
2606:4700::6812:d73b
2620:116:800d:21:7eb1:3826:be7e:d981
2a00:1450:4001:806::2002
2a00:1450:4001:808::2002
2a00:1450:4001:80e::2006
2a00:1450:4001:810::2002
2a00:1450:4001:813::2004
2a00:1450:4001:827::2001
2a00:1450:4001:828::200a
2a00:1450:4001:829::2002
2a00:1450:4001:829::2003
2a00:1450:4001:829::200a
2a00:1450:4001:82a::2003
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2008
2a00:1450:4001:82f::200e
2a00:1450:4001:830::2001
2a00:1450:400c:c07::9a
2a02:2638:3::10
2a02:2638:3::1a
2a02:2638:d::2
2a02:2638:d::4
2a02:2638:d::c
2a02:2638:d::d
2a02:fa8:8806:16::1370
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
2a04:4e42:200::307
2a04:4e42:200::626
2a04:4e42:400::626
2a05:d018:d29:3602:caa5:9f17:65ef:189f
3.120.73.159
3.228.34.13
3.75.62.37
34.102.185.99
34.111.113.62
34.120.133.55
34.192.67.210
34.200.89.174
34.234.140.75
34.254.143.3
35.201.123.184
35.210.53.219
37.157.3.28
37.157.4.23
46.228.174.117
50.31.142.63
51.89.9.254
52.1.252.251
52.222.181.100
54.195.20.254
54.211.72.252
54.220.86.224
54.230.206.115
63.32.67.140
64.227.64.62
69.173.144.138
69.173.144.139
76.223.111.18
77.245.57.72
8.2.108.194
8.43.72.98
87.118.116.9
88.221.169.49
89.149.192.65
98.98.134.242
011eb3c29fe07b13273df5b880cd06da5f72b07b71ac083d9a61a813cc74dbb7
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
01fd323bc78f3a95c389d4216d8cd4fc84cd9ca0053ea4db0ae05b248430164b
0292c490af46fed8c95fb0d728a9db44f964cd7f997af76f9bc95daf7b5f7259
02effa75ffbd92260504eee3ada9e43c2809b911c792a1d1a1dedd1bb24dde70
0330769787f19bd8926207d4131f89c824fe154735845b0db526e37031a8bdc0
0407dafc112212a135d1aa4dd9b40ba0208c6bb6b1959f5535af093254189d66
04f7ca464949ddc37a51897226a8b3c38c141c5639685607afc7c13b244837f2
056b34d0602bcfdd2fe2030448fc22e88f3525ba323b86cfe730560bf67b0b41
05d755802bd0e8e1293d79e0734bdcc23298a9bdef2d1a09f1c5d01e509a9d94
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
08509c3b8bf1317b634e879f5d77f9851311e14fac82a3a0f28e0522d8759f1f
093357d224912c722d9208fe8d0a996b214f4088d62b30de65f6aaefef45b532
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
098ecc750f8b0dcf6edd64523c7d7579ad9deb6d8945e54b8f90eb65e3ec3bd6
09e39e25dc749ba9e27d76d3319de217829603957482477eb9db3870e9c7e551
0a80175cf0e8d7d7f09c39d63ea73525fe69972b39f0c02a32f0f2079be47ecd
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0cfb37c0de7c749b11c6b79253f1ac0c3aa22a56d2319a8ca10fdd30d4e686f0
0d89ab019fdc4db07a89ba39546aa0ef86110eb0478c636a033e8ac5e5fb6acb
0e1d3284159d3494debc46074128c0495f18132229cf34d9e8258a51aa6fde54
0f266202b591aab2563e8ef52fcc7cf8d2358f48600ad7f52bc62462787dca01
101470fcde40e5ad29c691a0cc4276b7e311972a8e02a684f19db29fd4698645
10e3ba7504cb8478833cc3fe8f453135b12a1b3227decdff73b59d61f8fec64a
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12af7975664854ca36da674714083fa05297940fce71e42dabf688e2eb19a0f1
13d87bc61a038efc8fb42f7ad42e75f758e843de9c64ab9956a8e79912c8892b
159274edeebd680cfa245a69f234abda2ae694a2cf0e65d763da727ebccdff37
15d2650c96e82112376b6f01b3a0c038674ccea6254d2d1ea0c28b517a0655cd
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
16d0125609b487f368acb8eabb57a57c16e804246ff81f8a93a4838f6683757b
1738256e6238da9bd89af13598c4534fbffd2f5f0fbe9f4af072785bdedba4b0
175749763f6cfa6aae37b431df19aa32508fd91eb8126b7faeb43ea0d4a21e33
176df1038f84f14d1d2ec33b51af8cef8034b6ebf27106f9b716f714d560e882
18492a6a32b0e3127a3a8d6203e9de7197a51400baa4095663f137cc4b1edd13
184de53a881ec8e4e218974c548e2fc8e0da4b8ddaff2e7bdc6267c6e70a8636
189b8ed64093b12937354b2ef71ccf1df59690d90432241a10fe1cb25000acba
190fab81159e99eb3f058ca9be1fb8983f6374695111651de3be9cfdad1bb375
194addf8fd862999286b33cf83116babe8c700ba3a28111777f49ca72c429970
1984bcade00682d4adbc37692b809df958e92540ad5ada633edb488304e3a8c3
1aee66e2e24e851039801c0dace90f3efb7a1a17b033f7d5bbc12ca7c1d19432
1b170673eeef31a7e9881e2a93c4ab24c535fe0321feca405d22739de295f92a
1b33a7df3203f54d97754d600d6163b76be470464a5d72d2d70801e308996a8c
1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122
1d09545877f64ffb246a18d5d234787f37a28ccdd9ceef0a33d2d2670f3f7661
1e190fdf47cb7389e127605fc34bfb1bfc74281d5264501b79f2779008a2ae73
1eb09874e96e9102ddae4adeb9fbf519e58f8797bee76e737f537aaddbbb987b
20f92c263fd11bec93189841cd8edd219a5724dfcca780ab1e6a8565520c9c4a
221e69003af87e6e8f934828ab416477126f3c062500e3bcb636bb9d87bf9b06
244986048523824ae665c4a079ca86ecb638de618657c24a1d56cc0ce8679335
24b45732e2be189ced35cf0e46e7bf37832b0395bd364568b56dcf13aab74c1f
257081b25e641b3403d9506219095a7124257ecbda59f750ab3f41a646b1e1c8
25bc421e63cd8139de0d4ec8e7c4a15026eed4f3e6a431608e148a0891b2ec15
2839bdf53a85b753ed2723ccc640f8b43bcf238708166fa0cd303f14f7290356
2ace214c0b56b7cb5f16588c75a0252459d27cb5bc4cdc8c9dfe9517d9bcf78f
2ba074f5804a1b235b2c3dbb30991c64fd85ffd163bb3264aafa7450a78cc3b0
2c8aad4f3c43f2e3f7af9f03fdbaaf3f9d26a8b210cfaefae44b88cd9acfae74
2d5e67a38c9a11424cac19ce192c9fd124a6d74e64d3791a01561dbd3e39c0b4
2dd9d00ddd9e410ff8c268ede0a7fac54c759917ac4b5bd307c0b7296e102c5f
2de63893ef586ebcc4e7376f9a0e1935850c91b3061425d34dd3e1da2d13af4d
2e8fac6fa9527aaae83a3fc6200472418e1aa0cf42d9ed4422683e8e0192a861
2ef90473814366489749f46d702b705d285bf55047e828dbd71f855ff840a5f3
2fbfd4f7347d990ac60cd28a6c3b6a7ba964d0f34ae068538957ee5973b78e77
30f5e4f8f423b3fadb879bbc99640c42540011422e91f8c764724261c573cd79
310c7e74792944a6d029a63d5485a1f75fa429892b2caf4ee7a4ceaa9b0846f4
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31f7aa000a69c90e2d6c96c642183ebb16dd18cf32a0ad317a93266ba8903861
322311b2d9fac84a664c24e804550b5d41a41e08d33d07d2664f32c4aa0d5a80
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
339f84fe49fbb2ed753a5dcf562142bcbb74f253518fe167000fc5a75fa6395f
33fcb056c45397e5e8c4a600db38f0ec5768ea7b0631a10812ce2f6b752049c0
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
34ddac822ac78109b5ec8bbff025dac602324d35a40f274ff0cc39a8455a9e60
35209871d29203d76de91cb43aba474f927b721ec4f9428fff64cf21257629b9
3521f5e84dbf85e9b7a304002330fbccf347abc9d0a43765a1838336b8a98c0c
35e7927b53b4e2c801df795f65a9fa9097afb0d1f61957a62c5d9ee86c43c446
3778b11054daa02477c738ed3bf2ba3b0ef7c5d57eae266b9f4199fe3c65917e
38362fe321dc5e8b30bb5fc3d0b4f9b7179246d26df7d879779c908a5a96e930
3937bd3b6d39a57c9e39d56af4a13e15470b9ac4b983e045b99de83f90e7fc66
39b076e4bb4fab9b8a142499cf6155f8c128464974691a04de7e764f71b72618
3b64582266b46c418dca2ca32a6daa7e77570e3950662ee706166abb31400d49
3bb2a4b1af9521de10b8b7267160cf739bc8317226a954f7f341ab1367281711
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3dbe73a90f1370d3bdefdeb5ccca6a4f3c6edb2bc1b06c47b7e5ae2457bc58ab
3e7d49f24d56db02c7baca8ae3a17555c2e527571450e8c24c77b453407e267a
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3eb80c7c9375b138b93c794de0f05dd27e383c737b08a1a25401b0e6aab9af04
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
3fe5e35320efbd889c8a2fad22b066d3c91c081807be9d824295679494419df1
4102bc2506f4aae98d2da3c29da2bd550a9e61cc39310c07f1d2f949159a87c6
4258ad18317693d124219a6a32d46532fe142897b2e34e3a936ab549aed07092
4301a1706636dd80a56016b4381ae823e6b5bb4f85dc3d03a81651eba00738a0
4362a2b21daa8185db1960d48bdfa4fc744b4144199df5bc9fad8fa49be876e3
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4443eccbe460b086b56483fdbfdaafca2c11c369a796a56c097997b15c160660
4465d5eb7a19e2f7783d58c88b4c2c6812ef8481bcb62bd010edfd70d32ecf83
448d7484e8a92dd88a2c7aa446110bd530fd5390f599660dde3c003a6d80d0ff
4524715accc5a67085b31f40423939c8464bd826dade79d8ec0b5f7b2dfffcb4
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47070d88979341b3cbad691197a0ca89ad0a6ae0f89f95b7668c68fca406ca5c
4759c04be21010c0a609acd82bde588376a5bcd65919afe236f59e1d66d6946f
4a2a801c9c80fdddf923fc6b0c364467a102da2ca6a46afaffca59819f030539
4acf74637ce981753451d91504117ab50c1d6e470ae7ca6afaff454c365f4938
4afefe738b9f01d24b8e0574b6b0a6dafb1f7e7260c2425a4501e85057338951
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b945a1c700cf05cef9292b5e9597ee3413e359fa3f39f6c4781d05549140af4
4c04ff99189209514286a2e26df9220442e9fee858edb7942d6e8d0733e71b5b
4d97d2f204c48ceadcc2f5b86ba6bf25987c6f7c43c8dd7fee7a2847e6a71f4f
4db31dada697b81f2385be1162feb04c445470040603572595b6a483ce858323
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e3898a24b84308e26ba9f145eac650e4374a973aa29151a172230c92e4b062a
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5172dcf83f6d622751ea688d1ba4b507d54e3eeed9e933ac38f87ada5ecc87fd
52bf94091d68b796368978b46104a2374d37ac4004f50df68c48a5310bde7c7e
52fcf9ab6d40dae8ccdb14001de9f88166f017e719830277e869cbb73baf400f
545677c38e1191871ded7ed368ea454cb9500cd1c2afe85a2d95f61032088ade
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54930f8d5930ea73a5643b6e7cd4f3e5142609ed371fd9d1969ad38dba591ab4
5579b0905f89543fad5a096c1fc1f1343415035d936564d5e39c7bbef0e4fa45
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5808e787f09b3503e9a4a88f350bf131e298d2e25857b7f2326904db583e2d45
588ba476fa77a6f9f0021b610ab249cc0755fea8c0b6c6b0d918d326dedced51
5956d96cb4f844bdd698ae653c670b7ebc985077bbebf9c930672a47f61d6afc
59b18cedd72766a0c2ab958a6683365999cd94563b2c1ed9387463b21a3edbbf
5b542fa63865c7855e651a48910a341dfdd0508ec6f293e1253537b2778e2742
5b830566b2490f63737ec1e1ad1563b298f0a58cdbb07de1c03d78c3a098f1ee
5bd999e3ad2d6b8131d2bc8cf733a1a642eb203543c0e8667ad6d12601c3e475
5cb2b8c9d3d1f0ea5ea89a7efff00939ea6d7e1bd762938860a71e7fcfe44655
5d1d237ea0f3f7d2ed1b3038b8636892ef78cbcfac5d9cdbdcba6de3856a3051
5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab
5d5e0d3e1cbfadb5c7a63053b5339d06457fe7a66c344a970a762a56123c5ec0
5ddc621fc476a38c38f7513e1c47a273f3b2f2b966f4abe1c5f406874bff34f5
6005e56ab3043d83726d25b0d17458e35b72355a81ca3230cc9de9058ee8b1f0
61a30ba605cd572141496bec6c595968010bd1fc033a50f4357f219fff6eb939
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62693d0ca47885e31fc70b6cd31dbf6119293ed34e69abfe73ea28eae52f06ee
63a8ba36baccd6e19277e6cbcbaf3b5a9a0fded00fd3fdc3385d9da4f93e3caf
64680226855164ec50e2c4c3d244ba6ac3cce887fb1851ebdf9297173202f8b5
64816ef42196992f1120608cafa36df8e03c81064551abb6f23bc00f69bf6727
64ca6eb167d8f82ec776f994a2e550e07518bb6a6ee1894cd26db5de641b6fde
6548665e8e3bf999235deae3d370a96ecfbe9999490eadc4f073824123942b69
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
666ed954d184142daaaee80a4c956f3fb83655dc69b2f947cae3597b7b911efc
691257cf7d510da3434f5eedca2b2e0137949c698e3750c7705526a1ee75684c
69c54c90b1b8bfda76607141dfc0da3a504fc58e6ad4b482fa0ac8d475618396
6a9134d9b9c7d3039829666585cc5c34ebcef3ca810d217f9e04cd1029fe650d
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6e0fd6c55c9b8abee388831c0d3a6894d811e84843b770a6b0c3d228d66296cd
6e8ae2d259885f3716ff911ea67ffeff1fe44ac9edd11fef10102a80ac3c6acc
6f41a7c2605f609e29b209d7c275a781571bad7a8e9ea6201a31f670613c4ecc
6f92bd8f3688bd588732c4880b1cfb3adab2b21a5aea75767a0a9790fccf14f6
7083c38c44db5389f923fe8a036a2bbc0a403703bdf3e6339e1185e44e385afe
71260fb668daf621678dc1c3dd8799ea4912f0ed5205f80075253157b8855b73
722a95b27353358df67697072e19065ff5cd5365c49b401698fef4de7a77897c
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
7263a0e2d68f88a165e4cc82eba90af7187b959796279c91eb8bdeed290d704e
72edece08b4e6dec241f8f0ae88c1b05a7f5f6146a8c09e4767573a1059e375b
7391fee577ec6bf54475282ac2ff39002ff108e7295a6639e74782a1b11e6312
739be916cacf8f111551f4a46137d9d2a7d790e0037e052ef2ae6e0a84ef8b9a
73a873d46190c84ebd26f7bc8d967d1585f37fb85175aee0f4d02d5ef57da45c
73db2a2a4d0933294f7188230306bea80ad011455f5f3a34127d33cbb43eb1c9
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
768a9442208cdd78c918d76a02b10ba19adeff59cdde3df4a9aa5b77a8bac2ee
793cc66df9ca07785b94137c6087da7015cafb8ea95bf26b3c3928ce42dd8670
7a0cc021bfac139cea40b1866f33d12e1d379605f8ffd65346206848b9e0b998
7aaff6a4cbb98fad19253a2be30dd1246f466f9592b849ef42371c5b99d9d517
7b0b17c69b5da0e471caea0cb2aac11a0d13cc55d219cd3538b40119b209de75
7b1bfbac0178604f4dce665117d962743d2916a2a37968438f3d49d7e9c04445
7be9364f21808a881f4530002ab0363deabf7de3321a1356984e88fb316ac165
7c9f1fa3e285722d50f13b0a099dd87a8ff64feabc86d2cc1ce9a5ce4ce4b470
7d68170c1de20585ef2e1f030171d4994ab6a9100e03d414c94cf8325f5e4dcd
7de3ee8c3faece42c2be69d21bc6a06aece4f4d7d53f4ab7f218bf71109fc7d1
7e30ee4f7ae5bdbdad18cef31e1bbccfcbb61c38416dec7bde5bed544cafc289
7ea5b6549023165bfdbf545140521d6d6d65f46399ba291f2fdcd8ca4996ade1
7ed1947cb1ec4f11c68e3b281741c4214839a262843c339c1f1e3bc357434183
7f925d844d620832bd01ba8935ea8a86267536d184e8ec1d27372e11ec734af2
7ff9993d3bf21821aa4aab3b5958b4d9ba3fd3a3aa92f5830a24d3ee259f4851
80a6c8fd3fd83054bdd51a596217f806cec456cd5b176ec5e44a407201a82d2a
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
8304a89d62a7f1c5a5de370c062a3cdb3100a70af7d5365c2d4907b1220b5743
8304d44a4a0e3f726ea635cea6b7f6a86c8c0b2b568d0e5a9d578681a6b5fbb5
83888529154989f21f4ee959c6cf76ceafbeddb65661ddf3659f742bb3037327
843dea1d022be79c95643821b1140cc2d081094ee77ccf7a1f637a1ad8fca33f
8495ac4c0be8e7c0e1e2a6cf85a940c4a98957f8845f489e0e9071a781024ee1
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb
8677971b119ccdb82af697ff0e08f218490d15116f221d44301f1cc8797e67d4
86babe12400903693dbb117fd502bc9b629ab934918582705263bef2a4101211
8767a6420f475a2a054ed5388971130a040f40e4d241ced42c1fb3404bd90a4f
88c6eb62b2fc627212af2d2ee367851de43f093ad64d7e7264773b4a3e349d74
8a21d4b2e1d5f5d627fbc88a8e6d6e164ac73510555d16483936eaa36fe9f061
8a5015a81d2387aab8dd073ccc12b31b73471f690b2cbdfb0e05a7dadb788b1a
8ab9485219619bff17be8fb8c668c892c44df0e58538ef29b86941cd4f59a8cc
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e1e4b31552024f44b605d2ed7f34f45c2f319307de83828f06b2ffcaf916897
8e503fe67eef6d53b7297abd5062e4db7a6b381eaa7d4ac4f8c53a9bb08e248c
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8ef139298f06aa7b44807ff738e0ecfc7029f48916dfa065997f5b83b1f424c9
8f4766022a954903d0d6615808a49aa6ef81b66c80ffd3fd5cadc2725b476a24
90339854e267b9a75ab65ffce0c7e8f3a9f1e50a889058ad1969cdd293618960
90419d182258893b115173da18508f01fc90e90a2d9a37949babb308fdeb2b1f
90af636b9c12932ae90b74eb18c08cc6c3a9d345807400d3ada31b54e5ef5a42
91971bbe97c99ef8756424b021770e9810de2af653d9de6d330a963e0a92444d
92447e198ef265932cb5225e08264a6dc205c1de67f62f497ee781c6d69d4119
92495b4d41aad0c20f2c0418e338f5db165b2cc0c2372898b723016f9f302a90
94cc862831420dedacfa0e156cfd33fd5248ed2402e4cdfe86e5b313ab002322
950cddb695c8a695d9a84a88e15cc354e7f91c03a129abccda06c4e1a45ab133
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068
969fb04786dc33d254497857525ded1dda0c8b93fcc418c1f1afec73cf1c1b67
9869c301404d1bbc40d8b9843806889ca9609bd0be3919887355cc80d6269c25
996e07e5f5f2c7a31302049a4a4f76320168f7206a655bcaa1af14cd45f3ed46
9a6b675b684edac204edf7dddd557de9d49f49bb5870f8f61d046b6825c2d17e
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ac4570dd9d3129456439631294afcf3e104b81bd76e446ee6ecad7ae1d70924
9ad03b679d47a8195b31afca4cf9fe5fea586c6da701000bc1fc182aa7d3e06e
9af0e0dd6d9d1fb1865970130076d77574fb776f6a5da59fa0794b0105b2be47
9d02c3facc410ee6a9dceade80ce0bc710f6037df881453124d3f5c83a6241b5
9dbdb3993a41c534ca8f97be720ae24ac290965a76c26267e08a3feb735bf781
9e83314d333416d003a14ff991793feefefe12184980a4f081c0465cda5dc8da
9f1015a7efe1228aa67672ce5a1f4e423b30c12c9705659a186004961462a293
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a03a47acd1ef56125530db1d3e0f27dd74cf59a7a183a2e9df637a0f8a785e41
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a12739cf3db5809e351609d3a7fa78245640d2b33083beb6be4376a246af5520
a2bdd8cb01353d4ed2a9ab4c7d7c263225f6908aa875614d015a2f39956d9d73
a2cd80e826b6b78335a0fb260f1730057198f7ab1808ca8524c173012ea734c2
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a31c6b29a73145e63f924efee0c9f319232d43a8d0757985e61c5365de7f84ff
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6571199455f009b27bb8719e76ab06240bb4c9246f6b8915e3119ced168c132
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a7170f28686cf23692d8b6b7915861035b829faa281323d5b6c68ace658f0ecb
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a7f58772b6cf26ee70cca8c3095f908bda63521d5ef779ad41e78bc0b6e8a4b0
a87b81fecc6438cc8bedb478f4fcf7de3b2ece34d942a9e69cfa8e79b2bb2e0f
a94b4839376373c960e3297b538e6c65ce38d4a33ba84c4cabbaa501cd5873bb
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
aa35b2979996d48708eafcc43f3f7d75cc20c85bc8568d9b57eae2f8626729a5
ac1f8c2a4ee7c0ee40acb4937d0459e1e290abfa8229c4b7fc4d7992858e1cd9
ad91b2ebeb345c527884b7c5b093f1438d4208e7ee00dcf05ee9c9460e8a3f4d
adcc812e959337ea806767e296146eae68f9abbb9f196cdb732626bb943a1c27
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b048643a95803a09ed7e10c58d99be616a4bef6e91f1b814d64675461a294fe2
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b17f4c082b272213f4da075af5c73893db6c70f060c8441ff6e70f7251324ff9
b443dc9a16e5fb4a1599e3998996e6b826c1b52df81d32d3e2dd2bb55168ab25
b4cee4d27cd09e307b8e0eeab901217e2eb19b19979860d4b4f31631e7073c5c
bb480fc2b6b92ce87e4a8d90319f2c96bb294212eee70d2666a66d07ad4df6a2
bb86be0538b5ef8bb7fabe6cfdcc28f99687242fbecab81a9a2a72d92931594a
bbead98319b2bee5757af35b4eacf615df3e45da2f69cb999cd4694a26bfb90f
bc4e88b845a119ff781ce75e4f649aada39938ddd548bfc288f362696e31abff
bd210dc4af2070d25008c77b682ab15d34e428f35b0822c82453ccdce805cefb
bd96a68a93d5367dce375794e07d04fe0e832ebd5dfa3d993c52897fe5c40dfc
be5b2286300130922d71e0778f8f84a3ec5bff9f8ed014af127fc250eae19b23
be7fe445c5a32ac863e7216aab588ccf196a6bb61f36c92dd6613d8651d1796f
bea83e2dad4e3628c69f6ffc70931ad8f9001b7795858d3911ef9a1f77827c8f
becfccd2ba87da2c37e36720ef566e2127b830a8b4d3b753836873f868de38a2
bffc97c082a190580fc19619aa579e7e38324433271793d96409ca1ad431762e
c3daf690f8f7fbcf0fcdd103728f61057a271ed626125d39bc660826d6098610
c4db144321efbe62d33923077d356ee2fdc097848ebba3f1e1396027122b2d48
c6394c90bac1eec523b108b0efe10e57d83b544b72b596712db2e6864fb901e7
c6806f8379c0a4da9fa955f55465b1babb9c824187e711495d3a619546a36483
c7be5651c0df1ec99238edd07e6127e84b563dac7463d46576c0461b791c1fbd
c868ebeb22a6d2945834c14da4641969a62e35a6cfa434a974339df068324b6e
c9ce890fe0752d8bda1d254ad7a11b237066f5ea8508704c5a8e9a2c2e182ef6
cb7b4adef5f51b771b03fc0aa0285669fc6af91b69081e27e56d2aec902a40d5
cbbbad4c99b22f1ba0c1f9bebf1772ffaf1efdae17acc93b4abc4c98c45c5f1a
cbf3d1c50d0e686bf1c0ff73f4babcd0bf9c053dacda2a1a9f438db373d0be6e
cef7d8ff89751c9f94678ad0542a696ce4362afa424a1aca1a1fa4221e54f266
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cff8001763a4cb0cb81352e07fb9927790673baaeda29140c072f30c5933cf10
d0e73fff6c5334f8c0f84e0a6e085db16680b183fdbdcef32c62185437a098fb
d19d678f9c4a6a3c9e93d2c4292c415fcdc6935f6b56610148c8520421c89c7d
d22fa8b0877fbf5e485b5e414a22856b86782a57c10f8b60e91e07803161323c
d243481a66bdffbe09bc2f74f8f1b57714dcd20963e8703c1372716d3fe689a5
d2b4316e9c4e8b95d45e7e338362f07fcb9461caa64873bad2b232cf8f0cd8c9
d3705aa1e7a1beda3b40c7fa22416fb0376a81f7bcb852a7eee31035cba22bfd
d4dd6b615ad0482deb600673aa2d9a1261a0b67263c498887c90b9a5adb49b78
d5022e67d6d150fa0d27df0424cd7b7b3d81d9da792417485f74d45b3fd290d5
d72c9fb59846aff6405d2973c81bd8da823493502fab893e026a736a1ba01838
da88cf1c6fd5e4fe7de4e231290836f539e2b0b5f3726b659cb0a12d8191d41b
db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7
dbb7364ede002b4a05f7af67983c48fb1c7f8b6a94ea4403afb7178c99e38cfd
dd8762b95ee8691385c70c46fac68d7e72a620f1c9556bde021ef73d053818a4
e05fce47c4a1da4e49ae9d65d38483e99c62cd42be06980e9413ca0bd7e57cae
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e23decabee8464b650d1d0241283ba0c469806e14a2199efc5bb41771cb673c1
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e2f9e7451c409ae273daa6e8df97f00867cc9aaf3800efc58a9503c8c8cf4480
e2fa28116fcf72b7e715acea1e25b02e57f6ea4bc8f7bab0e085d41e7206dbfb
e3849fdc1eab88579b20b1b56875d6ef8299c4ad165e03921400ccae69149861
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e42869601ae87a83476b74dbfb615c3acde329931afc04beea4bd387f3703c7e
e45e318be7db86cf3fab5f433edd0f731a207cb48c18ae55d5f22dc758b2c0fc
e536fda1980cac11a47cfc3197cbfc1931ef79bb3988dbc75821e739003589f3
e5440d5afe856086addc185a34f00b1326fa0497d0eb579377005d9bb99e9063
e5bb1dfb95a1e6a46c4609b43efe53f3526d44a292202a004ffc15ee5505130f
e688988e1a802a298ca327000a3266be6af64da0c6f6a48dd38dfd4bc30fa951
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
e82f45f03c68b92279eb091b7dfea6ea4e2cd0642cc445713bb4d6ec22d951db
e8c0ca3ede5b9060523d1bc8167001e2a1ada06568908f92e7114fed37b29443
e9032b8e95fc74d9ce9c069e76ffe86cb4046dc6ae863ffa8410cf445e5feaf3
eb4db95cf7c97ce22bd98d1b95dfd82204843cc8854cbe0b3b6b93be4fa41a2f
ec2331a778dbfefbcad2b0545c6b23347b21054f036c96b376df8b52573dc124
ed6d34b5f56ad9506a0f30257f4c10eae35a18d9796fcc4b2517b946614af519
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
ee888bc3e7a166fe422eb4ba38421559ac0d86114235822d5ee02d8c5bdd7d63
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef9853fe009fad797c3ca8b0a0b21be0321df633f869a6f020b8a1ff5e31cd9a
efcf6788a2145832c38407e559036d7ddd13715ffc8f6699e2eff442c2aba5ba
f0c1ddaa56262c182d7cc687a6b8fb1543422120ee1ec17129ef18fd2e6f8304
f25b68cae995caaaaea17d890f255f8863419c6126a53322bb4469053acfc4c8
f25c57b722ea4e3492f872995c0a4aa8998e64c947691be5dc592b8f16ffdb64
f28de26fa161a336a6b42af55bb8b03acb24f783ad1680e1c6d6e88f207d4c24
f3b107ae56dbfe344e761571ec869a03b7d31ef637b6d8703a332fb23eb2734e
f3cb1da0887284978d876f98e80f5cea23019d41667a2a6c68b17983574acdb9
f3d70165d1438b13b94b2aebf55f853777b6f44c8ca0b3473728bfefa90b115f
f594f7a4e2b35179b7762129c5595c22ec799cc453d771ac5ecfca191e67d5c8
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f5db49e2595c5452cb40d7681c1ad390d13d99d2f65a3e0ce46af5ef41ec3314
f5fc7531d692927d1adfd994a87620d662b5bdce296926c11eee646351de671e
f6adb794eda0e31a163ed517d8e63d388dbb762031a189349c72af2bc37bb4f2
f6c4fec29005ff8b4a4520fd5c1b5f3e71bd59df7ce4d3823e974c598abb2b40
f7e9d71d2e8404b4f0f6abeffeb9526df91a2bfe2c2af1be317d658e5ce561dc
f7ffa6fea5799287955bbccb8247344d1b93a2e2becfc2c7ccd92b44b9279bee
f811b4b9f291effb566ce0233b9819272c55f83e7b1cea2c65d5e2a40b5b5eeb
f8ced6bf9bea05abdaab670066b148ff7bd7676adefd009a7d2fda0a5883398a
fa911279e7ca3e2b0ee16c612930499e5611888ebecd24271c62adbd32f20f43
fb329000228cc5a24c264c57139de8bf854fc86fc18bf1c04ab61a2b5cb4b921
fb578159169bb38173ca68b7f9ce061b18af4e4e6724bf3c9c3e745cc954f177
fc184f57404301ea36f79a308de02beeca8008901d6ccc526d4ba02437b59d06
fc1c7704a38dc5aa12ae2faf7f4627fcf5bcbdffb0e1223729e5d9779f786927
fe1ea235ce11303facc38f4b079a0dba5fa7780e276849b5af683a7f943d624d
ff151943b4284eb07a2bf4c4dd491248d6d1e5b5f8e9d3870da0f207469f38a7
ff1ea82759f4df729f7ee24dac62805f05a2fc79c7ca4cb518a072a11835e884
ff4274c8318f98a23b2c5dca57e1b0be62ee9aa8ae7b27de2ddbf448aed1d9a1
ff94f227fcb352a183e351da7c4d86159a8a5876f03b9043606b23c3a5adf021