utua.com.br Open in urlscan Pro
2606:4700:10::ac43:1b40 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://u28862171.ct.sendgrid.net/ls/click?upn=FGzpuGs823TWhtkXpao69zVJyL1yMfEyMsqsOSKKgHik7I1gUKht3yOTNEp0JXumU194fgR6PeKqTuDthZE...
Effective URL:
https://utua.com.br/uy-emp-brou-turismo-social-p1/?utm_source=clevertap&utm_medium=email&utm_campaign=uy-utua-ct-ema...
Submission: On August 19 via manual (August 19th 2023, 4:55:50 am UTC) from UY — Scanned from DE

Summary HTTP 197 Redirects Behaviour Indicators

Summary

This website contacted 37 IPs in 6 countries across 27 domains to perform 197 HTTP transactions. The main IP is 2606:4700:10::ac43:1b40, located in United States and belongs to CLOUDFLARENET, US. The main domain is utua.com.br. The Cisco Umbrella rank of the primary domain is 744563.
TLS certificate: Issued by E1 on July 18th 2023. Valid for: 3 months.

This is the only time utua.com.br was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	167.89.118.28 167.89.118.28	11377 (SENDGRID) (SENDGRID)
1 1	143.204.98.52 143.204.98.52	16509 (AMAZON-02) (AMAZON-02)
4	2606:4700:10:... 2606:4700:10::ac43:1b40	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700:10:... 2606:4700:10::6816:129	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700:20:... 2606:4700:20::ac43:480b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a02:2638:d::2 2a02:2638:d::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2606:4700::68... 2606:4700::6810:5714	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:10:... 2606:4700:10::6816:3556	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2600:9000:225... 2600:9000:2250:1400:a:e047:753:6381	() ()
1	65.9.66.122 65.9.66.122	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:80b::2001	15169 (GOOGLE) (GOOGLE)
6	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
1 2	34.120.107.143 34.120.107.143	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.255.227.198 34.255.227.198	16509 (AMAZON-02) (AMAZON-02)
1	141.95.98.64 141.95.98.64	16276 (OVH) (OVH)
1	2606:4700:20:... 2606:4700:20::681a:451	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	178.250.1.11 178.250.1.11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	2001:4860:480... 2001:4860:4802:32::35	15169 (GOOGLE) (GOOGLE)
1	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
38	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
24	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
9 12	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
6 12	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
6 9	185.89.210.244 185.89.210.244	29990 (ASN-APPNEX) (ASN-APPNEX)
1 3	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
44	2a00:1450:400... 2a00:1450:4001:813::2006	15169 (GOOGLE) (GOOGLE)
6	216.58.206.34 216.58.206.34	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
197	37

1 167.89.118.28 (Las Vegas, United States) 1 redirects

ASN11377 (SENDGRID, US)
PTR: o16789118x28.outbound-mail.sendgrid.net

u28862171.ct.sendgrid.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.52 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-52.fra50.r.cloudfront.net

wizrocketmail.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:10::ac43:1b40 (United States)

ASN13335 (CLOUDFLARENET, US)

utua.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:129 (United States)

ASN13335 (CLOUDFLARENET, US)

bucket.utua.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:480b (United States)

ASN13335 (CLOUDFLARENET, US)

assets.begrowth.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:d::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:3556 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:1400:a:e047:753:6381 (United States)

ASN- ()

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.66.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-122.fra56.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.107.143 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 143.107.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.255.227.198 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-255-227-198.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.98.64 (France)

ASN16276 (OVH, FR)
PTR: ns3216658.ip-141-95-98.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:451 (United States)

ASN13335 (CLOUDFLARENET, US)

location.begrowth.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.1.11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:4860:4802:32::35 (United States)

ASN15169 (GOOGLE, US)

growthcontrol-events-endpoint-go-wfqcv7fa5a-rj.a.run.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.186.66 (Grosse Pointe, United States) 9 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 185.80.39.216 (Canada) 6 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 185.89.210.244 (Frankfurt am Main, Germany) 6 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

44 2a00:1450:4001:813::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 216.58.206.34 (United States)

ASN15169 (GOOGLE, US)
PTR: lhr35s10-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
67	googlesyndication.com 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 125 tpc.googlesyndication.com — Cisco Umbrella Rank: 163	470 KB
44	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 352	605 KB
32	doubleclick.net 9 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 228 stats.g.doubleclick.net — Cisco Umbrella Rank: 122 googleads.g.doubleclick.net — Cisco Umbrella Rank: 55 cm.g.doubleclick.net — Cisco Umbrella Rank: 261 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 371	360 KB
12	casalemedia.com 6 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 760	9 KB
9	adnxs.com 6 redirects ib.adnxs.com — Cisco Umbrella Rank: 275	7 KB
9	google.com 1 redirects region1.analytics.google.com — Cisco Umbrella Rank: 2706 www.google.com — Cisco Umbrella Rank: 3	2 KB
6	gstatic.com fonts.gstatic.com www.gstatic.com	62 KB
5	utua.com.br utua.com.br — Cisco Umbrella Rank: 744563 bucket.utua.com.br	28 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 225	226 KB
4	run.app growthcontrol-events-endpoint-go-wfqcv7fa5a-rj.a.run.app	141 B
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 277	70 KB
3	openx.net 1 redirects oajs.openx.net — Cisco Umbrella Rank: 1546 google-bidout-d.openx.net — Cisco Umbrella Rank: 1553	807 B
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 73	2 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 62	21 KB
2	criteo.com gum.criteo.com — Cisco Umbrella Rank: 442	7 KB
2	google.de www.google.de — Cisco Umbrella Rank: 5345	515 B
2	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 1073 bcp.crwdcntrl.net — Cisco Umbrella Rank: 1036	12 KB
2	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 1013 id5-sync.com — Cisco Umbrella Rank: 440	26 KB
2	begrowth.com.br assets.begrowth.com.br location.begrowth.com.br	20 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 76	167 KB
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 1835	2 KB
1	creativecdn.com invstatic101.creativecdn.com — Cisco Umbrella Rank: 1611	1 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 374	1 KB
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 710	13 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 1691	8 KB
1	wizrocketmail.net 1 redirects wizrocketmail.net — Cisco Umbrella Rank: 137937	778 B
1	sendgrid.net 1 redirects u28862171.ct.sendgrid.net	795 B
197	27

	Domain	Requested by
44	s0.2mdn.net	utua.com.br s0.2mdn.net
38	pagead2.googlesyndication.com	9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net securepubads.g.doubleclick.net www.googletagservices.com
24	tpc.googlesyndication.com	9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com utua.com.br tpc.googlesyndication.com securepubads.g.doubleclick.net
12	dsum-sec.casalemedia.com	6 redirects googleads.g.doubleclick.net
12	cm.g.doubleclick.net	9 redirects googleads.g.doubleclick.net
9	ib.adnxs.com	6 redirects googleads.g.doubleclick.net
8	googleads.g.doubleclick.net	9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com utua.com.br pagead2.googlesyndication.com
6	googleads4.g.doubleclick.net	utua.com.br
6	region1.analytics.google.com	www.googletagmanager.com
5	9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	www.googletagservices.com	9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com utua.com.br
4	growthcontrol-events-endpoint-go-wfqcv7fa5a-rj.a.run.app	assets.begrowth.com.br
4	fonts.gstatic.com	fonts.googleapis.com
4	securepubads.g.doubleclick.net	utua.com.br securepubads.g.doubleclick.net
4	utua.com.br	utua.com.br
3	cdnjs.cloudflare.com	s0.2mdn.net
3	www.google.com	1 redirects tpc.googlesyndication.com
3	fonts.googleapis.com	utua.com.br 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com tpc.googlesyndication.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.gstatic.com	9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
2	gum.criteo.com	static.criteo.net gum.criteo.com
2	oajs.openx.net	1 redirects utua.com.br
2	www.google.de	utua.com.br
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	www.googletagmanager.com	utua.com.br www.googletagmanager.com
1	google-bidout-d.openx.net	oa.openxcdn.net
1	location.begrowth.com.br	assets.begrowth.com.br
1	id5-sync.com	cdn.id5-sync.com
1	bcp.crwdcntrl.net	tags.crwdcntrl.net
1	tags.crwdcntrl.net	securepubads.g.doubleclick.net
1	cdn.prod.uidapi.com	securepubads.g.doubleclick.net
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	cdn.id5-sync.com	securepubads.g.doubleclick.net
1	cdn.jsdelivr.net	securepubads.g.doubleclick.net
1	static.criteo.net	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	assets.begrowth.com.br	utua.com.br
1	bucket.utua.com.br	utua.com.br
1	wizrocketmail.net	1 redirects
1	u28862171.ct.sendgrid.net	1 redirects
197	40

This site contains no links.

Subject Issuer	Validity	Valid
utua.com.br E1	`2023-07-18` - `2023-10-16`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-25` - `2024-05-24`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
begrowth.com.br GTS CA 1P5	`2023-07-15` - `2023-10-13`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
oa.openxcdn.net GTS CA 1D4	`2023-07-27` - `2023-10-25`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-05` - `2023-10-31`	3 months	crt.sh
invstatic101.creativecdn.com GTS CA 1D4	`2023-06-27` - `2023-09-25`	3 months	crt.sh
cdn.prod.uidapi.com R3	`2023-08-10` - `2023-11-08`	3 months	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M01	`2022-11-07` - `2023-12-06`	a year	crt.sh
www.google.de GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
*.id5-sync.com R3	`2023-07-04` - `2023-10-02`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-19` - `2023-10-18`	3 months	crt.sh
*.a.run.app GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh

This page contains 22 frames:

Primary Page: https://utua.com.br/uy-emp-brou-turismo-social-p1/?utm_source=clevertap&utm_medium=email&utm_campaign=uy-utua-ct-email-emp&utm_content=uy-utua-ct-email-emp-ag&utm_term=uy-utua-ct-email-emp-ag-712&an_uid=acf5e81ecd5541ab79ed82b3301f98fbff0ad68266dcebc810f14830f98384a2
Frame ID: D028C0F0859470BC7583A66E9ECBDC15
Requests: 43 HTTP requests in this frame

Frame: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 3826FFC64AEE894F65CE96059F73D084
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=utua.com.br
Frame ID: 5F431C7DEE1E0E3136361B89E1A08C87
Requests: 2 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 2506EFF522045ACA611FFA039D7267AE
Requests: 1 HTTP requests in this frame

Frame: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 17F503BC8DE4E6A73950868ADFBD5B54
Requests: 19 HTTP requests in this frame

Frame: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: DEC85400BEE4EF0E5D0EB2B1245257BF
Requests: 19 HTTP requests in this frame

Frame: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: F0673824BF38FD41B9482DEB832D0AA2
Requests: 19 HTTP requests in this frame

Frame: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: E17D0A93AF0EE6088A0BCED8244362A3
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHlswIQ8KXioQIYm77w0AEwAQ&v=APEucNWhSfVg0f7CIEsQPrMXoOMAFjg-wSxA2QfDV6VuXQBMFLXskIUAzU1WEPjpABdFzM4Sk6w9zFn7uRwQSG3pum3WwMaiTk--Zu5x28nMTZrhsM6FCF3ZUDQ9YN9NFgBh7wJys1tcbLHJMhzE3Wzt4En_c_ht_GeGUeDrYNd_5SUY8_iOkJY
Frame ID: AF7E30208A927F818FCEC76690AF137F
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHlswIQ8KXioQIYvLrw0AEwAQ&v=APEucNW4wVgLYLx6ElAhxfA_y449tt2AOd_iFkxNSWPfDglr-vHRODVgkOif6xBbuetkEtrr1oiOT8MO4YbuGgqDdQtgcMzfruant4VRPfhof6CKndDsxlY1dUjFfYaVtasaLzif0cUhaUIgOI3Qw3iUIVMmpM2Tdw0ii39W6JPVDYVOBLl7N_s
Frame ID: 0BD8ABC7EDF0BBF1F1E0CE6CF6144141
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHlswIQ8KXioQIYpLvw0AEwAQ&v=APEucNWR6GzgA2HWjXpkYSeZYDUvGYJBMtzcT3UmotPntuoraQ2a3pNB-Bn--Mn0OMNIGkfFBXXoC_sHX1M4jwArjygAYYowsM_duAWZe4LF3giZyLqHIqXmmaORGmppd78TI_yrVdyjVFV4JQSt5fO-MkNImYcZbBbLVi-rv8PerCirBcncKnM
Frame ID: A5D4DB5B4008CE3C5735E77EAA6D58FE
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_listing.html
Frame ID: 570F37A865A517FE67B1AC8A09FCA613
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20230816/r20110914/abg_lite_fy2021.js
Frame ID: 72D5628533BA8A231717EF77F10EB2B1
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: CE689CAFCCA83C7E50D91BBDF5DAE9A2
Requests: 2 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/index.html?ev=01_250
Frame ID: AEF15F5096BC7896E3B5BBAE423C9B16
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 5EBF8BB7198935933A40ED7126198629
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/index.html?ev=01_250
Frame ID: 64D289D48A97603B4DDB1B9DA9A50E0E
Requests: 15 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/index.html?ev=01_250
Frame ID: CE99BC32A736A5BAD1506A9084BFF33B
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: CA16D61E9E39A6971B23E42A202B8E0F
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: FC2F598B497F3AE31A7E82BFDF981B20
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 1EC68FC4508A24050B00A25DC7B5FAB6
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 0FCD4C1E9C1DE19D94326A75ACF8E349
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Solicite su Préstamo de Turismo Social del Banco República

Page URL History Show full URLs

https://u28862171.ct.sendgrid.net/ls/click?upn=FGzpuGs823TWhtkXpao69zVJyL1yMfEyMsqsOSKKgHik7I1gUKht3yOTNEp0JXu... HTTP 302
https://wizrocketmail.net/r?e=K24AGR8ECWN6CGR9DSZjfwoEBAEpJCw8KSQsegYIBQFiJhILJD8hOFtfX2s0NT0gPj8SC04B... HTTP 302
https://utua.com.br/uy-emp-brou-turismo-social-p1/?utm_source=clevertap&utm_medium=email&utm_cam... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

197
Requests

93 %
HTTPS

63 %
IPv6

27
Domains

40
Subdomains

37
IPs

6
Countries

2109 kB
Transfer

5148 kB
Size

22
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://u28862171.ct.sendgrid.net/ls/click?upn=FGzpuGs823TWhtkXpao69zVJyL1yMfEyMsqsOSKKgHik7I1gUKht3yOTNEp0JXumU194fgR6PeKqTuDthZE8hHRJlY5I6463FQ9DOpCaIuWyQWLenIVHRH2uHvNJ6MUu4wxXDFzdVUVRSLdpAvXBFayrYxMwG8KZUwxfS-2BTQrBAggsOlbtcuG5OIXHNiQ6rXZ50tr4ZNu9sKaZmqZSmnMh71n6tsTHd6xllpCNCpZlH5ut2DsR3IVRi6ZBw91udFjd535Qulq6HBWPv3szfAA-2BvrAw-2F64-2Fu7tKvKEFDG8fyGQPEH-2FQiTy3xIFk-2B775PHpCR9P6eo3N-2F0j8dNSCVESBUea2mkDHxRD8oGhgR7GrTChL2ezCNS87-2BZuDk3GzU9WUSJqa7WsnLmUaD0cOkxygumiiQhPx1etblI1GclsdwhaxWvj4bA6KiCWsUJkqdsDKlvhNv2Yg-2F8kX1i6X4duLBNpEpCridXtIocuKibJZt9xZj57hxnwN-2BjSGx-2FMY2R1HHehhVJjbUyAetIseO8f5qMEmo6hTwHMdcsc8PrKrMwWQpZ47-2Bo72bcKp-2F52P58-2FF92ZBBpC6tvpupAzD-2BCvx2rIocU5b7tFb4myUj7TyQyFQ8iecUaZlERth1z6pBoGbyRUggparsvtvwq3GAHEl59hvzrA8Nwh-2FMV5jAM-2B0AK9hKFOo86BRvx-2FeicVz92cFoSWAN1TWJL-2FphP4D22nh-2FNHGKYBVCupas4qLQPuupY3Y1lo1zU0fUhBc2-2BxhrEdjSh4hDGk6qyYXkqTUj1QRqdMSP4cHI-2B6XmFQKSCGBk-3DGzEI_aSmN-2BEwMEgswmlPJqohwgYOixg-2B3iNpKxOxnD863GRvT-2BoUQtdFrAfSLNlxbE3kky-2FEecCU-2FRlATuzGyR7pjOe5sGMbSxcnvUA7QgZ-2BhibehC4GmArB20g5L-2F3cRWfzAdBBr56axIubGTUNVKWn31PQrxdb6wSp9ndZecTYL7mtB4faJJRFZNjZ7-2FPGc6f8q-2Bz8fS4bmrIC4gMJo3lsizGkcMPpfs7K6quJ8dPjQpx1Ja40mAq1-2FB-2FV5vjT1h1udJRykuPOkqlZ4iScYBbF1HN1kKySj-2BhzwjeVbK2dWyQKwnthGTr-2FQqchyBpyrVJyE4TZ9BRXPygG46TxPlERqMIqbrriarqEOKjYks-2BxmDiZDjqVYrvXaBseuTM8KTVZZOElxxVrRqqFykflNMGpdxxnCdanQzsx3ldfNh8Ia6pwenBW9Yg1hSkX5o66BgKuZkluceWuC28hYDM0dlR8g0A-3D-3D HTTP 302
https://wizrocketmail.net/r?e=K24AGR8ECWN6CGR9DSZjfwoEBAEpJCw8KSQsegYIBQFiJhILJD8hOFtfX2s0NT0gPj8SC04BTVEhPzw%2FKxQ9P1tWWFc2LjskOXoRJ1tTWlEzJilpICAgIG1ZVRZteGN9bmhifgIBAwIIaGJ5ZGpqegYSHRYgICAgCCo7PV1EEw51DDM5Pjs8PxJyE0k%3D&r=https%3A%2F%2Futua.com.br%2Fuy-emp-brou-turismo-social-p1%2F%3Futm_source%3Dclevertap%26utm_medium%3Demail%26utm_campaign%3Duy-utua-ct-email-emp%26utm_content%3Duy-utua-ct-email-emp-ag%26utm_term%3Duy-utua-ct-email-emp-ag-712%26an_uid%3Dacf5e81ecd5541ab79ed82b3301f98fbff0ad68266dcebc810f14830f98384a2&c=653790000&token=GlVfBgNRAgEFAgA%3D&try=1&$follow_redirect=true HTTP 302
https://utua.com.br/uy-emp-brou-turismo-social-p1/?utm_source=clevertap&utm_medium=email&utm_campaign=uy-utua-ct-email-emp&utm_content=uy-utua-ct-email-emp-ag&utm_term=uy-utua-ct-email-emp-ag-712&an_uid=acf5e81ecd5541ab79ed82b3301f98fbff0ad68266dcebc810f14830f98384a2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 25

https://oajs.openx.net/esp?url=https%3A%2F%2Futua.com.br%2Fuy-emp-brou-turismo-social-p1%2F%3Futm_source%3Dclevertap%26utm_medium%3Demail%26utm_campaign%3Duy-utua-ct-email-emp%26utm_content%3Duy-utua-ct-email-emp-ag%26utm_term%3Duy-utua-ct-email-emp-ag-712&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Futua.com.br%2Fuy-emp-brou-turismo-social-p1%2F%3Futm_source%3Dclevertap%26utm_medium%3Demail%26utm_campaign%3Duy-utua-ct-email-emp%26utm_content%3Duy-utua-ct-email-emp-ag%26utm_term%3Duy-utua-ct-email-emp-ag-712&rid=esp&cc=1

Request Chain 78

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJo1ZzLaAICj0krkJEYI2Q&google_cver=1

Request Chain 79

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZOBLUQthoaBt89P2-EeZWAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJo1ZzLaAICj0krkJEYI2Q&google_cver=1

Request Chain 80

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEMm_oPs0xlu5UwqYoeaVAks&google_cver=1

Request Chain 81

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTEyODUxMzczNTEzMjgxMDc1OA%3D%3D

Request Chain 82

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJo1ZzLaAICj0krkJEYI2Q&google_cver=1

Request Chain 83

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZOBLUQthoaBt89P2-EeZWAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJo1ZzLaAICj0krkJEYI2Q&google_cver=1

Request Chain 84

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEMm_oPs0xlu5UwqYoeaVAks&google_cver=1

Request Chain 85

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTEyODUxMzczNTEzMjgxMDc1OA%3D%3D

Request Chain 86

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJo1ZzLaAICj0krkJEYI2Q&google_cver=1

Request Chain 87

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZOBLUQthoaBt89P2-EeZWAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJo1ZzLaAICj0krkJEYI2Q&google_cver=1

Request Chain 88

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEMm_oPs0xlu5UwqYoeaVAks&google_cver=1

Request Chain 89

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTEyODUxMzczNTEzMjgxMDc1OA%3D%3D

Request Chain 90

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

197 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
utua.com.br/uy-emp-brou-turismo-social-p1/
Redirect Chain

https://u28862171.ct.sendgrid.net/ls/click?upn=FGzpuGs823TWhtkXpao69zVJyL1yMfEyMsqsOSKKgHik7I1gUKht3yOTNEp0JXumU194fgR6PeKqTuDthZE8hHRJlY5I6463FQ9DOpCaIuWyQWLenIVHRH2uHvNJ6MUu4wxXDFzdVUVRSLdpAvXBFa...
https://wizrocketmail.net/r?e=K24AGR8ECWN6CGR9DSZjfwoEBAEpJCw8KSQsegYIBQFiJhILJD8hOFtfX2s0NT0gPj8SC04BTVEhPzw%2FKxQ9P1tWWFc2LjskOXoRJ1tTWlEzJilpICAgIG1ZVRZteGN9bmhifgIBAwIIaGJ5ZGpqegYSHRYgICAgCCo7P...
https://utua.com.br/uy-emp-brou-turismo-social-p1/?utm_source=clevertap&utm_medium=email&utm_campaign=uy-utua-ct-email-emp&utm_content=uy-utua-ct-email-emp-ag&utm_term=uy-utua-ct-email-emp-ag-712&a...

67 KB
16 KB

841ms
755ms

Document
text/html

2606:4700:10::ac43:1b40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://utua.com.br/uy-emp-brou-turismo-social-p1/?utm_source=clevertap&utm_medium=email&utm_campaign=uy-utua-ct-email-emp&utm_content=uy-utua-ct-email-emp-ag&utm_term=uy-utua-ct-email-emp-ag-712&an_uid=acf5e81ecd5541ab79ed82b3301f98fbff0ad68266dcebc810f14830f98384a2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1b40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: 5a97084b3cca6a8ff925cb6a7a6827201aa166b36a9bc27034fc81aef054091f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, max-age=300
cf-cache-status: MISS
cf-ray: 7f8fce503ae31970-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 19 Aug 2023 04:55:44 GMT
last-modified: Sat, 19 Aug 2023 04:55:44 GMT
link: <https://utua.com.br/wp-json/>; rel="https://api.w.org/" <https://utua.com.br/wp-json/wp/v2/posts/25782>; rel="alternate"; type="application/json" <https://utua.com.br/?p=25782>; rel=shortlink
server: cloudflare
vary: Accept-Encoding
via: 1.1 google, 1.1 google
x-cloud-trace-context: cb27bae73842e429db27804fe5285e1c
x-powered-by: PHP/7.4.33

Redirect headers

Cache-Control: no-cache, no-store no-cache, no-store
Connection: keep-alive
Content-Length: 0
Date: Sat, 19 Aug 2023 04:55:43 GMT
Expires: 0
Location: https://utua.com.br/uy-emp-brou-turismo-social-p1/?utm_source=clevertap&utm_medium=email&utm_campaign=uy-utua-ct-email-emp&utm_content=uy-utua-ct-email-emp-ag&utm_term=uy-utua-ct-email-emp-ag-712&an_uid=acf5e81ecd5541ab79ed82b3301f98fbff0ad68266dcebc810f14830f98384a2
Pragma: no-cache
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
Via: 1.1 ba77f90aac0ddbc2c4c2c02062fac762.cloudfront.net (CloudFront)
X-Amz-Cf-Id: fTnCeykzyWKVNR-RBjn2DMbD38dQ-tZuvslDtqwC6qUBWVuo7YlDjQ==
X-Amz-Cf-Pop: FRA50-C1
X-Cache: Miss from cloudfront
X-Frame-Options: SAMEORIGIN

GET
H2 200 css2
fonts.googleapis.com/ 848 B
827 B 58ms
23ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=DM+Sans&display=swap

Requested by

Host: utua.com.br
URL: https://utua.com.br/uy-emp-brou-turismo-social-p1/?utm_source=clevertap&utm_medium=email&utm_campaign=uy-utua-ct-email-emp&utm_content=uy-utua-ct-email-emp-ag&utm_term=uy-utua-ct-email-emp-ag-712&an_uid=acf5e81ecd5541ab79ed82b3301f98fbff0ad68266dcebc810f14830f98384a2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5b7b259a87df556c5752105da739eaaf0142a9b2c83fec6fd092501f90bc5817

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 19 Aug 2023 04:55:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 19 Aug 2023 03:49:17 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 19 Aug 2023 04:55:44 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 98 KB
29 KB 126ms
91ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

63f223dd3348a4402a4277945a9adaff2f9019056a2cff2b67cb39805501aab4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29214
x-xss-protection: 0
server: cafe
etag: 889 / 19588 / 31077195 / config-hash: 4570674370816517536
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 19 Aug 2023 04:55:44 GMT

GET
H2 200 classic-themes.min.css
utua.com.br/wp-includes/css/ 291 B
321 B 25ms
24ms Stylesheet
text/css 2606:4700:10::ac43:1b40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://utua.com.br/wp-includes/css/classic-themes.min.css?ver=6.2
Requested by: Host: utua.com.br
URL: https://utua.com.br/uy-emp-brou-turismo-social-p1/?utm_source=clevertap&utm_medium=email&utm_campaign=uy-utua-ct-email-emp&utm_content=uy-utua-ct-email-emp-ag&utm_term=uy-utua-ct-email-emp-ag-712&an_uid=acf5e81ecd5541ab79ed82b3301f98fbff0ad68266dcebc810f14830f98384a2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1b40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/uy-emp-brou-turismo-social-p1/?utm_source=clevertap&utm_medium=email&utm_campaign=uy-utua-ct-email-emp&utm_content=uy-utua-ct-email-emp-ag&utm_term=uy-utua-ct-email-emp-ag-712&an_uid=acf5e81ecd5541ab79ed82b3301f98fbff0ad68266dcebc810f14830f98384a2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:44 GMT
via: 1.1 google, 1.1 google
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 14 Jul 2023 17:03:10 GMT
server: cloudflare
age: 28392
etag: W/"123-600756c650f80-gzip"
vary: Accept-Encoding
content-type: text/css
x-cloud-trace-context: 693d7e77fab586d000a4d37a488f16c1
cache-control: private, max-age=300
cf-ray: 7f8fce54ff171970-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 style.post.css
utua.com.br/wp-content/themes/clean-n-beauty-theme/css/ 20 KB
5 KB 26ms
25ms Stylesheet
text/css 2606:4700:10::ac43:1b40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://utua.com.br/wp-content/themes/clean-n-beauty-theme/css/style.post.css?ver=19082023015543
Requested by: Host: utua.com.br
URL: https://utua.com.br/uy-emp-brou-turismo-social-p1/?utm_source=clevertap&utm_medium=email&utm_campaign=uy-utua-ct-email-emp&utm_content=uy-utua-ct-email-emp-ag&utm_term=uy-utua-ct-email-emp-ag-712&an_uid=acf5e81ecd5541ab79ed82b3301f98fbff0ad68266dcebc810f14830f98384a2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1b40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c6e298baccf7bccebe558cd80c7473a2c6910bd2b2ec674e63079bc8adfef527

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/uy-emp-brou-turismo-social-p1/?utm_source=clevertap&utm_medium=email&utm_campaign=uy-utua-ct-email-emp&utm_content=uy-utua-ct-email-emp-ag&utm_term=uy-utua-ct-email-emp-ag-712&an_uid=acf5e81ecd5541ab79ed82b3301f98fbff0ad68266dcebc810f14830f98384a2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:44 GMT
via: 1.1 google, 1.1 google
content-encoding: br
cf-cache-status: HIT
age: 22716
cf-polished: origSize=25759
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 14 Jul 2023 17:03:09 GMT
server: cloudflare
etag: W/"649f-600756c55cd40-gzip"
vary: Accept-Encoding
content-type: text/css
x-cloud-trace-context: 469e965b29b1680aed54b87d530f8fd2
cache-control: private, max-age=300
cf-ray: 7f8fce54ff181970-FRA

GET
H2 200 11a7673d-brou-442x332.webp
bucket.utua.com.br/img/2021/12/ 4 KB
5 KB 1575ms
1300ms Image
image/webp 2606:4700:10::6816:129
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bucket.utua.com.br/img/2021/12/11a7673d-brou-442x332.webp
Requested by: Host: utua.com.br
URL: https://utua.com.br/uy-emp-brou-turismo-social-p1/?utm_source=clevertap&utm_medium=email&utm_campaign=uy-utua-ct-email-emp&utm_content=uy-utua-ct-email-emp-ag&utm_term=uy-utua-ct-email-emp-ag-712&an_uid=acf5e81ecd5541ab79ed82b3301f98fbff0ad68266dcebc810f14830f98384a2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:129 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d95df2652b4b0c7f1aaf21e2aa059e175659a02231d8180e73a01c4eaccfd986

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:45 GMT
cf-cache-status: MISS
x-guploader-uploadid: ADPycduggXiMEC8kKeG2pB8-lLZZNNd_q3CS8Zjmr2MH4Zb4dQaXQiZ-B0SaPF8R4HlEb84U_hMrMmJfT7Ijen6mfUEtew
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
content-length: 4058
x-goog-meta-height: 332
x-goog-meta-file-hash: d41d8cd98f00b204e9800998ecf8427e
last-modified: Tue, 25 Oct 2022 20:43:39 GMT
x-goog-meta-child-of: 27137
server: cloudflare
etag: "4fb453b505618aa160d2a0aaabb38080"
vary: Accept-Encoding
x-goog-generation: 1666730619886131
content-type: image/webp
x-goog-hash: crc32c=4QL9/w==, md5=T7RTtQVhiqFg0qCqq7OAgA==
x-goog-meta-width: 442
cache-control: public, max-age=36000, must-revalidate
x-goog-stored-content-length: 4058
accept-ranges: bytes
cf-ray: 7f8fce571ae1900a-FRA
x-goog-meta-size: img-442
expires: Sat, 19 Aug 2023 14:55:45 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 254 KB
85 KB 65ms
29ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-T48CH8D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

94257fc3866c7bbdc584c7bf3abbbfa228e6959e3c1708ca619fd2175729c0af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:44 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 86464
x-xss-protection: 0
last-modified: Sat, 19 Aug 2023 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 19 Aug 2023 04:55:44 GMT

GET
H2 200 growthcontrol-lite-ltv.build.js Show response
assets.begrowth.com.br/growthcontrol/ 72 KB
19 KB 281ms
30ms Script
text/javascript 2606:4700:20::ac43:480b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.begrowth.com.br/growthcontrol/growthcontrol-lite-ltv.build.js
Requested by: Host: utua.com.br
URL: https://utua.com.br/uy-emp-brou-turismo-social-p1/?utm_source=clevertap&utm_medium=email&utm_campaign=uy-utua-ct-email-emp&utm_content=uy-utua-ct-email-emp-ag&utm_term=uy-utua-ct-email-emp-ag-712
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:480b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ccd0757f023e0bbda7f4bbd2c5d84103681c9ce2b771337534d31066853e248d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:44 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3068
cf-polished: origSize=73954
x-guploader-uploadid: ADPycdvYBr4Gd9-HOPJrFg677uKHHs4bvoI7G5Di9mQhclbKhzAYzCEhETBKCk-tveTfoIm3IWxnehQzPNFF_Go7HMhtYA
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
cf-bgj: minify
last-modified: Fri, 17 Mar 2023 19:37:01 GMT
server: cloudflare
etag: W/"bdee3d3f971900ba215ddd16446ef924"
vary: Accept-Encoding
x-goog-generation: 1679081821460101
content-type: text/javascript
access-control-allow-origin: *
x-goog-hash: crc32c=ur+DTg==, md5=ve49P5cZALohXd0WRG75JA==
access-control-expose-headers: Content-Type
cache-control: public, max-age=1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=85rFgRq6tBrLp1jmBjaaief6e3LCi6wc49uw4jGQXXlsqu7CpXXwBy1vBrXB2wdSdRy4%2BxIxToT63wY7kfjOgTCWXg7Oa3gLIuukuRtRGai3mAqTju8ND7HTQmvDPslTnMftTSPGB23wK3D9QqXNExl9ERk%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 73954
cf-ray: 7f8fce56fb9b366d-FRA
expires: Sat, 19 Aug 2023 04:05:36 GMT

GET
H3 200 spritesheet.png
utua.com.br/wp-content/themes/clean-n-beauty-theme/images/ 1 KB
2 KB 24ms
24ms Image
image/webp 2606:4700:10::ac43:1b40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://utua.com.br/wp-content/themes/clean-n-beauty-theme/images/spritesheet.png
Requested by: Host: utua.com.br
URL: https://utua.com.br/wp-content/themes/clean-n-beauty-theme/css/style.post.css?ver=19082023015543
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::ac43:1b40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 729fdd056968891a9b7a1eb8fa6365f58a7da10fd953e837feec3bea6501b585

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/wp-content/themes/clean-n-beauty-theme/css/style.post.css?ver=19082023015543
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:44 GMT
via: 1.1 google, 1.1 google
cf-cache-status: HIT
age: 73148
cf-polished: origFmt=png, origSize=3567
content-disposition: inline; filename="spritesheet.webp"
alt-svc: h3=":443"; ma=86400
content-length: 1366
cf-bgj: imgq:85,h2pri
last-modified: Fri, 14 Jul 2023 17:03:09 GMT
server: cloudflare
etag: "def-600756c55cd40"
vary: Accept
content-type: image/webp
x-cloud-trace-context: 346169e48ee74165226aee331967bfdb
cache-control: max-age=300
accept-ranges: bytes
cf-ray: 7f8fce556e650410-FRA

GET
H2 200 rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAopxRSW32.woff2
fonts.gstatic.com/s/dmsans/v14/ 14 KB
14 KB 52ms
16ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAopxRSW32.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=DM+Sans&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b99e2ac0acd1e779f2db8aa9fc92e5901207ad6150689a5318163a70ee667157

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://utua.com.br
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 17:41:50 GMT
x-content-type-options: nosniff
age: 299634
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14132
x-xss-protection: 0
last-modified: Wed, 12 Jul 2023 22:06:27 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Aug 2024 17:41:50 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308170101/ 402 KB
127 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308170101/pubads_impl.js?cb=31077195

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ed0b6cf04cd484a5a817d7e64121674b837a42c361df9231f899270acbf49dfb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 21:45:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 25803
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 129577
x-xss-protection: 0
server: cafe
etag: 2336233631454045957
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sat, 17 Aug 2024 21:45:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 241 KB
82 KB 35ms
34ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y1WZWFMSQF&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T48CH8D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6b7faea750227b54a6938a6403fc6c96c480f890218d63e9acbd1ade6f1d664c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:44 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 84127
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 19 Aug 2023 04:55:44 GMT

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 50ms
15ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308170101/pubads_impl.js?cb=31077195
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 02:29:26 GMT
content-encoding: gzip
age: 1909578
x-guploader-uploadid: ADPycdtgQcQ5-IXNGnj-bizVFPypnO5rWXUHHepVnzEiAeMz7KZUZ57OqZuzfW-lDA7aFwUvM3c09LWW8P8XbazHPZIusw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Sat, 27 Jul 2024 02:29:26 GMT

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 43 KB
13 KB 122ms
66ms Script
text/javascript 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308170101/pubads_impl.js?cb=31077195

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

14b4caf239342334bf7b8280605e60f67c33c589762047b8bd67c0552fdb80a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:44 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 03 Aug 2023 11:12:29 GMT
server: nginx
etag: W/"64cb8b9d-aa04"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 20 Aug 2023 04:55:44 GMT

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
1 KB 52ms
22ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308170101/pubads_impl.js?cb=31077195

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 5755
x-jsd-version: master
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230042-FRA, cache-jnb7027-JNB
x-jsd-version-type: branch
server: cloudflare
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w2apRdddLJT9qU0SbmCIjqDWLKTCnC7RR137%2B73wkh0nEaE9yc7xhT2Bt7QmBkqWUAdtsX0r8ao4I8TO05BGZUSOT1lvIr4aqi%2FVnAjwZPnA7tox8zOkCS4in7F1XYVUGd01U5vOUGMZ5SiXf70%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 7f8fce56ed6a3a80-FRA

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 112 KB
26 KB 59ms
28ms Script
text/javascript 2606:4700:10::6816:3556
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308170101/pubads_impl.js?cb=31077195

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3556 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0c750b97759124bffe209a81cfb7a3aa05dd20ca1168314348cb865254f1ce2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 02 Aug 2023 11:32:19 GMT
server: cloudflare
x-amz-request-id: WYJ03SF4665EXAPH
age: 3011
etag: W/"25c6f4638264ba52fb77e06351d38d61"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 7f8fce56ede69bf8-FRA
x-amz-id-2: IPw2zshTMOj9qvNKrCCoXTp8KGLaJ7ukJIc7DUBXDzOYxd3zAxkJWp25yM6/kBpV8aLA1H1DBkstusOQ1eZ41A==

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 1 KB
1 KB 81ms
32ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308170101/pubads_impl.js?cb=31077195
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:44 GMT
via: 1.1 google, 1.1 google
last-modified: Thu, 03 Aug 2023 03:28:51 GMT
server: Google Frontend
etag: fc4e6bfe266081c4873c6f08c8298e5c
content-type: text/javascript; charset=utf-8
x-cloud-trace-context: 1069a535c08d98f7a2ecaa74a5cf4047
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1207

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 2 KB
2 KB 68ms
15ms Script
text/javascript 2600:9000:2250:1400:a:e047:753:6381

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308170101/pubads_impl.js?cb=31077195
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:1400:a:e047:753:6381 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a695b8b12c7d88355d0b1b33d6c643a7913bcfbeae91553bd7560019188b1032

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

x-amz-version-id: null
Date: Fri, 18 Aug 2023 05:08:18 GMT
Via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
Last-Modified: Thu, 04 May 2023 00:14:06 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P2
Age: 85647
x-amz-server-side-encryption: AES256
ETag: "4d5acbf33f4a0592ac0515db92fe88e6"
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1858
X-Amz-Cf-Id: kTinnjvcy8lhYQb0DGJgoFaUPQYRixgKIGrmaCFkScUV8F1WMTqUjw==

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 38 KB
12 KB 54ms
16ms Script
text/javascript 65.9.66.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308170101/pubads_impl.js?cb=31077195
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-122.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c0c2ec1f2d626ab278d81abe34d30681f0007e8c79a890165f27e3e1550e99b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 11:35:11 GMT
content-encoding: gzip
via: 1.1 29d33c5cd70a6501fde7bc2dba557906.cloudfront.net (CloudFront)
last-modified: Wed, 31 May 2023 20:34:33 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 62434
x-amz-server-side-encryption: AES256
etag: W/"550ead3a95bd6cfcd917d45c5f8f4553"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=86400
x-amz-cf-id: F8HhVHBB-Pcb8Jxma8TLV47SSH2CLLqGFs-hhBoq8yeDDksKgGOZxQ==

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 276 KB
76 KB 868ms
868ms XHR
text/plain 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3242360157067772&correlator=4278316918181372&eid=31077195%2C21065725&output=ldjh&gdfp_req=1&vrg=202308170101&ptt=17&impl=fifs&iu_parts=21862753527%2Cutua_desk_top%2Cutua_desk_content%2Cutua_desk_sidebar%2Cutua_desk_interstitial&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4&prev_iu_szs=728x250%7C970x250%7C980x90%2C320x50%7C300x250%7C336x280%2C120x600%7C160x600%7C300x600%7C300x250%2C1x1&fluid=0%2Cheight%2C0%2C0&ifi=1&sfv=1-0-40&ists=1&fas=0%2C0%2C0%2C8&sc=1&cookie_enabled=1&abxe=1&dt=1692420944432&lmt=1692413744&adxs=436%2C650%2C1468%2C-9&adys=98%2C382%2C122%2C-9&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0%7C0%7C-1&ucis=1%7C2%7C3%7C4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Futua.com.br%2Fuy-emp-brou-turismo-social-p1%2F%3Futm_source%3Dclevertap%26utm_medium%3Demail%26utm_campaign%3Duy-utua-ct-email-emp%26utm_content%3Duy-utua-ct-email-emp-ag%26utm_term%3Duy-utua-ct-email-emp-ag-712&vis=1&psz=1600x1200%7C800x0%7C120x250%7C0x-1&msz=1600x0%7C800x0%7C120x250%7C0x-1&fws=4%2C4%2C516%2C2&ohw=1600%2C1600%2C1600%2C0&ga_vid=31169173.1692420944&ga_sid=1692420944&ga_hid=33311920&ga_fc=false&dlt=1692420944152&idt=250&cust_params=request_uri%3D%252Fuy-emp-brou-turismo-social-p1%252F%26utm_source%3Dclevertap%26utm_medium%3Demail%26utm_campaign%3Duy-utua-ct-email-emp%26utm_content%3Duy-utua-ct-email-emp-ag%26utm_term%3Duy-utua-ct-email-emp-ag-712%26placement%3Ddirect%26hour%3D06%26dayshifts%3Dmorning&adks=3399986936%2C1558435176%2C695725469%2C687659283&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308170101/pubads_impl.js?cb=31077195

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c282a87204ed0af32b0a750700e74bfb4368bca16f5fd07d3ece989c9ccb9291

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_listing.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_listing.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CInA06n354ADFcR84AodFQQPLg&gqi=&layout=/pagead/gadgets/in_page_full_auto_V1/Responsive_listing.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_listing.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_listing.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CInA06n354ADFcR84AodFQQPLg&gqi=&layout=/pagead/gadgets/in_page_full_auto_V1/Responsive_listing.html
date: Sat, 19 Aug 2023 04:55:45 GMT
x-content-type-options: nosniff
content-encoding: br
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77589
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://utua.com.br
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3826 6 KB
3 KB 137ms
70ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308170101/pubads_impl.js?cb=31077195

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://utua.com.br/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 19 Aug 2023 04:55:44 GMT
expires: Sun, 18 Aug 2024 04:55:44 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_page_level_ads.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308170101/ 37 KB
13 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308170101/pubads_impl_page_level_ads.js?cb=31077195

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308170101/pubads_impl.js?cb=31077195

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

85546fc1dc5bd86a9db3f5d39e5cbc0dd92106c5e67c147d78eddf19b3f13a2b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 11:37:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 62323
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13156
x-xss-protection: 0
server: cafe
etag: 1643040129009188309
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sat, 17 Aug 2024 11:37:01 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 75ms
26ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-Y1WZWFMSQF&gtm=45je38g0&_p=33311920&_gaz=1&cid=31169173.1692420944&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1692420944&sct=1&seg=0&dl=https%3A%2F%2Futua.com.br%2Fuy-emp-brou-turismo-social-p1%2F%3Futm_source%3Dclevertap%26utm_medium%3Demail%26utm_campaign%3Duy-utua-ct-email-emp%26utm_content%3Duy-utua-ct-email-emp-ag%26utm_term%3Duy-utua-ct-email-emp-ag-712&dt=Solicite%20su%20Pr%C3%A9stamo%20de%20Turismo%20Social%20del%20Banco%20Rep%C3%BAblica&en=page_view&_fv=2&_ss=2&_c=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Y1WZWFMSQF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:44 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://utua.com.br
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
242 B 139ms
22ms Ping
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-Y1WZWFMSQF&cid=31169173.1692420944&gtm=45je38g0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Y1WZWFMSQF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:44 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://utua.com.br
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 302ms
262ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-Y1WZWFMSQF&cid=31169173.1692420944&gtm=45je38g0&aip=1&z=198464135

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
251 B 63ms
25ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-Y1WZWFMSQF&gtm=45je38g0&_p=33311920&cid=31169173.1692420944&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1692420944&sct=1&seg=0&dl=https%3A%2F%2Futua.com.br%2Fuy-emp-brou-turismo-social-p1%2F%3Futm_source%3Dclevertap%26utm_medium%3Demail%26utm_campaign%3Duy-utua-ct-email-emp%26utm_content%3Duy-utua-ct-email-emp-ag%26utm_term%3Duy-utua-ct-email-emp-ag-712&dt=Solicite%20su%20Pr%C3%A9stamo%20de%20Turismo%20Social%20del%20Banco%20Rep%C3%BAblica&en=scroll&_c=1&epn.percent_scrolled=90&_et=5
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Y1WZWFMSQF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:44 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://utua.com.br
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Futua.com.br%2Fuy-emp-brou-turismo-social-p1%2F%3Futm_source%3Dclevertap%26utm_medium%3Demail%26utm_campaign%3Duy-utua-ct-email-emp%26utm_content%3Duy-ut...
https://oajs.openx.net/esp?url=https%3A%2F%2Futua.com.br%2Fuy-emp-brou-turismo-social-p1%2F%3Futm_source%3Dclevertap%26utm_medium%3Demail%26utm_campaign%3Duy-utua-ct-email-emp%26utm_content%3Duy-ut...

85 B
203 B

128ms
121ms

Fetch
application/json

34.120.107.143
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Futua.com.br%2Fuy-emp-brou-turismo-social-p1%2F%3Futm_source%3Dclevertap%26utm_medium%3Demail%26utm_campaign%3Duy-utua-ct-email-emp%26utm_content%3Duy-utua-ct-email-emp-ag%26utm_term%3Duy-utua-ct-email-emp-ag-712&rid=esp&cc=1
Requested by: Host: utua.com.br
URL: https://utua.com.br/uy-emp-brou-turismo-social-p1/?utm_source=clevertap&utm_medium=email&utm_campaign=uy-utua-ct-email-emp&utm_content=uy-utua-ct-email-emp-ag&utm_term=uy-utua-ct-email-emp-ag-712
Protocol: H2
Server: 34.120.107.143 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 143.107.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: f0b0f3f481c7e6a25238ea4afcf9800847f8f9b0809553deb5de15a492daa734

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:44 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-uhJVW2R6Hlcq262R1Qp54X+WRyI"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://utua.com.br
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Sat, 19 Aug 2023 04:55:44 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://utua.com.br
location: /esp?url=https%3A%2F%2Futua.com.br%2Fuy-emp-brou-turismo-social-p1%2F%3Futm_source%3Dclevertap%26utm_medium%3Demail%26utm_campaign%3Duy-utua-ct-email-emp%26utm_content%3Duy-utua-ct-email-emp-ag%26utm_term%3Duy-utua-ct-email-emp-ag-712&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 60 B
332 B 121ms
34ms XHR
application/json 34.255.227.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.255.227.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-255-227-198.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: cb17e328db995729cac7af4b9c6daaee6377e343ce2efbcfc4d538900f9b6959

Request headers

Referer: https://utua.com.br/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:44 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://utua.com.br
cache-control: no-cache
x-server: 10.45.14.189
access-control-allow-credentials: true
content-length: 60
expires: 0

GET
H/1.1 204 increment Show response
id5-sync.com/api/esp/ 0
320 B 325ms
283ms XHR
text/plain 141.95.98.64
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.64 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3216658.ip-141-95-98.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://utua.com.br/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://utua.com.br
date: Sat, 19 Aug 2023 04:55:44 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H2 200 / Show response
location.begrowth.com.br/ 173 B
585 B 80ms
16ms Fetch
application/json 2606:4700:20::681a:451
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://location.begrowth.com.br/
Requested by: Host: assets.begrowth.com.br
URL: https://assets.begrowth.com.br/growthcontrol/growthcontrol-lite-ltv.build.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:451 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1073a9d1ab7264ebd41b25c5279f8323b18a1a0a097e06f54f29ae1417097e9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:44 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dz9awvDeYRFac%2FLcPX8ZJV4YrkQySgKcBSaVqlVhOEohv6WhiGTyqY7qryAmxLHPz5NqbJDwcVAEQI3tv%2FqdzXG4hA6kW0LBBx4Keb60dnIlBTBYZqLP6dxoFVNRGZ937kaiio%2F8m0Nq%2F4pZPcM8cUH30yAJdg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET,POST
access-control-allow-origin: *
content-type: application/json
cf-ray: 7f8fce57ba159072-FRA

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 5F43 15 KB
6 KB 354ms
16ms Document
text/html 178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=utua.com.br

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

42b9a15f9b6a86e0bca2678c6a6679ed2e73777ca55d893012e685275249f702

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://utua.com.br/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 19 Aug 2023 04:55:44 GMT
server: Kestrel
server-processing-duration-in-ticks: 323156
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

OPTIONS
H2 200 /
growthcontrol-events-endpoint-go-wfqcv7fa5a-rj.a.run.app/ Frame 0
0 292ms
222ms Preflight
text/html 2001:4860:4802:32::35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://growthcontrol-events-endpoint-go-wfqcv7fa5a-rj.a.run.app/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://utua.com.br
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Sat, 19 Aug 2023 04:55:44 GMT
server: Google Frontend
x-cloud-trace-context: ca5164599c66b09c6786c2c3a17cc994

OPTIONS
H2 200 /
growthcontrol-events-endpoint-go-wfqcv7fa5a-rj.a.run.app/ Frame 0
0 290ms
221ms Preflight
text/html 2001:4860:4802:32::35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://growthcontrol-events-endpoint-go-wfqcv7fa5a-rj.a.run.app/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://utua.com.br
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Sat, 19 Aug 2023 04:55:44 GMT
server: Google Frontend
x-cloud-trace-context: f72a3659340520c3fe77ba929aaac5c6

POST
H2 200 / Show response
growthcontrol-events-endpoint-go-wfqcv7fa5a-rj.a.run.app/ 0
66 B 295ms
292ms XHR
text/html 2001:4860:4802:32::35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://growthcontrol-events-endpoint-go-wfqcv7fa5a-rj.a.run.app/
Requested by: Host: assets.begrowth.com.br
URL: https://assets.begrowth.com.br/growthcontrol/growthcontrol-lite-ltv.build.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://utua.com.br/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Sat, 19 Aug 2023 04:55:45 GMT
server: Google Frontend
content-type: text/html
access-control-allow-origin: *
x-cloud-trace-context: 84be3d6924fdcc7f2bbe2566aeeadce7
access-control-allow-headers: Content-Type
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST
H2 200 / Show response
growthcontrol-events-endpoint-go-wfqcv7fa5a-rj.a.run.app/ 0
75 B 300ms
295ms XHR
text/html 2001:4860:4802:32::35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://growthcontrol-events-endpoint-go-wfqcv7fa5a-rj.a.run.app/
Requested by: Host: assets.begrowth.com.br
URL: https://assets.begrowth.com.br/growthcontrol/growthcontrol-lite-ltv.build.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://utua.com.br/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Sat, 19 Aug 2023 04:55:45 GMT
server: Google Frontend
content-type: text/html
access-control-allow-origin: *
x-cloud-trace-context: 1c50642f225d9fb7049ef3ea7f344455
access-control-allow-headers: Content-Type
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 json Show response
gum.criteo.com/sid/ Frame 5F43 462 B
568 B 18ms
17ms Fetch
application/json 178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=publishertagids&domain=utua.com.br&sn=ChromeSyncframe&so=0&topUrl=utua.com.br&cw=1&lsw=1&topicsavail=0&fledgeavail=0

Requested by

Host: gum.criteo.com
URL: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=utua.com.br

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4d32de8dbcd686348107dab5165797e90fb0f390f7dd172c6277054978ee4288

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=utua.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:44 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1269224
expires: 0

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame 2506 0
176 B 42ms
16ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://utua.com.br/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Sat, 19 Aug 2023 04:55:45 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2 200 container.html Show response
9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 17F5 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308170101/pubads_impl.js?cb=31077195

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://utua.com.br/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 19 Aug 2023 04:55:44 GMT
expires: Sun, 18 Aug 2024 04:55:44 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame DEC8 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308170101/pubads_impl.js?cb=31077195

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://utua.com.br/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 19 Aug 2023 04:55:44 GMT
expires: Sun, 18 Aug 2024 04:55:44 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame F067 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308170101/pubads_impl.js?cb=31077195

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://utua.com.br/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 19 Aug 2023 04:55:44 GMT
expires: Sun, 18 Aug 2024 04:55:44 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E17D 6 KB
3 KB 8ms
8ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308170101/pubads_impl.js?cb=31077195

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://utua.com.br/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 19 Aug 2023 04:55:44 GMT
expires: Sun, 18 Aug 2024 04:55:44 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 15ms
15ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-Y1WZWFMSQF&gtm=45je38g0&_p=33311920&cid=31169173.1692420944&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEI&_s=3&sid=1692420944&sct=1&seg=0&dl=https%3A%2F%2Futua.com.br%2Fuy-emp-brou-turismo-social-p1%2F%3Futm_source%3Dclevertap%26utm_medium%3Demail%26utm_campaign%3Duy-utua-ct-email-emp%26utm_content%3Duy-utua-ct-email-emp-ag%26utm_term%3Duy-utua-ct-email-emp-ag-712&dt=Solicite%20su%20Pr%C3%A9stamo%20de%20Turismo%20Social%20del%20Banco%20Rep%C3%BAblica&en=ad_impression&_c=1&ep.query_id=CIbA06n354ADFcR84AodFQQPLg&_et=895
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Y1WZWFMSQF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://utua.com.br
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 14ms
14ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-Y1WZWFMSQF&gtm=45je38g0&_p=33311920&cid=31169173.1692420944&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEI&_s=4&sid=1692420944&sct=1&seg=0&dl=https%3A%2F%2Futua.com.br%2Fuy-emp-brou-turismo-social-p1%2F%3Futm_source%3Dclevertap%26utm_medium%3Demail%26utm_campaign%3Duy-utua-ct-email-emp%26utm_content%3Duy-utua-ct-email-emp-ag%26utm_term%3Duy-utua-ct-email-emp-ag-712&dt=Solicite%20su%20Pr%C3%A9stamo%20de%20Turismo%20Social%20del%20Banco%20Rep%C3%BAblica&en=ad_impression&_c=1&ep.query_id=CIfA06n354ADFcR84AodFQQPLg&_et=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Y1WZWFMSQF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://utua.com.br
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 15ms
14ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-Y1WZWFMSQF&gtm=45je38g0&_p=33311920&cid=31169173.1692420944&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEI&_s=5&sid=1692420944&sct=1&seg=0&dl=https%3A%2F%2Futua.com.br%2Fuy-emp-brou-turismo-social-p1%2F%3Futm_source%3Dclevertap%26utm_medium%3Demail%26utm_campaign%3Duy-utua-ct-email-emp%26utm_content%3Duy-utua-ct-email-emp-ag%26utm_term%3Duy-utua-ct-email-emp-ag-712&dt=Solicite%20su%20Pr%C3%A9stamo%20de%20Turismo%20Social%20del%20Banco%20Rep%C3%BAblica&en=ad_impression&_c=1&ep.query_id=CIjA06n354ADFcR84AodFQQPLg&_et=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Y1WZWFMSQF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://utua.com.br
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 15ms
15ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-Y1WZWFMSQF&gtm=45je38g0&_p=33311920&cid=31169173.1692420944&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEI&_s=6&sid=1692420944&sct=1&seg=0&dl=https%3A%2F%2Futua.com.br%2Fuy-emp-brou-turismo-social-p1%2F%3Futm_source%3Dclevertap%26utm_medium%3Demail%26utm_campaign%3Duy-utua-ct-email-emp%26utm_content%3Duy-utua-ct-email-emp-ag%26utm_term%3Duy-utua-ct-email-emp-ag-712&dt=Solicite%20su%20Pr%C3%A9stamo%20de%20Turismo%20Social%20del%20Banco%20Rep%C3%BAblica&en=ad_impression&_c=1&ep.query_id=CInA06n354ADFcR84AodFQQPLg
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Y1WZWFMSQF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://utua.com.br
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame AF7E 624 B
506 B 91ms
56ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHlswIQ8KXioQIYm77w0AEwAQ&v=APEucNWhSfVg0f7CIEsQPrMXoOMAFjg-wSxA2QfDV6VuXQBMFLXskIUAzU1WEPjpABdFzM4Sk6w9zFn7uRwQSG3pum3WwMaiTk--Zu5x28nMTZrhsM6FCF3ZUDQ9YN9NFgBh7wJys1tcbLHJMhzE3Wzt4En_c_ht_GeGUeDrYNd_5SUY8_iOkJY

Requested by

Host: 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
URL: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 19 Aug 2023 04:55:45 GMT
expires: Sat, 19 Aug 2023 04:55:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 17F5 86 KB
30 KB 107ms
72ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
URL: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:45 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30167
x-xss-protection: 0
server: cafe
etag: 12949109546734229676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sat, 19 Aug 2023 04:55:45 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 17F5 42 B
107 B 83ms
49ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CZownFpfV66UF6wuusupJ6XfqkitngtslZCgu6Cmipf66LWFYirA9rGhQ6ihUa4TX7Y2ZSmrib59SRyS8RfhJECOwZf2PJaYzhxE0h5PYkQpM2AHI

Requested by

Host: 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
URL: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 17F5 0
349 B 82ms
48ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=12783392816411541340&x=1&ct=76

Requested by

Host: 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
URL: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/ Frame 17F5 3 KB
1 KB 74ms
40ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/window_focus_fy2021.js

Requested by

Host: 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
URL: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 19:52:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32583
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Sep 2023 19:52:42 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/ Frame 17F5 20 KB
8 KB 48ms
14ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
URL: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 13:28:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55634
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Sep 2023 13:28:31 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 17F5 180 KB
57 KB 3064ms
3030ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
URL: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78ae55fc0ceb8ac07f56b87f7886371e91a57dafb6ee5154f317b7bb11da12a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57620
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1692185840427238"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Aug 2023 04:55:48 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0BD8 624 B
505 B 87ms
55ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHlswIQ8KXioQIYvLrw0AEwAQ&v=APEucNW4wVgLYLx6ElAhxfA_y449tt2AOd_iFkxNSWPfDglr-vHRODVgkOif6xBbuetkEtrr1oiOT8MO4YbuGgqDdQtgcMzfruant4VRPfhof6CKndDsxlY1dUjFfYaVtasaLzif0cUhaUIgOI3Qw3iUIVMmpM2Tdw0ii39W6JPVDYVOBLl7N_s

Requested by

Host: 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
URL: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 19 Aug 2023 04:55:45 GMT
expires: Sat, 19 Aug 2023 04:55:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame DEC8 86 KB
30 KB 176ms
144ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
URL: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:45 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30167
x-xss-protection: 0
server: cafe
etag: 12949109546734229676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sat, 19 Aug 2023 04:55:45 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame DEC8 42 B
107 B 81ms
50ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D2l1lkDgCJWf2csVMMz8AZmH5p-_nqNDTRBTMJDa1OGY1yNc3SS8x5gGJBuViWK4PitK06dgCBxKrdThJEDtHAPl8424HvrSrdLi6bqOONdBmv2Xw

Requested by

Host: 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
URL: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DEC8 0
56 B 82ms
51ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=14552874646495028560&x=1&ct=76

Requested by

Host: 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
URL: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/ Frame DEC8 3 KB
1 KB 72ms
41ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/window_focus_fy2021.js

Requested by

Host: 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
URL: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 19:52:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32583
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Sep 2023 19:52:42 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/ Frame DEC8 20 KB
8 KB 60ms
29ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
URL: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 13:28:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55634
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Sep 2023 13:28:31 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DEC8 180 KB
56 KB 3076ms
3045ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
URL: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78ae55fc0ceb8ac07f56b87f7886371e91a57dafb6ee5154f317b7bb11da12a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57620
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1692185840427238"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Aug 2023 04:55:48 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame A5D4 624 B
826 B 85ms
55ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHlswIQ8KXioQIYpLvw0AEwAQ&v=APEucNWR6GzgA2HWjXpkYSeZYDUvGYJBMtzcT3UmotPntuoraQ2a3pNB-Bn--Mn0OMNIGkfFBXXoC_sHX1M4jwArjygAYYowsM_duAWZe4LF3giZyLqHIqXmmaORGmppd78TI_yrVdyjVFV4JQSt5fO-MkNImYcZbBbLVi-rv8PerCirBcncKnM

Requested by

Host: 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
URL: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 19 Aug 2023 04:55:45 GMT
expires: Sat, 19 Aug 2023 04:55:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame F067 86 KB
30 KB 171ms
142ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
URL: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:45 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30167
x-xss-protection: 0
server: cafe
etag: 12949109546734229676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sat, 19 Aug 2023 04:55:45 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F067 42 B
110 B 78ms
49ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B0dGaih-6kSvNQR671V0jh-jY-PB0SxnbvqESk7WnTyOrb7IYYqLoE0HQKmTRNKvpdWMKdQhjIg-4pJgPoRfyQjWQKRJ3IhO5eNGCEHLwQ9X49chs

Requested by

Host: 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
URL: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F067 0
56 B 77ms
48ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=3591658478849382164&x=1&ct=76

Requested by

Host: 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
URL: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/ Frame F067 3 KB
1 KB 70ms
41ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/window_focus_fy2021.js

Requested by

Host: 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
URL: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 19:52:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32583
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Sep 2023 19:52:42 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/ Frame F067 20 KB
8 KB 60ms
31ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
URL: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 13:28:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55634
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Sep 2023 13:28:31 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F067 180 KB
56 KB 3086ms
3057ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
URL: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78ae55fc0ceb8ac07f56b87f7886371e91a57dafb6ee5154f317b7bb11da12a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57620
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1692185840427238"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Aug 2023 04:55:48 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame E17D 4 KB
767 B 19ms
18ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
URL: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 19 Aug 2023 04:55:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 19 Aug 2023 04:14:05 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 19 Aug 2023 04:55:45 GMT

GET
H2 200 Responsive_listing.html Show response
tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/ Frame 570F 4 KB
1 KB 44ms
43ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_listing.html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0f380fdee43a0103d5cd9bee42e3822ac60512f918a7ed2f805cdaefc5beadc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 75126
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 1016
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 18 Aug 2023 08:03:39 GMT
etag: 11900953634711111692
expires: Sat, 19 Aug 2023 08:03:39 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230816/r20110914/ Frame 72D5 23 KB
9 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230816/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

821da8af52f9abd6ed4c5148caee6e2cf2188c9ca01a0008a5a1ce789ce7d99b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 13:47:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54503
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9092
x-xss-protection: 0
server: cafe
etag: 9312205082594545078
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Sep 2023 13:47:22 GMT

GET
H2 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CE68 143 B
228 B 66ms
66ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2851
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 19 Aug 2023 04:08:14 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/ Frame 72D5 3 KB
1 KB 49ms
48ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 19:52:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32583
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Sep 2023 19:52:42 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/ Frame 72D5 20 KB
8 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230816/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 13:28:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 55634
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Sep 2023 13:28:31 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 72D5 180 KB
56 KB 3049ms
3049ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78ae55fc0ceb8ac07f56b87f7886371e91a57dafb6ee5154f317b7bb11da12a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57620
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1692185840427238"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Aug 2023 04:55:48 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230816/r20110914/elements/html/ Frame E17D 20 KB
8 KB 45ms
45ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230816/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
URL: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4539a37b37acaf787b3ccd0bb1e9a3372c9150aff547eeddd0296ad2a6d664f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 14:51:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50660
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8570
x-xss-protection: 0
server: cafe
etag: 11167480076894372452
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Sep 2023 14:51:25 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame E17D 205 B
651 B 54ms
10ms Image
image/png 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
URL: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 16:54:37 GMT
x-content-type-options: nosniff
age: 302468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 14 Aug 2024 16:54:37 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame E17D 604 B
696 B 54ms
11ms Image
image/png 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
URL: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 10:19:58 GMT
x-content-type-options: nosniff
age: 326147
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 14 Aug 2024 10:19:58 GMT

GET
H2 200 Configurable_01_122.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 570F 74 KB
25 KB 17ms
14ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Configurable_01_122.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_listing.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ef7e00750f06efee8a0074f2984b78a62c1a0f8cb971f01197532d57a78a836

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 08:03:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 75125
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25356
x-xss-protection: 0
server: cafe
etag: 15511454539072389427
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 19 Aug 2023 08:03:40 GMT

GET
H2 200 Responsive_listing.js Show response
tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/ Frame 570F 199 KB
65 KB 15ms
12ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_listing.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_listing.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a96924ddd5fb2ea84242905ab60d5ba262bb28e91fd6f097a077db0a63728dec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 08:03:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 75125
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66166
x-xss-protection: 0
server: cafe
etag: 5199203132765013944
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 19 Aug 2023 08:03:40 GMT

GET
H2 200 Responsive_listing.css
tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/ Frame 570F 11 KB
2 KB 14ms
11ms Stylesheet
text/css 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_listing.css

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_listing.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c2b09643e58ded9316fb73dfab3ffca42772599008066cf599bfc7fb40766c1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 08:03:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 75125
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1758
x-xss-protection: 0
server: cafe
etag: 15825927903621683888
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 19 Aug 2023 08:03:40 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame A5D4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJo1ZzLaAICj0krkJEYI2Q&google_cver=1

43 B
632 B

10ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJo1ZzLaAICj0krkJEYI2Q&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHlswIQ8KXioQIYpLvw0AEwAQ&v=APEucNWR6GzgA2HWjXpkYSeZYDUvGYJBMtzcT3UmotPntuoraQ2a3pNB-Bn--Mn0OMNIGkfFBXXoC_sHX1M4jwArjygAYYowsM_duAWZe4LF3giZyLqHIqXmmaORGmppd78TI_yrVdyjVFV4JQSt5fO-MkNImYcZbBbLVi-rv8PerCirBcncKnM
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 19 Aug 2023 04:55:45 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJo1ZzLaAICj0krkJEYI2Q&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame A5D4
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZOBLUQthoaBt89P2-EeZWAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJo1ZzLaAICj0krkJEYI2Q&google_cver=1

43 B
632 B

10ms
9ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJo1ZzLaAICj0krkJEYI2Q&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHlswIQ8KXioQIYpLvw0AEwAQ&v=APEucNWR6GzgA2HWjXpkYSeZYDUvGYJBMtzcT3UmotPntuoraQ2a3pNB-Bn--Mn0OMNIGkfFBXXoC_sHX1M4jwArjygAYYowsM_duAWZe4LF3giZyLqHIqXmmaORGmppd78TI_yrVdyjVFV4JQSt5fO-MkNImYcZbBbLVi-rv8PerCirBcncKnM
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 19 Aug 2023 04:55:45 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJo1ZzLaAICj0krkJEYI2Q&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame A5D4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEMm_oPs0xlu5UwqYoeaVAks&google_cver=1

43 B
842 B

19ms
19ms

Image
image/gif

185.89.210.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEMm_oPs0xlu5UwqYoeaVAks&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHlswIQ8KXioQIYpLvw0AEwAQ&v=APEucNWR6GzgA2HWjXpkYSeZYDUvGYJBMtzcT3UmotPntuoraQ2a3pNB-Bn--Mn0OMNIGkfFBXXoC_sHX1M4jwArjygAYYowsM_duAWZe4LF3giZyLqHIqXmmaORGmppd78TI_yrVdyjVFV4JQSt5fO-MkNImYcZbBbLVi-rv8PerCirBcncKnM

Protocol

Server

185.89.210.244 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
an-x-request-uuid: f044b746-d5eb-44d7-8b8b-b7ae5c5b0506
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 80.255.10.205; 80.255.10.205; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEMm_oPs0xlu5UwqYoeaVAks&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A5D4
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTEyODUxMzczNTEzMjgxMDc1OA%3D%3D

170 B
188 B

19ms
18ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTEyODUxMzczNTEzMjgxMDc1OA%3D%3D

Requested by

Protocol

Server

142.250.186.66 Grosse Pointe, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
an-x-request-uuid: 5635bf4d-c2f4-4d9c-8f46-16d1c2ecdc2d
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTEyODUxMzczNTEzMjgxMDc1OA%3D%3D
x-proxy-origin: 80.255.10.205; 80.255.10.205; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0BD8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJo1ZzLaAICj0krkJEYI2Q&google_cver=1

43 B
632 B

10ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJo1ZzLaAICj0krkJEYI2Q&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHlswIQ8KXioQIYvLrw0AEwAQ&v=APEucNW4wVgLYLx6ElAhxfA_y449tt2AOd_iFkxNSWPfDglr-vHRODVgkOif6xBbuetkEtrr1oiOT8MO4YbuGgqDdQtgcMzfruant4VRPfhof6CKndDsxlY1dUjFfYaVtasaLzif0cUhaUIgOI3Qw3iUIVMmpM2Tdw0ii39W6JPVDYVOBLl7N_s
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 19 Aug 2023 04:55:45 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJo1ZzLaAICj0krkJEYI2Q&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0BD8
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZOBLUQthoaBt89P2-EeZWAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJo1ZzLaAICj0krkJEYI2Q&google_cver=1

43 B
766 B

10ms
9ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJo1ZzLaAICj0krkJEYI2Q&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHlswIQ8KXioQIYvLrw0AEwAQ&v=APEucNW4wVgLYLx6ElAhxfA_y449tt2AOd_iFkxNSWPfDglr-vHRODVgkOif6xBbuetkEtrr1oiOT8MO4YbuGgqDdQtgcMzfruant4VRPfhof6CKndDsxlY1dUjFfYaVtasaLzif0cUhaUIgOI3Qw3iUIVMmpM2Tdw0ii39W6JPVDYVOBLl7N_s
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 19 Aug 2023 04:55:45 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJo1ZzLaAICj0krkJEYI2Q&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 0BD8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEMm_oPs0xlu5UwqYoeaVAks&google_cver=1

43 B
841 B

19ms
19ms

Image
image/gif

185.89.210.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEMm_oPs0xlu5UwqYoeaVAks&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHlswIQ8KXioQIYvLrw0AEwAQ&v=APEucNW4wVgLYLx6ElAhxfA_y449tt2AOd_iFkxNSWPfDglr-vHRODVgkOif6xBbuetkEtrr1oiOT8MO4YbuGgqDdQtgcMzfruant4VRPfhof6CKndDsxlY1dUjFfYaVtasaLzif0cUhaUIgOI3Qw3iUIVMmpM2Tdw0ii39W6JPVDYVOBLl7N_s

Protocol

Server

185.89.210.244 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
an-x-request-uuid: b5c62174-6c75-419f-b500-380e747e6e03
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 80.255.10.205; 80.255.10.205; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEMm_oPs0xlu5UwqYoeaVAks&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0BD8
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTEyODUxMzczNTEzMjgxMDc1OA%3D%3D

170 B
188 B

20ms
19ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTEyODUxMzczNTEzMjgxMDc1OA%3D%3D

Requested by

Protocol

Server

142.250.186.66 Grosse Pointe, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
an-x-request-uuid: b1e8804f-30bf-4f35-8dfb-743dcaefb7f1
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTEyODUxMzczNTEzMjgxMDc1OA%3D%3D
x-proxy-origin: 80.255.10.205; 80.255.10.205; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame AF7E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJo1ZzLaAICj0krkJEYI2Q&google_cver=1

43 B
766 B

10ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJo1ZzLaAICj0krkJEYI2Q&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHlswIQ8KXioQIYm77w0AEwAQ&v=APEucNWhSfVg0f7CIEsQPrMXoOMAFjg-wSxA2QfDV6VuXQBMFLXskIUAzU1WEPjpABdFzM4Sk6w9zFn7uRwQSG3pum3WwMaiTk--Zu5x28nMTZrhsM6FCF3ZUDQ9YN9NFgBh7wJys1tcbLHJMhzE3Wzt4En_c_ht_GeGUeDrYNd_5SUY8_iOkJY
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 19 Aug 2023 04:55:45 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJo1ZzLaAICj0krkJEYI2Q&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame AF7E
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZOBLUQthoaBt89P2-EeZWAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJo1ZzLaAICj0krkJEYI2Q&google_cver=1

43 B
632 B

9ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJo1ZzLaAICj0krkJEYI2Q&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHlswIQ8KXioQIYm77w0AEwAQ&v=APEucNWhSfVg0f7CIEsQPrMXoOMAFjg-wSxA2QfDV6VuXQBMFLXskIUAzU1WEPjpABdFzM4Sk6w9zFn7uRwQSG3pum3WwMaiTk--Zu5x28nMTZrhsM6FCF3ZUDQ9YN9NFgBh7wJys1tcbLHJMhzE3Wzt4En_c_ht_GeGUeDrYNd_5SUY8_iOkJY
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 19 Aug 2023 04:55:45 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMJo1ZzLaAICj0krkJEYI2Q&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame AF7E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEMm_oPs0xlu5UwqYoeaVAks&google_cver=1

43 B
840 B

23ms
23ms

Image
image/gif

185.89.210.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEMm_oPs0xlu5UwqYoeaVAks&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJHlswIQ8KXioQIYm77w0AEwAQ&v=APEucNWhSfVg0f7CIEsQPrMXoOMAFjg-wSxA2QfDV6VuXQBMFLXskIUAzU1WEPjpABdFzM4Sk6w9zFn7uRwQSG3pum3WwMaiTk--Zu5x28nMTZrhsM6FCF3ZUDQ9YN9NFgBh7wJys1tcbLHJMhzE3Wzt4En_c_ht_GeGUeDrYNd_5SUY8_iOkJY

Protocol

Server

185.89.210.244 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
an-x-request-uuid: 92ccbdf3-0f68-47ca-be67-c42096c22eae
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 80.255.10.205; 80.255.10.205; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEMm_oPs0xlu5UwqYoeaVAks&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AF7E
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTEyODUxMzczNTEzMjgxMDc1OA%3D%3D

170 B
188 B

20ms
19ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTEyODUxMzczNTEzMjgxMDc1OA%3D%3D

Requested by

Protocol

Server

142.250.186.66 Grosse Pointe, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
an-x-request-uuid: 5d38dfbf-10ec-421d-b166-a1d63a6a9155
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTEyODUxMzczNTEzMjgxMDc1OA%3D%3D
x-proxy-origin: 80.255.10.205; 80.255.10.205; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CE68
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
138 B

18ms
18ms

Document
text/html

2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
URL: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 19 Aug 2023 04:55:45 GMT
expires: Sat, 19 Aug 2023 04:55:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 19 Aug 2023 04:55:45 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 570F 34 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/Configurable_01_122.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 20:54:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28864
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 19 Aug 2023 20:54:41 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 17F5 0
56 B 42ms
42ms Ping
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9720541875318&version=m202307240101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 17F5 0
56 B 41ms
41ms Ping
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9720541875318&version=m202307240101&ct=76&x=1&cor=12783392816411542000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 17F5 90 KB
37 KB 46ms
45ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BqT0hz9uVE-0ffeifbCXxiqmOosJYM-parGcQ9sGQOxMLspeCUdGG0zDIZOUjcxAez_KOfOfDQBbL1MEsIKveB8sE6_Q&cry=1&dbm_d=AKAmf-DSoqx6u2pSuQNTXvAL2LfPHVzgXJNsMC6T4TQNz2CJqeaFl-7lUcgsgsqZkamTHvFytgfUfDKXoQXGAag8vo62zUmDCf70zzAs6qm37NwdzrXlCvkes33qKTNUGWgZXEZXrDJ8CjeL1DEv_fKGtfx7qkKQBJq6mhKgisqEgS8dn0O3bYBt0ovSn5oqwGiQdzM-u4yffM-5xHQy1G5rAH0ZeGywqkBLL2JyJU4pjdUBiWnfUEDBu3T8FQlVkOYxFrcpe30cN6SguO3ruJsrpltOMnHqEYonZD6YeEYvuXOahk3Lf-SJBt7-9uIK9LJ7V4ZvmMnCd557ikwWCRL4pmBJOYhN1GmYe85SwWqnKMVsU0wSdjt1UfnrIs4Wcwj-NDpReTCSDDdT3iNL9Bwq6qzbiz-qY5f3hL_ER6Pl_p4QQpW25w57i2TIURbCCd7t8NHrtjAtspzM6iOJqcF56CRfzTx6Cyia8qbctpI-GJDb2aARGwFUUZ1FQvZZVwVnoZXdwpEZ5X_CT0tRffy9K1NtuCRmDjDERwkdVMNUfXBmHZlS5TtjO9qmto5INn5eBIO9AT7aWWVDkOfkYTsI-FI2aSlMb-q37lsgVw8hskU4a01mXCN_DAjRHjrZYCboHWTF8tKnjS20IRnUm8lY-WFWSCz8BSVx20XwtnOTGzsPeZOeOmxO6czdcd-GcqQfUx8by7o9QYLS7ScYlE_dLVWtdqnO2WG1niXHZaJ6tjUkiAhhVstNUdGRnrvFPhV6_ijFAoZPo75giYmlFszASErN1VYVlRZ-CvCUQO7oh7zkZcy7BzyJ47XWsnbzxkh3GKT0B1PG1EYyHQWCqoUHewcqapUAns9UWZFI4-8Whf3xM38YICGiK-D7QcJVXK78wb99B80jTJ29JULquaaBMFrayrLhY0k8dA6MhRSkhEbOooYIwDHJRXTdYhrHkNqFNE_mPilTh1JLWW_na43AsfNgqiT2Y1ARkfyK12TjWLik8XLZEpMVFugmApybO_adqtsSGGpVxwjLly3S3N4FXn38Eb7FGIIOInnV7tX9JpDwOuD70giQW2BHNukxqLEQLzBNr-zMGvHlhBuEzaC1T09do29aH3Mi4JCt0snvSziKGthvmtV9WaZAiLiHl8g3vSr2ZWUav1dwqH9cJXWLLzzxIXu2J_Fv4i3RmdqKykfCzr0SUPMhVWn-trHejpVXZpVpH7_NYzYdbGm4KTSikk02Hj4jnhTVntC5e1rWMyiLiTZDwFFmrY5BLfxngkxjANc_MBhEFbtEw0-CkC1YbtKU3fAAjJIqRRSIISRgnaBYAiWKAZoOUND1XAmKFD-AK6D85n8OedCon-SHV0dIwgQW_Wbr5WjbtynEraB6zLCfq4ZvEwsxAbPdpTtRSNv1H6xzqB681sF05ZmKMKA7eM4Y0HZBV89Wz2YZYDjO13b_cLz6tBgXNaE0DzauKddIIpw9C4B_erOqSpRuVD7tEcSvFf9_ctS06YJoXNgzwcfQRvdxtbtja5_lAF6TqXc6Y9EI0K5q5ldHCEYnXCo6pxxEaQ7Wiug0FRP2bDJ2ogpxBP05BrkeL2ARQRvKojQzIhi4XWVg5JW7TpJJFT1MiIMqhumcVIDN2pekAyU8hawe6hopo0AOiiNjhePG7eNCnT2dq9wrkP-WT6JnhPgWR0M78T5ZOBdF7wwJtTKNoTzzyOOy-2xkzxAp5Mio_YeR0V3_XlXuNacXge7Rw0Zs28MTDV0uC_POdy5Ukt35RB1GBlWA1w3H_FU1eABmPwHKHhqIvN0DrAG8mjOusiWNkP0p795IaorztNvJ7Pk7CCNCngYTfIGCV1_XnRd-gyArZGFRICBvhIrGh5g9wI9El-swhu7JauBPY3o3-qTYcHReYn-jXODzVfnSQnc1dThN-iWWhKz8l0VLYetWY-OmS6fWQleTz0h5kcaXScbtWymE6sF-iKUYWgXgMxBQ4QybSEkZCkLS73MdMXsUS_XJHD3e6tULsTzPEJUorZoHwkWWQKdQQDLddcSYhBBy0u-K30L0fizQZGIwAa06IM4KLmyUr_F2lygmjhxtyVq62ofEjrg6xdPq4SYbeH3JJfWawgjBQK1UvN_qR4gVzWzOjKGCPzF3e_v5ZvWrBiaALUSO_WSVe3xAcB-ka12MqDHPLGV2XQKXNTMQX9dZBSprZJrvp6JTHbfrSf16oAKOpeaAvNU2NiHrqe1ezbbM9aXkHNloAoOKNGE0DdrzXAl7tjWuFNwHILLbJOJwbtsJZxqsR6QOMXiZQ1fXSQrhmuw_Qxmt_Nd4zlS-tqixEbMuE7K2KRt5JJ1yPW7rvewnMAh6fy3EjEpaSVJ4OcHxCHfzy01IzQ6Dn8ma0zM_7ZypIuOOO-2W_G7i1s6THWpqLy-4pYnkkqs7PjhSCYKgkH3KwyZixxMhv-tdVjaheL1mbqE4ekHIv-anB2Ct38LgnYm1AMjiy0nWb1vOldufoQ8wPLD-Hj5RfcoRPyHXUgIr5tlLb99EcAg1sAjKYTvVYI9pk7MSxNYFOsCqPtAyUvNYr_7X6_klYMC3IwzHXXNFCeea_bkSYdmxc9Rp7zgOxyxfhz1D6P22bMyg3CKc_EXhF-CysxP-isattn6vEuXkOUuT0mOJHB2i3Yz_2bDjm3rJk5y99zI1kVm-qMHjnhCbiONUPT0iQDm9bXNudzt3U5-9SMRUQ5yWIElk0trO4QAySe_yw9k07Uwk5FA5i-wo4oK4lCf-3BbLTL0XJjsNdPBJjC4JBy8LEYfQyEuw62AEK2uw78Xnrd3TdekdhZINFOZv1tpL8zQi-4mxc5KultkKLUi7H9DvkcTcPV6Nutq4iujfd837OUp-lbXS2szpGoqhVIP1TSSkNs96WKlR5uDDEe4AzG_27hO1AZYGe7DOyv9hWVMt_ZuiPG91dvDfzGSWTGdZo9_DS9Td3ac73fJCPItR1QpX2Cm-TVsbN2IDXfqYsjM9sL-9yWjLr4FRRaEphcP6uwu8YsItxbvGX0TvnaPFWaDB7fbQ7s_cO4cLStWGyZaDPqhGLpw8n8GQyXiOm_vrQctcz7Z91RYqkJPi8oCc1D-AxxHlox38g0l5cVoF_UlWY1FNlEzZjlXBWU-bMIPsqMHvktU1POOWDVxLNtTi1yuHbIesmi9Zl0WyqPYfv50-X1VjefJZ4fL5DfHm7zN9LgV7se7bRCNIaVJNIxU6AGl8h3di7fxQaUT-1CSoqdWdv3ogUOSpptvgu0iv5EQly_yL4rVnyp4fo5K_MUmagbXTOplcj96FNYVen8JUKZ7GYR7Akv6L3oAiahXE3MzgKhfXSgDV-ptQJP00Y7DUEwu_ctdCtVllIaPK_9qcWoW3Kil4llJsO6ZsVuKKsqdZ9-JvVIV8QRkEsBhzO_rkOric7KJ2F5mxtZ7N_fhjibr0BweQFqlKyBihZd7Sd38772GSuwp8I_yFII39jcxk9JoC4Y9wqaNwPGw6P_Rw6O-_hFCxCIrSwyxetfgHR0YXyO33cces3JHb6dD85Ol0ggzzCA8FwXRDbFXF73eK7dkhxBE4OleBRJEasg1EWThL6F4prEX9GHledsKhkI4n7VuwNN6l4Od_Gy-s3kbANJmUg6aLJU1BAkVREmNCjIT9RTjBftyoG-uGvyi5zlEOt0--O8-mpIfQeD_QZFjMmQZ7DsNUfbwkPO0jR_UbmGuBclyitIe1l1bNFjBdyhN_CEE26FcWSafLUQlqf-6hrL8GICVnH6Ar28CdFMtrI-LeiwE5nKINrnPs2-w9NcB0Cw&cid=CAQSTABpAlJWRiW9dbtfCF6wm-rL1kvAa4E7PZruphcd6LFo5dS2MWg3vwO3GhHYmelcTU1nYoilkTYkG0Z_B3hh2Zi775Fiz8FNls3Kb7gYAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Futua.com.br%2F&ds=l&xdt=1&iif=1&cor=12783392816411542000&adk=250412560&idt=108&cac=0&dtd=19

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6b351167d8d4892c010b6ade158b776fce7f35361bc8e8a3ed74ec32ed6f6455

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37738
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 570F 6 KB
706 B 19ms
19ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,700,300&subset=latin

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/in_page_full_auto_V1/Responsive_listing.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9a4eb2c9445287c34cb0a9ed5cc673460362483f0855bc91f8230dfa46a955e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 19 Aug 2023 04:55:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 19 Aug 2023 04:32:37 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 19 Aug 2023 04:55:45 GMT

GET
H3 200 VOYjWJ9SYKUWeq_SiXQPiq5A6-bg1q_inShFnttaRxg.js Show response
pagead2.googlesyndication.com/bg/ Frame 570F 37 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/VOYjWJ9SYKUWeq_SiXQPiq5A6-bg1q_inShFnttaRxg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54e623589f5260a5167aafd289740f8aae40ebe6e0d6afe29d28459edb5a4718

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Thu, 17 Aug 2023 13:43:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 141150
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14636
x-xss-protection: 0
last-modified: Mon, 14 Aug 2023 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 16 Aug 2024 13:43:15 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DEC8 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5512449448692&version=m202307240101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DEC8 0
20 B 41ms
40ms Ping
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5512449448692&version=m202307240101&ct=76&x=1&cor=14552874646495030000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame DEC8 90 KB
37 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DEgswUzGCdlmSTXOGj6_xYAjdU4WdVpIHXBTnAyJm5_5EgA-cGBnwEQ3X0tj6qs57zfg3tUC3m0TN7ItN8lFYqNo6yKw&cry=1&dbm_d=AKAmf-AIPhbEcA8As9OYk0Fdd4GO7uqrtDj3iqRUkZ1iZLC2cUJZ5CSTT7zoIjZg5iDPz7ug3vqqNhxIyiTgw_t3H4XPDCmwcMv4XwdAdvXfMpaG7atPU_57jbdEWkPT5z3HUnux-ItH6_2kitwmRKvRMsSG2WY0J2GKSoV4dGMLr1a-32ECXWSmMW7CoPiPXNM-oficT4ah_KauHOgkTavESZzD1eba5lyAjjuL2uewvZz_0YFLPiw_c7uGs7qnPZDME1_tDVwTF8TSaPRzmKi2YlkPxXIo0xIYOjkpymfLOT44ETGQwNKk1xAaQ25e7RdGGT_w73G8iyO0SssYMg9plTgkrS6TXErtKTHFMQkdCZNW7Z3QZHiSdM_8A4kG2_QciL8XnlxpjC2o4QIgeSDMTAt_j4YUnu6sQoZmFkeububdz36ZIPQlFF1juJBPGbk5KxE8A_pnpGJjK4eUpFJCO_wtSKqsB0fwDpPe_yF4dyKGGNSFkR6YGfy3GRlzhNFDoJKrWDfTdCYZPeOspAkAEAXO3hlUns05jW5QKNb0dLV7eYzci2jxJGTUcwFYKJsYsntWTZiM0DzsiumgNFchEaYszu6uovkXeCf_yDrE5tR7iinDmo3tFavhkjvfWkUeVRGfFVw_oHr7OnxjalXR2ahhMADAbshlHjTUNljmDfLrZ9aUKRunceqgzGUR0hmxhoQG9N2TDorO6TO4sjMjMsiJatoC_rVZD-v2eH50ueKfiZLpBS5ggQ3L7QFcGY2wyrMd5HrRNly_I8asMC9A13USICCO1Azxm8kPyJOe_yPG7wqGZzPNBVtohy0LPRynNPTwRrHYf4XkqjI9hGEeZINlPXG4szG3Q5_VLj6b4sK4rKAYgr3Z7UPxJ5gXB4WSpplexPk8xl8ifCJViwDflIgmKrcgrKYN7zSr5hYe8MJTRQQkHzOTHKBLTtb7EXFnKsqg6B05DshVFVitplWQJ58ekkEoIS5X2yCxIuMzgCvSApVp8UNt3R7-pqwVccz6nv6MzPyIvIAbfbsZ2mCYxrWbYpbYKL-4Ar88ruB1PkF9KDTMomWAZe2qcC0_E-RpOM1sjKVIQd1GiUNdgTMZduuZ65XCS9c2EmVdqNTP181olt27S6bcmpAs296ptV73S58b3JovAOxhwtqEyU0LZzQ2wSdlkbW9e-yX8F8kkuunvJYfev7YSboT2KXJT_AqF-QKQyVh-t0n_fto3V4Rmwv8LnCErj7cq_Mstxsl5uYPDbwmhSn1AtnI9rnz6l_IKHnDCn-AKBveZiAiQTz4Xkh32Modl4O_cRt7PhlCtroP6vmgWGTBYjkjjTKn9sC0bBpeCWK5Ak5gJIp0R9Vo_WJREsx_pKYib0rFKAtgzvHzWPt1l5Dre1n2x-HtnsEwT1KBd4H_EIPXIKuwla2wvPowfcC-9Bybcy1jK3A8MLdF6NL0WJ_HWU0tFvbYUPDmUVNa3F9igON8OIknaTg_4_UjFIj_zRjtGD3wXpW1iJMEemqSxyabw9RLb7v3i-m4XHgETCNoXBw_CFXs5WM2Y3V3wksw14sOTt1C3C68PWNSpjrplUpCEI6Jvn7eVnMbu1wiACy7TnudYDAkXs-ORa7kG8kIcGKrCIf5bXqcAstAi2QzTS-Bk7g9BdJxHZPM8NvfwQfoNmAakoVK5A4CFRjpxUWZ7LlR2FHipR8owso3kEVzpYtiX9pbDJuPfJytaSjeF2lSZc9rWGWLUuJoWBAYmpdO3Gsmu6Xfg-ngS4zmvaide81EPQf7vf5UXF1SSLpwIaFXjw8Inbg6u09FhQC2hcqU-HDBUyjRhrof9-O_yqaBKFaOdLoMS0K0qQm9DhwyReC2VLqt_fx9Qe9xeAH5GcTmbbx3kP2i2jeyJ8l6_Vh-QOantSQRjHSqiDCxSmByBQVXUmBbClt-6SiKQU3LWzRkbs8aI_2TnkEh-w9XKQQgSA6FsyCL1WtSjEibH0twPUad8F6BkG04_bONnoRid8iioY2W3Qn6Vqtm_PbpngG3MC7FZJP9S2k0Wk-rXavqLqge2YpNURSi5JU_AhXYjB6D_UKsY3kmFcZSGp1yTJEU4Rd-5scJg18CIxXcOlHFvu38kKv5RSgYr4ESG4fHxm0aynoeHAxmC3PFCq8hviHUh1rs-3rd0NczMan6L4g0ubFf3EZ2h5tm-suLc9Ko04pDPyTZo4M83uElIJhShasSUEwst_TG8OnhYb-tvUAKs6m_CamD76eSxSbRHtykaY6cVf41rrFnrWO0E7vv3FQqmMkPHGJiFySazWSt4Qu_LJXeuguxMsGf9Dw68M-VASjEb9zS1eUnJf9ou4gsJUXGtxVIUTIxQOXh-TsL54jhEND9mndo0IK_xQYDhtSZaI0xo0HRrdRu02i0kUXSBwB3Ai7j3iS8k3ZLwWIqVk4K7kBRypWIzV9KlZJgqg28-L_Pwls8MG6LUeNMv6NJFYUI8LQvpRfyNUF0TpmCeDRqxM8xFbu9r9FyhQwL95nRNf8IVsS9vS_NOn48eucuoGciV-b4IhZLK9uFo14v4suf22PW4yH_7ZMSa2Bb3UFEdPMZTWJ20AHmh9xDBOmLaSxmGdLiYhekN5KH58GU0P1QZmJpZpe4SW9wMFRAke6ageitTZcWQJtAJ6s0246rtQalFAU1X356nodN2WmpDchPFgH0aaoI-zxheZz8nA4cMjFZeCwig2oXGqlJxp6CO2xYPUTagNj_y1jS7qs9B3Y00ULLSJFxw3NoEAHeyWmXMjbULvjXt8efSB29UvnX_uXoygwObDIqfwyV8W3JGQyBAPg17oybGNndj2LL8xSrXDI6iITaeADDG6Efi9TOKib7dQbG3sDTlXxHHQCTvaXnnZejY6G7ZuYQsm0uQQ5MWjRk6Js4I1tS3TrrUjqyhd_b5PZMXmm4W6XTAd6ZtQC95IWWjdh5-xJV2R-nzWTU9X2q0Fni6U6Yno7n-k_RPDxK1EF1rwP93WaLpz2Y7i2ZnbaXD7poWSIyymORDMLkroJPAuzmdvWIHTd0IM_B5C7pz4pnCPcmofHKpMMEWtQppwewpASEy2uconElNfgm0zVMm1qVEHEklxSo4hSxBGhkg9uFRHlQwNpAaRnLfrmkGHY9aMVm56gphgN_O2mprbXFI0XYbf_bqhEDhX8THu2cblL1Z1mzygNTV3IA8xvMYW197oiw6lCV1rxqDCRLHov9AyqrME2DBRMC_tUne1ufNB2szK6rC3nJCnyEgbf7gnLHGSYlu9rqM2pNXLHLsLIVrASLKDTmyQMfcNleSwd3T9Vx3mXTl219L7CxRcyW8QQa1OYTE3nnxeTrJI6_nhO4mUfMEBzCvPr_FIDeX0QzXxyX9IOCN3gTL5PENOIimt3CtJWplUNTvFckWsF5BKMTTbRq6h24ciIO4uK0kePcQ-E9OBcY0l7FBCcI_1X03q-OJ2f-XZI8HOREhqqKhMdmhj10gFW94DyPoVKs7HrWE_Qk8ps-SBoNQgNPiSCIspOH_Ws_4NvDlHdozl7R3JCp9B771RDByRtQX4XmM5La4bTvyMivSDrKeBfIWfswsXLRc0gQ-3GLKhaSDFbK66AcxWgV12dXGE14q4e0-4iZg57ys_bUz4C5JGBWcICc_Uk2Qzq1GU93o7h5J4ykiC6nrVRXEinh3acsGe9ZVbYSe3vMq0ow0vlm9rufkFwjp3oOW33uFJAbiT00bJ5ND_Ee_gCDcUTicQHT8D2ineOWjLWWtnMOPdxAPurqJLEGX8cqvgKpogaKKFKQR2W_PWoKjj6ZziOGrCPhKJZ6lNwIhyI&cid=CAQSTABpAlJWRiW9dbtfCF6wm-rL1kvAa4E7PZruphcd6LFo5dS2MWg3vwO3GhHYmelcTU1nYoilkTYkG0Z_B3hh2Zi775Fiz8FNls3Kb7gYAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Futua.com.br%2F&ds=l&xdt=1&iif=1&cor=14552874646495030000&adk=1964084972&idt=182&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f8b9e51102c356563c3916c00ddba149e680776c41b700d9e931389423010b1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37793
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F067 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7418944171478&version=m202307240101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F067 0
20 B 41ms
41ms Ping
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7418944171478&version=m202307240101&ct=76&x=1&cor=3591658478849382400

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame F067 90 KB
37 KB 46ms
45ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DsaisWt4_EPD0g6e1R6JEH1VD7EhLM2sIw5SrsGMm9whzJNvn6dcHokSoZ1S2Lr1Eqreb9WDIqGkGpSbr444UeccBReg&cry=1&dbm_d=AKAmf-BX_9WkvTk1-wwZ10tw6-G-MRh6BrQAulOQddLV0dVW4FPxcHXn4NTvlUU8caOLJi4TfsorAYI_W9WX6QERGlGUOnFCh9j3C7AVjT7hF7VLTdyYT1F81SlOH4XoX3rPUCBW-YnPyJWQAPKoRT_AzG6dbEKdTh5U79izpx9As3LCEEhaSXNTFpMx0INO7Ky5OAqb-_d3QqnAe2xAFCqpoe7njM1SZRdRywk_utfNjKwNKXBUCAh5-8M-eTm-7BodB3jpHNkoRXN95sn1oGcDdG_xYuhnKQJxg12LLlkpy4T6zbyehism1zNifAOPcj-UMb78qiUxTpMdUUqRAv5AlxsGY_FdPzmqI6SKDZl0Tfg4tJpahCm92CsrekTPbBE2LQIfNSAgBhNUMt_aq93EdtJIpxtfTZC3kqDgSSaEtXq1jorSSiMTtuAXHoInbJCJnBAx6A5PwEUlBjSwC67qG0nXQ3JNOMcIWxhly7jd6kU8RTqKGkMjbR5CH2b1G0knf7cd4k0r_RbANgqeREct791GggADHSA80sK2k3JyxHwFRyng87VnMeM60i2aJd2KJNLCTsPWgCR_G8X6U98X31i4ml3C29rQcPfjbUkRb09AQFh69sLsPRUQn4wrQQRoREalEFOnB-AByOYIu9jT5Zja8LuErZFqEFjeUPI-mhOtDsatfiE4VHPC5te7zHv2Os0UooJc-3yUTGU1r4TWvab8ihYu4QiNqiFMPolJyzeNIwXV0mvZavMUdQzMDncFTyOKlYmWk0gPy7K8Oc9pGOBxnSBDalfu_hLHF8IyFRdmRbJYv_aXmpeo25qGk-DvnZS5bm3DZ4Iu0uwutZNo4xgqOBVOaOF_jd7KziWc-iuhyGhu258O04l0NgC2SnnpYQdNvEwwp6ssYNOEGADys2zDAEn5YgEFoYp2ztXddDECAjszGOhp2Swi_U5TT2zk6Zl9qLkCaQbvUK758AKvMdkKQN6y9rJIzHWn6N_j2FQwXPcKQrk2EhQYhNgCohNxiXR6nK3HWVxz2TKN54QYRv4YgRCx-Qd0KaugaxHq1nMSsOADyuQPIeTPJVU-jC8oxzM8e62ZgBNkEvl9_YOKPHScb8Uajsl6mQIhtzR1WlkFdMo026oTHqVGGaSr7HXMI4anyIKhGcujseppQguPtHefqqORXO9-vH-jsZvg58_kwbCMlLklv11eGdQp9LIDPUQg65i7M0pFg5t1lUyGwxN6Zyaw7vHOFhw6FS3Xc3te7GPWtZqaVwnV1A_sjqeIlSAOkoCcUGvfecLn9t-Phy3uIlNQ6OK87TL8xPk48rOicWyf7XTxb7jV3rSU8aG2Ekg7hHr8GZfdP3NBhhfGGpUa5IkaZZBX9yopn-Vt8ccHNnkaoBlkOhSzkmJnVARJ5LeHtjGOCrt8vDhSpEAhsxcL0QfIjgxw4-2r81xFSWvD1WhvR9pGWMBAc7fRCtZ7JDAWUitLm65jm34qjJ1GXWRKbyVsPdSf70z8yeGHkTrwcQZwiK1l_-sIYcQXSw-PO0KXWWjMy4H5st3HzzmO3prMOTNvPPbnm0bPnpwd0ZkAD9DzRlourVbkDVGcvrZek-wlnpefqsLIOuvhkFkOrvbksRVtN9hOPI3YEIvM62iA5bxTnOzJ42Sh7gm9WWzzNu3a2JXxJoM5saQPzBHmZTH7DXrBFYzT0d5ZRoGP9kquCYwHEs7SeMtWj8VlfG2uNwoN8nNFoPI8WDF2BUpe_1NMEKlTZpIOIen-912NAu1-LubK7WwQ-LG9TWniUbVSpRS3wzsnS0ViuuFCcttHcGQax4FF1RBu_GtkYnk1msGpjUpyuw6G9K1cwZTsD8WUKRUIXiXGSRn7ZTi317Uz8Y3WrcDmRPzrm5mqnzhNCJZAvP4rD2Kts_Qt4u9pfVAeHPULQeJoFeE0KOG6JWMbvtwCZF0t4eYvHCBIKl6fGaz1ed7Y91fVrIz3_Xs4GdKksZcBc92gOWYxzZe5ZPge3C2izCCjYwDyvGkW0FbTe7jLoOLCC6CCTf90LjlUbBREKD6vKFr5-3mqk76wc8LiUaVppgL1Iq44WMhydAsnACfBDwKYLMnMLbEgffyftdQq6SiJa3-6mp-gYyCjedmLNB4QvH0R-4ka8-YBVwsDciPn4kY-TGKN11-YIXuiGBmz4VBk6U6z_a5iDyFBDZ9a6gE0UffyyybtKtr16CV6Br9j-zC29Jo6Fpr3dM2n_UqHgLcDhyKvydz-NvFIA9wYWX1yOvd13Nx7zJaSfTud82bgSZG4RXaM1Y2glL5Cj5IXYFuP3BzJRvib7sWVurp7ckxFYG2uRJllJ2COsnGwhNBe0W3mgZntA0bBm2uhUSTzr7DSoXwVs98PTVCcEf6Tu8YA8kVwYNpjf5pv92ur9jEdNgrE67d66UMfxQaTMcNm8zXZr95FbR4DXM0UJ65gy3WirLsjZ30_5Ddwz9S-AC9GcfDR-2Lx_bjOtquka2NbrDq5EZ24_awbvnY2qJJqpJOhcRoe9-ibq1YGo5vn6brhIHPQLGKzMdGVKKp8S8gzxGZ8_fEcYDdXnnZo0ueFGQXIYInL-UR_4DVuezOdr-zzFnUa8RKMXQDxbPl1bmRnU-IN3wlrxbjdHwB_rL48L28OymzHvSrZRs19Y8CMlc_L2qkqO75PWc736H9WTZvwNxt6nN79xdaQ9W2nYIiJqdyQffvWuEHYBxsj3zjbNZqFW6zWudUOynQA9dklV6x4kOGZ6jgWrSqxkwWbxxYOL7UnsgahScIjL-MuVY501EEfhiE3bFKb-TmD5iO0aYhFExHiCG97oQnNTooguTSZvHJQ5id6pzKyHFwCNVQ-oo5ITBU9V4Kn2rbYrjQeo_7WuNqjFstArscUDW1yBRqlNa4sUcIL2cuPUNmXdjcoc6_mjUM5oqqoHRT2eylOEKgrJ3GjwDaRbqaVFjTs-zl8b_cRe8LyIp5_4V20akVIOwiqG1qPHm4BHoj_nJajnI9yP9peol-1fsRR1KQBTmJFIX9bepPwTcHR3ome-qRL5ycmoxA4ZA8xPY_sQoSzo1m8BI_1hBGK7deWh2iMh32hS_34fKIsVIlHx5oZsF7vG7TxPAhYAWFDWY6U2bfGEuK1cZHjXnq3xGlLKYrW5uI0GLBFO4hUgKHkQWNvsqOcq6AM9rhqf4Ww-hOqtiey9ZsOa-a8NOi6mymma-CcDJHw9KMcCQEWBmuU37mqvKUwSipU4IZfteZSWStcnxSU2JcfSG1bqQQH4FPGTadSZidEX3aTqz48EK-USFQJfFvcYVrSfvxt9hmQ0EQfLnObXIowlX5qhlRG0pTMGse-AdwFTLtU1LcfIUSuQ1irwsiYmtis8wxVsHZlXyKiK9J53Utaqi_01-ubmi5Kwx034BUah09R5lMRqflGf60vHTpBX9oJ312cChqO4OtwPxoRBRUkwoAYaa4b28q-f1RSP-YGde4IzSfXMlCtjzrk3fnJqHDW0xvSeP_mqGQrp5qTRV0ySJNJKzd1sbYgaDVD8887qev9G-kAKBJXkyUV4p0153Vup02Mi93MiYChtDE0deQuzm7xwI_PV0cyiNUjtxSH5qI0yC4s56eYDoMaM_nknbP7wIkmhpCIM3Bj1zx3lowWbKtW7Y1Ve2srHTaoaTd6-gzu7KjI31AIiR2_G2Eq7a7w8p8Fv5CatVg76YZDa_kwNaCD2-Ahj_Wrp72YSlGfhzphW4aLNJWpQQwpqoT-Zwet5zKavkdsSy0gzmzSbE3Ev_Hm9hwlpMxHqdBT5PtmHfmeBkDnCw&cid=CAQSTABpAlJWRiW9dbtfCF6wm-rL1kvAa4E7PZruphcd6LFo5dS2MWg3vwO3GhHYmelcTU1nYoilkTYkG0Z_B3hh2Zi775Fiz8FNls3Kb7gYAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Futua.com.br%2F&ds=l&xdt=1&iif=1&cor=3591658478849382400&adk=2228999115&idt=177&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a0a2f40bfe8ae021cef102b7c3220597c237c189cd4a7b50bf3f705cf9106b64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37907
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 17F5 111 KB
39 KB 43ms
7ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
Origin: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 08:16:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 74326
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 19 Aug 2023 08:16:59 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230816/r20110914/elements/html/ Frame 17F5 11 KB
4 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230816/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BqT0hz9uVE-0ffeifbCXxiqmOosJYM-parGcQ9sGQOxMLspeCUdGG0zDIZOUjcxAez_KOfOfDQBbL1MEsIKveB8sE6_Q&cry=1&dbm_d=AKAmf-DSoqx6u2pSuQNTXvAL2LfPHVzgXJNsMC6T4TQNz2CJqeaFl-7lUcgsgsqZkamTHvFytgfUfDKXoQXGAag8vo62zUmDCf70zzAs6qm37NwdzrXlCvkes33qKTNUGWgZXEZXrDJ8CjeL1DEv_fKGtfx7qkKQBJq6mhKgisqEgS8dn0O3bYBt0ovSn5oqwGiQdzM-u4yffM-5xHQy1G5rAH0ZeGywqkBLL2JyJU4pjdUBiWnfUEDBu3T8FQlVkOYxFrcpe30cN6SguO3ruJsrpltOMnHqEYonZD6YeEYvuXOahk3Lf-SJBt7-9uIK9LJ7V4ZvmMnCd557ikwWCRL4pmBJOYhN1GmYe85SwWqnKMVsU0wSdjt1UfnrIs4Wcwj-NDpReTCSDDdT3iNL9Bwq6qzbiz-qY5f3hL_ER6Pl_p4QQpW25w57i2TIURbCCd7t8NHrtjAtspzM6iOJqcF56CRfzTx6Cyia8qbctpI-GJDb2aARGwFUUZ1FQvZZVwVnoZXdwpEZ5X_CT0tRffy9K1NtuCRmDjDERwkdVMNUfXBmHZlS5TtjO9qmto5INn5eBIO9AT7aWWVDkOfkYTsI-FI2aSlMb-q37lsgVw8hskU4a01mXCN_DAjRHjrZYCboHWTF8tKnjS20IRnUm8lY-WFWSCz8BSVx20XwtnOTGzsPeZOeOmxO6czdcd-GcqQfUx8by7o9QYLS7ScYlE_dLVWtdqnO2WG1niXHZaJ6tjUkiAhhVstNUdGRnrvFPhV6_ijFAoZPo75giYmlFszASErN1VYVlRZ-CvCUQO7oh7zkZcy7BzyJ47XWsnbzxkh3GKT0B1PG1EYyHQWCqoUHewcqapUAns9UWZFI4-8Whf3xM38YICGiK-D7QcJVXK78wb99B80jTJ29JULquaaBMFrayrLhY0k8dA6MhRSkhEbOooYIwDHJRXTdYhrHkNqFNE_mPilTh1JLWW_na43AsfNgqiT2Y1ARkfyK12TjWLik8XLZEpMVFugmApybO_adqtsSGGpVxwjLly3S3N4FXn38Eb7FGIIOInnV7tX9JpDwOuD70giQW2BHNukxqLEQLzBNr-zMGvHlhBuEzaC1T09do29aH3Mi4JCt0snvSziKGthvmtV9WaZAiLiHl8g3vSr2ZWUav1dwqH9cJXWLLzzxIXu2J_Fv4i3RmdqKykfCzr0SUPMhVWn-trHejpVXZpVpH7_NYzYdbGm4KTSikk02Hj4jnhTVntC5e1rWMyiLiTZDwFFmrY5BLfxngkxjANc_MBhEFbtEw0-CkC1YbtKU3fAAjJIqRRSIISRgnaBYAiWKAZoOUND1XAmKFD-AK6D85n8OedCon-SHV0dIwgQW_Wbr5WjbtynEraB6zLCfq4ZvEwsxAbPdpTtRSNv1H6xzqB681sF05ZmKMKA7eM4Y0HZBV89Wz2YZYDjO13b_cLz6tBgXNaE0DzauKddIIpw9C4B_erOqSpRuVD7tEcSvFf9_ctS06YJoXNgzwcfQRvdxtbtja5_lAF6TqXc6Y9EI0K5q5ldHCEYnXCo6pxxEaQ7Wiug0FRP2bDJ2ogpxBP05BrkeL2ARQRvKojQzIhi4XWVg5JW7TpJJFT1MiIMqhumcVIDN2pekAyU8hawe6hopo0AOiiNjhePG7eNCnT2dq9wrkP-WT6JnhPgWR0M78T5ZOBdF7wwJtTKNoTzzyOOy-2xkzxAp5Mio_YeR0V3_XlXuNacXge7Rw0Zs28MTDV0uC_POdy5Ukt35RB1GBlWA1w3H_FU1eABmPwHKHhqIvN0DrAG8mjOusiWNkP0p795IaorztNvJ7Pk7CCNCngYTfIGCV1_XnRd-gyArZGFRICBvhIrGh5g9wI9El-swhu7JauBPY3o3-qTYcHReYn-jXODzVfnSQnc1dThN-iWWhKz8l0VLYetWY-OmS6fWQleTz0h5kcaXScbtWymE6sF-iKUYWgXgMxBQ4QybSEkZCkLS73MdMXsUS_XJHD3e6tULsTzPEJUorZoHwkWWQKdQQDLddcSYhBBy0u-K30L0fizQZGIwAa06IM4KLmyUr_F2lygmjhxtyVq62ofEjrg6xdPq4SYbeH3JJfWawgjBQK1UvN_qR4gVzWzOjKGCPzF3e_v5ZvWrBiaALUSO_WSVe3xAcB-ka12MqDHPLGV2XQKXNTMQX9dZBSprZJrvp6JTHbfrSf16oAKOpeaAvNU2NiHrqe1ezbbM9aXkHNloAoOKNGE0DdrzXAl7tjWuFNwHILLbJOJwbtsJZxqsR6QOMXiZQ1fXSQrhmuw_Qxmt_Nd4zlS-tqixEbMuE7K2KRt5JJ1yPW7rvewnMAh6fy3EjEpaSVJ4OcHxCHfzy01IzQ6Dn8ma0zM_7ZypIuOOO-2W_G7i1s6THWpqLy-4pYnkkqs7PjhSCYKgkH3KwyZixxMhv-tdVjaheL1mbqE4ekHIv-anB2Ct38LgnYm1AMjiy0nWb1vOldufoQ8wPLD-Hj5RfcoRPyHXUgIr5tlLb99EcAg1sAjKYTvVYI9pk7MSxNYFOsCqPtAyUvNYr_7X6_klYMC3IwzHXXNFCeea_bkSYdmxc9Rp7zgOxyxfhz1D6P22bMyg3CKc_EXhF-CysxP-isattn6vEuXkOUuT0mOJHB2i3Yz_2bDjm3rJk5y99zI1kVm-qMHjnhCbiONUPT0iQDm9bXNudzt3U5-9SMRUQ5yWIElk0trO4QAySe_yw9k07Uwk5FA5i-wo4oK4lCf-3BbLTL0XJjsNdPBJjC4JBy8LEYfQyEuw62AEK2uw78Xnrd3TdekdhZINFOZv1tpL8zQi-4mxc5KultkKLUi7H9DvkcTcPV6Nutq4iujfd837OUp-lbXS2szpGoqhVIP1TSSkNs96WKlR5uDDEe4AzG_27hO1AZYGe7DOyv9hWVMt_ZuiPG91dvDfzGSWTGdZo9_DS9Td3ac73fJCPItR1QpX2Cm-TVsbN2IDXfqYsjM9sL-9yWjLr4FRRaEphcP6uwu8YsItxbvGX0TvnaPFWaDB7fbQ7s_cO4cLStWGyZaDPqhGLpw8n8GQyXiOm_vrQctcz7Z91RYqkJPi8oCc1D-AxxHlox38g0l5cVoF_UlWY1FNlEzZjlXBWU-bMIPsqMHvktU1POOWDVxLNtTi1yuHbIesmi9Zl0WyqPYfv50-X1VjefJZ4fL5DfHm7zN9LgV7se7bRCNIaVJNIxU6AGl8h3di7fxQaUT-1CSoqdWdv3ogUOSpptvgu0iv5EQly_yL4rVnyp4fo5K_MUmagbXTOplcj96FNYVen8JUKZ7GYR7Akv6L3oAiahXE3MzgKhfXSgDV-ptQJP00Y7DUEwu_ctdCtVllIaPK_9qcWoW3Kil4llJsO6ZsVuKKsqdZ9-JvVIV8QRkEsBhzO_rkOric7KJ2F5mxtZ7N_fhjibr0BweQFqlKyBihZd7Sd38772GSuwp8I_yFII39jcxk9JoC4Y9wqaNwPGw6P_Rw6O-_hFCxCIrSwyxetfgHR0YXyO33cces3JHb6dD85Ol0ggzzCA8FwXRDbFXF73eK7dkhxBE4OleBRJEasg1EWThL6F4prEX9GHledsKhkI4n7VuwNN6l4Od_Gy-s3kbANJmUg6aLJU1BAkVREmNCjIT9RTjBftyoG-uGvyi5zlEOt0--O8-mpIfQeD_QZFjMmQZ7DsNUfbwkPO0jR_UbmGuBclyitIe1l1bNFjBdyhN_CEE26FcWSafLUQlqf-6hrL8GICVnH6Ar28CdFMtrI-LeiwE5nKINrnPs2-w9NcB0Cw&cid=CAQSTABpAlJWRiW9dbtfCF6wm-rL1kvAa4E7PZruphcd6LFo5dS2MWg3vwO3GhHYmelcTU1nYoilkTYkG0Z_B3hh2Zi775Fiz8FNls3Kb7gYAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Futua.com.br%2F&ds=l&xdt=1&iif=1&cor=12783392816411542000&adk=250412560&idt=108&cac=0&dtd=19

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b61f735ba127d88a8673f26e34a79bc25968d5be1bb43004958065526d28bb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 23:37:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19103
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4196
x-xss-protection: 0
server: cafe
etag: 15907914729094346842
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Sep 2023 23:37:22 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230816/r20110914/ Frame 17F5 30 KB
11 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230816/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2ae072b67edb6016f6425f5d59b9ffd393f38f1d631d108a6dd05339cc726835

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 14:24:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 52254
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11536
x-xss-protection: 0
server: cafe
etag: 2200807439755941123
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Sep 2023 14:24:51 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 17F5 41 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 13:42:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54817
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 17 Aug 2024 13:42:08 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 570F 15 KB
15 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700,300&subset=latin

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 04:06:52 GMT
x-content-type-options: nosniff
age: 89333
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 17 Aug 2024 04:06:52 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 570F 15 KB
16 KB 17ms
16ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700,300&subset=latin

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 13:37:19 GMT
x-content-type-options: nosniff
age: 573506
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 11 Aug 2024 13:37:19 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 570F 15 KB
15 KB 12ms
11ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700,300&subset=latin

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 15:22:55 GMT
x-content-type-options: nosniff
age: 48770
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 17 Aug 2024 15:22:55 GMT

GET
DATA 200
OK truncated
/ Frame 17F5 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4c7f3d61808c4f1a272fdb151fdd0c184f2c9709025a4b8af856f8294a5ae451

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame F067 111 KB
39 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
Origin: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 08:16:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 74326
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 19 Aug 2023 08:16:59 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230816/r20110914/elements/html/ Frame F067 11 KB
4 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230816/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DsaisWt4_EPD0g6e1R6JEH1VD7EhLM2sIw5SrsGMm9whzJNvn6dcHokSoZ1S2Lr1Eqreb9WDIqGkGpSbr444UeccBReg&cry=1&dbm_d=AKAmf-BX_9WkvTk1-wwZ10tw6-G-MRh6BrQAulOQddLV0dVW4FPxcHXn4NTvlUU8caOLJi4TfsorAYI_W9WX6QERGlGUOnFCh9j3C7AVjT7hF7VLTdyYT1F81SlOH4XoX3rPUCBW-YnPyJWQAPKoRT_AzG6dbEKdTh5U79izpx9As3LCEEhaSXNTFpMx0INO7Ky5OAqb-_d3QqnAe2xAFCqpoe7njM1SZRdRywk_utfNjKwNKXBUCAh5-8M-eTm-7BodB3jpHNkoRXN95sn1oGcDdG_xYuhnKQJxg12LLlkpy4T6zbyehism1zNifAOPcj-UMb78qiUxTpMdUUqRAv5AlxsGY_FdPzmqI6SKDZl0Tfg4tJpahCm92CsrekTPbBE2LQIfNSAgBhNUMt_aq93EdtJIpxtfTZC3kqDgSSaEtXq1jorSSiMTtuAXHoInbJCJnBAx6A5PwEUlBjSwC67qG0nXQ3JNOMcIWxhly7jd6kU8RTqKGkMjbR5CH2b1G0knf7cd4k0r_RbANgqeREct791GggADHSA80sK2k3JyxHwFRyng87VnMeM60i2aJd2KJNLCTsPWgCR_G8X6U98X31i4ml3C29rQcPfjbUkRb09AQFh69sLsPRUQn4wrQQRoREalEFOnB-AByOYIu9jT5Zja8LuErZFqEFjeUPI-mhOtDsatfiE4VHPC5te7zHv2Os0UooJc-3yUTGU1r4TWvab8ihYu4QiNqiFMPolJyzeNIwXV0mvZavMUdQzMDncFTyOKlYmWk0gPy7K8Oc9pGOBxnSBDalfu_hLHF8IyFRdmRbJYv_aXmpeo25qGk-DvnZS5bm3DZ4Iu0uwutZNo4xgqOBVOaOF_jd7KziWc-iuhyGhu258O04l0NgC2SnnpYQdNvEwwp6ssYNOEGADys2zDAEn5YgEFoYp2ztXddDECAjszGOhp2Swi_U5TT2zk6Zl9qLkCaQbvUK758AKvMdkKQN6y9rJIzHWn6N_j2FQwXPcKQrk2EhQYhNgCohNxiXR6nK3HWVxz2TKN54QYRv4YgRCx-Qd0KaugaxHq1nMSsOADyuQPIeTPJVU-jC8oxzM8e62ZgBNkEvl9_YOKPHScb8Uajsl6mQIhtzR1WlkFdMo026oTHqVGGaSr7HXMI4anyIKhGcujseppQguPtHefqqORXO9-vH-jsZvg58_kwbCMlLklv11eGdQp9LIDPUQg65i7M0pFg5t1lUyGwxN6Zyaw7vHOFhw6FS3Xc3te7GPWtZqaVwnV1A_sjqeIlSAOkoCcUGvfecLn9t-Phy3uIlNQ6OK87TL8xPk48rOicWyf7XTxb7jV3rSU8aG2Ekg7hHr8GZfdP3NBhhfGGpUa5IkaZZBX9yopn-Vt8ccHNnkaoBlkOhSzkmJnVARJ5LeHtjGOCrt8vDhSpEAhsxcL0QfIjgxw4-2r81xFSWvD1WhvR9pGWMBAc7fRCtZ7JDAWUitLm65jm34qjJ1GXWRKbyVsPdSf70z8yeGHkTrwcQZwiK1l_-sIYcQXSw-PO0KXWWjMy4H5st3HzzmO3prMOTNvPPbnm0bPnpwd0ZkAD9DzRlourVbkDVGcvrZek-wlnpefqsLIOuvhkFkOrvbksRVtN9hOPI3YEIvM62iA5bxTnOzJ42Sh7gm9WWzzNu3a2JXxJoM5saQPzBHmZTH7DXrBFYzT0d5ZRoGP9kquCYwHEs7SeMtWj8VlfG2uNwoN8nNFoPI8WDF2BUpe_1NMEKlTZpIOIen-912NAu1-LubK7WwQ-LG9TWniUbVSpRS3wzsnS0ViuuFCcttHcGQax4FF1RBu_GtkYnk1msGpjUpyuw6G9K1cwZTsD8WUKRUIXiXGSRn7ZTi317Uz8Y3WrcDmRPzrm5mqnzhNCJZAvP4rD2Kts_Qt4u9pfVAeHPULQeJoFeE0KOG6JWMbvtwCZF0t4eYvHCBIKl6fGaz1ed7Y91fVrIz3_Xs4GdKksZcBc92gOWYxzZe5ZPge3C2izCCjYwDyvGkW0FbTe7jLoOLCC6CCTf90LjlUbBREKD6vKFr5-3mqk76wc8LiUaVppgL1Iq44WMhydAsnACfBDwKYLMnMLbEgffyftdQq6SiJa3-6mp-gYyCjedmLNB4QvH0R-4ka8-YBVwsDciPn4kY-TGKN11-YIXuiGBmz4VBk6U6z_a5iDyFBDZ9a6gE0UffyyybtKtr16CV6Br9j-zC29Jo6Fpr3dM2n_UqHgLcDhyKvydz-NvFIA9wYWX1yOvd13Nx7zJaSfTud82bgSZG4RXaM1Y2glL5Cj5IXYFuP3BzJRvib7sWVurp7ckxFYG2uRJllJ2COsnGwhNBe0W3mgZntA0bBm2uhUSTzr7DSoXwVs98PTVCcEf6Tu8YA8kVwYNpjf5pv92ur9jEdNgrE67d66UMfxQaTMcNm8zXZr95FbR4DXM0UJ65gy3WirLsjZ30_5Ddwz9S-AC9GcfDR-2Lx_bjOtquka2NbrDq5EZ24_awbvnY2qJJqpJOhcRoe9-ibq1YGo5vn6brhIHPQLGKzMdGVKKp8S8gzxGZ8_fEcYDdXnnZo0ueFGQXIYInL-UR_4DVuezOdr-zzFnUa8RKMXQDxbPl1bmRnU-IN3wlrxbjdHwB_rL48L28OymzHvSrZRs19Y8CMlc_L2qkqO75PWc736H9WTZvwNxt6nN79xdaQ9W2nYIiJqdyQffvWuEHYBxsj3zjbNZqFW6zWudUOynQA9dklV6x4kOGZ6jgWrSqxkwWbxxYOL7UnsgahScIjL-MuVY501EEfhiE3bFKb-TmD5iO0aYhFExHiCG97oQnNTooguTSZvHJQ5id6pzKyHFwCNVQ-oo5ITBU9V4Kn2rbYrjQeo_7WuNqjFstArscUDW1yBRqlNa4sUcIL2cuPUNmXdjcoc6_mjUM5oqqoHRT2eylOEKgrJ3GjwDaRbqaVFjTs-zl8b_cRe8LyIp5_4V20akVIOwiqG1qPHm4BHoj_nJajnI9yP9peol-1fsRR1KQBTmJFIX9bepPwTcHR3ome-qRL5ycmoxA4ZA8xPY_sQoSzo1m8BI_1hBGK7deWh2iMh32hS_34fKIsVIlHx5oZsF7vG7TxPAhYAWFDWY6U2bfGEuK1cZHjXnq3xGlLKYrW5uI0GLBFO4hUgKHkQWNvsqOcq6AM9rhqf4Ww-hOqtiey9ZsOa-a8NOi6mymma-CcDJHw9KMcCQEWBmuU37mqvKUwSipU4IZfteZSWStcnxSU2JcfSG1bqQQH4FPGTadSZidEX3aTqz48EK-USFQJfFvcYVrSfvxt9hmQ0EQfLnObXIowlX5qhlRG0pTMGse-AdwFTLtU1LcfIUSuQ1irwsiYmtis8wxVsHZlXyKiK9J53Utaqi_01-ubmi5Kwx034BUah09R5lMRqflGf60vHTpBX9oJ312cChqO4OtwPxoRBRUkwoAYaa4b28q-f1RSP-YGde4IzSfXMlCtjzrk3fnJqHDW0xvSeP_mqGQrp5qTRV0ySJNJKzd1sbYgaDVD8887qev9G-kAKBJXkyUV4p0153Vup02Mi93MiYChtDE0deQuzm7xwI_PV0cyiNUjtxSH5qI0yC4s56eYDoMaM_nknbP7wIkmhpCIM3Bj1zx3lowWbKtW7Y1Ve2srHTaoaTd6-gzu7KjI31AIiR2_G2Eq7a7w8p8Fv5CatVg76YZDa_kwNaCD2-Ahj_Wrp72YSlGfhzphW4aLNJWpQQwpqoT-Zwet5zKavkdsSy0gzmzSbE3Ev_Hm9hwlpMxHqdBT5PtmHfmeBkDnCw&cid=CAQSTABpAlJWRiW9dbtfCF6wm-rL1kvAa4E7PZruphcd6LFo5dS2MWg3vwO3GhHYmelcTU1nYoilkTYkG0Z_B3hh2Zi775Fiz8FNls3Kb7gYAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Futua.com.br%2F&ds=l&xdt=1&iif=1&cor=3591658478849382400&adk=2228999115&idt=177&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b61f735ba127d88a8673f26e34a79bc25968d5be1bb43004958065526d28bb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 23:37:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19103
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4196
x-xss-protection: 0
server: cafe
etag: 15907914729094346842
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Sep 2023 23:37:22 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230816/r20110914/ Frame F067 30 KB
11 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230816/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2ae072b67edb6016f6425f5d59b9ffd393f38f1d631d108a6dd05339cc726835

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 14:24:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 52254
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11536
x-xss-protection: 0
server: cafe
etag: 2200807439755941123
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Sep 2023 14:24:51 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame F067 41 KB
13 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 13:42:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54817
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 17 Aug 2024 13:42:08 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame DEC8 111 KB
39 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
Origin: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 08:16:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 74326
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 19 Aug 2023 08:16:59 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230816/r20110914/elements/html/ Frame DEC8 11 KB
4 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230816/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DEgswUzGCdlmSTXOGj6_xYAjdU4WdVpIHXBTnAyJm5_5EgA-cGBnwEQ3X0tj6qs57zfg3tUC3m0TN7ItN8lFYqNo6yKw&cry=1&dbm_d=AKAmf-AIPhbEcA8As9OYk0Fdd4GO7uqrtDj3iqRUkZ1iZLC2cUJZ5CSTT7zoIjZg5iDPz7ug3vqqNhxIyiTgw_t3H4XPDCmwcMv4XwdAdvXfMpaG7atPU_57jbdEWkPT5z3HUnux-ItH6_2kitwmRKvRMsSG2WY0J2GKSoV4dGMLr1a-32ECXWSmMW7CoPiPXNM-oficT4ah_KauHOgkTavESZzD1eba5lyAjjuL2uewvZz_0YFLPiw_c7uGs7qnPZDME1_tDVwTF8TSaPRzmKi2YlkPxXIo0xIYOjkpymfLOT44ETGQwNKk1xAaQ25e7RdGGT_w73G8iyO0SssYMg9plTgkrS6TXErtKTHFMQkdCZNW7Z3QZHiSdM_8A4kG2_QciL8XnlxpjC2o4QIgeSDMTAt_j4YUnu6sQoZmFkeububdz36ZIPQlFF1juJBPGbk5KxE8A_pnpGJjK4eUpFJCO_wtSKqsB0fwDpPe_yF4dyKGGNSFkR6YGfy3GRlzhNFDoJKrWDfTdCYZPeOspAkAEAXO3hlUns05jW5QKNb0dLV7eYzci2jxJGTUcwFYKJsYsntWTZiM0DzsiumgNFchEaYszu6uovkXeCf_yDrE5tR7iinDmo3tFavhkjvfWkUeVRGfFVw_oHr7OnxjalXR2ahhMADAbshlHjTUNljmDfLrZ9aUKRunceqgzGUR0hmxhoQG9N2TDorO6TO4sjMjMsiJatoC_rVZD-v2eH50ueKfiZLpBS5ggQ3L7QFcGY2wyrMd5HrRNly_I8asMC9A13USICCO1Azxm8kPyJOe_yPG7wqGZzPNBVtohy0LPRynNPTwRrHYf4XkqjI9hGEeZINlPXG4szG3Q5_VLj6b4sK4rKAYgr3Z7UPxJ5gXB4WSpplexPk8xl8ifCJViwDflIgmKrcgrKYN7zSr5hYe8MJTRQQkHzOTHKBLTtb7EXFnKsqg6B05DshVFVitplWQJ58ekkEoIS5X2yCxIuMzgCvSApVp8UNt3R7-pqwVccz6nv6MzPyIvIAbfbsZ2mCYxrWbYpbYKL-4Ar88ruB1PkF9KDTMomWAZe2qcC0_E-RpOM1sjKVIQd1GiUNdgTMZduuZ65XCS9c2EmVdqNTP181olt27S6bcmpAs296ptV73S58b3JovAOxhwtqEyU0LZzQ2wSdlkbW9e-yX8F8kkuunvJYfev7YSboT2KXJT_AqF-QKQyVh-t0n_fto3V4Rmwv8LnCErj7cq_Mstxsl5uYPDbwmhSn1AtnI9rnz6l_IKHnDCn-AKBveZiAiQTz4Xkh32Modl4O_cRt7PhlCtroP6vmgWGTBYjkjjTKn9sC0bBpeCWK5Ak5gJIp0R9Vo_WJREsx_pKYib0rFKAtgzvHzWPt1l5Dre1n2x-HtnsEwT1KBd4H_EIPXIKuwla2wvPowfcC-9Bybcy1jK3A8MLdF6NL0WJ_HWU0tFvbYUPDmUVNa3F9igON8OIknaTg_4_UjFIj_zRjtGD3wXpW1iJMEemqSxyabw9RLb7v3i-m4XHgETCNoXBw_CFXs5WM2Y3V3wksw14sOTt1C3C68PWNSpjrplUpCEI6Jvn7eVnMbu1wiACy7TnudYDAkXs-ORa7kG8kIcGKrCIf5bXqcAstAi2QzTS-Bk7g9BdJxHZPM8NvfwQfoNmAakoVK5A4CFRjpxUWZ7LlR2FHipR8owso3kEVzpYtiX9pbDJuPfJytaSjeF2lSZc9rWGWLUuJoWBAYmpdO3Gsmu6Xfg-ngS4zmvaide81EPQf7vf5UXF1SSLpwIaFXjw8Inbg6u09FhQC2hcqU-HDBUyjRhrof9-O_yqaBKFaOdLoMS0K0qQm9DhwyReC2VLqt_fx9Qe9xeAH5GcTmbbx3kP2i2jeyJ8l6_Vh-QOantSQRjHSqiDCxSmByBQVXUmBbClt-6SiKQU3LWzRkbs8aI_2TnkEh-w9XKQQgSA6FsyCL1WtSjEibH0twPUad8F6BkG04_bONnoRid8iioY2W3Qn6Vqtm_PbpngG3MC7FZJP9S2k0Wk-rXavqLqge2YpNURSi5JU_AhXYjB6D_UKsY3kmFcZSGp1yTJEU4Rd-5scJg18CIxXcOlHFvu38kKv5RSgYr4ESG4fHxm0aynoeHAxmC3PFCq8hviHUh1rs-3rd0NczMan6L4g0ubFf3EZ2h5tm-suLc9Ko04pDPyTZo4M83uElIJhShasSUEwst_TG8OnhYb-tvUAKs6m_CamD76eSxSbRHtykaY6cVf41rrFnrWO0E7vv3FQqmMkPHGJiFySazWSt4Qu_LJXeuguxMsGf9Dw68M-VASjEb9zS1eUnJf9ou4gsJUXGtxVIUTIxQOXh-TsL54jhEND9mndo0IK_xQYDhtSZaI0xo0HRrdRu02i0kUXSBwB3Ai7j3iS8k3ZLwWIqVk4K7kBRypWIzV9KlZJgqg28-L_Pwls8MG6LUeNMv6NJFYUI8LQvpRfyNUF0TpmCeDRqxM8xFbu9r9FyhQwL95nRNf8IVsS9vS_NOn48eucuoGciV-b4IhZLK9uFo14v4suf22PW4yH_7ZMSa2Bb3UFEdPMZTWJ20AHmh9xDBOmLaSxmGdLiYhekN5KH58GU0P1QZmJpZpe4SW9wMFRAke6ageitTZcWQJtAJ6s0246rtQalFAU1X356nodN2WmpDchPFgH0aaoI-zxheZz8nA4cMjFZeCwig2oXGqlJxp6CO2xYPUTagNj_y1jS7qs9B3Y00ULLSJFxw3NoEAHeyWmXMjbULvjXt8efSB29UvnX_uXoygwObDIqfwyV8W3JGQyBAPg17oybGNndj2LL8xSrXDI6iITaeADDG6Efi9TOKib7dQbG3sDTlXxHHQCTvaXnnZejY6G7ZuYQsm0uQQ5MWjRk6Js4I1tS3TrrUjqyhd_b5PZMXmm4W6XTAd6ZtQC95IWWjdh5-xJV2R-nzWTU9X2q0Fni6U6Yno7n-k_RPDxK1EF1rwP93WaLpz2Y7i2ZnbaXD7poWSIyymORDMLkroJPAuzmdvWIHTd0IM_B5C7pz4pnCPcmofHKpMMEWtQppwewpASEy2uconElNfgm0zVMm1qVEHEklxSo4hSxBGhkg9uFRHlQwNpAaRnLfrmkGHY9aMVm56gphgN_O2mprbXFI0XYbf_bqhEDhX8THu2cblL1Z1mzygNTV3IA8xvMYW197oiw6lCV1rxqDCRLHov9AyqrME2DBRMC_tUne1ufNB2szK6rC3nJCnyEgbf7gnLHGSYlu9rqM2pNXLHLsLIVrASLKDTmyQMfcNleSwd3T9Vx3mXTl219L7CxRcyW8QQa1OYTE3nnxeTrJI6_nhO4mUfMEBzCvPr_FIDeX0QzXxyX9IOCN3gTL5PENOIimt3CtJWplUNTvFckWsF5BKMTTbRq6h24ciIO4uK0kePcQ-E9OBcY0l7FBCcI_1X03q-OJ2f-XZI8HOREhqqKhMdmhj10gFW94DyPoVKs7HrWE_Qk8ps-SBoNQgNPiSCIspOH_Ws_4NvDlHdozl7R3JCp9B771RDByRtQX4XmM5La4bTvyMivSDrKeBfIWfswsXLRc0gQ-3GLKhaSDFbK66AcxWgV12dXGE14q4e0-4iZg57ys_bUz4C5JGBWcICc_Uk2Qzq1GU93o7h5J4ykiC6nrVRXEinh3acsGe9ZVbYSe3vMq0ow0vlm9rufkFwjp3oOW33uFJAbiT00bJ5ND_Ee_gCDcUTicQHT8D2ineOWjLWWtnMOPdxAPurqJLEGX8cqvgKpogaKKFKQR2W_PWoKjj6ZziOGrCPhKJZ6lNwIhyI&cid=CAQSTABpAlJWRiW9dbtfCF6wm-rL1kvAa4E7PZruphcd6LFo5dS2MWg3vwO3GhHYmelcTU1nYoilkTYkG0Z_B3hh2Zi775Fiz8FNls3Kb7gYAQ&dv3_ver=m202307240101&rfl=https%3A%2F%2Futua.com.br%2F&ds=l&xdt=1&iif=1&cor=14552874646495030000&adk=1964084972&idt=182&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b61f735ba127d88a8673f26e34a79bc25968d5be1bb43004958065526d28bb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 23:37:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19103
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4196
x-xss-protection: 0
server: cafe
etag: 15907914729094346842
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Sep 2023 23:37:22 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230816/r20110914/ Frame DEC8 30 KB
11 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230816/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2ae072b67edb6016f6425f5d59b9ffd393f38f1d631d108a6dd05339cc726835

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 14:24:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 52254
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11536
x-xss-protection: 0
server: cafe
etag: 2200807439755941123
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Sep 2023 14:24:51 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame DEC8 41 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 13:42:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54817
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 17 Aug 2024 13:42:08 GMT

GET
DATA 200
OK truncated
/ Frame DEC8 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 57d8fcfb7a0018ccc265d40aff88301f499234af309d2f15c1182c8436377603

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame F067 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ff86decafa3690114e1f5bcc0e6816b71cd7c74d15240bc1aa4b7c11aeebcf5a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/ Frame AEF1 11 KB
4 KB 26ms
8ms Document
text/html 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0b7c1f9b0cd43d700389d777d0d7e54ac741860e29caa6ad833ca4d3eb27585d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 329480
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 3986
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 15 Aug 2023 09:24:25 GMT
expires: Wed, 14 Aug 2024 09:24:25 GMT
last-modified: Tue, 30 Aug 2022 06:59:30 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 17F5 0
0 103ms
54ms Fetch
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsty88pj3SDM6mygqe44AxAQTiiptyPL1WR2msFDN_FDxvkCbIaDF4symtBpoFOH7wcTtSnJgGmeQX395QRDxDIfPNbV7vACiaU_HyLwl4r_uK6TOSbkBzehNCTzCAfbavbl7cegj8OjekJnuB4rkwPz_pxqZNB-0fUIHJcYfWHREzv21QtoQaKT8nPDDhQTHTN_--jmTUPQRBBUUt9gHb60hAlgr7kG822-1refCdC-CfeqykHnGzH6qZj1FfDS2HVYXRH0vBBk98vgVskJCFY5K40UfXZxVcV3yIZc76D2QXdISU27j3As9ISbvYSMBHBSmeam8aagc_4BPAcsD3x4YGcoyBmWG-_SiJmO4u2Ki6ILH5HkQh2Nmr6uyW3IIxflbf5-AcaKJPDHYvxtGarNeEj4rQqDl3G0ghOoGOqAFE_1lZoMONYlhJHhvCZQWyaqPS80P7vHhpvTMG954fDHIrjA9qvyJ49BQV5jNciKjIstoXImPBIc4YcAbtXtszU0GivJFZbZLMxCbcmyWZU6T_rdU4Vklg5jIPbWhJLuFlLk_gAhAEGiEmPgYwTqgazCJ0HZTBARztbcMPJZ4UM4hTjLqLh75mKAhF7vEGQwR4awUstOp9o36rxljdBshpNE7-DPv_Mobxjzk5gTmXFBNZ7LkZ3Fn4GuR8FyeoydtOInK6mOlEHWn7BrKNUxUEmekJ8nunQ0YcQ1SdILQkF7ya8JYbXUGs08aDx19DKNVL5JFDNlT9VAg7IP73CV9eZEMTD7cdKm9GqG7xVI6zWBlzAdQ6lSZZ5ZZ3-A8J8Tr6Kx0_lhXXL1NfejGpUKab9yZQ7VvWhtXS7HoVg9ox1IEjhUljC7p-AuR_m303MeOF-HWPQvWZIqY8-NVKrSDEJtBMJUGHX50jY8EbnIPd3kF_2yex0PxjVMX_Mk2QSETl1x4MonDZGV-Sw4VUyZVmghaCs3aiBqlP4afScnKeKGEYDNfgduJUPNxCHNhSnvVnHv_21BxfzATLQjsJSi4RcPya7YHGXV4WB4lXGqw73aDWiqiHHWii8bwdGrRA0VBB6m3O-FxDUnDfY6w95-xj-PnDXkO9xmQlH7B30ScStrSgsD5oAH_eNckKXmZBdQ-6LH0wEthHFwiNV0U7XHuBVaN6yU1sgO2Fgt_lmz3pLd7s5dvrliHabEjCJ9kwaINx6WRWkTb_aeqYhb16SgV8oGUH4765nUMKc21gGuDQUCxtR8wr2k-3CmCSkCCUCpzkB6N549fCLvAu0&sai=AMfl-YR1xNGPVrexcjcONoOP4Qc1NXKjkZJxmzEIXKnoacMnqGE3N6hPg1VjgmaQuIxhOx_-ezLRVZGRfJL6nMM0NLngoyK1kFB6yiin33zrN8nJg3IEyLtVk5jfGtrP7dPfyq4cKBJsZU32UZw4G7IMZrpEsdg57b75uPm6nYuk4uoS6UmZ79wKMDFYd4HmzUSeagGnbL-g6VxiXNo6QAjIRXFAb7V5EdbhUfWvnx8zos5_7nJnTX_9iHRetRsVLxpoxaYNYco4ptpN5i9PgLjl7Fqhplm5v10Gidx0&sig=Cg0ArKJSzAK3d9JayQTyEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=97&cbvp=1&cstd=94&cisv=r20230816.61513&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr35s10-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 19 Aug 2023 04:55:45 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Sat, 19 Aug 2023 04:55:45 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 5EBF 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 39600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 18 Aug 2023 17:55:45 GMT
expires: Sat, 17 Aug 2024 17:55:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/ Frame 64D2 12 KB
4 KB 8ms
8ms Document
text/html 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8777c0d6797cc6fa9e363f2d7da0c072b2a6abb112f67e61418727a40db2aef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 90429
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 3992
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 18 Aug 2023 03:48:36 GMT
expires: Sat, 17 Aug 2024 03:48:36 GMT
last-modified: Wed, 03 Aug 2022 14:05:31 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame F067 0
0 79ms
54ms Fetch
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss2eDNE0p_H3aeg44c4yo9HQTFa8ODC-Vfl-SQgHer8s40voYoKBruz12IPhnNMRJEpMWURE1ng1XF8PpnPy1i4c_ab5cPibTJGIAN3TnJhZL18C_R_GgnWrkEsmVXHsBj9mj86JudXOWJRMWb4BftYUawKflKGso0Kr5fu5qf8ysCgycceFB2QX63tAvKSemjqI2HfnM5IMuvhYyPB4YUJ2UtZBJ4TVyLavWzIK3uQUCY69s1sAP-UZIbcqMRBNR_hL9LWaPkoVxt0ct41IEuXQy02P1GUYDBajJkKbWexNWOPTERnjj9fF319gH5VacDPotygMVMsLDpn-mUNM__Z5n--6sAVmBObbK0k8X_0xqgBjgQFCt-iZgEUaPjtRJ1ZJe_NlmO6D2KgiVdF1mrogLVvdi0rC03CIN8ltMQK4XKa_zVj5EFsLV24fkjXOxx87FP4dmBcBVTxEC2K18Yr1zBTnsexU7GGDTOYkCCVPCo063iwgYB5E4adU2i2WDky3mVshacFM2R9EcUZ6HuYWOSQIcZN_X3pzzbfkJQ-OHqEkqiL3dC3xpZSMcJND_2nNyU7QZtnNCLleAigbWxtf9JjY-zIv1pU3QZm9f9Fu0DzUn_mzv8fNn4Ne-seCj_eFahMDEWi5rjjnE-sCW4n0hip_4cGIj_U-F3sOss6RHq82LwLpLmHFth8Aw4cf77mhZT4-bynXC4nG0MtMQfYWs5IQQeeQvT1T_Wam1XU-J-6qru8v7e-LS1wpK93weQLaYp136kcZUpxJVJHiFqBDCuZ0ZW01MCB_65qaXKZJvUELIUhPlAIJ0_t46U-Z0vw66E1l8GDT21fFcwxvhmSVetaaLKS3v0TwhIRWfipbQ_TE3EqcSERtsMro0_QRLXnqnoYjd4brklC3ZDltzhM70FOP1yHOHMSOC-srKQhtSFUh1EIxQQxdKawejfEHz_rhkDg0K41ytFkeXaq1-40C16nJC6hAHxeloMGKDBQdepBskU0pLWWCgnyFaozYFgmKxpxYW90-t1h0yKpYCvuNTLUVvIfoLReIlB5GsAPBlDclchHsp5CC_8DCCLVS1WCxUK_UPVbANIDAV-Eb4gpl-nt5VTJL65kIuaffOYh42WMB27qOSbp-WR_5wPxw_TijXPt8LSAGv-oAPKDj17DgHbH_zLXmuySERgnujmFJDLLx_Ioex5MzNDI5kKwjzP-XYNoZC5MJ8QTW6mEEwuRORtUwJhmKM1nTy5IwPVU1FRuJK1KhYZZSHAmzuA&sai=AMfl-YS0PU8d0kxK8O3vnirxvQymeF5YWTsEnY25L6H2-KftnacMAlMtKVqPh1XGHK6swIENir8e452u9k8R2viWwBOvQg61JYKljh8LEInqHOf-FTK-upN5fDvtP_tWjF6BxYwsGm_c22nMCdIeTMPaBbbPsjIL428eLxcUc6crMWPpNVI9wc__Nwxk9lYt2aIHD_dsOoz28o6rgeDmZevUountycWkqwNFB4vSdsmJTgkHGCKjLOMkHShT2XV0J4s1DkA_ThaLgi_NFr7bgjO6_oQGPmo_h8J3Ec_7&sig=Cg0ArKJSzNyJPM5-497hEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=59&cbvp=1&cstd=57&cisv=r20230816.49031&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr35s10-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 19 Aug 2023 04:55:45 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Sat, 19 Aug 2023 04:55:45 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/ Frame CE99 12 KB
4 KB 8ms
7ms Document
text/html 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b260c616a6d660b3ae76f05922d6608e49cfc3ab869e7ca1f603f0f72cea7930

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 321082
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 4006
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 15 Aug 2023 11:44:23 GMT
expires: Wed, 14 Aug 2024 11:44:23 GMT
last-modified: Wed, 03 Aug 2022 14:04:24 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame DEC8 0
0 75ms
55ms Fetch
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstDdp_6eUvLxq25AQSUzIYPpFopCEaM_7x2D37JAV4Rm7pgkLfa69n-QO6elm4WCj__YTjzCUrSM7bWDhGVX0JECsTa_9PoMqnMGEBwgyIoHimZoUR7wGQJeOSd3zIkSSW8qY4fo9erzWcpSc469I6OGAXz9oPxEcf3IiaihR7BI8ingqm7Q2nS8qzOJvQiH2y-DLukdA6jDM19G2cUkdhAfhUeQ21aIXCZfPYSNsi5Wp2_IJNMCh29GJQ8uVy5IM3KWFg2BuzZ4gj-ZW8yhBI4xJCkF1LCC1eex2c4_u0JLdmLMGZJGRDP6W7S37eZxVp6Pt87TH4_hdvqFv_tzPQgO-sqp7o9lbkaEmyCY-Occ7fpIEA7qoM3V7ONAL5YUhA_sahYdqxWCRmjtS3W0pqVEDFVvsys8pDbCoOQUt5vDoh8r5fMn57i374pTn3ss6X47k9R8eK9eg9E1smFIuV8FjSneZkJ-XHo0V2kh2k3Y_Ie_xVyBMgsEba9w0Z96UaiBL9mi2eWJwPhqvWg-qDr9GLbZ5VWQuiFjAGGw2VwoJlzHjN5TvwgDnKzTF1JUTRS6aO6GflZVLvbUuMl2wi2hVDnJ5JuQURdC70hlKKj5PciicLzphyJsMd26b-KPBhROVZd-khZP9LBOxVsDIUslvB6wydg0oN9aSJu5gOQ2e_9lbHtIwPa601Eum92Dnmlw4WwZWzVP-mU00esXXqY7MupW47ay3eW_UG7EwWQp3OfiC_0SWHbJKnJtUs-p8RZwWQQ_V52w-Kgbbjsar7abVo-CREsEgywGPwezFJ_ftnz3fd3qf1ntzc8O9waAYrwx2qFP9enpumbFM3M_tY10S7yTWIYn0FDJH8PR_PGTsihA5JU_-JIeWXeH-Ln0RbsPJwYwxI4d1LOfKv3n6SO88rre51Kav4evcnYlK4NHu9C-J9Phx5SsyBM66t4g0zLD9tps202SDjg-QRTUtAdplsBsamzdd48t19nj-UgPyBd_IwMFbCeI-c71RoTRA8Bk179Rajz3aEO8GMnh865fh3ObC00OqFQdSt88i4kVWMlbXDpskt1_c6-VysbmNL1hPWGPf3XMCCCHmZSeKGJH8kzj4LakjsiKM7yCWw26Ndu8870V59a9BfZuitRGd2aohzTEHdlO3PrcAFeW827d5yyqHjP_QUUOpiwoSLXTO2bcO4WKgHqS8O8-BsLOO5Yad2IAz4rpZiHP5Vi0eoS0_dTTBwY_QLrAOTpz18UO_4lPbBQWKTiFGx6Iw3B&sai=AMfl-YQnXPd2RJ4TltoBvfqUHPJXXqOYpX9-7apfkAl5xdZ5ErVVAFQmgHStNat2v6KYV5et5P8gZLvfjK8dKWZGJGpDpDzmA9X7Z5otnBexOUgV_E2Gp03q9nuEI9uxilnPzkBWkORFN5i1G2nFQLcsPU0YgEZajOAZnbeUtzK4LfQ7xMlA4VENlelPrswUNw36Hm19aD_JVrgcgzgwPKrJQis3Iksljkp3v7ZMZuoxBtKCbu3m7W0JXirhfESmGSxYpGIjrrekhslSySqw1gEnsFx3fNKslMHihJpc&sig=Cg0ArKJSzGJAKnYgk_DKEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=55&cbvp=1&cstd=53&cisv=r20230816.27957&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr35s10-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 19 Aug 2023 04:55:45 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Sat, 19 Aug 2023 04:55:45 GMT

GET
H2 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.10.3/ Frame AEF1 64 KB
23 KB 41ms
13ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.10.3/gsap.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b4e40ffeea4f88fa78707ac8a7aa1beefb4f707d7bba71eb8b0e40ce20fbc94

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3382193
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 23286
last-modified: Tue, 12 Apr 2022 12:35:57 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6255722d-5af6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sEH8h8yXipntwjuLZAeYRv%2Bao%2BLXJvkpolYlM3VHjm6Ol%2FXoPairWIehKN0YmDquLt8oeIFJgyzzykB40nstdjVAeoy54kWK1V%2Foki0OAlBkcoM8FT%2BrBtcqPcCjOCCEmxDqfo3BBp16kDvbXx4IVQGH"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7f8fce5f4b713651-FRA
expires: Thu, 08 Aug 2024 04:55:45 GMT

GET
H3 200 creative-1.0.9-alpha.js Show response
s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/scripts/ Frame AEF1 3 KB
1 KB 9ms
8ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/scripts/creative-1.0.9-alpha.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de22b749dfb9461f4308fddfbc79f0b636f78f4add1e26a481fdd23be02cb3c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 15:17:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 49079
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1012
x-xss-protection: 0
last-modified: Tue, 30 Aug 2022 06:59:30 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Aug 2024 15:17:46 GMT

GET
H3 200 keyvisual-x2.jpg
s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/images/ Frame AEF1 105 KB
105 KB 10ms
10ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/images/keyvisual-x2.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee0cc967bc3c04a443424ba76e45144612dc6c1d79697d242f2b05838af5c475

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Thu, 17 Aug 2023 21:24:38 GMT
x-content-type-options: nosniff
age: 113467
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 107849
x-xss-protection: 0
last-modified: Tue, 30 Aug 2022 06:59:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 16 Aug 2024 21:24:38 GMT

GET
H3 200 donut-1-x2.png
s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/images/ Frame AEF1 4 KB
4 KB 9ms
9ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/images/donut-1-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9bc0b41d96faf37f1a7392d804ad6cb2b980be26596753761024b7d3d9bb79de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 05:03:10 GMT
x-content-type-options: nosniff
age: 604355
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3967
x-xss-protection: 0
last-modified: Tue, 30 Aug 2022 06:59:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Aug 2024 05:03:10 GMT

GET
H3 200 donut-2-x2.png
s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/images/ Frame AEF1 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/images/donut-2-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6032ace0de4c42162f71431b2ab16aa63aa8c8bbed88d49eaf6e6fb7baf9448c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 17:57:19 GMT
x-content-type-options: nosniff
age: 557906
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
last-modified: Tue, 30 Aug 2022 06:59:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Aug 2024 17:57:19 GMT

GET
H3 200 partner.svg
s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/images/ Frame AEF1 414 B
313 B 8ms
7ms Image
image/svg+xml 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/images/partner.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

23f1437cd33df500ccadb5cacf49ba212539c95a7a25567c45b99caa9f26ed5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 11:44:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 321086
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 276
x-xss-protection: 0
last-modified: Tue, 30 Aug 2022 06:59:30 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 14 Aug 2024 11:44:19 GMT

GET
H3 200 text-1-x2.png
s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/images/ Frame AEF1 2 KB
2 KB 11ms
9ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/images/text-1-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4965785a1b1ac9a9aa14ba0b102acc350032529a5dbbe79fabe0a742d6c27fe8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 04:10:54 GMT
x-content-type-options: nosniff
age: 89091
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2073
x-xss-protection: 0
last-modified: Tue, 30 Aug 2022 06:59:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Aug 2024 04:10:54 GMT

GET
H3 200 text-2-x2.png
s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/images/ Frame AEF1 2 KB
2 KB 11ms
10ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/images/text-2-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f999b666b45cd6b584b91655f22e7198716c2add9dca93d80e0161bfeffb5b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 16:27:40 GMT
x-content-type-options: nosniff
age: 304085
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1760
x-xss-protection: 0
last-modified: Tue, 30 Aug 2022 06:59:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 14 Aug 2024 16:27:40 GMT

GET
H3 200 cta-x2.png
s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/images/ Frame AEF1 4 KB
4 KB 11ms
9ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/images/cta-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5b2b6f1e352f3575c381f47f2bb0aba701b7cf5b36f5cc9e689e607d375c370

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Thu, 17 Aug 2023 21:21:10 GMT
x-content-type-options: nosniff
age: 113675
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4299
x-xss-protection: 0
last-modified: Tue, 30 Aug 2022 06:59:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 16 Aug 2024 21:21:10 GMT

GET
H3 200 overlay-donut-1-x2.png
s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/images/ Frame AEF1 4 KB
4 KB 14ms
13ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/images/overlay-donut-1-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49e7f6d3bc4e956a9e9606c86cbd7c3c558ee412d27a64f57eabeb160b7ce161

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 19:28:28 GMT
x-content-type-options: nosniff
age: 34037
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3762
x-xss-protection: 0
last-modified: Tue, 30 Aug 2022 06:59:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Aug 2024 19:28:28 GMT

GET
H3 200 overlay-donut-2-x2.png
s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/images/ Frame AEF1 2 KB
2 KB 12ms
11ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/images/overlay-donut-2-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed9f95fa0e7551e2ed988e3e31066ccc1d169b992ba04a76f1fc00d8e219654d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 03:41:29 GMT
x-content-type-options: nosniff
age: 90856
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2385
x-xss-protection: 0
last-modified: Tue, 30 Aug 2022 06:59:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Aug 2024 03:41:29 GMT

GET
H3 200 overlay-cta-hover-x2.png
s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/images/ Frame AEF1 3 KB
3 KB 12ms
10ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/images/overlay-cta-hover-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82a714eed18ecef4daa162cd9dbde8dc79a9679ad93d1bb1cdce7ff35a468a95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 15:22:58 GMT
x-content-type-options: nosniff
age: 48767
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3186
x-xss-protection: 0
last-modified: Tue, 30 Aug 2022 06:59:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Aug 2024 15:22:58 GMT

GET
H3 200 overlay-cta-x2.png
s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/images/ Frame AEF1 3 KB
3 KB 13ms
11ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/images/overlay-cta-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

473922d81a67d36d47e37ecd58944bb25d8955ebb5407a9b6712a7cabf5b6640

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/397941754120502185/SIGGI-KANN_728x90/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 03:50:58 GMT
x-content-type-options: nosniff
age: 90287
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3186
x-xss-protection: 0
last-modified: Tue, 30 Aug 2022 06:59:30 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Aug 2024 03:50:58 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame CA16 22 KB
8 KB 8ms
8ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 39600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 18 Aug 2023 17:55:45 GMT
expires: Sat, 17 Aug 2024 17:55:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame FC2F 22 KB
8 KB 8ms
7ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 39600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 18 Aug 2023 17:55:45 GMT
expires: Sat, 17 Aug 2024 17:55:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.10.3/ Frame 64D2 64 KB
23 KB 29ms
17ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.10.3/gsap.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b4e40ffeea4f88fa78707ac8a7aa1beefb4f707d7bba71eb8b0e40ce20fbc94

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3382193
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 23286
last-modified: Tue, 12 Apr 2022 12:35:57 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6255722d-5af6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KWXq07OD7B4lc24%2B771vyvTXJVxfzjVYXMbTTdsFbB4FUq7ePf7d62iqz2entO2qMl49hZhuxgDybI%2B40Vxf8UgcXMlKbj3uZx5wr2fXRpH7ySp8z13jnmjPEOzxf05xf7l1MqtT1AivaH3pLHOUya%2Bk"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7f8fce5f4b773651-FRA
expires: Thu, 08 Aug 2024 04:55:45 GMT

GET
H3 200 creative-1.0.9-alpha.js Show response
s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/scripts/ Frame 64D2 3 KB
1 KB 8ms
7ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/scripts/creative-1.0.9-alpha.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de22b749dfb9461f4308fddfbc79f0b636f78f4add1e26a481fdd23be02cb3c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Thu, 17 Aug 2023 21:38:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 112607
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1012
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:05:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 16 Aug 2024 21:38:58 GMT

GET
H3 200 keyvisual-x2.jpg
s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/images/ Frame 64D2 149 KB
149 KB 14ms
14ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/images/keyvisual-x2.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12e21283448c6ab7bfc850ebfef091031b77050ea6066212ac1df1ffca1d79c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 19:38:06 GMT
x-content-type-options: nosniff
age: 33459
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 152437
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:05:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Aug 2024 19:38:06 GMT

GET
H3 200 donut-1-x2.png
s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/images/ Frame 64D2 3 KB
3 KB 10ms
9ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/images/donut-1-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e512bc9718735819af7c3eee76c7838f2db59ec6fd6db3b2a5608cb47e6f2e07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 19:34:33 GMT
x-content-type-options: nosniff
age: 33672
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3125
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:05:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Aug 2024 19:34:33 GMT

GET
H3 200 donut-2-x2.png
s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/images/ Frame 64D2 2 KB
2 KB 9ms
9ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/images/donut-2-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

846fb4e458d8b9cddb04356c1bf23974d1be6b1e2d949f5c36d6a54e2fc29dc0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 13 Aug 2023 00:33:57 GMT
x-content-type-options: nosniff
age: 534108
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1796
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:05:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 12 Aug 2024 00:33:57 GMT

GET
H3 200 partner.svg
s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/images/ Frame 64D2 414 B
316 B 12ms
11ms Image
image/svg+xml 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/images/partner.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

23f1437cd33df500ccadb5cacf49ba212539c95a7a25567c45b99caa9f26ed5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 16:19:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 563801
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 276
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:05:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Aug 2024 16:19:04 GMT

GET
H3 200 text-1-x2.png
s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/images/ Frame 64D2 2 KB
2 KB 16ms
15ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/images/text-1-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5448c99e0b094b9a097cbd0eb8c49b7baceb6e888af10b717a413394ce064d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 19:17:29 GMT
x-content-type-options: nosniff
age: 34696
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2208
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:05:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Aug 2024 19:17:29 GMT

GET
H3 200 text-2-x2.png
s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/images/ Frame 64D2 2 KB
2 KB 15ms
14ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/images/text-2-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eef6c3865717219aa07c97de591ef6475f8f3b8216a540d68534c000370bf070

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 15:40:35 GMT
x-content-type-options: nosniff
age: 47710
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2064
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:05:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Aug 2024 15:40:35 GMT

GET
H3 200 text-3-x2.png
s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/images/ Frame 64D2 4 KB
4 KB 16ms
15ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/images/text-3-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd393e32e5961a87403b779d1d0a8c2dcb4cdf5fac440018407968688876ef36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 11:25:31 GMT
x-content-type-options: nosniff
age: 322214
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3625
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:05:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 14 Aug 2024 11:25:31 GMT

GET
H3 200 cta-x2.png
s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/images/ Frame 64D2 7 KB
7 KB 13ms
12ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/images/cta-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11606077f83433ba9e0616082aa00a3b74eece230c4047367a29f17cf5e5580a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Thu, 17 Aug 2023 21:29:55 GMT
x-content-type-options: nosniff
age: 113150
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7471
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:05:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 16 Aug 2024 21:29:55 GMT

GET
H3 200 overlay-donut-1-x2.png
s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/images/ Frame 64D2 5 KB
5 KB 16ms
15ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/images/overlay-donut-1-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e547ccc7db173e5fa8588188b7ba1743fd5d958442e51ef55e3354b6e490712

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 08:36:02 GMT
x-content-type-options: nosniff
age: 591583
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4662
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:05:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Aug 2024 08:36:02 GMT

GET
H3 200 overlay-donut-2-x2.png
s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/images/ Frame 64D2 2 KB
2 KB 15ms
14ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/images/overlay-donut-2-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74c1d8ee7c0b2207bcb57b2797989bb731988855c24a5a58db548d3bae128e19

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 08:12:32 GMT
x-content-type-options: nosniff
age: 592993
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2507
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:05:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Aug 2024 08:12:32 GMT

GET
H3 200 overlay-cta-hover-x2.png
s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/images/ Frame 64D2 3 KB
4 KB 14ms
13ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/images/overlay-cta-hover-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7bb11dbdcd2946c590a444a8e2414d4dcfad33499838b5d91ceb75e770898125

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 07:03:55 GMT
x-content-type-options: nosniff
age: 597110
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3558
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:05:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Aug 2024 07:03:55 GMT

GET
H3 200 overlay-cta-x2.png
s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/images/ Frame 64D2 3 KB
4 KB 14ms
13ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/images/overlay-cta-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96bdb5f48b50603bff01238df03507034ce67a3c85c44ef03294a56ec04ca0ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17661923034595498987/SIGGI-KANN_300x600/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:58:05 GMT
x-content-type-options: nosniff
age: 327460
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3558
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:05:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 14 Aug 2024 09:58:05 GMT

GET
H2 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.10.3/ Frame CE99 64 KB
23 KB 24ms
15ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.10.3/gsap.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b4e40ffeea4f88fa78707ac8a7aa1beefb4f707d7bba71eb8b0e40ce20fbc94

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:45 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3382193
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 23286
last-modified: Tue, 12 Apr 2022 12:35:57 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6255722d-5af6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X1sjTfIlXsmDBcmBTBy%2BnSvIOoke%2FuMAZ61Inhx9r2%2BmIL47V%2BTlGC5JDCkVpBtwGPZxO6Dnq9XrQd4EFj6Owo64lCXycTuTFFvgQwSJw0f4nGTt6KTIOUhHzleTKr7Mx8iMuzK1ibC80GWMQPspP9M0"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7f8fce5f4b753651-FRA
expires: Thu, 08 Aug 2024 04:55:45 GMT

GET
H3 200 creative-1.0.9-alpha.js Show response
s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/scripts/ Frame CE99 3 KB
1 KB 8ms
7ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/scripts/creative-1.0.9-alpha.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de22b749dfb9461f4308fddfbc79f0b636f78f4add1e26a481fdd23be02cb3c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 12:23:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 59547
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1012
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:04:24 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Aug 2024 12:23:18 GMT

GET
H3 200 keyvisual-x2.jpg
s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/images/ Frame CE99 117 KB
117 KB 13ms
13ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/images/keyvisual-x2.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

27b829bc85a90bf3495216530c225dd7a4e4130722583ab8f3fb5df1d3893daa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 15:12:12 GMT
x-content-type-options: nosniff
age: 49413
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 119814
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:04:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Aug 2024 15:12:12 GMT

GET
H3 200 donut-1-x2.png
s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/images/ Frame CE99 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/images/donut-1-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5cca87c9e0a74be43a6aec384185b284b076af568ab3a32a1ab5d09b15a1e127

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 15:26:16 GMT
x-content-type-options: nosniff
age: 48569
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2293
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:04:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Aug 2024 15:26:16 GMT

GET
H3 200 donut-2-x2.png
s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/images/ Frame CE99 1 KB
1 KB 9ms
9ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/images/donut-2-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

731c6d54aeb00ca8f4fb178937c2007d74e0a352f3336f01f687761678945a63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 05:27:08 GMT
x-content-type-options: nosniff
age: 602917
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1206
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:04:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Aug 2024 05:27:08 GMT

GET
H3 200 partner.svg
s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/images/ Frame CE99 414 B
315 B 16ms
15ms Image
image/svg+xml 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/images/partner.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

23f1437cd33df500ccadb5cacf49ba212539c95a7a25567c45b99caa9f26ed5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 19:44:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33073
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 276
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:04:24 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Aug 2024 19:44:32 GMT

GET
H3 200 text-1-x2.png
s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/images/ Frame CE99 2 KB
2 KB 15ms
14ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/images/text-1-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6adac6428edb51a484c2c40855013df405dd2e310931b863963b7f63810316c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 06:25:24 GMT
x-content-type-options: nosniff
age: 599421
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1894
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:04:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Aug 2024 06:25:24 GMT

GET
H3 200 text-2-x2.png
s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/images/ Frame CE99 1 KB
1 KB 16ms
14ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/images/text-2-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8af0f28e8f1cd2fda8d4772a6498c611b1e5aacf9f3b96e899ec84835ee1c318

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 23:57:01 GMT
x-content-type-options: nosniff
age: 17924
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1499
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:04:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Aug 2024 23:57:01 GMT

GET
H3 200 text-3-x2.png
s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/images/ Frame CE99 5 KB
5 KB 16ms
15ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/images/text-3-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f82981d361d0f65315c7326b33ffa0428635479dd48dd1df4785c19126f37556

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 06:45:35 GMT
x-content-type-options: nosniff
age: 598210
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4636
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:04:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Aug 2024 06:45:35 GMT

GET
H3 200 cta-x2.png
s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/images/ Frame CE99 5 KB
5 KB 14ms
12ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/images/cta-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b6514f1a7a8a2e6357f713fe366123e6ac746b99a68463a34a324531ca3d1c81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 23:28:42 GMT
x-content-type-options: nosniff
age: 19623
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5065
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:04:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Aug 2024 23:28:42 GMT

GET
H3 200 overlay-donut-1-x2.png
s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/images/ Frame CE99 4 KB
4 KB 15ms
13ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/images/overlay-donut-1-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c78de03d62d435f83aed780f66367bf49e48d696cc0bd7fb9c85983e77884d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 01:13:22 GMT
x-content-type-options: nosniff
age: 13343
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4532
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:04:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 18 Aug 2024 01:13:22 GMT

GET
H3 200 overlay-donut-2-x2.png
s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/images/ Frame CE99 3 KB
3 KB 14ms
13ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/images/overlay-donut-2-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fb0b9b2a8a5010d882296aa6c3ba890fadc5343b83a52b780d145944558b2db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Thu, 17 Aug 2023 21:29:58 GMT
x-content-type-options: nosniff
age: 113147
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3205
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:04:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 16 Aug 2024 21:29:58 GMT

GET
H3 200 overlay-cta-hover-x2.png
s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/images/ Frame CE99 8 KB
8 KB 12ms
11ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/images/overlay-cta-hover-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

45fbd96af253805dac2c58d386ad9388438986bddcee28f7a9334f554d4ce1e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 04:56:18 GMT
x-content-type-options: nosniff
age: 604767
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7772
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:04:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 11 Aug 2024 04:56:18 GMT

GET
H3 200 overlay-cta-x2.png
s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/images/ Frame CE99 8 KB
8 KB 14ms
13ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/images/overlay-cta-x2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2a07539fc73368c642559b37f67f0a60d6e759419e4ca880eea809b0882fe6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/385730044459267856/SIGGI-KANN_300x250/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 04:01:26 GMT
x-content-type-options: nosniff
age: 89659
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7885
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:04:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Aug 2024 04:01:26 GMT

GET
H3 200 VOYjWJ9SYKUWeq_SiXQPiq5A6-bg1q_inShFnttaRxg.js Show response
pagead2.googlesyndication.com/bg/ Frame 5EBF 37 KB
14 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/VOYjWJ9SYKUWeq_SiXQPiq5A6-bg1q_inShFnttaRxg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54e623589f5260a5167aafd289740f8aae40ebe6e0d6afe29d28459edb5a4718

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Thu, 17 Aug 2023 13:43:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 141150
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14636
x-xss-protection: 0
last-modified: Mon, 14 Aug 2023 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 16 Aug 2024 13:43:15 GMT

GET
H3 200 VOYjWJ9SYKUWeq_SiXQPiq5A6-bg1q_inShFnttaRxg.js Show response
pagead2.googlesyndication.com/bg/ Frame CA16 37 KB
14 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/VOYjWJ9SYKUWeq_SiXQPiq5A6-bg1q_inShFnttaRxg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54e623589f5260a5167aafd289740f8aae40ebe6e0d6afe29d28459edb5a4718

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Thu, 17 Aug 2023 13:43:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 141150
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14636
x-xss-protection: 0
last-modified: Mon, 14 Aug 2023 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 16 Aug 2024 13:43:15 GMT

GET
H3 200 VOYjWJ9SYKUWeq_SiXQPiq5A6-bg1q_inShFnttaRxg.js Show response
pagead2.googlesyndication.com/bg/ Frame FC2F 37 KB
14 KB 12ms
10ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/VOYjWJ9SYKUWeq_SiXQPiq5A6-bg1q_inShFnttaRxg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54e623589f5260a5167aafd289740f8aae40ebe6e0d6afe29d28459edb5a4718

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Thu, 17 Aug 2023 13:43:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 141150
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14636
x-xss-protection: 0
last-modified: Mon, 14 Aug 2023 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 16 Aug 2024 13:43:15 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 17F5 0
0 46ms
45ms Fetch
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsty88pj3SDM6mygqe44AxAQTiiptyPL1WR2msFDN_FDxvkCbIaDF4symtBpoFOH7wcTtSnJgGmeQX395QRDxDIfPNbV7vACiaU_HyLwl4r_uK6TOSbkBzehNCTzCAfbavbl7cegj8OjekJnuB4rkwPz_pxqZNB-0fUIHJcYfWHREzv21QtoQaKT8nPDDhQTHTN_--jmTUPQRBBUUt9gHb60hAlgr7kG822-1refCdC-CfeqykHnGzH6qZj1FfDS2HVYXRH0vBBk98vgVskJCFY5K40UfXZxVcV3yIZc76D2QXdISU27j3As9ISbvYSMBHBSmeam8aagc_4BPAcsD3x4YGcoyBmWG-_SiJmO4u2Ki6ILH5HkQh2Nmr6uyW3IIxflbf5-AcaKJPDHYvxtGarNeEj4rQqDl3G0ghOoGOqAFE_1lZoMONYlhJHhvCZQWyaqPS80P7vHhpvTMG954fDHIrjA9qvyJ49BQV5jNciKjIstoXImPBIc4YcAbtXtszU0GivJFZbZLMxCbcmyWZU6T_rdU4Vklg5jIPbWhJLuFlLk_gAhAEGiEmPgYwTqgazCJ0HZTBARztbcMPJZ4UM4hTjLqLh75mKAhF7vEGQwR4awUstOp9o36rxljdBshpNE7-DPv_Mobxjzk5gTmXFBNZ7LkZ3Fn4GuR8FyeoydtOInK6mOlEHWn7BrKNUxUEmekJ8nunQ0YcQ1SdILQkF7ya8JYbXUGs08aDx19DKNVL5JFDNlT9VAg7IP73CV9eZEMTD7cdKm9GqG7xVI6zWBlzAdQ6lSZZ5ZZ3-A8J8Tr6Kx0_lhXXL1NfejGpUKab9yZQ7VvWhtXS7HoVg9ox1IEjhUljC7p-AuR_m303MeOF-HWPQvWZIqY8-NVKrSDEJtBMJUGHX50jY8EbnIPd3kF_2yex0PxjVMX_Mk2QSETl1x4MonDZGV-Sw4VUyZVmghaCs3aiBqlP4afScnKeKGEYDNfgduJUPNxCHNhSnvVnHv_21BxfzATLQjsJSi4RcPya7YHGXV4WB4lXGqw73aDWiqiHHWii8bwdGrRA0VBB6m3O-FxDUnDfY6w95-xj-PnDXkO9xmQlH7B30ScStrSgsD5oAH_eNckKXmZBdQ-6LH0wEthHFwiNV0U7XHuBVaN6yU1sgO2Fgt_lmz3pLd7s5dvrliHabEjCJ9kwaINx6WRWkTb_aeqYhb16SgV8oGUH4765nUMKc21gGuDQUCxtR8wr2k-3CmCSkCCUCpzkB6N549fCLvAu0&sai=AMfl-YR1xNGPVrexcjcONoOP4Qc1NXKjkZJxmzEIXKnoacMnqGE3N6hPg1VjgmaQuIxhOx_-ezLRVZGRfJL6nMM0NLngoyK1kFB6yiin33zrN8nJg3IEyLtVk5jfGtrP7dPfyq4cKBJsZU32UZw4G7IMZrpEsdg57b75uPm6nYuk4uoS6UmZ79wKMDFYd4HmzUSeagGnbL-g6VxiXNo6QAjIRXFAb7V5EdbhUfWvnx8zos5_7nJnTX_9iHRetRsVLxpoxaYNYco4ptpN5i9PgLjl7Fqhplm5v10Gidx0&sig=Cg0ArKJSzAK3d9JayQTyEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=306&vt=11&dtpt=209&dett=3&cstd=94&cisv=r20230816.61513&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr35s10-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:45 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 19 Aug 2023 04:55:45 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame DEC8 0
0 45ms
45ms Fetch
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstDdp_6eUvLxq25AQSUzIYPpFopCEaM_7x2D37JAV4Rm7pgkLfa69n-QO6elm4WCj__YTjzCUrSM7bWDhGVX0JECsTa_9PoMqnMGEBwgyIoHimZoUR7wGQJeOSd3zIkSSW8qY4fo9erzWcpSc469I6OGAXz9oPxEcf3IiaihR7BI8ingqm7Q2nS8qzOJvQiH2y-DLukdA6jDM19G2cUkdhAfhUeQ21aIXCZfPYSNsi5Wp2_IJNMCh29GJQ8uVy5IM3KWFg2BuzZ4gj-ZW8yhBI4xJCkF1LCC1eex2c4_u0JLdmLMGZJGRDP6W7S37eZxVp6Pt87TH4_hdvqFv_tzPQgO-sqp7o9lbkaEmyCY-Occ7fpIEA7qoM3V7ONAL5YUhA_sahYdqxWCRmjtS3W0pqVEDFVvsys8pDbCoOQUt5vDoh8r5fMn57i374pTn3ss6X47k9R8eK9eg9E1smFIuV8FjSneZkJ-XHo0V2kh2k3Y_Ie_xVyBMgsEba9w0Z96UaiBL9mi2eWJwPhqvWg-qDr9GLbZ5VWQuiFjAGGw2VwoJlzHjN5TvwgDnKzTF1JUTRS6aO6GflZVLvbUuMl2wi2hVDnJ5JuQURdC70hlKKj5PciicLzphyJsMd26b-KPBhROVZd-khZP9LBOxVsDIUslvB6wydg0oN9aSJu5gOQ2e_9lbHtIwPa601Eum92Dnmlw4WwZWzVP-mU00esXXqY7MupW47ay3eW_UG7EwWQp3OfiC_0SWHbJKnJtUs-p8RZwWQQ_V52w-Kgbbjsar7abVo-CREsEgywGPwezFJ_ftnz3fd3qf1ntzc8O9waAYrwx2qFP9enpumbFM3M_tY10S7yTWIYn0FDJH8PR_PGTsihA5JU_-JIeWXeH-Ln0RbsPJwYwxI4d1LOfKv3n6SO88rre51Kav4evcnYlK4NHu9C-J9Phx5SsyBM66t4g0zLD9tps202SDjg-QRTUtAdplsBsamzdd48t19nj-UgPyBd_IwMFbCeI-c71RoTRA8Bk179Rajz3aEO8GMnh865fh3ObC00OqFQdSt88i4kVWMlbXDpskt1_c6-VysbmNL1hPWGPf3XMCCCHmZSeKGJH8kzj4LakjsiKM7yCWw26Ndu8870V59a9BfZuitRGd2aohzTEHdlO3PrcAFeW827d5yyqHjP_QUUOpiwoSLXTO2bcO4WKgHqS8O8-BsLOO5Yad2IAz4rpZiHP5Vi0eoS0_dTTBwY_QLrAOTpz18UO_4lPbBQWKTiFGx6Iw3B&sai=AMfl-YQnXPd2RJ4TltoBvfqUHPJXXqOYpX9-7apfkAl5xdZ5ErVVAFQmgHStNat2v6KYV5et5P8gZLvfjK8dKWZGJGpDpDzmA9X7Z5otnBexOUgV_E2Gp03q9nuEI9uxilnPzkBWkORFN5i1G2nFQLcsPU0YgEZajOAZnbeUtzK4LfQ7xMlA4VENlelPrswUNw36Hm19aD_JVrgcgzgwPKrJQis3Iksljkp3v7ZMZuoxBtKCbu3m7W0JXirhfESmGSxYpGIjrrekhslSySqw1gEnsFx3fNKslMHihJpc&sig=Cg0ArKJSzGJAKnYgk_DKEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=258&vt=11&dtpt=203&dett=3&cstd=53&cisv=r20230816.27957&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr35s10-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:45 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 19 Aug 2023 04:55:45 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame F067 0
0 46ms
46ms Fetch
image/gif 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss2eDNE0p_H3aeg44c4yo9HQTFa8ODC-Vfl-SQgHer8s40voYoKBruz12IPhnNMRJEpMWURE1ng1XF8PpnPy1i4c_ab5cPibTJGIAN3TnJhZL18C_R_GgnWrkEsmVXHsBj9mj86JudXOWJRMWb4BftYUawKflKGso0Kr5fu5qf8ysCgycceFB2QX63tAvKSemjqI2HfnM5IMuvhYyPB4YUJ2UtZBJ4TVyLavWzIK3uQUCY69s1sAP-UZIbcqMRBNR_hL9LWaPkoVxt0ct41IEuXQy02P1GUYDBajJkKbWexNWOPTERnjj9fF319gH5VacDPotygMVMsLDpn-mUNM__Z5n--6sAVmBObbK0k8X_0xqgBjgQFCt-iZgEUaPjtRJ1ZJe_NlmO6D2KgiVdF1mrogLVvdi0rC03CIN8ltMQK4XKa_zVj5EFsLV24fkjXOxx87FP4dmBcBVTxEC2K18Yr1zBTnsexU7GGDTOYkCCVPCo063iwgYB5E4adU2i2WDky3mVshacFM2R9EcUZ6HuYWOSQIcZN_X3pzzbfkJQ-OHqEkqiL3dC3xpZSMcJND_2nNyU7QZtnNCLleAigbWxtf9JjY-zIv1pU3QZm9f9Fu0DzUn_mzv8fNn4Ne-seCj_eFahMDEWi5rjjnE-sCW4n0hip_4cGIj_U-F3sOss6RHq82LwLpLmHFth8Aw4cf77mhZT4-bynXC4nG0MtMQfYWs5IQQeeQvT1T_Wam1XU-J-6qru8v7e-LS1wpK93weQLaYp136kcZUpxJVJHiFqBDCuZ0ZW01MCB_65qaXKZJvUELIUhPlAIJ0_t46U-Z0vw66E1l8GDT21fFcwxvhmSVetaaLKS3v0TwhIRWfipbQ_TE3EqcSERtsMro0_QRLXnqnoYjd4brklC3ZDltzhM70FOP1yHOHMSOC-srKQhtSFUh1EIxQQxdKawejfEHz_rhkDg0K41ytFkeXaq1-40C16nJC6hAHxeloMGKDBQdepBskU0pLWWCgnyFaozYFgmKxpxYW90-t1h0yKpYCvuNTLUVvIfoLReIlB5GsAPBlDclchHsp5CC_8DCCLVS1WCxUK_UPVbANIDAV-Eb4gpl-nt5VTJL65kIuaffOYh42WMB27qOSbp-WR_5wPxw_TijXPt8LSAGv-oAPKDj17DgHbH_zLXmuySERgnujmFJDLLx_Ioex5MzNDI5kKwjzP-XYNoZC5MJ8QTW6mEEwuRORtUwJhmKM1nTy5IwPVU1FRuJK1KhYZZSHAmzuA&sai=AMfl-YS0PU8d0kxK8O3vnirxvQymeF5YWTsEnY25L6H2-KftnacMAlMtKVqPh1XGHK6swIENir8e452u9k8R2viWwBOvQg61JYKljh8LEInqHOf-FTK-upN5fDvtP_tWjF6BxYwsGm_c22nMCdIeTMPaBbbPsjIL428eLxcUc6crMWPpNVI9wc__Nwxk9lYt2aIHD_dsOoz28o6rgeDmZevUountycWkqwNFB4vSdsmJTgkHGCKjLOMkHShT2XV0J4s1DkA_ThaLgi_NFr7bgjO6_oQGPmo_h8J3Ec_7&sig=Cg0ArKJSzNyJPM5-497hEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=286&vt=11&dtpt=227&dett=3&cstd=57&cisv=r20230816.49031&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr35s10-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:46 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 19 Aug 2023 04:55:46 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5EBF 0
20 B 49ms
49ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bka1LUUvgZMvVI92e9u8Pk_ClqAIAAAAAOAHgBAI&bg=!MTKlMmbNAAZGPLJIZjw7ADkAdvg8Wo8tCtsayUx9xkbBu1FHtH-Mi677WIUposYfw8rTfxJB-i6_Kt_oYjb43zlpbw7CSMK5makCAAABBlIAAAAFaAEHmQMJW-D2SHBfrce7XkCwfS7XRtzhvAKT_toBxu1T6LDQ5JBrgeb8Mfmflh4T2BpHUatwYweseH_vQdsw2XlVmROR9rZ7kOF4fNm_DTgleEx2UoDJ-080OJUbz2coD0Czj7EcW5OskyAtLDR2o-h6JWuYsO7_2Dn0drC8vlChSOxXNRECMXtnB3AbJkb8ieWnHfQN4E6Xb4dzjPxTaUnIaEsafIGFzj7xLRvDGdBTva88ldl-JWn0-EQjMgBDPiEYegD5bW5R7Fq6YaOMo7uph8EmCfA3S4oT9kTf-jQm9ZSPEG2JhDRW6Twxw-zoLfVPQ1fTRlQrx61rM4auI-rEmthbEpUcrpvpN_YLZwp1Dv-1Suz9nv0NAcKSRN8TYr25KFQ2q7aU53yEVBnZhVymjDLAtQm7jS0AYCqGm_XMkbDuBj7Qo2Wl9dNhqqMAQPrswznYpIy7b5idNiWq_HG7yZrhHAHKZyGEly8MjLtjekV9601xA2ZI1WvGR8-5Ko4r_Mr6ocwXqRsPDhBaYr3qf8a44vJLtxJ2s7KAnmN9yPBgLyYngIUPOi8nnzmw7MktOp6vjdJ_KgLmpuPHtSlvW6rfNaVGAgFF-Bnx_eAzANO548zX6kqYMlTzYsO1c3x40edB_3Lr8EQGm8BGKuqr580Hy-lAr3enHPb-ovyUTb12pZ_7gZNoXToj0Pghp9sIioxriFNAfac_UEvqcdRtOFSVE4j1ZaadXTuJoxyDm455BJFEsSqCqHlaR9AmtUK-k42R-OcCOOU8Z9vvy1FxCM24ZBdBlIN074Ek3yR21Cszu5bEoFSlN4gQRgBI_6XAXf06q9XwBpTQUkdx1UvPHeVG65PM7CPrX9Vw-aaPBdjIaqw6hrmLcTsbis7mmJfVs43IxU78gTYMOXs3IJSPWtwOZZ7QHTyWjtVtBuujwoVue6QkdOyC-pU-IGNS7Hosie0Y6Dm9NuSAiPkxrjYH0GqUDTK7E1a2Tzk_u-ztR2UlBy00ApgoGihYC4EmAXW9_h1eronMRgH6Rbtb

Requested by

Host: 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
URL: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FC2F 0
20 B 51ms
49ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bh14nUUvgZJilJ_OTjuwPwq2u6AUAAAAAOAHgBAI&bg=!6Oul67_NAAZGPLJIZjw7ADkAdvg8Wq6b8QXRrlw2YajUu_qtqGcxJMCdyfXn-t6aC0oFYs3LIoSvTIqnItNSA2fx1XCmBKMbMIsCAAAAzlIAAAAFaAEHCgBIU2T9RhHdM0xz95-0mELTgtYOa0vBKzpaTusipMOZt4TdeTBAXPMKwjf2EXZ9gY3mmT1B0zGnNT_2mGbRur7eG1PLAqbT_sHzmQMJkjzJNJhgBXexSefPuk9uE7L2UxF0e0YfgTPoiPyrLNL3M1nLx_I_tfYSB3QL2FjTm1I6Gat1UPOSU0zYkx6TfeDXzQWiRrJq1HWOBOojHfKPkfQvIrg2uKPXe0bV1_Nhts5aSs57Jmk0ok3qsGsMuxmzE5OfEog8xzyZbJYOMDz5K5Q_z-Hrhv5jVXPBeJ07kKt-OlzuSBCXwC-tGXmw4z6osJvj9GRKn6Bg2XnFxuaGVlAwmUR0JUu6VvS1Uy9KmE-B3A8BcfCzd1eo7lPgDSU8-101-XsbKjDI2rujJzAmnRROqQnWZ4xR9MBHgipUX6MJil19yp6AXc_uMOCHdDDMhIWjdIjSI59nypK4Th8bHS3rGldO5nbSVTfqTrHeEWwMuP-13PDDZ7VwjzsYHVEtqzlfMsKKVspixsiJoS9E-GFm__SaDSQgEWQE7mbs-Za9eoAMydo5TixRW7srCqlI7T-o6TuZCWMg-_wxonqS37Ggy-hYJ9R5VZxQbJ2KlUa1gjqi0esyoI2pgzf5Uj9qXr7tkLPbejd0oqyP63rGrW-zuZC_mv9d8TvS5wvs6vNouy5vqZrJv9gpSlKB850VVJ4TiT3ZyYOA2o0N7qFaseGjVUQ_YOdb8KkxIAUGYuO4b1ZucDiQ63IbJNoBSeJiVrEPvXblHBMgK5-roVDvS003MOP9GAXwxEGTPFKsPfrVN1yM7MM8SMh4J11ZTbkkTk8176ud1X6sIEAocmyclFKx310X8bb7-1QRx77tgXAWf140NYXONH-AGViEP-DnBXYqlCXzzT_hsxfFNBVAkmw6Qas_OPOK1Oqsv1Lzy8EtBWjTCP-6YYFpMIsj3SqpdIC1HvDa6AGRfFieDkJ3VvORDHfA4OC_syIBzwaSpXfy-Iq2nlO1ID9i4W9O2qF9U-sDVcHggsqdp15Vgy2wc7fxo1Zhoj6f0w7FViPVjDXEg-0DH7YOoQDrsnX1nN-UzPuaHTTjsU_SIaTGcyj8K9qYeaC1jcK2e9yWowrc_-y21_uUp5YX

Requested by

Host: 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
URL: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CA16 0
20 B 51ms
51ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BBLaIUUvgZPzDJ6289u8Pz8imkA4AAAAAOAHgBAI&bg=!l5SllMDNAAZGPLJIZjw7ADkAdvg8WvlNpTAj-EEzzPus0jl0-hI8FpFJQU-wfAiQs2d_6fQe40aM-lbRFAxU6iIZPe5cGPIS4asCAAAA5lIAAAAEaAEHmQMJCh2tv2vuqeT8bYyoWar30UwfkaHCSiCuW6O6gH_zEAQvOMe7h-uXGVCccnBmF09rCuLw7hHNVM75BbLM4t_UFCaMTdxg06aqHs4J1Ng_pUUlKYCDCmze1acvs7Y8L9Jt0IQIN_eU2vOy-_8bztRftgeJwBUVTgkujb5hZfOXm3J8op-aNND3wwd9_mBEvxidr1ZeXlKT5cgpLej_g1KGz0vyB344hCjEovJl-1qAIWZ_phLzFm1E1hBJ63VeyM9F2hcTHnMd3B8wmRqhbwrykqYM8cXrjyNI6ELgU5cP8POnfMig5GezM9ySniD42oH7K8sqjlvtGDpgp_cOdEJUZFfPIIjkyaW9u0fcoyg44uWZM7Kwlrprztd11NKFTZjDwiG4CWiTvbD5LaV6-HLZuroyYvXB5OpCU8me54KRK2MX_c_OiGiQiz58WkQ6WFObDEJ1Uju22GqzdmwwSTVud2GMzPRX_FO5DYIfXr5H41F9bcx57h-Cq5ZXwdEU_U56QcJhI7CaTSOda3-cwgDD0fwH9SEGfSl1wt2Tb3lJvMwcFy0YnerkItT3xuvZpi3gG6h7iCVg4to95JWBAiimACEeeZtBo2Kr3VsmrhH3QCA3eqh4jdlbKXQJEAQzQGa35IlVUzj32OsTtQofNXUv5eYUPr9rS90elkpV-xLiSjyyl37Q5crqg7eEUVttWeWR3qPGKO7zOBB58uouKqvMWpFSQ0A_zic7-IaMbrx4dasyQv06ckSZ4Cc3cVn-OgB7mT1zCvUnB0_CBoc0ls5-izzmsL0MP0xKmwoyHHRdvvTmKEut6QENFr5ENAw-h0D_im6uZ9RHaCpsbv3qDApNRFnZdb4pQTkBV4iG1boQsg1117jDIEVEn5j1NIL7G8Si6AM9S-yMZ2UUoBvXH8AaDm52VTkl4eBEIhJqloVI6NbajlA55JTff57WQXCjT3fA7Lk0xPWl0lmel9ua669aMkZgXMTGcP7L-sK-98Po5QfqNTvOWbEhHv5GhFC3x7QU44v4apohUGKs

Requested by

Host: 9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
URL: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
12 KB 80ms
64ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202308170101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308170101/pubads_impl.js?cb=31077195

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c6c7170279c41a1086c571f3c592a0fe9597ad4ef82fa73f8224fce17ad225a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:48 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11824
x-xss-protection: 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 31ms
7ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T48CH8D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 19 Aug 2023 03:49:43 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 3965
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Sat, 19 Aug 2023 05:49:43 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
205 B 16ms
14ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=33311920&t=pageview&_s=1&dl=https%3A%2F%2Futua.com.br%2Fuy-emp-brou-turismo-social-p1%2F%3Futm_source%3Dclevertap%26utm_medium%3Demail%26utm_campaign%3Duy-utua-ct-email-emp%26utm_content%3Duy-utua-ct-email-emp-ag%26utm_term%3Duy-utua-ct-email-emp-ag-712&ul=en-us&de=UTF-8&dt=Solicite%20su%20Pr%C3%A9stamo%20de%20Turismo%20Social%20del%20Banco%20Rep%C3%BAblica&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDAiEABBAAAACAAI~&jid=173490489&gjid=890806380&cid=31169173.1692420944&tid=UA-146231564-5&_gid=707817697.1692420949&_slc=1&gtm=45He38g0n81T48CH8D&z=1217467730

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://utua.com.br/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://utua.com.br
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 28ms
28ms XHR
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-146231564-5&cid=31169173.1692420944&jid=173490489&gjid=890806380&_gid=707817697.1692420949&_u=YCDAiEABBAAAAGAAI~&z=2034634891

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://utua.com.br/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 19 Aug 2023 04:55:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://utua.com.br
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
272 B 24ms
23ms Image
image/gif 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-146231564-5&cid=31169173.1692420944&jid=173490489&_u=YCDAiEABBAAAAGAAI~&z=1709001810

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 19ms
18ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-146231564-5&cid=31169173.1692420944&jid=173490489&_u=YCDAiEABBAAAAGAAI~&z=1709001810

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 297ms
297ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202308170101/pubads_impl.js?cb=31077195

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 19 Aug 2023 04:55:49 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 1EC6 13 KB
5 KB 8ms
8ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://utua.com.br/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 6715
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 19 Aug 2023 03:03:54 GMT
expires: Sun, 18 Aug 2024 03:03:54 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 0FCD 829 B
558 B 17ms
17ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

55dd9b029450d233b043b5cc8dbe54f4cb7e4389877e2d511abbda1a0b7fe71c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-GobuWT9Fir_6HiMmGYOYFw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://utua.com.br/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 536
content-security-policy: script-src 'report-sample' 'nonce-GobuWT9Fir_6HiMmGYOYFw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 19 Aug 2023 04:55:49 GMT
expires: Sat, 19 Aug 2023 04:55:49 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 VOYjWJ9SYKUWeq_SiXQPiq5A6-bg1q_inShFnttaRxg.js Show response
pagead2.googlesyndication.com/bg/ Frame 1EC6 37 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/VOYjWJ9SYKUWeq_SiXQPiq5A6-bg1q_inShFnttaRxg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54e623589f5260a5167aafd289740f8aae40ebe6e0d6afe29d28459edb5a4718

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Thu, 17 Aug 2023 13:43:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 141154
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14636
x-xss-protection: 0
last-modified: Mon, 14 Aug 2023 12:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 16 Aug 2024 13:43:15 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 0FCD 0
0 41ms
41ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202308170101&jk=3242360157067772&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 1EC6 0
10 B 9ms
8ms Image
text/plain 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?vrfO1A
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sat, 19 Aug 2023 04:55:49 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 17F5 42 B
64 B 48ms
47ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssQ7K528dMCfaP9Q5Hpg1Hbnm1FDwDDUM6w4IvLPUSl0oByQl6WLjELRFlxuEVLzvrf0C4RWJsEATDwNtHN7PNSyrv_htJvKhGt7rbdvOJtoMdQt5qgjyMgQWgtDuL9Kckloe5iOgb1hQ2k&sai=AMfl-YRMB8c-hEs5czVgYYkGy2S_Kgdx35Y7-V2WdZvVvrD18Msed7mwGxUzgxsZWaiMOdVpge5nMQ4aPCByPRVKSpk6FGKd8XMWXAUjcb2Ks783DLPxN2m9svEJvSFKGstIWFOhmjXyj0tUZ-HaDw&sig=Cg0ArKJSzKD-Wat9lEueEAE&cid=CAQSTABpAlJWRiW9dbtfCF6wm-rL1kvAa4E7PZruphcd6LFo5dS2MWg3vwO3GhHYmelcTU1nYoilkTYkG0Z_B3hh2Zi775Fiz8FNls3Kb7gYAQ&id=lidar2&mcvt=1000&p=122,436,212,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230816&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3399986936&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1692420945320&rpt=3248&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame DEC8 42 B
64 B 47ms
47ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvvOZ2DwjtUzOgo9xMM__TEg-MpkVhYlhUNvImoZTKEo0v2oqW9Ge8B2yDn5HuPDr3uuyiQE3xhAWzxamaZhbAYorQc4dGk50iVIzomieZ7G9yH5hjai7Ag7BVdv6-oIbBvdWKfju-QVq5m&sai=AMfl-YST06vvkkz8lrBQGJT3rATW2br1L6w1dku2-TuvWfQjFAClUoRBb1o_4IunsqcaJun0ygNaRxEKBFwyLWB5MSwJr0SeOnlaAyp_g4I6tWdX59GIWSWtuvHqe9nyRy9EVsmXa3kO04TChpVCdA&sig=Cg0ArKJSzKTEvACyGkSiEAE&cid=CAQSTABpAlJWRiW9dbtfCF6wm-rL1kvAa4E7PZruphcd6LFo5dS2MWg3vwO3GhHYmelcTU1nYoilkTYkG0Z_B3hh2Zi775Fiz8FNls3Kb7gYAQ&id=lidar2&mcvt=1000&p=884,650,1134,950&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230816&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1558435176&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1692420945339&rpt=3263&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 17F5 0
20 B 45ms
45ms Ping
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=9720541875318&version=m202307240101&ct=76&x=1&cor=12783392816411542000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F067 42 B
64 B 49ms
48ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstcl7xRppBMERiZBvib9QS5llSYVXP_0yVM34OEPdDz-lfrHC479eV0iztmVHUzM-gI2ea26PvPHpinliLLxIr5f2L1yp2CXYEmZ_SkinoVZE0qZXqjASz9FMS9H7SpzuDJCuWQPPP80jyq&sai=AMfl-YQ9VXoMPRe1luWquEa1UXXEKMkktcpdHHo7D3hvRwMOAbyL05xwE_Z064Do85yg9dMcq-yPHo3megJyuNZ7lkI-QxPserB3W6YZxOlpSp_iOHc6-Xwb8TyyK1gnBSy573-plM-CNIyjCRYoHQ&sig=Cg0ArKJSzPFFXinsz1NjEAE&cid=CAQSTABpAlJWRiW9dbtfCF6wm-rL1kvAa4E7PZruphcd6LFo5dS2MWg3vwO3GhHYmelcTU1nYoilkTYkG0Z_B3hh2Zi775Fiz8FNls3Kb7gYAQ&id=lidar2&mcvt=1007&p=260,1288,860,1588&mtos=1007,1007,1007,1007,1007&tos=1007,0,0,0,0&v=20230816&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=695725469&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1692420945346&rpt=3294&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DEC8 0
20 B 46ms
46ms Ping
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5512449448692&version=m202307240101&ct=76&x=1&cor=14552874646495030000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F067 0
20 B 45ms
45ms Ping
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=7418944171478&version=m202307240101&ct=76&x=1&cor=3591658478849382400

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 19 Aug 2023 04:55:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 50ms
50ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202308170101&jk=3242360157067772&bg=!-_il-KzNAAZGPLJIZjw7ADkAdvg8WvwIgIYRQlFqN3abCxl_59Zon5dM8fu4H0McFiZdTHzgkD0WcyTcVlG1_xHr757k5YBMiv4CAAAAT1IAAAAFaAEHCgCIeaf8IEyPti0lfY8tyhJmc6XHtHXCcUuzjOe6l_pwI_JrYCC1DdysKxj-JgNPCfUskKzI15Hl6QW1IiXqRTd7sgINTYvL6xQBLqrmkiVniW2Gp0LDDJZDACmMsRz1r8pLtSYx-0xRMwnK1Y-xTiUqfklpJjC23mhuKJoFaLUNy_Qy2DArgkXTcZkCygrMW9oZ-FWpIshL8T1cCE-WqUyIw_u8cJiyt-QklIzjcH5qokk0RkJqeo_aWT8G7jvqBGfa8qHnXj7JQ5unDH5lzXdRa-ya2FttdGjM1lJKw0punPADRz5MtWIJRIaPfXcdllLQMn904pPXjnjGsMPcasGzIOrN4EmgzfHPcMJjB-AkTp6aGqBYiXkYt_lmVX4Or6tc6nT2ZymDAGOwI6SuzdxYtTw7OLw_1HniF2kWZilCuKo4IKZC9OatFH0qHHd6Occc17XhljcyZPaQhxeEcPmHWbq1TcgYQ9Ebql2uKr0PfG_7853qliS8Tvi4Of7gNKvR4UM_uK7aaqeN2Q3MqoEN048IoxzxXrJFwSF2vZGLAMMMjcTO0oMaIsL6YWUIROLk3fcT8snQ5zHRmdjJXiA48U3a-55zVHdHmCvnEGFiJcKFdaGi1-RxU5BMxxMKN5aoVb029ADDvfBqDHsu8r_qFrzh1lW7JJOha8KyTXFHjppeNxEtUT2wmosUj6me9DCCtZgWAnAJ6w-iYGtUZLbPFf1DttMJXhGT7bu8LrOJ7dO3WH2_RpOTupWnCvrs-c_Yj8pVi21dpDAQz8aXRiQIkSas6z4LFA663C_lWtZD1aGm9dk7kzFMmN4sdv8wefS--bXFwZDVsgwJn1s7VTE6ztNMkmVhq2oR-BzMyzxo3CdjlwB9rWDSaWunmByk0ziMFdI-GAnWq-gK4xpc8sPiY9DA7fnXJ8QzwLqLkLJ0ZxIPxLt-Nsyvv-tOo67AH8__SyN6Rq2nHuSfnrHIFDqnwXVxUOJEC9QaWrj94dGNC9fh9Tng-z2_10aDNXj9jmRz4LTMgHq8zkEnqg_009F5QtFj3aKs8N31TKMA34_ujQKnd6s3SjcULD-9z5wWjY_oFCrDTrggM9myNxCLdkZz5kw5WPg-YqEvwKQUNq-W5pKXyBPCIQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://utua.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

198 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

22 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
utua.com.br/uy-emp-brou-turismo-social-p1	1970-01-20 14:08:27	Name: bg_location Value: %7B%22location%22%3A%7B%22country%22%3A%22DE%22%2C%22city%22%3A%22Erlangen%22%2C%22continent%22%3A%22EU%22%2C%22region%22%3A%22Bavaria%22%2C%22regionCode%22%3A%22BY%22%2C%22timezone%22%3A%22Europe%2FBerlin%22%2C%22latitude%22%3A%2249.59850%22%2C%22longitude%22%3A%2210.99700%22%7D%7D
.utua.com.br/	1970-01-20 16:16:36	Name: _gcl_au Value: 1.1.1116598624.1692420944
.utua.com.br/	1970-01-20 14:07:00	Name: lotame_domain_check Value: utua.com.br
.utua.com.br/	1970-01-20 21:19:00	Name: bg_anonymousId Value: dc9bf42a-ad3c-4b9a-bb6a-0cd88adca44d
.utua.com.br/	1970-01-20 14:07:02	Name: bg_sessionId Value: bf0ce49c-b2b1-4b15-9dee-bc2b924863cf
.openx.net/	1970-01-20 22:52:36	Name: i Value: e0ebe6a7-2f3e-4120-b09c-0542932c580e\|1692420944
.criteo.com/	1970-01-20 23:28:36	Name: uid Value: 5d9aaf4c-ed8a-4561-9caf-cbf6d537b07b
.utua.com.br/	1970-01-20 23:28:36	Name: cto_bundle Value: gGkYM19RVXNZNVklMkI5bFdBJTJGcEQlMkY0JTJGbXAlMkZJRVNlbSUyQngzTWpRRWkyYXBMdXRHbVo0ZzZsc1VTTllIVE42TkwlMkI4bHJoNGJ2TUVFeiUyQk5aa21kJTJGdnZzWktabG9jaDl6OHAlMkI1NCUyQkFOcXJlRlpSJTJCQ0UxdHA3UlJIc3k2R2dHeGJkYVN6VVZjdUpycjdmbW03MnowYmJwclZTNG1nZ0ElM0QlM0Q
.utua.com.br/	1970-01-20 23:28:36	Name: __gads Value: ID=b13b988a0b33f3f8:T=1692420944:RT=1692420944:S=ALNI_MYBjov7hxVilEFjwB3I7Tg_al-i_A
.utua.com.br/	1970-01-20 23:28:36	Name: __gpi Value: UID=00000c62539e40fd:T=1692420944:RT=1692420944:S=ALNI_MZs-RMayNLz-Oe9tw62_hFJsjz62A
.utua.com.br/	1970-01-20 23:43:00	Name: _ga_Y1WZWFMSQF Value: GS1.1.1692420944.1.0.1692420945.59.0.0
.doubleclick.net/	1970-01-20 23:28:36	Name: IDE Value: AHWqTUnVRHGNSv9WrvLjysoQlDtay3IeCEVXD_Z6TOKQTCMniofUUCmMzIGa--lG
.casalemedia.com/	1970-01-20 22:52:36	Name: CMID Value: ZOBLUQthoaBt89P2-EeZWAAA
.casalemedia.com/	1970-01-20 16:16:36	Name: CMPS Value: 3358
.casalemedia.com/	1970-01-20 16:16:36	Name: CMPRO Value: 3358
.adnxs.com/	1970-01-20 16:16:36	Name: uuid2 Value: 1128513735132810758
.doubleclick.net/	1970-01-20 14:07:04	Name: DSID Value: NO_DATA
.adnxs.com/	1970-01-20 16:16:36	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GTzH>>Oi!@wnfH8K6pQK`!5=E<L5?%K@5f3M!kYxJij57TJ3N^oQ4!HEfAU(5KetZ#P%nugO%v4VB%nmq$/U!p
.doubleclick.net/	1970-01-20 18:26:12	Name: APC Value: AfxxVi5RRCAL9IeN4p68s_qpnvR_j9IafSKNYqm3EGXDzTrvXuNfHA
.utua.com.br/	1970-01-20 23:43:00	Name: _ga Value: GA1.3.31169173.1692420944
.utua.com.br/	1970-01-20 14:08:27	Name: _gid Value: GA1.3.707817697.1692420949
.utua.com.br/	1970-01-20 14:07:01	Name: _dc_gtm_UA-146231564-5 Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9a1e07b7ace698170be9362310718f28.safeframe.googlesyndication.com
assets.begrowth.com.br
bcp.crwdcntrl.net
bucket.utua.com.br
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.prod.uidapi.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
google-bidout-d.openx.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
growthcontrol-events-endpoint-go-wfqcv7fa5a-rj.a.run.app
gum.criteo.com
ib.adnxs.com
id5-sync.com
invstatic101.creativecdn.com
location.begrowth.com.br
oa.openxcdn.net
oajs.openx.net
pagead2.googlesyndication.com
region1.analytics.google.com
s0.2mdn.net
securepubads.g.doubleclick.net
static.criteo.net
stats.g.doubleclick.net
tags.crwdcntrl.net
tpc.googlesyndication.com
u28862171.ct.sendgrid.net
utua.com.br
wizrocketmail.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
141.95.98.64
142.250.186.66
143.204.98.52
167.89.118.28
178.250.1.11
185.80.39.216
185.89.210.244
2001:4860:4802:32::35
2001:4860:4802:34::36
216.58.206.34
2600:9000:2250:1400:a:e047:753:6381
2606:4700:10::6816:129
2606:4700:10::6816:3556
2606:4700:10::ac43:1b40
2606:4700:20::681a:451
2606:4700:20::ac43:480b
2606:4700::6810:5714
2606:4700::6811:180e
2a00:1450:4001:803::2002
2a00:1450:4001:809::2002
2a00:1450:4001:80b::2001
2a00:1450:4001:80e::200a
2a00:1450:4001:812::2003
2a00:1450:4001:813::2006
2a00:1450:4001:827::2001
2a00:1450:4001:827::2004
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2008
2a00:1450:4001:82b::200e
2a00:1450:4001:831::2002
2a00:1450:400c:c00::9d
2a02:2638:d::2
34.102.146.192
34.120.107.143
34.255.227.198
34.96.70.87
35.244.159.8
65.9.66.122
09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14
0b7c1f9b0cd43d700389d777d0d7e54ac741860e29caa6ad833ca4d3eb27585d
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ef7e00750f06efee8a0074f2984b78a62c1a0f8cb971f01197532d57a78a836
0f380fdee43a0103d5cd9bee42e3822ac60512f918a7ed2f805cdaefc5beadc5
1073a9d1ab7264ebd41b25c5279f8323b18a1a0a097e06f54f29ae1417097e9e
11606077f83433ba9e0616082aa00a3b74eece230c4047367a29f17cf5e5580a
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12e21283448c6ab7bfc850ebfef091031b77050ea6066212ac1df1ffca1d79c9
14b4caf239342334bf7b8280605e60f67c33c589762047b8bd67c0552fdb80a6
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1fb0b9b2a8a5010d882296aa6c3ba890fadc5343b83a52b780d145944558b2db
23f1437cd33df500ccadb5cacf49ba212539c95a7a25567c45b99caa9f26ed5a
27b829bc85a90bf3495216530c225dd7a4e4130722583ab8f3fb5df1d3893daa
2ae072b67edb6016f6425f5d59b9ffd393f38f1d631d108a6dd05339cc726835
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
42b9a15f9b6a86e0bca2678c6a6679ed2e73777ca55d893012e685275249f702
4539a37b37acaf787b3ccd0bb1e9a3372c9150aff547eeddd0296ad2a6d664f8
45fbd96af253805dac2c58d386ad9388438986bddcee28f7a9334f554d4ce1e7
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
473922d81a67d36d47e37ecd58944bb25d8955ebb5407a9b6712a7cabf5b6640
4965785a1b1ac9a9aa14ba0b102acc350032529a5dbbe79fabe0a742d6c27fe8
49e7f6d3bc4e956a9e9606c86cbd7c3c558ee412d27a64f57eabeb160b7ce161
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b61f735ba127d88a8673f26e34a79bc25968d5be1bb43004958065526d28bb9
4c7f3d61808c4f1a272fdb151fdd0c184f2c9709025a4b8af856f8294a5ae451
4d32de8dbcd686348107dab5165797e90fb0f390f7dd172c6277054978ee4288
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5448c99e0b094b9a097cbd0eb8c49b7baceb6e888af10b717a413394ce064d2e
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
54e623589f5260a5167aafd289740f8aae40ebe6e0d6afe29d28459edb5a4718
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55dd9b029450d233b043b5cc8dbe54f4cb7e4389877e2d511abbda1a0b7fe71c
57d8fcfb7a0018ccc265d40aff88301f499234af309d2f15c1182c8436377603
5a97084b3cca6a8ff925cb6a7a6827201aa166b36a9bc27034fc81aef054091f
5b7b259a87df556c5752105da739eaaf0142a9b2c83fec6fd092501f90bc5817
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5cca87c9e0a74be43a6aec384185b284b076af568ab3a32a1ab5d09b15a1e127
6032ace0de4c42162f71431b2ab16aa63aa8c8bbed88d49eaf6e6fb7baf9448c
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63f223dd3348a4402a4277945a9adaff2f9019056a2cff2b67cb39805501aab4
6adac6428edb51a484c2c40855013df405dd2e310931b863963b7f63810316c0
6b351167d8d4892c010b6ade158b776fce7f35361bc8e8a3ed74ec32ed6f6455
6b7faea750227b54a6938a6403fc6c96c480f890218d63e9acbd1ade6f1d664c
6c78de03d62d435f83aed780f66367bf49e48d696cc0bd7fb9c85983e77884d6
729fdd056968891a9b7a1eb8fa6365f58a7da10fd953e837feec3bea6501b585
731c6d54aeb00ca8f4fb178937c2007d74e0a352f3336f01f687761678945a63
74c1d8ee7c0b2207bcb57b2797989bb731988855c24a5a58db548d3bae128e19
78ae55fc0ceb8ac07f56b87f7886371e91a57dafb6ee5154f317b7bb11da12a7
7bb11dbdcd2946c590a444a8e2414d4dcfad33499838b5d91ceb75e770898125
7e547ccc7db173e5fa8588188b7ba1743fd5d958442e51ef55e3354b6e490712
821da8af52f9abd6ed4c5148caee6e2cf2188c9ca01a0008a5a1ce789ce7d99b
82a714eed18ecef4daa162cd9dbde8dc79a9679ad93d1bb1cdce7ff35a468a95
846fb4e458d8b9cddb04356c1bf23974d1be6b1e2d949f5c36d6a54e2fc29dc0
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85546fc1dc5bd86a9db3f5d39e5cbc0dd92106c5e67c147d78eddf19b3f13a2b
8af0f28e8f1cd2fda8d4772a6498c611b1e5aacf9f3b96e899ec84835ee1c318
8b4e40ffeea4f88fa78707ac8a7aa1beefb4f707d7bba71eb8b0e40ce20fbc94
94257fc3866c7bbdc584c7bf3abbbfa228e6959e3c1708ca619fd2175729c0af
96bdb5f48b50603bff01238df03507034ce67a3c85c44ef03294a56ec04ca0ba
9a4eb2c9445287c34cb0a9ed5cc673460362483f0855bc91f8230dfa46a955e1
9bc0b41d96faf37f1a7392d804ad6cb2b980be26596753761024b7d3d9bb79de
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0a2f40bfe8ae021cef102b7c3220597c237c189cd4a7b50bf3f705cf9106b64
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a695b8b12c7d88355d0b1b33d6c643a7913bcfbeae91553bd7560019188b1032
a96924ddd5fb2ea84242905ab60d5ba262bb28e91fd6f097a077db0a63728dec
b04a268fbd6ac543dcd653b1c529871767a5b78cb2a2f40e54bcb0bfe2daa154
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2
b260c616a6d660b3ae76f05922d6608e49cfc3ab869e7ca1f603f0f72cea7930
b6514f1a7a8a2e6357f713fe366123e6ac746b99a68463a34a324531ca3d1c81
b99e2ac0acd1e779f2db8aa9fc92e5901207ad6150689a5318163a70ee667157
bd393e32e5961a87403b779d1d0a8c2dcb4cdf5fac440018407968688876ef36
c0c2ec1f2d626ab278d81abe34d30681f0007e8c79a890165f27e3e1550e99b7
c282a87204ed0af32b0a750700e74bfb4368bca16f5fd07d3ece989c9ccb9291
c2b09643e58ded9316fb73dfab3ffca42772599008066cf599bfc7fb40766c1d
c6c7170279c41a1086c571f3c592a0fe9597ad4ef82fa73f8224fce17ad225a9
c6e298baccf7bccebe558cd80c7473a2c6910bd2b2ec674e63079bc8adfef527
c8777c0d6797cc6fa9e363f2d7da0c072b2a6abb112f67e61418727a40db2aef
cb17e328db995729cac7af4b9c6daaee6377e343ce2efbcfc4d538900f9b6959
ccd0757f023e0bbda7f4bbd2c5d84103681c9ce2b771337534d31066853e248d
d95df2652b4b0c7f1aaf21e2aa059e175659a02231d8180e73a01c4eaccfd986
dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48
de22b749dfb9461f4308fddfbc79f0b636f78f4add1e26a481fdd23be02cb3c7
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e0c750b97759124bffe209a81cfb7a3aa05dd20ca1168314348cb865254f1ce2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e512bc9718735819af7c3eee76c7838f2db59ec6fd6db3b2a5608cb47e6f2e07
ed0b6cf04cd484a5a817d7e64121674b837a42c361df9231f899270acbf49dfb
ed9f95fa0e7551e2ed988e3e31066ccc1d169b992ba04a76f1fc00d8e219654d
ee0cc967bc3c04a443424ba76e45144612dc6c1d79697d242f2b05838af5c475
eef6c3865717219aa07c97de591ef6475f8f3b8216a540d68534c000370bf070
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0b0f3f481c7e6a25238ea4afcf9800847f8f9b0809553deb5de15a492daa734
f2a07539fc73368c642559b37f67f0a60d6e759419e4ca880eea809b0882fe6a
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f5b2b6f1e352f3575c381f47f2bb0aba701b7cf5b36f5cc9e689e607d375c370
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
f82981d361d0f65315c7326b33ffa0428635479dd48dd1df4785c19126f37556
f8b9e51102c356563c3916c00ddba149e680776c41b700d9e931389423010b1f
f999b666b45cd6b584b91655f22e7198716c2add9dca93d80e0161bfeffb5b40
fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48
ff86decafa3690114e1f5bcc0e6816b71cd7c74d15240bc1aa4b7c11aeebcf5a

utua.com.br Open in urlscan Pro 2606:4700:10::ac43:1b40 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

197 Requests

93 %HTTPS

63 %IPv6

27 Domains

40 Subdomains

37 IPs

6 Countries

2109 kBTransfer

5148 kBSize

22 Cookies

0 Outgoing links

Page URL History

Redirected requests

197 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

utua.com.br Open in urlscan Pro
2606:4700:10::ac43:1b40 Public Scan

Screenshot
Live screenshot

Full Image

197
Requests

93 %
HTTPS

63 %
IPv6

27
Domains

40
Subdomains

37
IPs

6
Countries

2109 kB
Transfer

5148 kB
Size

22
Cookies

197 HTTP transactions
3 data transactions