opovoemfoco.com Open in urlscan Pro
67.23.238.41 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://opovoemfoco.com/
Submission Tags: krdtest
Submission: On May 28 via api (May 28th 2021, 8:08:42 am UTC) from JP

Summary HTTP 251 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 40 IPs in 4 countries across 29 domains to perform 251 HTTP transactions. The main IP is 67.23.238.41, located in United States and belongs to DIMENOC, US. The main domain is opovoemfoco.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 28th 2021. Valid for: 3 months.

This is the only time opovoemfoco.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
42	67.23.238.41 67.23.238.41	33182 (DIMENOC) (DIMENOC)
2	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
1	2600:9000:218... 2600:9000:2182:e400:1c:8a07:5e80:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
4	194.1.147.53 194.1.147.53	210250 (WPX) (WPX)
1	2606:4700::68... 2606:4700::6812:e134	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:218... 2600:9000:2182:d800:c:abe:f440:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
1	2600:9000:218... 2600:9000:2182:e400:c:a9b7:ddc0:93a1	16509 (AMAZON-02) (AMAZON-02)
13	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	3.213.224.136 3.213.224.136	14618 (AMAZON-AES) (AMAZON-AES)
9	2600:9000:218... 2600:9000:2182:8a00:1d:85c3:6640:93a1	16509 (AMAZON-02) (AMAZON-02)
1	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
21	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	52.29.0.64 52.29.0.64	16509 (AMAZON-02) (AMAZON-02)
2	2600:1901:0:7... 2600:1901:0:76b9::	15169 (GOOGLE) (GOOGLE)
26	2606:4700:20:... 2606:4700:20::681a:bd1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
2	2620:116:800d... 2620:116:800d:21:51e4:db4b:4436:b305	16509 (AMAZON-02) (AMAZON-02)
4 4	52.41.116.81 52.41.116.81	16509 (AMAZON-02) (AMAZON-02)
10	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
4 4	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
4 4	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
31	2a00:1450:400... 2a00:1450:4001:800::2001	15169 (GOOGLE) (GOOGLE)
2 4	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
4	2606:4700:303... 2606:4700:3032::6815:57ae	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 5	2a00:1450:400... 2a00:1450:4001:809::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:803::2006	15169 (GOOGLE) (GOOGLE)
1	2a05:d01c:1d8... 2a05:d01c:1d8:8102:9cdd:d1ce:f1f6:d7df	16509 (AMAZON-02) (AMAZON-02)
4	104.111.239.217 104.111.239.217	16625 (AKAMAI-AS) (AKAMAI-AS)
6	46.236.13.147 46.236.13.147	24931 (DEDIPOWER) (DEDIPOWER)
4	13.226.159.114 13.226.159.114	16509 (AMAZON-02) (AMAZON-02)
2	81.29.72.47 81.29.72.47	24931 (DEDIPOWER) (DEDIPOWER)
4	34.253.75.69 34.253.75.69	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:827::2013	15169 (GOOGLE) (GOOGLE)
251	40

42 67.23.238.41 (United States)

ASN33182 (DIMENOC, US)
PTR: us123-cp.valueserver.com.br

opovoemfoco.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2182:e400:1c:8a07:5e80:93a1 (United States)

ASN16509 (AMAZON-02, US)

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 194.1.147.53 (Chicago, United States)

ASN210250 (WPX, BG)
PTR: wpx.net

www.happythemes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:e134 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2182:d800:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)

buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2182:e400:c:a9b7:ddc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.sharethis.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.213.224.136 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-213-224-136.compute-1.amazonaws.com

count-server.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2600:9000:2182:8a00:1d:85c3:6640:93a1 (United States)

ASN16509 (AMAZON-02, US)

platform-cdn.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.29.0.64 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-0-64.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:76b9:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

prod-rtb.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2606:4700:20::681a:bd1 (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:51e4:db4b:4436:b305 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.41.116.81 (Boardman, United States) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-41-116-81.us-west-2.compute.amazonaws.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.227.252.103 (Kansas City, United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.189.115 (United Kingdom) 4 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.138 (Frankfurt am Main, Germany) 2 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2a00:1450:4001:800::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3032::6815:57ae (United States)

ASN13335 (CLOUDFLARENET, US)

static-de.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:809::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:803::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d01c:1d8:8102:9cdd:d1ce:f1f6:d7df (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.111.239.217 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-239-217.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 46.236.13.147 (United Kingdom)

ASN24931 (DEDIPOWER, GB)
PTR: 46-236-13-147.servers.dedipower.net

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.226.159.114 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-159-114.dus51.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
analytics-wg.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 81.29.72.47 (Croydon, United Kingdom)

ASN24931 (DEDIPOWER, GB)
PTR: 81-29-72-47.servers.dedipower.net

diapi.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.253.75.69 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-253-75-69.eu-west-1.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

w-it.m-t.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
59	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	636 KB
42	opovoemfoco.com opovoemfoco.com	1 MB
32	doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	159 KB
26	ad4m.at ad4m.at as.ad4m.at assets.ad4m.at	768 KB
13	sharethis.com platform-api.sharethis.com buttons-config.sharethis.com count-server.sharethis.com platform-cdn.sharethis.com l.sharethis.com	42 KB
11	google.com 4 redirects adservice.google.com www.google.com	993 B
8	webgains.io analytics.webgains.io api.webgains.io analytics-wg.webgains.io	210 KB
8	webgains.com track.webgains.com diapi.webgains.com	197 KB
7	googletagservices.com www.googletagservices.com	249 KB
6	ad4mat.net prod-rtb.ad4mat.net static-de.ad4mat.net ad4mat.net
4	m-t.io w-it.m-t.io	473 B
4	awin1.com www.awin1.com	3 KB
4	pubmatic.com 4 redirects image6.pubmatic.com	2 KB
4	openx.net 4 redirects rtb.openx.net	1 KB
4	addthis.com 4 redirects e.dlx.addthis.com	4 KB
4	happythemes.com www.happythemes.com	5 KB
3	2mdn.net s0.2mdn.net	69 KB
2	rubiconproject.com 2 redirects pixel.rubiconproject.com	917 B
2	quantserve.com cms.quantserve.com	925 B
2	google.de adservice.google.de	883 B
2	gstatic.com fonts.gstatic.com	29 KB
2	google-analytics.com www.google-analytics.com	19 KB
2	googleapis.com fonts.googleapis.com	1 KB
1	innovid.com ag.innovid.com	296 B
1	mookie1.com odr.mookie1.com	324 B
1	googleadservices.com partner.googleadservices.com	263 B
1	consensu.org c.sharethis.mgr.consensu.org	1 KB
1	onesignal.com cdn.onesignal.com	3 KB
1	googletagmanager.com www.googletagmanager.com	35 KB
251	29

	Domain	Requested by
43	tpc.googlesyndication.com	googleads.g.doubleclick.net opovoemfoco.com tpc.googlesyndication.com pagead2.googlesyndication.com
42	opovoemfoco.com	opovoemfoco.com
22	googleads.g.doubleclick.net	pagead2.googlesyndication.com opovoemfoco.com googleads.g.doubleclick.net
16	pagead2.googlesyndication.com	opovoemfoco.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
12	assets.ad4m.at	as.ad4m.at
10	cm.g.doubleclick.net	googleads.g.doubleclick.net
10	ad4m.at	googleads.g.doubleclick.net ad4m.at
9	www.google.com	4 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
9	platform-cdn.sharethis.com	opovoemfoco.com
7	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
6	track.webgains.com	as.ad4m.at analytics.webgains.io
4	w-it.m-t.io	analytics-wg.webgains.io
4	api.webgains.io	analytics.webgains.io
4	www.awin1.com	as.ad4m.at
4	as.ad4m.at	ad4m.at as.ad4m.at
4	image6.pubmatic.com	4 redirects
4	rtb.openx.net	4 redirects
4	e.dlx.addthis.com	4 redirects
4	www.happythemes.com	opovoemfoco.com
3	s0.2mdn.net	tpc.googlesyndication.com
2	analytics-wg.webgains.io	analytics.webgains.io
2	diapi.webgains.com	track.webgains.com
2	analytics.webgains.io	track.webgains.com
2	ad4mat.net	ad4m.at
2	static-de.ad4mat.net	ad4m.at
2	pixel.rubiconproject.com	2 redirects
2	cms.quantserve.com	googleads.g.doubleclick.net
2	prod-rtb.ad4mat.net	opovoemfoco.com
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	fonts.gstatic.com	fonts.googleapis.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	fonts.googleapis.com	opovoemfoco.com tpc.googlesyndication.com
1	ag.innovid.com	googleads.g.doubleclick.net
1	odr.mookie1.com	googleads.g.doubleclick.net
1	l.sharethis.com	platform-api.sharethis.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	count-server.sharethis.com	platform-api.sharethis.com
1	c.sharethis.mgr.consensu.org	platform-api.sharethis.com
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	cdn.onesignal.com	opovoemfoco.com
1	platform-api.sharethis.com	opovoemfoco.com
1	www.googletagmanager.com	opovoemfoco.com
251	43

This site contains links to these domains. Also see Links.

Domain
vaka.me
www.twitter.com
www.facebook.com
www.happythemes.com

Subject Issuer	Validity	Valid
opovoemfoco.com cPanel, Inc. Certification Authority	`2021-05-28` - `2021-08-26`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
sharethis.com Amazon	`2020-08-17` - `2021-09-16`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
happythemes.com R3	`2021-05-13` - `2021-08-11`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-04` - `2021-08-04`	a year	crt.sh
*.google.com GTS CA 1O1	`2021-05-03` - `2021-07-26`	3 months	crt.sh
sharethis.mgr.consensu.org Amazon	`2021-04-07` - `2022-05-06`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.ad4mat.net AlphaSSL CA - SHA256 - G2	`2019-08-06` - `2021-09-08`	2 years	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.innovid.com RapidSSL RSA CA 2018	`2020-02-07` - `2022-04-07`	2 years	crt.sh
www.awin1.com DigiCert Secure Site ECC CA-1	`2020-04-21` - `2021-07-21`	a year	crt.sh
*.webgains.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-20` - `2022-06-20`	a year	crt.sh
*.webgains.io Amazon	`2021-03-12` - `2022-04-10`	a year	crt.sh
w-it.m-t.io GTS CA 1D4	`2021-04-09` - `2021-07-09`	3 months	crt.sh

This page contains 34 frames:

Primary Page: https://opovoemfoco.com/
Frame ID: 558B5762D4DB43FDE93D26EA6BCCA1B4
Requests: 78 HTTP requests in this frame

Frame: https://c.sharethis.mgr.consensu.org/portal-v2.html
Frame ID: F4363E39952F415B4B74A68614425AC4
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210524/r20190131/zrt_lookup.html
Frame ID: 3513D4DB2CE5E80A5DA5E4B94FB420BE
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&adk=1812271804&adf=3025194257&lmt=1622189302&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fopovoemfoco.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189302595&bpp=5&bdt=859&idt=139&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6138441665258&frm=20&pv=2&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=191
Frame ID: 9DDAA12E8592637FF89C977CBC44EA32
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=600&adk=2562254491&adf=3253293875&pi=t.aa~a.2594507593~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x600&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=5&bdt=1263&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0&nras=2&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=1449&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=vfMVYJQuUJ&p=https%3A//opovoemfoco.com&dtd=54
Frame ID: 6365AB728473763B5B2D86AEE925E30A
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=280&adk=419266829&adf=4214403535&pi=t.aa~a.3242869890~rp.3&w=430&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=430x280&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600&nras=3&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1511&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Q2YNh3ihEz&p=https%3A//opovoemfoco.com&dtd=63
Frame ID: 8BC27ABD1C86DB455DDE329EDA211ED3
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=600&adk=2562254491&adf=4276347427&pi=t.aa~a.3891073050~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x600&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280&nras=4&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=2552&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=WdhEJn3e9x&p=https%3A//opovoemfoco.com&dtd=77
Frame ID: DDE39A3F6C5F78BF99395C2366D9B201
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=280&adk=133357044&adf=45620500&pi=t.aa~a.4162979979~rp.3&w=430&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=430x280&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=1&bdt=1264&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280%2C300x600&nras=5&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=2956&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=7bmLuCXW8F&p=https%3A//opovoemfoco.com&dtd=82
Frame ID: 45787BF02BB7A9632AD5F4F5294F4680
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=240&adk=2224437777&adf=1742890281&pi=t.aa~a.255320007~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x240&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1263&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280%2C300x600%2C430x280&nras=6&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=3761&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=BqTbiRK3gN&p=https%3A//opovoemfoco.com&dtd=86
Frame ID: 4249C609091937E9D67EC5FA67F2E1B9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=100&adk=3941245255&adf=2053992917&pi=t.aa~a.1229739246~rp.3&w=430&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=430x100&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=2&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280%2C300x600%2C430x280%2C300x240&nras=7&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=4226&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=XYcxN1DZhy&p=https%3A//opovoemfoco.com&dtd=91
Frame ID: BDC31F399A9A435C62D897FA6050F040
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CzP5s96SwYNLvBovN1fAPt9-7mA-Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTkzMzIwNjY5Nzc1MTEwODmgAcKu6N0DyAEJqQL2ymYTNnO0PqgDAaoE1gFP0DoTplVXfmgezT44Rj9qwDGLxhR8NtG8JtzBaMTaUlky4FPPe-po3ViMA0BALqwGciVcpjPlWOhpBakuOFr2O7eP5zfTydY6q-0nQKIJFc_HeK4jJGM9tWWGBMzWVsBImfN9seRxnIKdyOorYoKBk9WsHMzj6nHTxuO0iFT5zBglxkUu1LmofYMPKWAM-N7Me4Zj555UpNxhrag8j_wJ_xeeINI5QgIGd3oOHw0RGr99tfJjt9Rl-0lhh-rKMxmA1QbMmtMn3_bRx_RbFVnCrAuzV0FZgAa4vcSTyJTXop8BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHipyxAtgHANIIBwiA4YAQEAGACgH6CwIIAYAMAdAVAYAXAbIXGAoWEhRwdWItOTMzMjA2Njk3NzUxMTA4OQ&sigh=2mJZoX8a1Jk
Frame ID: 253CEBDC1D9702871D43D8C62D13D745
Requests: 6 HTTP requests in this frame

Frame: https://ad4m.at/ad/dr?ed=1gpyv9vpd8rx1gerc99gf0kkjtt4e3pb076vz234dv8ataae417c3d0bq2bjenvaewf2a8cvxc9cgq9a69yav6vywjzpsa8d4m20jgyh3r9ja9ka27hcrgkwet5ny4678jzsc6he6ft117ypz65c1wht296a23sf8yt8d78gzdvyakne57ngf64cmjk9q9tb2tgj1b4hvqrv8ssgn0enxb35bfwn5d7akrgsrt46jcr18c1rne8znpsjyvejw2mpvtd8m3tz3v9w3jrzyhjnkhvdqfh3m0axgejy02s3w8mqm3mdv5t7259ex2caha8hyqb920psn0eh8eq7rv7zb7y64cjzhyyna45av6fnw6yhmwa15ykxzq01pt834&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCmCAq96SwYNLvBovN1fAPt9-7mA-Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTkzMzIwNjY5Nzc1MTEwODmgAcKu6N0DyAEJqQL2ymYTNnO0PqgDAaoE2QFP0DoTplVXfmgezT44Rj9qwDGLxhR8NtG8JtzBaMTaUlky4FPPe-po3ViMA0BALqwGciVcpjPlWOhpBakuOFr2O7eP5zfTydY6q-0nQKIJFc_HeK4jJGM9tWWGBMzWVsBImfN9seRxnIKdyOorYoKBk9WsHMzj6nHTxuO0iFT5zBglxkUu1LmofYMPKWAM-N7Me4Zj555UpNxhrag8j_wJ_xeeINI5QgIGd3oOHw0RGr99tfJjt9Rl-0lhh-rKMxmA1QbM2NEqTSEEQLSTkhFUdkIhpXhNCJF4gAa4vcSTyJTXop8BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHipyxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3uDr--Oq0PM8dGa-CfOQ3uDGB6bA%26client%3Dca-pub-9332066977511089%26adurl%3D
Frame ID: A9BF9853039AFDBA1A7190BE938B6BE0
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 1A7D3D4124A92506C2717E6586C6C344
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/index.html
Frame ID: A797287D461E2E49D45E21EA724F50A9
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CBrzd96SwYLvmB6WT1fAPmfqLmA-Nq8TUYP2zyZiuDLqx8saEGxABILD3qBJglQKgAeSu27sCyAEJqQL2ymYTNnO0PqgDAcgDSKoE2wFP0D-eTntNJeOb_o-PcC4nDMZHLXDbQe8cjznAyjUig1Enu1CfyVtyBK40x3KN9b2bZY0DncD1NGDpdVVCSXpRhXgtjdjE-48KnWX_929Hu43mt3sOM3HaZrOE7fxK7GeW_H7qIwfaQ8LBklPT_DTSm8p9if9UIS_66rg9pALEX6r-15va0UJNpkaCuEfZt65o9fcMwawq7dCU1dm-DpGO43ZLNpmcGhRRa2ozGxzu9DxnbyI4Inb6jh9bgjOGRnzYFMrVX9FatC1zuE7tlZmaNlbQlmk2Pa8rNT7ABNq69oSKA5IFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAeE0aTEAagHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBC8yQjSCAkIgOGAEBABGB-ACgHICwHYEwzQFQGYFgGAFwGyFxoKGAgAEhRwdWItOTMzMjA2Njk3NzUxMTA4OQ&sigh=GUBSWXHWGBo&template_id=419
Frame ID: 4473FEE9D93D3B6936F7DB81B7D0A47B
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/index.html
Frame ID: 18DBBE31A3198EA17B0A9B098007AE89
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CZOYn96SwYLXTB6eS1fAPtPCRkAiNpPKkYcaqg96rDZDvxMedFhABILD3qBJglQKgAaPWsMQDyAEJqQL2ymYTNnO0PqgDAcgDSKoE3AFP0CrGvEidD-iDcC1krbZ_8mWoktyiiWl4RKED7a-bIQ7N7Cs3ydaUMWIbQNvPWVei2-4lfZ3CxRa-nP_yWmrILjVFcD7oRYfbvfevnTgX29rNZGGDspupBeqe5oPxpnOndjRb5kSAPl3o2-fzOFVtp0UTb3jSMEZL6vj5tskIz2knATc-3ERXfZ7gbyqgImhFMQ8b_yry7EcpT_9eId80N6p5kAaQtzjJl9-ki6sq2pk8g5SAbZibWFlpQuOANnOHCh9UOaipd6j7g-0qMaEachMKmTEkk_Z1S6FrwATHz7S-sgKSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAHxanPO6gHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBCqiT_SCAkIgOGAEBABGB-ACgHICwHYEw3QFQGAFwGyFxoKGAgAEhRwdWItOTMzMjA2Njk3NzUxMTA4OQ&sigh=1aY0U9LhV-4&template_id=419
Frame ID: 1F233D4F7A9D24A9C4F6272DBA7ED73D
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: C93E41490371129B282D737E7FE077A9
Requests: 2 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: D47C0A4DBD050FB4C062CB674AD7051E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: D330CB123E98EA03C74A2BC05B8AE9BE
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=C51HM96SwYIPbBcLK1fAPpuQOkOGBhFy2qMKK8ALAjbcBEAEgAGCVAoIBF2NhLXB1Yi05MzMyMDY2OTc3NTExMDg5oAHCrujdA8gBCakC9spmEzZztD6oAwGqBNwBT9ATrOtTxY5cgMXGzU9RWIP8MOP7H4XGI_NeKFXUMGAwiScpJAts_QllCE9xayMHJyCEeAegb7-rHk_brQlbvnjvxsyrLbA3QJBwEMk5sbN8vMf9JOpiVUftlz4FACvdk6dk3fda6zZYR4qzsGFDmx4GsbkCxyMQCNiAUEkybGpQf-PX7sKB6ZGrZnq9o8uxbnKxEM5dpxxvqfCNvlVUG2-mw-cz55Nw2HzuJ9yv3ki_V-YJAzSlJC21SSXPOITo5Zvfm7DgbTZyA8ezOoH_oyICY7iLD_s6MMQYEoAGuL3Ek8iU16KfAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxgKFhIUcHViLTkzMzIwNjY5Nzc1MTEwODk&sigh=LWWN1xokyWU
Frame ID: 928969AA889460D5ACC13F00CD34A3CF
Requests: 7 HTTP requests in this frame

Frame: https://ad4m.at/ad/dr?ed=1kg88hzq5fzjv3kbq2ste3bgs29a5c13y0ft5f7h02jpzatc2epefxbhqskk799g9982jb9j1681mrbzbf2p4btwa4rheddmw7xkc68vngdmwrq32c6m3h35hq62t54q6g7pdycevhzkt357p0gvcp0bz0pfme7pq344bd5pvbw9cmnvdejzw0nrs3r5tas6wdbhbpndzsvh319mhr8j3tbds22435c2sdydsqc9gj6nea738byj90756xnpnf5k0p995xggp1crb55dag9ajdqt8qzk8mty806pe0ncc0318vmg3jznkxkpjewgdwdpakh2seh1qakyvgdt404yd31xx66cspdjx7ngveskq9k8nfd2dp8c8q88an53m&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8KkK96SwYIPbBcLK1fAPpuQOkOGBhFy2qMKK8ALAjbcBEAEgAGCVAoIBF2NhLXB1Yi05MzMyMDY2OTc3NTExMDg5oAHCrujdA8gBCakC9spmEzZztD6oAwGqBN8BT9ATrOtTxY5cgMXGzU9RWIP8MOP7H4XGI_NeKFXUMGAwiScpJAts_QllCE9xayMHJyCEeAegb7-rHk_brQlbvnjvxsyrLbA3QJBwEMk5sbN8vMf9JOpiVUftlz4FACvdk6dk3fda6zZYR4qzsGFDmx4GsbkCxyMQCNiAUEkybGpQf-PX7sKB6ZGrZnq9o8uxbnKxEM5dpxxvqfCNvlVUG2-mw-cz55Nw2HzuJ9yv3ki_V-YJAzSlJC21SSXPOITo5Zvfm7DgbTZyA4WxNxModqVCqz_DmSFzojYhBv4IeoAGuL3Ek8iU16KfAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1EBUSz79QnxrTeR6FADs-uq9EDvw%26client%3Dca-pub-9332066977511089%26adurl%3D
Frame ID: 024F9D484362FA2455A651228DFE2007
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 5CEF9AA07E7EF2FE406B5368B8DFDB66
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/index.html
Frame ID: 28CFDFB3F25BE12DD7132CE3449D471F
Requests: 7 HTTP requests in this frame

Frame: https://ad4mat.net/frame.html
Frame ID: BEE883E23EE39D5F2819EBD277EBD5A8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: CB61DC1E325E0D0F04D3B2F14E32FB7D
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/index.html
Frame ID: 507018B5D8370323CC22133809CEEB64
Requests: 8 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 455860498FD37A3F3BA97865C6625A4F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: A114D5AA691522AB0DF0664292489B55
Requests: 2 HTTP requests in this frame

Frame: https://ad4mat.net/frame.html
Frame ID: 1F9D22B48D50226828195CC671FACA2E
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: CC4A26AF1F8C673EA043B408F2A6A4C0
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 679CA8B94FC35B709002B429B57B1F05
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=3653908c79b84db482645c70afbfb855%2F3004696383333724816&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20zkz2mjtp97kvb08a16z4ybe3y37gbrsa5w2fs1h4e2xn7jq4vbw3d3m93hxn0mbt6d4b5s0pj2fj5r38s4xqa8y5gt064re9sq0d9x12qxfmfsystzfrkvz5szbfeh1n8e7r5dhcbchxn5rr7gkm9g8nrvyqe1qya17d159ww2shem03d37dtsh1fv1ne2wwkpwpxtgc2txhkwp9pr8jv55xngcdkfw13an2ey3pvbf9zg6dmqjjf3apy8p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCmCAq96SwYNLvBovN1fAPt9-7mA-Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTkzMzIwNjY5Nzc1MTEwODmgAcKu6N0DyAEJqQL2ymYTNnO0PqgDAaoE2QFP0DoTplVXfmgezT44Rj9qwDGLxhR8NtG8JtzBaMTaUlky4FPPe-po3ViMA0BALqwGciVcpjPlWOhpBakuOFr2O7eP5zfTydY6q-0nQKIJFc_HeK4jJGM9tWWGBMzWVsBImfN9seRxnIKdyOorYoKBk9WsHMzj6nHTxuO0iFT5zBglxkUu1LmofYMPKWAM-N7Me4Zj555UpNxhrag8j_wJ_xeeINI5QgIGd3oOHw0RGr99tfJjt9Rl-0lhh-rKMxmA1QbM2NEqTSEEQLSTkhFUdkIhpXhNCJF4gAa4vcSTyJTXop8BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHipyxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_3uDr--Oq0PM8dGa-CfOQ3uDGB6bA%2526client%253Dca-pub-9332066977511089%2526adurl%253D&y=0&z=0
Frame ID: 939354D93824D10778E4CE11C68B3F17
Requests: 19 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=d069e32c7908db93fdc6a039252ab84a%2F1986367319666144802&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22ddzxge9yn7e22apa9qgfyyk77mtq72437z461dhgnry20xznn98073tbg5r4v8ap9ts1ke9zp07y44ewms8g2zx7kx2hsj7rwrrh7qnb40qp3sm7t511bjpnm8cqgy6frphkr4bd1mgqeddy6ns028vbn91wq073tbykh0hm1r3270eyvwt1ga5nz8zjnc6sycj5d5xkx2zxjrb6s8fhc7aaaczxjcb4tk9xy2sdne5nx2eyw623zcf2n1r%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC8KkK96SwYIPbBcLK1fAPpuQOkOGBhFy2qMKK8ALAjbcBEAEgAGCVAoIBF2NhLXB1Yi05MzMyMDY2OTc3NTExMDg5oAHCrujdA8gBCakC9spmEzZztD6oAwGqBN8BT9ATrOtTxY5cgMXGzU9RWIP8MOP7H4XGI_NeKFXUMGAwiScpJAts_QllCE9xayMHJyCEeAegb7-rHk_brQlbvnjvxsyrLbA3QJBwEMk5sbN8vMf9JOpiVUftlz4FACvdk6dk3fda6zZYR4qzsGFDmx4GsbkCxyMQCNiAUEkybGpQf-PX7sKB6ZGrZnq9o8uxbnKxEM5dpxxvqfCNvlVUG2-mw-cz55Nw2HzuJ9yv3ki_V-YJAzSlJC21SSXPOITo5Zvfm7DgbTZyA4WxNxModqVCqz_DmSFzojYhBv4IeoAGuL3Ek8iU16KfAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1EBUSz79QnxrTeR6FADs-uq9EDvw%2526client%253Dca-pub-9332066977511089%2526adurl%253D&y=0&z=0
Frame ID: E705E06E9B57EFEED29214CF861A02DA
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

251
Requests

95 %
HTTPS

63 %
IPv6

29
Domains

43
Subdomains

40
IPs

4
Countries

3753 kB
Transfer

5842 kB
Size

3
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: http://vaka.me/j29olj
Title: Apoie-nos

Search URL Search Domain Scan URL

URL: http://www.twitter.com/opovoemfoco_

Search URL Search Domain Scan URL

URL: http://www.facebook.com/opovoemfoco

Search URL Search Domain Scan URL

URL: https://www.happythemes.com/
Title: HappyThemes

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 94

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitULd893WLkZYAFdI6GkEf96ekBt8OCynTwLH5vnRRW-ho911w03HCOqIYoS4Qzn9sLxi87quGPHFFT3L606Co1eM3AR6tvXi&google_gid=CAESEBG9OAilXmSj5w1B0FUB-24&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitULd893WLkZYAFdI6GkEf96ekBt8OCynTwLH5vnRRW-ho911w03HCOqIYoS4Qzn9sLxi87quGPHFFT3L606Co1eM3AR6tvXi&google_gid=CAESEBG9OAilXmSj5w1B0FUB-24&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA1MjgwODA4MjQ2NTg1ODgwODEyODcxOQ%3D%3D&google_push=AQvitULd893WLkZYAFdI6GkEf96ekBt8OCynTwLH5vnRRW-ho911w03HCOqIYoS4Qzn9sLxi87quGPHFFT3L606Co1eM3AR6tvXi

Request Chain 96

https://rtb.openx.net/sync/dds?google_gid=CAESEF6C6Z5C4uHtSuywxgjxGwo&google_cver=1&google_push=AQvitUIopn3Q2akBm-dlRuAI39nlo4MeNb6a-ghHxzix8ECVcgIkgM6A52zzBB6sCldLv4d7D1zRhFRKgn2_pLXWSFVgJf0b_HXP HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEF6C6Z5C4uHtSuywxgjxGwo&google_cver=1&google_push=AQvitUIopn3Q2akBm-dlRuAI39nlo4MeNb6a-ghHxzix8ECVcgIkgM6A52zzBB6sCldLv4d7D1zRhFRKgn2_pLXWSFVgJf0b_HXP&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIopn3Q2akBm-dlRuAI39nlo4MeNb6a-ghHxzix8ECVcgIkgM6A52zzBB6sCldLv4d7D1zRhFRKgn2_pLXWSFVgJf0b_HXP&google_hm=nWHXco-OyxwX7NXxoNGmEw==

Request Chain 97

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESENd-qbqQZ_KXMXcNB_AegdQ&google_cver=1&google_push=AQvitUI3RaJd2U9AiAEjRdFz1-b_wlA3AUsuVD9ZY_MG71m_MxXgBCNqV3pJY8acqnW7jiGE1BgCbBiecVX_4Ftpsf5enC3sQrQ HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESENd-qbqQZ_KXMXcNB_AegdQ&google_cver=1&google_push=AQvitUI3RaJd2U9AiAEjRdFz1-b_wlA3AUsuVD9ZY_MG71m_MxXgBCNqV3pJY8acqnW7jiGE1BgCbBiecVX_4Ftpsf5enC3sQrQ&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Z-SaFBTQSaKqGQpLF8Y5Xw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUI3RaJd2U9AiAEjRdFz1-b_wlA3AUsuVD9ZY_MG71m_MxXgBCNqV3pJY8acqnW7jiGE1BgCbBiecVX_4Ftpsf5enC3sQrQ

Request Chain 98

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEBVEX5ev21sJSD5yge3foms&google_cver=1&google_push=AQvitUJLy-bS3XY2tXmQ2TcTMMFa_v23OavYczEXb8VW_LviCwYiNe0xlym0pYqwNp3XHvUC33uRIpyeGmXGEPyRH9cp9pxAkm2C HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1A4MU1MSk4tUC1HUkpY&google_push=AQvitUJLy-bS3XY2tXmQ2TcTMMFa_v23OavYczEXb8VW_LviCwYiNe0xlym0pYqwNp3XHvUC33uRIpyeGmXGEPyRH9cp9pxAkm2C

Request Chain 99

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEHqFmmbPNNrXwVMncUwmHWM&google_cver=1&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25vyK0VN-W8 HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEHqFmmbPNNrXwVMncUwmHWM&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25vyK0VN-W8&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25vyK0VN-W8&google_gid=CAESEHqFmmbPNNrXwVMncUwmHWM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25vyK0VN-W8&google_gid=CAESEHqFmmbPNNrXwVMncUwmHWM&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25vyK0VN-W8&google_gid=CAESEHqFmmbPNNrXwVMncUwmHWM&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25vyK0VN-W8&google_gid=CAESEHqFmmbPNNrXwVMncUwmHWM&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25vyK0VN-W8&google_gid=CAESEHqFmmbPNNrXwVMncUwmHWM&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25vyK0VN-W8&google_gid=CAESEHqFmmbPNNrXwVMncUwmHWM&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25vyK0VN-W8&google_gid=CAESEHqFmmbPNNrXwVMncUwmHWM&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25vyK0VN-W8&google_gid=CAESEHqFmmbPNNrXwVMncUwmHWM&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25vyK0VN-W8&google_gid=CAESEHqFmmbPNNrXwVMncUwmHWM&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25vyK0VN-W8&google_gid=CAESEHqFmmbPNNrXwVMncUwmHWM&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25vyK0VN-W8&google_gid=CAESEHqFmmbPNNrXwVMncUwmHWM&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25vyK0VN-W8&google_gid=CAESEHqFmmbPNNrXwVMncUwmHWM&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25vyK0VN-W8&google_gid=CAESEHqFmmbPNNrXwVMncUwmHWM&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25vyK0VN-W8&google_gid=CAESEHqFmmbPNNrXwVMncUwmHWM&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25vyK0VN-W8&google_gid=CAESEHqFmmbPNNrXwVMncUwmHWM&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25vyK0VN-W8&google_gid=CAESEHqFmmbPNNrXwVMncUwmHWM&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25vyK0VN-W8&google_gid=CAESEHqFmmbPNNrXwVMncUwmHWM&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25vyK0VN-W8&google_gid=CAESEHqFmmbPNNrXwVMncUwmHWM&google_cver=1&google_tc= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25vyK0VN-W8&google_gid=CAESEHqFmmbPNNrXwVMncUwmHWM&google_cver=1&google_tc=

Request Chain 148

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 151

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 162

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUJIXl8zaS4zi3NBOEoDI2pdtG4tUeDiifoRS22isuRlm9pN_MePQ9UFK1fvf8UvNKsMB8uSEwCKTPiZjlSeG3CXcHl7Bw&google_gid=CAESEB-jYnUTV3JzlUa-V6lBRTY&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUJIXl8zaS4zi3NBOEoDI2pdtG4tUeDiifoRS22isuRlm9pN_MePQ9UFK1fvf8UvNKsMB8uSEwCKTPiZjlSeG3CXcHl7Bw&google_gid=CAESEB-jYnUTV3JzlUa-V6lBRTY&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA1MjgwODA4MjQ2ODkzMjc3MTQwMjQxOA%3D%3D&google_push=AQvitUJIXl8zaS4zi3NBOEoDI2pdtG4tUeDiifoRS22isuRlm9pN_MePQ9UFK1fvf8UvNKsMB8uSEwCKTPiZjlSeG3CXcHl7Bw

Request Chain 163

https://rtb.openx.net/sync/dds?google_gid=CAESEMQ7zEkV9F8tyh6i8dR3Fhs&google_cver=1&google_push=AQvitUK_TZR3bvI5Lz4qiXhjB318obLws1hLYV4cJcRuVeUdoP9Dlgh7qICH0IJO8LXNDkYcd14e86kMC8cTjl10-P1eB44rhAM HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEMQ7zEkV9F8tyh6i8dR3Fhs&google_cver=1&google_push=AQvitUK_TZR3bvI5Lz4qiXhjB318obLws1hLYV4cJcRuVeUdoP9Dlgh7qICH0IJO8LXNDkYcd14e86kMC8cTjl10-P1eB44rhAM&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUK_TZR3bvI5Lz4qiXhjB318obLws1hLYV4cJcRuVeUdoP9Dlgh7qICH0IJO8LXNDkYcd14e86kMC8cTjl10-P1eB44rhAM&google_hm=T_-b9SAqyrc-dFAjfK-Q4w==

Request Chain 164

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEDaHf8VxUw2_D2B1csIVTow&google_cver=1&google_push=AQvitULY5iWxazj6C-BEUHUppyEp4zuV6_lMTGglTn3u6wV9Vo3ZprQK10NlP967tFjLhfHm0pdA0RhgR7XrmtJx6VTRYVdzMw HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEDaHf8VxUw2_D2B1csIVTow&google_cver=1&google_push=AQvitULY5iWxazj6C-BEUHUppyEp4zuV6_lMTGglTn3u6wV9Vo3ZprQK10NlP967tFjLhfHm0pdA0RhgR7XrmtJx6VTRYVdzMw&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=m2fcKnFNQ8mSmh96ydKAEw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitULY5iWxazj6C-BEUHUppyEp4zuV6_lMTGglTn3u6wV9Vo3ZprQK10NlP967tFjLhfHm0pdA0RhgR7XrmtJx6VTRYVdzMw

Request Chain 165

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEOl3PECQ3tOXj-m5kKWNwgE&google_cver=1&google_push=AQvitUINK25Krc-4HSm5NY0AfSBk7MS92WZmETvq1U6-ryJsjG3tGHFQEI_vDokxDOwCsFpMjSH0q11j61McWPKq6DtXUlQY7ik HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1A4MU1MV0YtMTEtMkM1Ug==&google_push=AQvitUINK25Krc-4HSm5NY0AfSBk7MS92WZmETvq1U6-ryJsjG3tGHFQEI_vDokxDOwCsFpMjSH0q11j61McWPKq6DtXUlQY7ik

Request Chain 166

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEC2pyQb1BVleiEOEjV2W__Y&google_cver=1&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7VbFHNBMzVDk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7VbFHNBMzVDk&google_cver=1&google_gid=CAESEC2pyQb1BVleiEOEjV2W__Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7VbFHNBMzVDk&google_cver=1&google_gid=CAESEC2pyQb1BVleiEOEjV2W__Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7VbFHNBMzVDk&google_cver=1&google_gid=CAESEC2pyQb1BVleiEOEjV2W__Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7VbFHNBMzVDk&google_cver=1&google_gid=CAESEC2pyQb1BVleiEOEjV2W__Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7VbFHNBMzVDk&google_cver=1&google_gid=CAESEC2pyQb1BVleiEOEjV2W__Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7VbFHNBMzVDk&google_cver=1&google_gid=CAESEC2pyQb1BVleiEOEjV2W__Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7VbFHNBMzVDk&google_cver=1&google_gid=CAESEC2pyQb1BVleiEOEjV2W__Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7VbFHNBMzVDk&google_cver=1&google_gid=CAESEC2pyQb1BVleiEOEjV2W__Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7VbFHNBMzVDk&google_cver=1&google_gid=CAESEC2pyQb1BVleiEOEjV2W__Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7VbFHNBMzVDk&google_cver=1&google_gid=CAESEC2pyQb1BVleiEOEjV2W__Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7VbFHNBMzVDk&google_cver=1&google_gid=CAESEC2pyQb1BVleiEOEjV2W__Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7VbFHNBMzVDk&google_cver=1&google_gid=CAESEC2pyQb1BVleiEOEjV2W__Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7VbFHNBMzVDk&google_cver=1&google_gid=CAESEC2pyQb1BVleiEOEjV2W__Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7VbFHNBMzVDk&google_cver=1&google_gid=CAESEC2pyQb1BVleiEOEjV2W__Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7VbFHNBMzVDk&google_cver=1&google_gid=CAESEC2pyQb1BVleiEOEjV2W__Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7VbFHNBMzVDk&google_cver=1&google_gid=CAESEC2pyQb1BVleiEOEjV2W__Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7VbFHNBMzVDk&google_cver=1&google_gid=CAESEC2pyQb1BVleiEOEjV2W__Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7VbFHNBMzVDk&google_cver=1&google_gid=CAESEC2pyQb1BVleiEOEjV2W__Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7VbFHNBMzVDk&google_cver=1&google_gid=CAESEC2pyQb1BVleiEOEjV2W__Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7VbFHNBMzVDk&google_cver=1&google_gid=CAESEC2pyQb1BVleiEOEjV2W__Y&google_tc=

Request Chain 185

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 192

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

251 HTTP transactions
-3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
opovoemfoco.com/ 103 KB
15 KB 1048ms
731ms Document
text/html 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to

Full URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache / PHP/7.4.16
Resource Hash: a72ad4a87387d87e2e90c3505e8798323f1ff00ecbbf721aefe588a6aedc776c

Request headers

:method: GET
:authority: opovoemfoco.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:20 GMT
server: Apache
x-powered-by: PHP/7.4.16
link: <https://opovoemfoco.com/wp-json/>; rel="https://api.w.org/"
cache-control: max-age=0
expires: Fri, 28 May 2021 08:08:20 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 15244
content-type: text/html; charset=UTF-8

GET
H3-29 200 css
fonts.googleapis.com/ 6 KB
708 B 24ms
21ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,400i,700

Requested by

Host: opovoemfoco.com
URL: https://opovoemfoco.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

67bc675875f4e5e7d636dbc7da38268c23f3a5370233ac2331a7193add7cfd76

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 28 May 2021 06:09:42 GMT
server: ESF
date: Fri, 28 May 2021 08:08:21 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 28 May 2021 08:08:21 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 89 KB
35 KB 28ms
25ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-131835244-1

Requested by

Host: opovoemfoco.com
URL: https://opovoemfoco.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

59f0087575708b2b469eb68ce76b6bf00456e436552c5a12e614bd66a3001005

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:21 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35864
x-xss-protection: 0
last-modified: Fri, 28 May 2021 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 28 May 2021 08:08:21 GMT

GET
H2 200 style.min.css
opovoemfoco.com/wp-includes/css/dist/block-library/ 50 KB
8 KB 245ms
242ms Stylesheet
text/css 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to

Full URL: https://opovoemfoco.com/wp-includes/css/dist/block-library/style.min.css?ver=5.6.4
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: fe9ad9796d39e706fe661ddf90151c0ebc03251164354d55f1ee95ca06878b40

Request headers

:path: /wp-includes/css/dist/block-library/style.min.css?ver=5.6.4
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:21 GMT
content-encoding: gzip
last-modified: Mon, 22 Feb 2021 15:41:37 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 7849
expires: Sat, 28 May 2022 08:08:21 GMT

GET
H2 200 mu-style.css
opovoemfoco.com/wp-content/plugins/sharethis-share-buttons/css/ 26 B
161 B 165ms
163ms Stylesheet
text/css 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to

Full URL: https://opovoemfoco.com/wp-content/plugins/sharethis-share-buttons/css/mu-style.css?ver=5.6.4
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: f85e538e44687fc0feaa2f66a67831ec9f9b03446f115dec74b996da4a0a4a52

Request headers

:path: /wp-content/plugins/sharethis-share-buttons/css/mu-style.css?ver=5.6.4
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:21 GMT
last-modified: Tue, 22 Aug 2017 00:36:20 GMT
server: Apache
vary: User-Agent
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 26
expires: Sat, 28 May 2022 08:08:21 GMT

GET
H2 200 style.css
opovoemfoco.com/wp-content/themes/newsnow/ 57 KB
11 KB 250ms
248ms Stylesheet
text/css 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to

Full URL: https://opovoemfoco.com/wp-content/themes/newsnow/style.css?ver=20180523
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: 43d8fce3a337b7a745c3b12c1e1c2f6fbf03512342dfe3044e4577a59eaaf48a

Request headers

:path: /wp-content/themes/newsnow/style.css?ver=20180523
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:21 GMT
content-encoding: gzip
last-modified: Sun, 30 Dec 2018 21:13:55 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 10696
expires: Sat, 28 May 2022 08:08:21 GMT

GET
H2 200 genericons.css
opovoemfoco.com/wp-content/themes/newsnow/genericons/ 154 B
162 B 168ms
166ms Stylesheet
text/css 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to

Full URL: https://opovoemfoco.com/wp-content/themes/newsnow/genericons/genericons.css?ver=5.6.4
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: 7e3559d6ffac7fc54d6edaa79b6e7330fab33fbdffc174a27c58b25e5b3952d2

Request headers

:path: /wp-content/themes/newsnow/genericons/genericons.css?ver=5.6.4
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:21 GMT
content-encoding: gzip
last-modified: Sun, 30 Dec 2018 21:13:55 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 129
expires: Sat, 28 May 2022 08:08:21 GMT

GET
H2 200 responsive.css
opovoemfoco.com/wp-content/themes/newsnow/ 13 KB
2 KB 165ms
163ms Stylesheet
text/css 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to

Full URL: https://opovoemfoco.com/wp-content/themes/newsnow/responsive.css?ver=20161209
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: 113e153cd01d73c26f4f1015ed0d4ffbb0c9a1c909fe6b3793c780d71814fec7

Request headers

:path: /wp-content/themes/newsnow/responsive.css?ver=20161209
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:21 GMT
content-encoding: gzip
last-modified: Sun, 30 Dec 2018 21:13:55 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 2094
expires: Sat, 28 May 2022 08:08:21 GMT

GET
H2 200 style.css
opovoemfoco.com/wp-content/plugins/newsletter/ 6 KB
1 KB 165ms
163ms Stylesheet
text/css 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to

Full URL: https://opovoemfoco.com/wp-content/plugins/newsletter/style.css?ver=7.1.8
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: ff7cbd7d791c0f01f1b7db211981bb0506701f663e9e41422586b9e625753ba3

Request headers

:path: /wp-content/plugins/newsletter/style.css?ver=7.1.8
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:21 GMT
content-encoding: gzip
last-modified: Wed, 03 Mar 2021 19:13:02 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 1198
expires: Sat, 28 May 2022 08:08:21 GMT

GET
H2 200 frontend-gtag.min.js Show response
opovoemfoco.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/ 9 KB
3 KB 171ms
169ms Script
application/javascript 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to

Full URL: https://opovoemfoco.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=7.17.0
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: a98e42b2d4ab1ae36f3b270a0dff6ad2f158100833978ff0a549674a2543e78a

Request headers

:path: /wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=7.17.0
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:21 GMT
content-encoding: gzip
last-modified: Tue, 23 Mar 2021 15:30:40 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 2801
expires: Sat, 28 May 2022 08:08:21 GMT

GET
H2 200 sharethis.js Show response
platform-api.sharethis.com/js/ 101 KB
32 KB 32ms
9ms Script
text/javascript 2600:9000:2182:e400:1c:8a07:5e80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://platform-api.sharethis.com/js/sharethis.js
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:e400:1c:8a07:5e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 36225e386f80d3706232990cc4ca5d50c69bfb3dfb8bbf99d89acfd892c158a5

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:02:22 GMT
content-encoding: gzip
age: 359
etag: W/"19322-6F8eje7mEH07iqf1oc8H7fNRIug"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
via: 1.1 49e78dae34a1d21beb31b4002f7ce92e.cloudfront.net (CloudFront)
edge-control: cache-maxage=60m,downstream-ttl=60m
cache-control: max-age=600, public
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: 1IWYB4iipGT8v_oz3gCYn6zt_CFP3dtDzO9Qay6f-RuTug-LE29oOQ==

GET
H2 200 jquery.min.js Show response
opovoemfoco.com/wp-includes/js/jquery/ 87 KB
30 KB 297ms
295ms Script
application/javascript 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to

Full URL: https://opovoemfoco.com/wp-includes/js/jquery/jquery.min.js?ver=3.5.1
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: 60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Request headers

:path: /wp-includes/js/jquery/jquery.min.js?ver=3.5.1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:21 GMT
content-encoding: gzip
last-modified: Tue, 29 Dec 2020 19:04:00 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 30916
expires: Sat, 28 May 2022 08:08:21 GMT

GET
H2 200 jquery-migrate.min.js Show response
opovoemfoco.com/wp-includes/js/jquery/ 11 KB
4 KB 167ms
166ms Script
application/javascript 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to

Full URL: https://opovoemfoco.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

:path: /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:21 GMT
content-encoding: gzip
last-modified: Tue, 29 Dec 2020 19:04:00 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 4169
expires: Sat, 28 May 2022 08:08:21 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 134 KB
47 KB 33ms
29ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: opovoemfoco.com
URL: https://opovoemfoco.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

75817d352ea4450be4fea3cd7e03603e6391d8c6178d3dbb9992439695a16343

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48364
x-xss-protection: 0
server: cafe
etag: 14954953266902609284
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 28 May 2021 08:08:22 GMT

GET
H2 200 logo300x90.png
opovoemfoco.com/wp-content/uploads/2019/01/ 3 KB
3 KB 166ms
162ms Image
image/png 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://opovoemfoco.com/wp-content/uploads/2019/01/logo300x90.png
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: 2b62ab86703c0ff1beff7591d4151685a6335fa4013a895e441b749ebea049f7

Request headers

:path: /wp-content/uploads/2019/01/logo300x90.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
last-modified: Sun, 06 Jan 2019 18:04:56 GMT
server: Apache
vary: User-Agent
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 3286
expires: Sun, 27 Jun 2021 08:08:22 GMT

GET
H2 200 banner-728x90.png
opovoemfoco.com/wp-content/uploads/2019/01/ 51 KB
52 KB 169ms
165ms Image
image/png 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://opovoemfoco.com/wp-content/uploads/2019/01/banner-728x90.png
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: 4893752656cc7d5f8690be5389519314eb776cc152bc299c4a55f90bc954ac40

Request headers

:path: /wp-content/uploads/2019/01/banner-728x90.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
last-modified: Sun, 06 Jan 2019 18:00:01 GMT
server: Apache
vary: User-Agent
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 52335
expires: Sun, 27 Jun 2021 08:08:22 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 16ms
12ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-131835244-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 6090
date: Fri, 28 May 2021 06:26:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Fri, 28 May 2021 08:26:52 GMT

GET
H2 200 wp-emoji-release.min.js Show response
opovoemfoco.com/wp-includes/js/ 14 KB
5 KB 184ms
180ms Script
application/javascript 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to

Full URL: https://opovoemfoco.com/wp-includes/js/wp-emoji-release.min.js?ver=5.6.4
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: 0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c

Request headers

:path: /wp-includes/js/wp-emoji-release.min.js?ver=5.6.4
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
content-encoding: gzip
last-modified: Thu, 04 Feb 2021 03:35:30 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 4662
expires: Sat, 28 May 2022 08:08:22 GMT

GET
H2 200 banner-300x250.png
opovoemfoco.com/wp-content/uploads/2019/01/ 3 KB
3 KB 165ms
162ms Image
image/png 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://opovoemfoco.com/wp-content/uploads/2019/01/banner-300x250.png
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: 378251db9dc7c47ab37d55dfc82287bd892c3b01d34735541f6cf670de39a668

Request headers

:path: /wp-content/uploads/2019/01/banner-300x250.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
last-modified: Sun, 06 Jan 2019 18:23:00 GMT
server: Apache
vary: User-Agent
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 2860
expires: Sun, 27 Jun 2021 08:08:22 GMT

GET
H2 200 icon-twitter.png
www.happythemes.com/demo/newsnow-pro/wp-content/themes/newsnow-pro/assets/img/ 1 KB
2 KB 181ms
58ms Image
image/png 194.1.147.53
WPX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.happythemes.com/demo/newsnow-pro/wp-content/themes/newsnow-pro/assets/img/icon-twitter.png
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.1.147.53 Chicago, United States, ASN210250 (WPX, BG),
Reverse DNS: wpx.net
Software: WPX CLOUD/FF /
Resource Hash: c65bbe7e278afea762b40363a4bcdc29301b63057d4ec21e0e9ba90e6c751783

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 07:42:26 GMT
age: 1557
x-edge-location: WPX CLOUD/FF
x-cache: HIT
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 1301
pragma: public
referrer-policy
last-modified: Tue, 20 Oct 2020 16:06:09 GMT
server: WPX CLOUD/FF
etag: "515-5f8f0af1-0;;;"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=31536000,public
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
expires: Sat, 28 May 2022 07:42:26 GMT

GET
H2 200 icon-facebook.png
www.happythemes.com/demo/newsnow-pro/wp-content/themes/newsnow-pro/assets/img/ 935 B
992 B 182ms
59ms Image
image/png 194.1.147.53
WPX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.happythemes.com/demo/newsnow-pro/wp-content/themes/newsnow-pro/assets/img/icon-facebook.png
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.1.147.53 Chicago, United States, ASN210250 (WPX, BG),
Reverse DNS: wpx.net
Software: WPX CLOUD/FF /
Resource Hash: e55869541d8d62428b5dbe5b9fb103a5f6d4279d92d501ffefc6933f09327c42

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 07:42:26 GMT
age: 1557
x-edge-location: WPX CLOUD/FF
x-cache: HIT
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 935
pragma: public
referrer-policy
last-modified: Tue, 20 Oct 2020 16:06:09 GMT
server: WPX CLOUD/FF
etag: "3a7-5f8f0af1-0;;;"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=31536000,public
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
expires: Sat, 28 May 2022 07:42:26 GMT

GET
H2 200 icon-google-plus.png
www.happythemes.com/demo/newsnow-pro/wp-content/themes/newsnow-pro/assets/img/ 1 KB
1 KB 204ms
82ms Image
image/png 194.1.147.53
WPX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.happythemes.com/demo/newsnow-pro/wp-content/themes/newsnow-pro/assets/img/icon-google-plus.png
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.1.147.53 Chicago, United States, ASN210250 (WPX, BG),
Reverse DNS: wpx.net
Software: WPX CLOUD/FF /
Resource Hash: 310922b929aa57b74de517f74fb52edf5201c2f3d007ff49e43af71ad38d6310

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 07:42:26 GMT
age: 1557
x-edge-location: WPX CLOUD/FF
x-cache: HIT
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 1349
pragma: public
referrer-policy
last-modified: Tue, 20 Oct 2020 16:06:09 GMT
server: WPX CLOUD/FF
etag: "545-5f8f0af1-0;;;"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=31536000,public
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
expires: Sat, 28 May 2022 07:42:26 GMT

GET
H2 200 icon-youtube.png
www.happythemes.com/demo/newsnow-pro/wp-content/themes/newsnow-pro/assets/img/ 1 KB
1 KB 205ms
82ms Image
image/png 194.1.147.53
WPX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.happythemes.com/demo/newsnow-pro/wp-content/themes/newsnow-pro/assets/img/icon-youtube.png
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.1.147.53 Chicago, United States, ASN210250 (WPX, BG),
Reverse DNS: wpx.net
Software: WPX CLOUD/FF /
Resource Hash: 87f22b4839be51ff0db3f4a36971a541d8775486441207fa64bdb97948700a3f

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 07:42:26 GMT
age: 1557
x-edge-location: WPX CLOUD/FF
x-cache: HIT
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 1428
pragma: public
referrer-policy
last-modified: Tue, 20 Oct 2020 16:06:09 GMT
server: WPX CLOUD/FF
etag: "594-5f8f0af1-0;;;"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=31536000,public
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
expires: Sat, 28 May 2022 07:42:26 GMT

GET
H2 200 superfish.js Show response
opovoemfoco.com/wp-content/themes/newsnow/assets/js/ 7 KB
2 KB 166ms
165ms Script
application/javascript 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to

Full URL: https://opovoemfoco.com/wp-content/themes/newsnow/assets/js/superfish.js?ver=5.6.4
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: 4bd938863d8e473540c7300aec8fd156822f4701cee5fb6b3328a2cc9b0a012b

Request headers

:path: /wp-content/themes/newsnow/assets/js/superfish.js?ver=5.6.4
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
content-encoding: gzip
last-modified: Sun, 30 Dec 2018 21:13:55 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 2414
expires: Sat, 28 May 2022 08:08:22 GMT

GET
H2 200 modernizr.min.js Show response
opovoemfoco.com/wp-content/themes/newsnow/assets/js/ 15 KB
6 KB 166ms
166ms Script
application/javascript 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to

Full URL: https://opovoemfoco.com/wp-content/themes/newsnow/assets/js/modernizr.min.js?ver=5.6.4
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: cf25ec18f223f4c51ce1128a42e644cdc2244d88f89d1a51440d9dbe51f4efe8

Request headers

:path: /wp-content/themes/newsnow/assets/js/modernizr.min.js?ver=5.6.4
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
content-encoding: gzip
last-modified: Sun, 30 Dec 2018 21:13:55 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 6246
expires: Sat, 28 May 2022 08:08:22 GMT

GET
H2 200 html5.js Show response
opovoemfoco.com/wp-content/themes/newsnow/assets/js/ 10 KB
3 KB 199ms
194ms Script
application/javascript 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to

Full URL: https://opovoemfoco.com/wp-content/themes/newsnow/assets/js/html5.js?ver=5.6.4
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: a4b3b91b775b356ac4b5c34ac94dbcc1212ef23b5e89bfa9bfcc92e285a4447a

Request headers

:path: /wp-content/themes/newsnow/assets/js/html5.js?ver=5.6.4
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
content-encoding: gzip
last-modified: Sun, 30 Dec 2018 21:13:55 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 3122
expires: Sat, 28 May 2022 08:08:22 GMT

GET
H2 200 jquery.custom.js Show response
opovoemfoco.com/wp-content/themes/newsnow/assets/js/ 3 KB
593 B 169ms
165ms Script
application/javascript 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to

Full URL: https://opovoemfoco.com/wp-content/themes/newsnow/assets/js/jquery.custom.js?ver=20170628
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: 932c9568d4e84014b305a72fff85330093277abf03f68eee9c8c7d9088498256

Request headers

:path: /wp-content/themes/newsnow/assets/js/jquery.custom.js?ver=20170628
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
content-encoding: gzip
last-modified: Sun, 30 Dec 2018 21:13:55 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 559
expires: Sat, 28 May 2022 08:08:22 GMT

GET
H2 200 wp-embed.min.js Show response
opovoemfoco.com/wp-includes/js/ 1 KB
822 B 169ms
165ms Script
application/javascript 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to

Full URL: https://opovoemfoco.com/wp-includes/js/wp-embed.min.js?ver=5.6.4
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

:path: /wp-includes/js/wp-embed.min.js?ver=5.6.4
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
content-encoding: gzip
last-modified: Thu, 04 Feb 2021 03:35:30 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 765
expires: Sat, 28 May 2022 08:08:22 GMT

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 15ms
12ms Script
application/javascript 2606:4700::6812:e134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=5.6.4
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d1fdc83f40b6872fbf82ad027168954ccaa7eee12c7e6fcbe52e26c36bf915de

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
content-encoding: gzip
cf-cache-status: HIT
server: cloudflare
age: 3033
etag: W/"5404400d01d5519bc4a10316e7ed5c9b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 6565fea26f744e19-FRA
cf-request-id: 0a539d798300004e1957008000000001
expires: Mon, 31 May 2021 08:08:22 GMT

GET
H2 200 genericons.css
opovoemfoco.com/wp-content/themes/newsnow/genericons/genericons/ 28 KB
16 KB 200ms
200ms Stylesheet
text/css 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to

Full URL: https://opovoemfoco.com/wp-content/themes/newsnow/genericons/genericons/genericons.css
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/wp-content/themes/newsnow/genericons/genericons.css?ver=5.6.4
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: 4ed10d0d64bb1515397e8666a63f484d640dbc5678fa62574e077b7aef1c3af2

Request headers

:path: /wp-content/themes/newsnow/genericons/genericons/genericons.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/wp-content/themes/newsnow/genericons/genericons.css?ver=5.6.4
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/wp-content/themes/newsnow/genericons/genericons.css?ver=5.6.4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:21 GMT
content-encoding: gzip
last-modified: Sun, 30 Dec 2018 21:13:55 GMT
server: Apache
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 16441
expires: Sat, 28 May 2022 08:08:21 GMT

GET
H2 200 5c32c06b6aa2aa0011451f69.js Show response
buttons-config.sharethis.com/js/ 787 B
1 KB 422ms
396ms Script
text/javascript 2600:9000:2182:d800:c:abe:f440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://buttons-config.sharethis.com/js/5c32c06b6aa2aa0011451f69.js
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:d800:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9f91bdc0226ee0299e83d54f8d4fb1e2b151590211a41a899e3593e20b6f2e0f

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:23 GMT
via: 1.1 dfeaf865724e57eaac72220929416926.cloudfront.net (CloudFront)
last-modified: Mon, 07 Jan 2019 03:16:35 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-C1
etag: "77f02b7f0c9f758294ed7a308065fa21"
x-cache: RefreshHit from cloudfront
content-type: text/javascript
cache-control: max-age=60,public
accept-ranges: bytes
content-length: 787
x-amz-cf-id: qidGTjMjpcyo5cb_ZTsg3g8tyFxqRVXvLRdj0DXLxD16Aq0AXENw_w==

GET
H3-29 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v20/ 14 KB
14 KB 13ms
12ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v20/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,400i,700

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://opovoemfoco.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 21:32:20 GMT
x-content-type-options: nosniff
last-modified: Tue, 18 May 2021 21:21:19 GMT
server: sffe
age: 210962
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14440
x-xss-protection: 0
expires: Wed, 25 May 2022 21:32:20 GMT

GET
H3-29 200 mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v20/ 15 KB
15 KB 13ms
13ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,400i,700

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://opovoemfoco.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 25 May 2021 21:32:20 GMT
x-content-type-options: nosniff
last-modified: Tue, 18 May 2021 21:21:50 GMT
server: sffe
age: 210962
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15112
x-xss-protection: 0
expires: Wed, 25 May 2022 21:32:20 GMT

GET
DATA 200
OK truncated
/ 14 KB
14 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1cfd32e37f8aba263101f06e8f702adfaef55a6601857cf5e2c6dd0b0388dcd6

Request headers

Origin: https://opovoemfoco.com
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H2 200 fase-carnaval-720x480.png
opovoemfoco.com/wp-content/uploads/2021/01/ 302 KB
304 KB 168ms
166ms Image
image/png 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://opovoemfoco.com/wp-content/uploads/2021/01/fase-carnaval-720x480.png
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: bf3ca351db5713c36f13be049365168a1cbe8e9e6c246e0d85f0dfc3a6767ec5

Request headers

:path: /wp-content/uploads/2021/01/fase-carnaval-720x480.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
last-modified: Fri, 29 Jan 2021 18:36:43 GMT
server: Apache
vary: User-Agent
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 309418
expires: Sun, 27 Jun 2021 08:08:22 GMT

GET
H2 200 combustivelFotoMarcosSantos001-300x200.jpg
opovoemfoco.com/wp-content/uploads/2020/12/ 16 KB
16 KB 167ms
166ms Image
image/jpeg 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://opovoemfoco.com/wp-content/uploads/2020/12/combustivelFotoMarcosSantos001-300x200.jpg
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: 995e2aca18a20c8e1007e5d647faa600907b1a237c633fd7b9f7dbaa23beac81

Request headers

:path: /wp-content/uploads/2020/12/combustivelFotoMarcosSantos001-300x200.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
last-modified: Tue, 29 Dec 2020 22:19:52 GMT
server: Apache
vary: User-Agent
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 15942
expires: Sun, 27 Jun 2021 08:08:22 GMT

GET
H2 200 pandemia_fim_de_ano-300x200.png
opovoemfoco.com/wp-content/uploads/2020/12/ 54 KB
55 KB 167ms
164ms Image
image/png 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://opovoemfoco.com/wp-content/uploads/2020/12/pandemia_fim_de_ano-300x200.png
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: 658fc82cab2e749e613b64b4b9e80fc14677773de8ab9677a739b9ce5a3def27

Request headers

:path: /wp-content/uploads/2020/12/pandemia_fim_de_ano-300x200.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
last-modified: Tue, 22 Dec 2020 17:44:00 GMT
server: Apache
vary: User-Agent
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 55743
expires: Sun, 27 Jun 2021 08:08:22 GMT

GET
H2 200 64354276_2733116076705112_7691367836710600704_n-300x200.jpg
opovoemfoco.com/wp-content/uploads/2020/12/ 9 KB
9 KB 169ms
165ms Image
image/jpeg 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://opovoemfoco.com/wp-content/uploads/2020/12/64354276_2733116076705112_7691367836710600704_n-300x200.jpg
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: f353e91b2f6882817486cb4c31da79a519c6e29de2359880352ab14f2b11ac78

Request headers

:path: /wp-content/uploads/2020/12/64354276_2733116076705112_7691367836710600704_n-300x200.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
last-modified: Tue, 22 Dec 2020 02:41:12 GMT
server: Apache
vary: User-Agent
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 9611
expires: Sun, 27 Jun 2021 08:08:22 GMT

GET
H2 200 64354276_2733116076705112_7691367836710600704_n-600x400.jpg
opovoemfoco.com/wp-content/uploads/2020/12/ 27 KB
27 KB 166ms
163ms Image
image/jpeg 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://opovoemfoco.com/wp-content/uploads/2020/12/64354276_2733116076705112_7691367836710600704_n-600x400.jpg
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: 4778dcab6b996cd56cf5b0650f970a88bb5dc045504e2c80dbc22a7ff6c1937f

Request headers

:path: /wp-content/uploads/2020/12/64354276_2733116076705112_7691367836710600704_n-600x400.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
last-modified: Tue, 22 Dec 2020 02:41:12 GMT
server: Apache
vary: User-Agent
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 27662
expires: Sun, 27 Jun 2021 08:08:22 GMT

GET
H2 200 campanha-de-vacinacao-contra-covid-condemat-edited-300x200.png
opovoemfoco.com/wp-content/uploads/2020/12/ 49 KB
50 KB 166ms
163ms Image
image/png 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://opovoemfoco.com/wp-content/uploads/2020/12/campanha-de-vacinacao-contra-covid-condemat-edited-300x200.png
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: b347e21baf5cae51c305d98fe76947aaaa6dd86bedd2141025ff5ca2acf63f8e

Request headers

:path: /wp-content/uploads/2020/12/campanha-de-vacinacao-contra-covid-condemat-edited-300x200.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
last-modified: Thu, 10 Dec 2020 17:43:44 GMT
server: Apache
vary: User-Agent
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 50619
expires: Sun, 27 Jun 2021 08:08:22 GMT

GET
H2 200 LuisCamargoxJoseLuizMonteiro-300x200.png
opovoemfoco.com/wp-content/uploads/2020/12/ 105 KB
106 KB 165ms
162ms Image
image/png 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://opovoemfoco.com/wp-content/uploads/2020/12/LuisCamargoxJoseLuizMonteiro-300x200.png
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: 9f09381f73891decdd6ad9d9d14e983e2886a5371abe806bb991ef059cf6a70a

Request headers

:path: /wp-content/uploads/2020/12/LuisCamargoxJoseLuizMonteiro-300x200.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
last-modified: Tue, 08 Dec 2020 18:27:13 GMT
server: Apache
vary: User-Agent
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 107415
expires: Sun, 27 Jun 2021 08:08:22 GMT

GET
H2 200 TCE8-300x200.jpg
opovoemfoco.com/wp-content/uploads/2020/12/ 10 KB
10 KB 174ms
171ms Image
image/jpeg 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://opovoemfoco.com/wp-content/uploads/2020/12/TCE8-300x200.jpg
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: 0fabfd36287fde44b0909f8979e7a5c0cab49f90e6d3c00fe1d4ddaa5637d9dd

Request headers

:path: /wp-content/uploads/2020/12/TCE8-300x200.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
last-modified: Fri, 04 Dec 2020 20:55:58 GMT
server: Apache
vary: User-Agent
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 10483
expires: Sun, 27 Jun 2021 08:08:22 GMT

GET
H2 200 g_1562077566-300x200.jpg
opovoemfoco.com/wp-content/uploads/2019/10/ 11 KB
11 KB 200ms
198ms Image
image/jpeg 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://opovoemfoco.com/wp-content/uploads/2019/10/g_1562077566-300x200.jpg
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: 86293e44d58e1e8f256d27908d26824c28184c4588d7d34a60e5276121c548dc

Request headers

:path: /wp-content/uploads/2019/10/g_1562077566-300x200.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
last-modified: Mon, 07 Oct 2019 12:10:56 GMT
server: Apache
vary: User-Agent
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 11254
expires: Sun, 27 Jun 2021 08:08:22 GMT

GET
H2 200 fase-carnaval-600x400.png
opovoemfoco.com/wp-content/uploads/2021/01/ 220 KB
221 KB 294ms
291ms Image
image/png 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://opovoemfoco.com/wp-content/uploads/2021/01/fase-carnaval-600x400.png
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: 36cba8b96faf45e4d6a6291bf10a7a88ee0f73d13a0640ad3547bdf572b1aed9

Request headers

:path: /wp-content/uploads/2021/01/fase-carnaval-600x400.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
last-modified: Fri, 29 Jan 2021 18:36:43 GMT
server: Apache
vary: User-Agent
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 224944
expires: Sun, 27 Jun 2021 08:08:22 GMT

GET
H2 200 InscricaoAniversarioAruja-300x200.jpeg
opovoemfoco.com/wp-content/uploads/2019/04/ 15 KB
15 KB 293ms
290ms Image
image/jpeg 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://opovoemfoco.com/wp-content/uploads/2019/04/InscricaoAniversarioAruja-300x200.jpeg
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: 8b75a67f5c8b6cfac7c8113bb7c7cf13bed72f7b8c8c299cbb897a6ff9466c31

Request headers

:path: /wp-content/uploads/2019/04/InscricaoAniversarioAruja-300x200.jpeg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
last-modified: Mon, 15 Apr 2019 01:30:43 GMT
server: Apache
vary: User-Agent
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 15585
expires: Sun, 27 Jun 2021 08:08:22 GMT

GET
H2 200 cultura-01-300x200.jpeg
opovoemfoco.com/wp-content/uploads/2019/02/ 9 KB
9 KB 294ms
291ms Image
image/jpeg 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://opovoemfoco.com/wp-content/uploads/2019/02/cultura-01-300x200.jpeg
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: 0139f086e9d87dc85607e71fac32f16532ca97215e38b40682135dd26e19275e

Request headers

:path: /wp-content/uploads/2019/02/cultura-01-300x200.jpeg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
last-modified: Mon, 18 Feb 2019 23:47:52 GMT
server: Apache
vary: User-Agent
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 9461
expires: Sun, 27 Jun 2021 08:08:22 GMT

GET
H2 200 flame-580342_1920-300x200.jpg
opovoemfoco.com/wp-content/uploads/2020/12/ 9 KB
9 KB 293ms
290ms Image
image/jpeg 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://opovoemfoco.com/wp-content/uploads/2020/12/flame-580342_1920-300x200.jpg
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: a7848e0345cbfdda55325a5e4804dacac9b5885411c1be9dc63bac8b04894af0

Request headers

:path: /wp-content/uploads/2020/12/flame-580342_1920-300x200.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
last-modified: Thu, 03 Dec 2020 11:03:07 GMT
server: Apache
vary: User-Agent
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 9280
expires: Sun, 27 Jun 2021 08:08:22 GMT

GET
H2 200 IMG-20190313-WA0062.jpg
opovoemfoco.com/wp-content/uploads/2019/03/ 16 KB
16 KB 430ms
428ms Image
image/jpeg 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://opovoemfoco.com/wp-content/uploads/2019/03/IMG-20190313-WA0062.jpg
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: 7ed0f094ab5e56199e6f86d3a19c8faa75801ef8f1b6824bef8fc0869fb93514

Request headers

:path: /wp-content/uploads/2019/03/IMG-20190313-WA0062.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
last-modified: Wed, 13 Mar 2019 19:38:04 GMT
server: Apache
vary: User-Agent
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 16398
expires: Sun, 27 Jun 2021 08:08:22 GMT

GET
H2 200 IMG-20190227-WA0000-300x200.jpg
opovoemfoco.com/wp-content/uploads/2019/02/ 13 KB
14 KB 429ms
427ms Image
image/jpeg 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://opovoemfoco.com/wp-content/uploads/2019/02/IMG-20190227-WA0000-300x200.jpg
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: 142889913df3fc2d875920871ce23546e0b95937a3e65186c3338f6e3fc228d6

Request headers

:path: /wp-content/uploads/2019/02/IMG-20190227-WA0000-300x200.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
last-modified: Wed, 27 Feb 2019 09:00:32 GMT
server: Apache
vary: User-Agent
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 13691
expires: Sun, 27 Jun 2021 08:08:22 GMT

GET
H2 200 camaraMunicipadeAruja-300x200.jpg
opovoemfoco.com/wp-content/uploads/2019/02/ 15 KB
15 KB 427ms
425ms Image
image/jpeg 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://opovoemfoco.com/wp-content/uploads/2019/02/camaraMunicipadeAruja-300x200.jpg
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: 23fc400a12c29f66e5ccec206bbef0b8256d1896537bbdcf5516ec2933c10bea

Request headers

:path: /wp-content/uploads/2019/02/camaraMunicipadeAruja-300x200.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
last-modified: Sun, 24 Feb 2019 21:33:09 GMT
server: Apache
vary: User-Agent
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 14959
expires: Sun, 27 Jun 2021 08:08:22 GMT

GET
H2 200 IMG-20190514-WA0049-300x200.jpg
opovoemfoco.com/wp-content/uploads/2019/05/ 19 KB
19 KB 423ms
421ms Image
image/jpeg 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://opovoemfoco.com/wp-content/uploads/2019/05/IMG-20190514-WA0049-300x200.jpg
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: f11b175fe8bf3197476825c16801f8c13b0e60aee14f3b5ef627b4990be17a1e

Request headers

:path: /wp-content/uploads/2019/05/IMG-20190514-WA0049-300x200.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
last-modified: Tue, 14 May 2019 18:39:07 GMT
server: Apache
vary: User-Agent
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 19577
expires: Sun, 27 Jun 2021 08:08:22 GMT

GET
H2 200 IMG-20190513-WA0047-300x200.jpg
opovoemfoco.com/wp-content/uploads/2019/05/ 14 KB
14 KB 424ms
422ms Image
image/jpeg 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://opovoemfoco.com/wp-content/uploads/2019/05/IMG-20190513-WA0047-300x200.jpg
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: 9ce3d720e9864d2056ed14be116925c01ae9cd2c176036a181c32f806f802bc7

Request headers

:path: /wp-content/uploads/2019/05/IMG-20190513-WA0047-300x200.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
last-modified: Tue, 14 May 2019 10:09:46 GMT
server: Apache
vary: User-Agent
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 14237
expires: Sun, 27 Jun 2021 08:08:22 GMT

GET
H2 200 IMG-20190430-WA0049-300x200.jpg
opovoemfoco.com/wp-content/uploads/2019/04/ 11 KB
11 KB 423ms
421ms Image
image/jpeg 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://opovoemfoco.com/wp-content/uploads/2019/04/IMG-20190430-WA0049-300x200.jpg
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: 6366599460988d5a2573f89253658648fffa1dec7b363fe8fe8931680da5ff7d

Request headers

:path: /wp-content/uploads/2019/04/IMG-20190430-WA0049-300x200.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
last-modified: Tue, 30 Apr 2019 16:13:13 GMT
server: Apache
vary: User-Agent
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 11612
expires: Sun, 27 Jun 2021 08:08:22 GMT

GET
H2 200 IMG-20190130-WA0036-600x400.jpg
opovoemfoco.com/wp-content/uploads/2019/01/ 44 KB
44 KB 423ms
421ms Image
image/jpeg 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://opovoemfoco.com/wp-content/uploads/2019/01/IMG-20190130-WA0036-600x400.jpg
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: a1d43c3ea114a0038c6a880b6cbf54ea2313fd52d6437c6579c3062703aa8413

Request headers

:path: /wp-content/uploads/2019/01/IMG-20190130-WA0036-600x400.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
last-modified: Wed, 30 Jan 2019 15:29:00 GMT
server: Apache
vary: User-Agent
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 45149
expires: Sun, 27 Jun 2021 08:08:22 GMT

GET
H2 200 agrotoxicos_brasil-600x350.jpg
opovoemfoco.com/wp-content/uploads/2019/07/ 48 KB
48 KB 423ms
422ms Image
image/jpeg 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://opovoemfoco.com/wp-content/uploads/2019/07/agrotoxicos_brasil-600x350.jpg
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: 546ecebb52eb90dcd74cc7f06279be1b7247d2d720318592402ddc8c0585c21a

Request headers

:path: /wp-content/uploads/2019/07/agrotoxicos_brasil-600x350.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
last-modified: Wed, 24 Jul 2019 08:51:46 GMT
server: Apache
vary: User-Agent
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 49380
expires: Sun, 27 Jun 2021 08:08:22 GMT

GET
H2 200 arrecadacao-brumadinho-300x200.png
opovoemfoco.com/wp-content/uploads/2019/01/ 118 KB
118 KB 426ms
426ms Image
image/png 67.23.238.41
DIMENOC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://opovoemfoco.com/wp-content/uploads/2019/01/arrecadacao-brumadinho-300x200.png
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.23.238.41 , United States, ASN33182 (DIMENOC, US),
Reverse DNS: us123-cp.valueserver.com.br
Software: Apache /
Resource Hash: 5dc4d251da696f0cdaccec5c8fc32cad7c6e58448558991d3b8b9435165a9ef0

Request headers

:path: /wp-content/uploads/2019/01/arrecadacao-brumadinho-300x200.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: opovoemfoco.com
referer: https://opovoemfoco.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
last-modified: Tue, 29 Jan 2019 19:03:50 GMT
server: Apache
vary: User-Agent
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 120385
expires: Sun, 27 Jun 2021 08:08:22 GMT

GET
H2 200 portal-v2.html Show response
c.sharethis.mgr.consensu.org/ Frame F436 2 KB
1 KB 10ms
10ms Document
text/html 2600:9000:2182:e400:c:a9b7:ddc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.sharethis.mgr.consensu.org/portal-v2.html
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:e400:c:a9b7:ddc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: ac84513c4c5ea7e4458e91c46e33ba71b56e19fabf93cc079ffcb01a975c2e3d

Request headers

:method: GET
:authority: c.sharethis.mgr.consensu.org
:scheme: https
:path: /portal-v2.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://opovoemfoco.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://opovoemfoco.com/

Response headers

content-type: text/html; charset=utf-8
content-encoding: gzip
cache-control: max-age=3600, public
date: Fri, 28 May 2021 07:25:19 GMT
etag: W/"83a-K1Ex0xzH2LCxSyRnDnyZEg18N68"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 3e9b9356decf1aa720af0bc92acc0586.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: kfhmUI81O5orvz_CAch3TbIeDvg_eA-p7Sw-sx1GJDJ5wUsVaLnQZQ==
age: 2583

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 20ms
20ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=417693967&t=pageview&_s=1&dl=https%3A%2F%2Fopovoemfoco.com%2F&ul=en-us&de=UTF-8&dt=O%20Povo%20em%20Foco%20-%20Jornal%20O%20Povo%20em%20Foco&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=964895365&gjid=349350251&cid=1889738695.1622189303&tid=UA-131835244-1&_gid=1866048443.1622189303&_r=1&gtm=2ou5q1&did=dZGIzZG&z=1725100118

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 28 May 2021 08:08:22 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://opovoemfoco.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210524/r20190131/ 232 KB
86 KB 50ms
47ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210524/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9332066977511089&plah=opovoemfoco.com&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d7401bef80e31a1aa3a2d1daab189dfba7f02a21e7cfef216e011f0c05a74da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 87658
x-xss-protection: 0
server: cafe
etag: 5316214545020586774
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 28 May 2021 08:08:22 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210524/r20190131/ Frame 3513 10 KB
4 KB 14ms
14ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210524/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1dad6cb9a0903898a8f82f89c0d10ee6e94f8459228530fa5df3078100c9f650

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210524/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://opovoemfoco.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://opovoemfoco.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 27 May 2021 22:01:17 GMT
expires: Thu, 10 Jun 2021 22:01:17 GMT
content-type: text/html; charset=UTF-8
etag: 15349191498103243965
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4506
x-xss-protection: 0
age: 36425
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK get_counts Show response
count-server.sharethis.com/v2.0/ 188 B
434 B 558ms
143ms Script
text/javascript 3.213.224.136
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://count-server.sharethis.com/v2.0/get_counts?cb=window.__sharethis__.cb3&url=https%3A%2F%2Fopovoemfoco.com%2F
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.213.224.136 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-213-224-136.compute-1.amazonaws.com
Software: / Express
Resource Hash: 3486c9f9e01ce861333b3952122752ff4849efebdb12e2ae2edcd5d1b19a50a2

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 28 May 2021 08:08:23 GMT
Cache-Control: public, max-age=900
ETag: b02d80bcf9022a9e4f11cddd7a7b66eb
Connection: keep-alive
X-Powered-By: Express
Content-Length: 188
Content-Type: text/javascript; charset=utf-8

GET
H2 200 facebook.svg
platform-cdn.sharethis.com/img/ 301 B
679 B 46ms
11ms Image
image/svg+xml 2600:9000:2182:8a00:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/facebook.svg
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:8a00:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 768d97ec0916217ae82c70aeda3a61b9b0dab344edc4a3240a4f7cd94af00307

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Fri, 14 May 2021 17:58:45 GMT
via: 1.1 4678033b564719cfa85dd7af417223ab.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
server: AmazonS3
age: 1174178
etag: "c6e9be45643e197ce1db1d7e24a99adc"
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-length: 301
x-amz-cf-id: 6oHcmF5u9njVwZ2KFbO-8yak9ehLcvcwU3FI5U0gnRQLsm3gdCENTw==

GET
H2 200 twitter.svg
platform-cdn.sharethis.com/img/ 731 B
1 KB 46ms
12ms Image
image/svg+xml 2600:9000:2182:8a00:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/twitter.svg
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:8a00:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7c93346d4f681a0be90d1dfc19346382a4700f1810f41caa54415688dee1777f

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 18 May 2021 09:16:00 GMT
via: 1.1 4678033b564719cfa85dd7af417223ab.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
server: AmazonS3
age: 859943
etag: "0af2fb38987598376c99e21af17ade45"
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-length: 731
x-amz-cf-id: ZUFJ-dIR47BHY8UXM58xNJdeiFrpOeIRCzDLh8F31Zs0qejUwVBQLw==

GET
H2 200 whatsapp.svg
platform-cdn.sharethis.com/img/ 832 B
1 KB 46ms
12ms Image
image/svg+xml 2600:9000:2182:8a00:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/whatsapp.svg
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:8a00:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 847eb36b4dc4b05f94052dcd98077319e74d882334a106bb9ca451ba211c9c2c

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 18 May 2021 10:59:15 GMT
via: 1.1 4678033b564719cfa85dd7af417223ab.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
server: AmazonS3
age: 853747
etag: "afe7fc60ed757db39a88d2950fce69c9"
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-length: 832
x-amz-cf-id: zGpEruikZvgZ6UbsmCfOW66RC4dC67ughOY1WYEPbWq96lMBFMqm_g==

GET
H2 200 vk.svg
platform-cdn.sharethis.com/img/ 1 KB
973 B 46ms
12ms Image
image/svg+xml 2600:9000:2182:8a00:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/vk.svg
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:8a00:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8ef80b9484ec57f96a4cfe363afe777cb54dd1deda8aae48c7394b8335bca048

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 00:56:45 GMT
content-encoding: gzip
etag: W/"f238e4028c98d372f31a02eebee35a6f"
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
server: AmazonS3
age: 112298
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 4678033b564719cfa85dd7af417223ab.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: 50f4uqQMfLDpV4kl91UixlsOqVyBAYpgkwzDf-j9bIpEkmHR5xh_pg==

GET
H2 200 pinterest.svg
platform-cdn.sharethis.com/img/ 771 B
1 KB 46ms
12ms Image
image/svg+xml 2600:9000:2182:8a00:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/pinterest.svg
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:8a00:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: efc737b4f58cfe73a9bd0e57d7570365701381da31e628b269e7217a0ce3359d

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Mon, 17 May 2021 16:02:42 GMT
via: 1.1 4678033b564719cfa85dd7af417223ab.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
server: AmazonS3
age: 921941
etag: "2b10a062e719c64b686e2e8fcdc216dc"
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-length: 771
x-amz-cf-id: -kopHAtVb0lqLRGVNCY9o-db_pf_k1NzaM4StHCRunWPXHSKOsbgIg==

GET
H2 200 email.svg
platform-cdn.sharethis.com/img/ 343 B
721 B 46ms
13ms Image
image/svg+xml 2600:9000:2182:8a00:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/email.svg
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:8a00:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5f5012132c752db2433e17712d91ef8689f1bc95167b2720e23224c2ae62e009

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Wed, 12 May 2021 01:48:15 GMT
via: 1.1 4678033b564719cfa85dd7af417223ab.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
server: AmazonS3
age: 1405208
etag: "5977437466e857c7ddcadda6f6d88c2a"
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-length: 343
x-amz-cf-id: O1jnAWCixNgVC2_tFgcoUUtma6QmUqD9TKjIG7_0eNor-jWiX6e-rQ==

GET
H2 200 sharethis.svg
platform-cdn.sharethis.com/img/ 514 B
892 B 12ms
10ms Image
image/svg+xml 2600:9000:2182:8a00:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/sharethis.svg
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:8a00:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a83c65bdd0ff9488af9d25720686457ea7295c9c44f9f1d285a0c9ec89bab99

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sat, 15 May 2021 08:11:19 GMT
via: 1.1 4678033b564719cfa85dd7af417223ab.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
server: AmazonS3
age: 1123024
etag: "deecdaa377907db5cc1722fc831670a1"
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-length: 514
x-amz-cf-id: 9CJZEtj8qV4Dw4Au3LmffomI3BqOKn-hnJOuIi3jkPgOiuMiIYdg8A==

GET
H2 200 arrow_left.svg
platform-cdn.sharethis.com/img/ 565 B
944 B 12ms
10ms Image
image/svg+xml 2600:9000:2182:8a00:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/arrow_left.svg
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:8a00:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5c833b1818762f1e134fbb158447fb0b92f2b018b15aa36f2e2405213f830d38

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sat, 08 May 2021 08:49:07 GMT
via: 1.1 4678033b564719cfa85dd7af417223ab.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
server: AmazonS3
age: 1725555
etag: "b55d8d2b9321e381a3c38a4bddb74037"
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-length: 565
x-amz-cf-id: GbugREmsdamHj58bpbDg_LOEHomhbuCVKTRzyNxI_sXuArnDHiaChw==

GET
H2 200 arrow_right.svg
platform-cdn.sharethis.com/img/ 565 B
942 B 12ms
10ms Image
image/svg+xml 2600:9000:2182:8a00:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/arrow_right.svg
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2182:8a00:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1bae747c7fd090f56608956a97c870391e1c43f89d24d5766129b75628985c1e

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Fri, 14 May 2021 17:59:03 GMT
via: 1.1 4678033b564719cfa85dd7af417223ab.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
server: AmazonS3
age: 1174160
etag: "9928d025bd5792b718ee0a185f62e67c"
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-length: 565
x-amz-cf-id: sGP_DoxvyLrT8dNWbwmCeep23nfXHl0msXY0g2Lb-Ou7xOzrjuwtFA==

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 205 B
263 B 69ms
68ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=opovoemfoco.com&callback=_gfp_s_&client=ca-pub-9332066977511089

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210524/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9332066977511089&plah=opovoemfoco.com&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

054e2d18a62aa37e22197f207de266ba9fad9260d840725394f62ad3782a2a4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 194
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 23ms
21ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=opovoemfoco.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 28 May 2021 08:08:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 22ms
21ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=opovoemfoco.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 28 May 2021 08:08:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9DDA 19 KB
2 KB 69ms
69ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&adk=1812271804&adf=3025194257&lmt=1622189302&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fopovoemfoco.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189302595&bpp=5&bdt=859&idt=139&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6138441665258&frm=20&pv=2&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=191

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0b2c56f3ae0352662a9670dfb537517f8d7f69c2c99792041cdf5da6b94e99e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9332066977511089&output=html&adk=1812271804&adf=3025194257&lmt=1622189302&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fopovoemfoco.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189302595&bpp=5&bdt=859&idt=139&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6138441665258&frm=20&pv=2&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=191
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://opovoemfoco.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://opovoemfoco.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 28 May 2021 08:08:22 GMT
server: cafe
content-length: 1655
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 28-May-2021 08:23:22 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 28 May 2021 08:08:22 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
27 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f359cea41f7e97a585f44c7c318c4f2314b2981060da1623e39d8d348ff9150

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622028727180027"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27990
x-xss-protection: 0
expires: Fri, 28 May 2021 08:08:22 GMT

GET
H/1.1 204
No Content pview Show response
l.sharethis.com/ 0
337 B 58ms
57ms XHR
text/plain 52.29.0.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://l.sharethis.com/pview?event=pview&hostname=opovoemfoco.com&location=%2F&product=unknown&url=https%3A%2F%2Fopovoemfoco.com%2F&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=O%20Povo%20em%20Foco%20-%20Jornal%20O%20Povo%20em%20Foco&cms=unknown&publisher=5c32c06b6aa2aa0011451f69&sop=true&bsamesite=true&consent_cookie_duration=672&consent_duration=672&gdpr_domain=.consensu.org&gdpr_method=cookie&version=st_sop.js&lang=en&description=Jornal%20O%20Povo%20em%20Foco
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.0.64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-29-0-64.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 28 May 2021 08:08:22 GMT
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: https://opovoemfoco.com
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
718 B 30ms
29ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=opovoemfoco.com

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 28 May 2021 08:08:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 32ms
30ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=opovoemfoco.com

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 28 May 2021 08:08:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6365 93 KB
33 KB 689ms
688ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=600&adk=2562254491&adf=3253293875&pi=t.aa~a.2594507593~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x600&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=5&bdt=1263&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0&nras=2&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=1449&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=vfMVYJQuUJ&p=https%3A//opovoemfoco.com&dtd=54

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fdcfb16c177192bab98613cd3ece660d0cd85719b16739615b3056609f14fc21

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COmrrYn26_ACFQNiFQgd2GwPOA&gqi=96SwYLfXBMTytwfnm4WoDA&layout=/sadbundle/%24csp%253Der3%24/16986808040249150219/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9332066977511089&output=html&h=600&adk=2562254491&adf=3253293875&pi=t.aa~a.2594507593~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x600&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=5&bdt=1263&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0&nras=2&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=1449&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=vfMVYJQuUJ&p=https%3A//opovoemfoco.com&dtd=54
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://opovoemfoco.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://opovoemfoco.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COmrrYn26_ACFQNiFQgd2GwPOA&gqi=96SwYLfXBMTytwfnm4WoDA&layout=/sadbundle/%24csp%253Der3%24/16986808040249150219/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 28 May 2021 08:08:23 GMT
server: cafe
content-length: 34107
x-xss-protection: 0
set-cookie: IDE=AHWqTUl8Uc7gHKNCnt4JF6vfqvJdpC3YR2J4qNM7YUvW7VJ-VPdVwsUYtsJ8OFUaUTA; expires=Wed, 22-Jun-2022 08:08:23 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 28 May 2021 08:08:23 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8BC2 16 KB
7 KB 490ms
489ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=280&adk=419266829&adf=4214403535&pi=t.aa~a.3242869890~rp.3&w=430&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=430x280&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600&nras=3&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1511&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Q2YNh3ihEz&p=https%3A//opovoemfoco.com&dtd=63

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

063bae7d5926f34fcadc7d5bd53c7345dc319b7aa3b16ea8db7266e2a9eb2c96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9332066977511089&output=html&h=280&adk=419266829&adf=4214403535&pi=t.aa~a.3242869890~rp.3&w=430&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=430x280&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600&nras=3&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1511&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Q2YNh3ihEz&p=https%3A//opovoemfoco.com&dtd=63
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://opovoemfoco.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://opovoemfoco.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 28 May 2021 08:08:23 GMT
server: cafe
content-length: 7127
x-xss-protection: 0
set-cookie: IDE=AHWqTUkbGiSaK9_UedFk2NHrIRYxHpN2tvoV0bbW73TJNCraD2ObHRTT6b_dywSp0es; expires=Wed, 22-Jun-2022 08:08:23 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 28 May 2021 08:08:23 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DDE3 93 KB
33 KB 848ms
847ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=600&adk=2562254491&adf=4276347427&pi=t.aa~a.3891073050~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x600&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280&nras=4&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=2552&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=WdhEJn3e9x&p=https%3A//opovoemfoco.com&dtd=77

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11524b66217eac379fd5ee24d150dc0999d8510e63034efab37670a28d8dc591

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COubron26_ACFTllFQgdmikItw&gqi=96SwYLCBBtvOtwfXmJOwBw&layout=/sadbundle/%24csp%253Der3%24/16986808040249150219/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9332066977511089&output=html&h=600&adk=2562254491&adf=4276347427&pi=t.aa~a.3891073050~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x600&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280&nras=4&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=2552&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=WdhEJn3e9x&p=https%3A//opovoemfoco.com&dtd=77
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://opovoemfoco.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://opovoemfoco.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COubron26_ACFTllFQgdmikItw&gqi=96SwYLCBBtvOtwfXmJOwBw&layout=/sadbundle/%24csp%253Der3%24/16986808040249150219/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 28 May 2021 08:08:23 GMT
server: cafe
content-length: 34195
x-xss-protection: 0
set-cookie: IDE=AHWqTUm53WdnX55SQ79SpAH26mXFrryvD7DFdjxcJKJcUPrwOW8F5kui8rmxbdrhzMs; expires=Wed, 22-Jun-2022 08:08:23 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 28 May 2021 08:08:23 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4578 15 KB
7 KB 176ms
176ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=280&adk=133357044&adf=45620500&pi=t.aa~a.4162979979~rp.3&w=430&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=430x280&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=1&bdt=1264&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280%2C300x600&nras=5&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=2956&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=7bmLuCXW8F&p=https%3A//opovoemfoco.com&dtd=82

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

46e501ef3758e7be7dea2c33d72786d45f610e682b24bffd8da2090ae8b06e97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9332066977511089&output=html&h=280&adk=133357044&adf=45620500&pi=t.aa~a.4162979979~rp.3&w=430&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=430x280&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=1&bdt=1264&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280%2C300x600&nras=5&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=2956&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=7bmLuCXW8F&p=https%3A//opovoemfoco.com&dtd=82
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://opovoemfoco.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://opovoemfoco.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 28 May 2021 08:08:23 GMT
server: cafe
content-length: 7039
x-xss-protection: 0
set-cookie: IDE=AHWqTUmkApZk8Q4hV7WYbQ8xhx2kWnhGXaDP3PjSrYEe8RcTS1o1aRPzPmf0-8XeEFo; expires=Wed, 22-Jun-2022 08:08:23 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 28 May 2021 08:08:23 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4249 108 KB
35 KB 345ms
344ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=240&adk=2224437777&adf=1742890281&pi=t.aa~a.255320007~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x240&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1263&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280%2C300x600%2C430x280&nras=6&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=3761&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=BqTbiRK3gN&p=https%3A//opovoemfoco.com&dtd=86

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0f1326c79eb459f8e2c24cfbe32aa15fb387e93c990639c170ccabbe9b3ecd01

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPWqr4n26_ACFSdJFQgdNHgEgg&gqi=96SwYJCSB5GRtgeV27aoAw&layout=/sadbundle/%24csp%253Der3%24/5442514344972767536/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9332066977511089&output=html&h=240&adk=2224437777&adf=1742890281&pi=t.aa~a.255320007~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x240&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1263&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280%2C300x600%2C430x280&nras=6&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=3761&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=BqTbiRK3gN&p=https%3A//opovoemfoco.com&dtd=86
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://opovoemfoco.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://opovoemfoco.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPWqr4n26_ACFSdJFQgdNHgEgg&gqi=96SwYJCSB5GRtgeV27aoAw&layout=/sadbundle/%24csp%253Der3%24/5442514344972767536/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 28 May 2021 08:08:23 GMT
server: cafe
content-length: 35648
x-xss-protection: 0
set-cookie: IDE=AHWqTUm6dD8LJgG0YbiFePP8g4H1zxgB2hM46nXA66jiQLEh4fVpXwCd4EnKFiTb4os; expires=Wed, 22-Jun-2022 08:08:23 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 28 May 2021 08:08:23 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame BDC3 108 KB
35 KB 332ms
332ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=100&adk=3941245255&adf=2053992917&pi=t.aa~a.1229739246~rp.3&w=430&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=430x100&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=2&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280%2C300x600%2C430x280%2C300x240&nras=7&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=4226&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=XYcxN1DZhy&p=https%3A//opovoemfoco.com&dtd=91

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

581fcf751e03dc8cd4a3f6f8c1ff93a30ac92fc3d7d2a64943c842c1cc00b117

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPu9r4n26_ACFaVJFQgdGf0C8w&gqi=96SwYLSfB8i5tgfNkIb4Bw&layout=/sadbundle/%24csp%253Der3%24/14836163691176517106/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9332066977511089&output=html&h=100&adk=3941245255&adf=2053992917&pi=t.aa~a.1229739246~rp.3&w=430&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=430x100&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=2&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280%2C300x600%2C430x280%2C300x240&nras=7&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=4226&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=XYcxN1DZhy&p=https%3A//opovoemfoco.com&dtd=91
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://opovoemfoco.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://opovoemfoco.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPu9r4n26_ACFaVJFQgdGf0C8w&gqi=96SwYLSfB8i5tgfNkIb4Bw&layout=/sadbundle/%24csp%253Der3%24/14836163691176517106/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 28 May 2021 08:08:23 GMT
server: cafe
content-length: 35479
x-xss-protection: 0
set-cookie: IDE=AHWqTUndjM8Y10mS_KDgzGX6Fbnr3T4ixyYsWX99dOni8Wca85FJYlCGMpHk9CkSTBo; expires=Wed, 22-Jun-2022 08:08:23 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 28 May 2021 08:08:23 GMT
cache-control: private

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 253C 0
0 51ms
50ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CzP5s96SwYNLvBovN1fAPt9-7mA-Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTkzMzIwNjY5Nzc1MTEwODmgAcKu6N0DyAEJqQL2ymYTNnO0PqgDAaoE1gFP0DoTplVXfmgezT44Rj9qwDGLxhR8NtG8JtzBaMTaUlky4FPPe-po3ViMA0BALqwGciVcpjPlWOhpBakuOFr2O7eP5zfTydY6q-0nQKIJFc_HeK4jJGM9tWWGBMzWVsBImfN9seRxnIKdyOorYoKBk9WsHMzj6nHTxuO0iFT5zBglxkUu1LmofYMPKWAM-N7Me4Zj555UpNxhrag8j_wJ_xeeINI5QgIGd3oOHw0RGr99tfJjt9Rl-0lhh-rKMxmA1QbMmtMn3_bRx_RbFVnCrAuzV0FZgAa4vcSTyJTXop8BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHipyxAtgHANIIBwiA4YAQEAGACgH6CwIIAYAMAdAVAYAXAbIXGAoWEhRwdWItOTMzMjA2Njk3NzUxMTA4OQ&sigh=2mJZoX8a1Jk

Requested by

Host: opovoemfoco.com
URL: https://opovoemfoco.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=280&adk=133357044&adf=45620500&pi=t.aa~a.4162979979~rp.3&w=430&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=430x280&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=1&bdt=1264&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280%2C300x600&nras=5&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=2956&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=7bmLuCXW8F&p=https%3A//opovoemfoco.com&dtd=82
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Fri, 28 May 2021 08:08:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame 253C 0
0 31ms
15ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1g18z7ywpbhm3pcseshejpf1ma1awsq28ggej8zwkvmtzssdeeng08smnb8kkdbadg586s0whjj0rzxkfwyvesf5xwe88191rv9dm0g3by4z3k4jf8e7he39a251fpnswmf4v1r4amnjrt6w833ns6sa9gt30n02tdj2rwm9xkxnmc8wqhep5z7r1gdcms2bfwve2cs2svddg205dsn48ndcg3bxc4byyqj3s2bs40w6tycz20raa2w6sjnh448kknxnfwa88btehbt12ryma5f00t7g7kkdhch4cy1ce6chjg38p71xqck08yxqmnppsmscw79ab6cp1ata4tg208ad1bs1084tavscs0eq9yw5q53kf8b0xe0mgm8kcbm89e4c57s9&b=YLCk9wABt9IIFWaLAA7vtyhJvvYgsUqUJJZSgQ
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 28 May 2021 08:08:23 GMT
via: 1.1 google
alt-svc: clear
content-type: image/gif

GET
H2 200 dr Show response
ad4m.at/ad/ Frame A9BF 2 KB
2 KB 50ms
31ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad4m.at/ad/dr?ed=1gpyv9vpd8rx1gerc99gf0kkjtt4e3pb076vz234dv8ataae417c3d0bq2bjenvaewf2a8cvxc9cgq9a69yav6vywjzpsa8d4m20jgyh3r9ja9ka27hcrgkwet5ny4678jzsc6he6ft117ypz65c1wht296a23sf8yt8d78gzdvyakne57ngf64cmjk9q9tb2tgj1b4hvqrv8ssgn0enxb35bfwn5d7akrgsrt46jcr18c1rne8znpsjyvejw2mpvtd8m3tz3v9w3jrzyhjnkhvdqfh3m0axgejy02s3w8mqm3mdv5t7259ex2caha8hyqb920psn0eh8eq7rv7zb7y64cjzhyyna45av6fnw6yhmwa15ykxzq01pt834&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCmCAq96SwYNLvBovN1fAPt9-7mA-Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTkzMzIwNjY5Nzc1MTEwODmgAcKu6N0DyAEJqQL2ymYTNnO0PqgDAaoE2QFP0DoTplVXfmgezT44Rj9qwDGLxhR8NtG8JtzBaMTaUlky4FPPe-po3ViMA0BALqwGciVcpjPlWOhpBakuOFr2O7eP5zfTydY6q-0nQKIJFc_HeK4jJGM9tWWGBMzWVsBImfN9seRxnIKdyOorYoKBk9WsHMzj6nHTxuO0iFT5zBglxkUu1LmofYMPKWAM-N7Me4Zj555UpNxhrag8j_wJ_xeeINI5QgIGd3oOHw0RGr99tfJjt9Rl-0lhh-rKMxmA1QbM2NEqTSEEQLSTkhFUdkIhpXhNCJF4gAa4vcSTyJTXop8BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHipyxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3uDr--Oq0PM8dGa-CfOQ3uDGB6bA%26client%3Dca-pub-9332066977511089%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=280&adk=133357044&adf=45620500&pi=t.aa~a.4162979979~rp.3&w=430&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=430x280&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=1&bdt=1264&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280%2C300x600&nras=5&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=2956&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=7bmLuCXW8F&p=https%3A//opovoemfoco.com&dtd=82

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b1ab923e96eccf0eb1f421a78781a102ad8885ddcae4ee9328f8512215945b6b

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /ad/dr?ed=1gpyv9vpd8rx1gerc99gf0kkjtt4e3pb076vz234dv8ataae417c3d0bq2bjenvaewf2a8cvxc9cgq9a69yav6vywjzpsa8d4m20jgyh3r9ja9ka27hcrgkwet5ny4678jzsc6he6ft117ypz65c1wht296a23sf8yt8d78gzdvyakne57ngf64cmjk9q9tb2tgj1b4hvqrv8ssgn0enxb35bfwn5d7akrgsrt46jcr18c1rne8znpsjyvejw2mpvtd8m3tz3v9w3jrzyhjnkhvdqfh3m0axgejy02s3w8mqm3mdv5t7259ex2caha8hyqb920psn0eh8eq7rv7zb7y64cjzhyyna45av6fnw6yhmwa15ykxzq01pt834&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCmCAq96SwYNLvBovN1fAPt9-7mA-Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTkzMzIwNjY5Nzc1MTEwODmgAcKu6N0DyAEJqQL2ymYTNnO0PqgDAaoE2QFP0DoTplVXfmgezT44Rj9qwDGLxhR8NtG8JtzBaMTaUlky4FPPe-po3ViMA0BALqwGciVcpjPlWOhpBakuOFr2O7eP5zfTydY6q-0nQKIJFc_HeK4jJGM9tWWGBMzWVsBImfN9seRxnIKdyOorYoKBk9WsHMzj6nHTxuO0iFT5zBglxkUu1LmofYMPKWAM-N7Me4Zj555UpNxhrag8j_wJ_xeeINI5QgIGd3oOHw0RGr99tfJjt9Rl-0lhh-rKMxmA1QbM2NEqTSEEQLSTkhFUdkIhpXhNCJF4gAa4vcSTyJTXop8BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHipyxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3uDr--Oq0PM8dGa-CfOQ3uDGB6bA%26client%3Dca-pub-9332066977511089%26adurl%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Fri, 28 May 2021 08:08:23 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https://as.ad4m.at/ad/vre"}],"group":"report-endpoint","max_age":86400}
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0"}
expires: 0
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy: block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
referrer-policy: same-origin
pragma: no-cache
surrogate-control: no-store
x-fastcgi-cache: BYPASS
x-backend-server: adsrv-7d3s
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-request-id: 0a539d7e1400004aa3470b8000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6565fea9bbfa4aa3-FRA
content-encoding: br

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame 253C 2 KB
1 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:04:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Jun 2021 08:04:32 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 1A7D 1 KB
749 B 13ms
12ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 28 May 2021 03:14:09 GMT
expires: Sat, 29 May 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 17654
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 253C 121 KB
37 KB 32ms
29ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e45ca14bc59eff23fa77a56b5a047910b4bb21832fb69ef9308c3e16caabbe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622028738751036"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37763
x-xss-protection: 0
expires: Fri, 28 May 2021 08:08:23 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame 253C 13 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

684722f2ec67f3a1b4aad3b445dd37b60d048d66701dfff1f5c40b3bad4fae8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:05:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 177
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5635
x-xss-protection: 0
server: cafe
etag: 1319581658596578636
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Jun 2021 08:05:26 GMT

GET
DATA 200
OK truncated
/ Frame 253C 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f31e06b14eedac7dbd09f17a0dcff197375200d21b1cbf3457f7bd8c940340fc

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 default.css
ad4m.at/0.1.122-318/style/one-ad/ Frame A9BF 58 KB
59 KB 43ms
18ms Stylesheet
text/css 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/0.1.122-318/style/one-ad/default.css
Requested by: Host: ad4m.at
URL: https://ad4m.at/ad/dr?ed=1gpyv9vpd8rx1gerc99gf0kkjtt4e3pb076vz234dv8ataae417c3d0bq2bjenvaewf2a8cvxc9cgq9a69yav6vywjzpsa8d4m20jgyh3r9ja9ka27hcrgkwet5ny4678jzsc6he6ft117ypz65c1wht296a23sf8yt8d78gzdvyakne57ngf64cmjk9q9tb2tgj1b4hvqrv8ssgn0enxb35bfwn5d7akrgsrt46jcr18c1rne8znpsjyvejw2mpvtd8m3tz3v9w3jrzyhjnkhvdqfh3m0axgejy02s3w8mqm3mdv5t7259ex2caha8hyqb920psn0eh8eq7rv7zb7y64cjzhyyna45av6fnw6yhmwa15ykxzq01pt834&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCmCAq96SwYNLvBovN1fAPt9-7mA-Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTkzMzIwNjY5Nzc1MTEwODmgAcKu6N0DyAEJqQL2ymYTNnO0PqgDAaoE2QFP0DoTplVXfmgezT44Rj9qwDGLxhR8NtG8JtzBaMTaUlky4FPPe-po3ViMA0BALqwGciVcpjPlWOhpBakuOFr2O7eP5zfTydY6q-0nQKIJFc_HeK4jJGM9tWWGBMzWVsBImfN9seRxnIKdyOorYoKBk9WsHMzj6nHTxuO0iFT5zBglxkUu1LmofYMPKWAM-N7Me4Zj555UpNxhrag8j_wJ_xeeINI5QgIGd3oOHw0RGr99tfJjt9Rl-0lhh-rKMxmA1QbM2NEqTSEEQLSTkhFUdkIhpXhNCJF4gAa4vcSTyJTXop8BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHipyxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3uDr--Oq0PM8dGa-CfOQ3uDGB6bA%26client%3Dca-pub-9332066977511089%26adurl%3D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 494627acb3c86254c238efaf66afcaf30d4293c7512a37a72b51a380d55e3880

Request headers

Referer: https://ad4m.at/ad/dr?ed=1gpyv9vpd8rx1gerc99gf0kkjtt4e3pb076vz234dv8ataae417c3d0bq2bjenvaewf2a8cvxc9cgq9a69yav6vywjzpsa8d4m20jgyh3r9ja9ka27hcrgkwet5ny4678jzsc6he6ft117ypz65c1wht296a23sf8yt8d78gzdvyakne57ngf64cmjk9q9tb2tgj1b4hvqrv8ssgn0enxb35bfwn5d7akrgsrt46jcr18c1rne8znpsjyvejw2mpvtd8m3tz3v9w3jrzyhjnkhvdqfh3m0axgejy02s3w8mqm3mdv5t7259ex2caha8hyqb920psn0eh8eq7rv7zb7y64cjzhyyna45av6fnw6yhmwa15ykxzq01pt834&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCmCAq96SwYNLvBovN1fAPt9-7mA-Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTkzMzIwNjY5Nzc1MTEwODmgAcKu6N0DyAEJqQL2ymYTNnO0PqgDAaoE2QFP0DoTplVXfmgezT44Rj9qwDGLxhR8NtG8JtzBaMTaUlky4FPPe-po3ViMA0BALqwGciVcpjPlWOhpBakuOFr2O7eP5zfTydY6q-0nQKIJFc_HeK4jJGM9tWWGBMzWVsBImfN9seRxnIKdyOorYoKBk9WsHMzj6nHTxuO0iFT5zBglxkUu1LmofYMPKWAM-N7Me4Zj555UpNxhrag8j_wJ_xeeINI5QgIGd3oOHw0RGr99tfJjt9Rl-0lhh-rKMxmA1QbM2NEqTSEEQLSTkhFUdkIhpXhNCJF4gAa4vcSTyJTXop8BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHipyxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3uDr--Oq0PM8dGa-CfOQ3uDGB6bA%26client%3Dca-pub-9332066977511089%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=XxVHlg==, md5=RCdMWH7YOCWDIhuwI9UcWg==
date: Fri, 28 May 2021 08:08:23 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 5742556
cf-polished: origSize=59196
x-guploader-uploadid: ABg5-Uy4aivieyuBWrRiQC4_Ppn1uUsCErWp3PCNabOAR1DHIeajjF0MmTZg9JuSRGfocIdDxNZdYx3-JXnC-nTF81uHDLT_kw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 58969
cf-request-id: 0a539d7eab0000d6c93a390000000001
last-modified: Tue, 16 Mar 2021 10:53:32 GMT
server: cloudflare
etag: "44274c587ed8382583221bb023d51c5a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=7c1bMsw2tBbaAJrB1hoEl3I%2B5VOJXRVQi%2BBMAkUTe6nyFuulQjBANd%2B5NcBzbXPC364SQuo0tZBJd4DDib6kokzgQiwrWmmSv7B3qGeofTkMqpsO6Mad8kTDalqt2Xgq"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1615892011975494
content-type: text/css
expires: Tue, 22 Mar 2022 20:59:07 GMT
cache-control: public, max-age=31536000, no-transform
x-goog-stored-content-length: 6688
accept-ranges: bytes
cf-ray: 6565feaaab04d6c9-FRA
cf-bgj: minify

GET
H3-29 200 fxpcopuw.js Show response
ad4m.at/ Frame A9BF 36 KB
12 KB 65ms
39ms Script
application/javascript 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/fxpcopuw.js
Requested by: Host: ad4m.at
URL: https://ad4m.at/ad/dr?ed=1gpyv9vpd8rx1gerc99gf0kkjtt4e3pb076vz234dv8ataae417c3d0bq2bjenvaewf2a8cvxc9cgq9a69yav6vywjzpsa8d4m20jgyh3r9ja9ka27hcrgkwet5ny4678jzsc6he6ft117ypz65c1wht296a23sf8yt8d78gzdvyakne57ngf64cmjk9q9tb2tgj1b4hvqrv8ssgn0enxb35bfwn5d7akrgsrt46jcr18c1rne8znpsjyvejw2mpvtd8m3tz3v9w3jrzyhjnkhvdqfh3m0axgejy02s3w8mqm3mdv5t7259ex2caha8hyqb920psn0eh8eq7rv7zb7y64cjzhyyna45av6fnw6yhmwa15ykxzq01pt834&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCmCAq96SwYNLvBovN1fAPt9-7mA-Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTkzMzIwNjY5Nzc1MTEwODmgAcKu6N0DyAEJqQL2ymYTNnO0PqgDAaoE2QFP0DoTplVXfmgezT44Rj9qwDGLxhR8NtG8JtzBaMTaUlky4FPPe-po3ViMA0BALqwGciVcpjPlWOhpBakuOFr2O7eP5zfTydY6q-0nQKIJFc_HeK4jJGM9tWWGBMzWVsBImfN9seRxnIKdyOorYoKBk9WsHMzj6nHTxuO0iFT5zBglxkUu1LmofYMPKWAM-N7Me4Zj555UpNxhrag8j_wJ_xeeINI5QgIGd3oOHw0RGr99tfJjt9Rl-0lhh-rKMxmA1QbM2NEqTSEEQLSTkhFUdkIhpXhNCJF4gAa4vcSTyJTXop8BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHipyxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3uDr--Oq0PM8dGa-CfOQ3uDGB6bA%26client%3Dca-pub-9332066977511089%26adurl%3D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c01c98dc32c9889b4120afd376d61fe7a172b6cb323b48011b71572a4d97ff8a

Request headers

Referer: https://ad4m.at/ad/dr?ed=1gpyv9vpd8rx1gerc99gf0kkjtt4e3pb076vz234dv8ataae417c3d0bq2bjenvaewf2a8cvxc9cgq9a69yav6vywjzpsa8d4m20jgyh3r9ja9ka27hcrgkwet5ny4678jzsc6he6ft117ypz65c1wht296a23sf8yt8d78gzdvyakne57ngf64cmjk9q9tb2tgj1b4hvqrv8ssgn0enxb35bfwn5d7akrgsrt46jcr18c1rne8znpsjyvejw2mpvtd8m3tz3v9w3jrzyhjnkhvdqfh3m0axgejy02s3w8mqm3mdv5t7259ex2caha8hyqb920psn0eh8eq7rv7zb7y64cjzhyyna45av6fnw6yhmwa15ykxzq01pt834&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCmCAq96SwYNLvBovN1fAPt9-7mA-Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTkzMzIwNjY5Nzc1MTEwODmgAcKu6N0DyAEJqQL2ymYTNnO0PqgDAaoE2QFP0DoTplVXfmgezT44Rj9qwDGLxhR8NtG8JtzBaMTaUlky4FPPe-po3ViMA0BALqwGciVcpjPlWOhpBakuOFr2O7eP5zfTydY6q-0nQKIJFc_HeK4jJGM9tWWGBMzWVsBImfN9seRxnIKdyOorYoKBk9WsHMzj6nHTxuO0iFT5zBglxkUu1LmofYMPKWAM-N7Me4Zj555UpNxhrag8j_wJ_xeeINI5QgIGd3oOHw0RGr99tfJjt9Rl-0lhh-rKMxmA1QbM2NEqTSEEQLSTkhFUdkIhpXhNCJF4gAa4vcSTyJTXop8BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHipyxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3uDr--Oq0PM8dGa-CfOQ3uDGB6bA%26client%3Dca-pub-9332066977511089%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=VHPQMw==, md5=O4FGM/ivTqRkLkRDXbVbMw==
date: Fri, 28 May 2021 08:08:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 52963
x-guploader-uploadid: ABg5-UyHG-hOHMrblKFIYL7z0-xw-9pArwKph-VJrtcWULownBnqKUo-1GLHEGsXvwH8Zp6QorI5FIk9wmVPTpub1M4
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
cf-bgj: minify
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a539d7eaa0000d6c9debdf000000001
last-modified: Thu, 06 May 2021 17:25:03 GMT
server: cloudflare
etag: W/"3b814633f8af4ea4642e44435db55b33"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=kHyt2ECV9%2BxAeX7sePCconSMcaKw2ILEmEHC%2B8GdtXpW9EL3B4sj6IAlKJyhb5NTAvZAl4Ai6B9gYYOYoyqrUiT5F7bA8MzKMQXCQ9MGsg8oT86b2osXUk6JP2SCAgvS"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1620321903630655
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length: 12034
cf-ray: 6565feaaaafbd6c9-FRA
expires: Thu, 27 May 2021 17:25:40 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 1A7D 35 B
463 B 72ms
5ms Image
image/gif 2620:116:800d:21:51e4:db4b:4436:b305
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEAJfcot4adGWX0vanN7-TDo&google_cver=1&google_push=AQvitUIjb7Qv9otnDO7M62rCl4eyZxUXVM6kEOW8E1jAySJcABlWuNGD_5q_gcR65UelzJVz3vmHZiqcbsOsoIgZaJRRAWW8Dl81

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 May 2021 08:08:23 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 1A7D
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitULd893W...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitULd893W...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA1MjgwODA4MjQ2NTg1ODgwODEyODcxOQ%3D%3D&google_push=AQvitULd893WLkZYAFdI6GkEf96ekBt8OCynTwLH5vnRRW-ho911w03HCOqIYoS4Qzn9sL...

170 B
188 B

71ms
70ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA1MjgwODA4MjQ2NTg1ODgwODEyODcxOQ%3D%3D&google_push=AQvitULd893WLkZYAFdI6GkEf96ekBt8OCynTwLH5vnRRW-ho911w03HCOqIYoS4Qzn9sLxi87quGPHFFT3L606Co1eM3AR6tvXi

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 May 2021 08:08:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA1MjgwODA4MjQ2NTg1ODgwODEyODcxOQ%3D%3D&google_push=AQvitULd893WLkZYAFdI6GkEf96ekBt8OCynTwLH5vnRRW-ho911w03HCOqIYoS4Qzn9sLxi87quGPHFFT3L606Co1eM3AR6tvXi
Pragma: no-cache
Date: Fri, 28 May 2021 08:08:24 GMT
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 1A7D 43 B
324 B 147ms
57ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEJ_C494LwTaxUcJITWic2U4&google_push=AQvitUIdzLcrJnmlB8AmNe_H0AJPl4_rpewGIbCLzojfWzK5iAlcKUxXUKty6uXHAXUiLczJvfpWr3-yJDkN8yAgxSZcVBrgaE_y&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=280&adk=133357044&adf=45620500&pi=t.aa~a.4162979979~rp.3&w=430&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=430x280&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=1&bdt=1264&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280%2C300x600&nras=5&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=2956&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=7bmLuCXW8F&p=https%3A//opovoemfoco.com&dtd=82
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 May 2021 08:08:23 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 1A7D
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEF6C6Z5C4uHtSuywxgjxGwo&google_cver=1&google_push=AQvitUIopn3Q2akBm-dlRuAI39nlo4MeNb6a-ghHxzix8ECVcgIkgM6A52zzBB6sCldLv4d7D1zRhFRKgn2_pLXWSFVgJf0b_HXP
https://rtb.openx.net/sync/dds?google_gid=CAESEF6C6Z5C4uHtSuywxgjxGwo&google_cver=1&google_push=AQvitUIopn3Q2akBm-dlRuAI39nlo4MeNb6a-ghHxzix8ECVcgIkgM6A52zzBB6sCldLv4d7D1zRhFRKgn2_pLXWSFVgJf0b_HXP&...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIopn3Q2akBm-dlRuAI39nlo4MeNb6a-ghHxzix8ECVcgIkgM6A52zzBB6sCldLv4d7D1zRhFRKgn2_pLXWSFVgJf0b_HXP&google_hm=nWHXco-OyxwX7NXxoNGmEw==

170 B
188 B

145ms
87ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIopn3Q2akBm-dlRuAI39nlo4MeNb6a-ghHxzix8ECVcgIkgM6A52zzBB6sCldLv4d7D1zRhFRKgn2_pLXWSFVgJf0b_HXP&google_hm=nWHXco-OyxwX7NXxoNGmEw==

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 May 2021 08:08:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 28 May 2021 08:08:23 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUIopn3Q2akBm-dlRuAI39nlo4MeNb6a-ghHxzix8ECVcgIkgM6A52zzBB6sCldLv4d7D1zRhFRKgn2_pLXWSFVgJf0b_HXP&google_hm=nWHXco-OyxwX7NXxoNGmEw==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: 45t3ies0l3422ltn13qln4kl9ht2bfl9

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 1A7D
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Z-SaFBTQSaKqGQpLF8Y5Xw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

142ms
87ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Z-SaFBTQSaKqGQpLF8Y5Xw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUI3RaJd2U9AiAEjRdFz1-b_wlA3AUsuVD9ZY_MG71m_MxXgBCNqV3pJY8acqnW7jiGE1BgCbBiecVX_4Ftpsf5enC3sQrQ

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 May 2021 08:08:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Z-SaFBTQSaKqGQpLF8Y5Xw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUI3RaJd2U9AiAEjRdFz1-b_wlA3AUsuVD9ZY_MG71m_MxXgBCNqV3pJY8acqnW7jiGE1BgCbBiecVX_4Ftpsf5enC3sQrQ
date: Fri, 28 May 2021 08:08:23 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 1A7D
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEBVEX5ev21sJSD5yge3foms&google_cver=1&google_push=AQvitUJLy-bS3XY2tXmQ2TcTMMFa_v23OavYczEXb8VW_LviCwYiNe0xlym0pYqwNp3XHvUC33u...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1A4MU1MSk4tUC1HUkpY&google_push=AQvitUJLy-bS3XY2tXmQ2TcTMMFa_v23OavYczEXb8VW_LviCwYiNe0xlym0pYqwNp3XHvUC33uRIpyeGmXGEPyRH9cp9pxAkm2C

170 B
188 B

169ms
88ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1A4MU1MSk4tUC1HUkpY&google_push=AQvitUJLy-bS3XY2tXmQ2TcTMMFa_v23OavYczEXb8VW_LviCwYiNe0xlym0pYqwNp3XHvUC33uRIpyeGmXGEPyRH9cp9pxAkm2C

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 May 2021 08:08:23 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1A4MU1MSk4tUC1HUkpY&google_push=AQvitUJLy-bS3XY2tXmQ2TcTMMFa_v23OavYczEXb8VW_LviCwYiNe0xlym0pYqwNp3XHvUC33uRIpyeGmXGEPyRH9cp9pxAkm2C
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 1A7D
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEHqFmmbPNNrXwVMncUwmHWM&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEHqFmmbPNNrXwVMncUwmHWM&google_push=AQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25...

0
0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 1A7D 0
236 B 200ms
66ms Image
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J82Lg-mEFX99bNKv4AaQmR7JsZPLS7LV96cZOa32soN32gqeI1DgPFilbHARxNfYtXmSLY

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:23 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/ Frame A797 6 KB
2 KB 29ms
29ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/index.html

Requested by

Host: opovoemfoco.com
URL: https://opovoemfoco.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

243ca6f69aee231807db24289809106b6f50b87697fdf3856493164ea5eabd5a

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/14836163691176517106/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2195
date: Thu, 27 May 2021 09:02:53 GMT
expires: Fri, 27 May 2022 09:02:53 GMT
last-modified: Tue, 06 Oct 2020 13:55:04 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 83130
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 4473 0
0 51ms
51ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CBrzd96SwYLvmB6WT1fAPmfqLmA-Nq8TUYP2zyZiuDLqx8saEGxABILD3qBJglQKgAeSu27sCyAEJqQL2ymYTNnO0PqgDAcgDSKoE2wFP0D-eTntNJeOb_o-PcC4nDMZHLXDbQe8cjznAyjUig1Enu1CfyVtyBK40x3KN9b2bZY0DncD1NGDpdVVCSXpRhXgtjdjE-48KnWX_929Hu43mt3sOM3HaZrOE7fxK7GeW_H7qIwfaQ8LBklPT_DTSm8p9if9UIS_66rg9pALEX6r-15va0UJNpkaCuEfZt65o9fcMwawq7dCU1dm-DpGO43ZLNpmcGhRRa2ozGxzu9DxnbyI4Inb6jh9bgjOGRnzYFMrVX9FatC1zuE7tlZmaNlbQlmk2Pa8rNT7ABNq69oSKA5IFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAeE0aTEAagHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBC8yQjSCAkIgOGAEBABGB-ACgHICwHYEwzQFQGYFgGAFwGyFxoKGAgAEhRwdWItOTMzMjA2Njk3NzUxMTA4OQ&sigh=GUBSWXHWGBo&template_id=419

Requested by

Host: opovoemfoco.com
URL: https://opovoemfoco.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=100&adk=3941245255&adf=2053992917&pi=t.aa~a.1229739246~rp.3&w=430&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=430x100&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=2&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280%2C300x600%2C430x280%2C300x240&nras=7&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=4226&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=XYcxN1DZhy&p=https%3A//opovoemfoco.com&dtd=91
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Fri, 28 May 2021 08:08:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/ Frame 4473 17 KB
7 KB 29ms
27ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=100&adk=3941245255&adf=2053992917&pi=t.aa~a.1229739246~rp.3&w=430&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=430x100&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=2&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280%2C300x600%2C430x280%2C300x240&nras=7&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=4226&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=XYcxN1DZhy&p=https%3A//opovoemfoco.com&dtd=91

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4cc755a99349527933df50f5338a02d972da947a4c25f4a5309f4545ddc40ee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:04:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7025
x-xss-protection: 0
server: cafe
etag: 8821855511435206686
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Jun 2021 08:04:32 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame 4473 2 KB
1 KB 30ms
28ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:06:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 104
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Jun 2021 08:06:39 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4473 121 KB
37 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e45ca14bc59eff23fa77a56b5a047910b4bb21832fb69ef9308c3e16caabbe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622028738751036"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37763
x-xss-protection: 0
expires: Fri, 28 May 2021 08:08:23 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame 4473 13 KB
6 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

684722f2ec67f3a1b4aad3b445dd37b60d048d66701dfff1f5c40b3bad4fae8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:05:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 177
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5635
x-xss-protection: 0
server: cafe
etag: 1319581658596578636
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Jun 2021 08:05:26 GMT

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/ Frame 18DB 11 KB
3 KB 23ms
13ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/index.html

Requested by

Host: opovoemfoco.com
URL: https://opovoemfoco.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dd3fa0ac0babf2ccc9285caa721a145c225a7d5207e9a662f32bf6e8b99e56e

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/5442514344972767536/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2960
date: Tue, 25 May 2021 22:17:13 GMT
expires: Wed, 25 May 2022 22:17:13 GMT
last-modified: Thu, 11 Feb 2021 09:56:43 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
age: 208270
cache-control: public, max-age=31536000
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 1F23 0
0 51ms
49ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CZOYn96SwYLXTB6eS1fAPtPCRkAiNpPKkYcaqg96rDZDvxMedFhABILD3qBJglQKgAaPWsMQDyAEJqQL2ymYTNnO0PqgDAcgDSKoE3AFP0CrGvEidD-iDcC1krbZ_8mWoktyiiWl4RKED7a-bIQ7N7Cs3ydaUMWIbQNvPWVei2-4lfZ3CxRa-nP_yWmrILjVFcD7oRYfbvfevnTgX29rNZGGDspupBeqe5oPxpnOndjRb5kSAPl3o2-fzOFVtp0UTb3jSMEZL6vj5tskIz2knATc-3ERXfZ7gbyqgImhFMQ8b_yry7EcpT_9eId80N6p5kAaQtzjJl9-ki6sq2pk8g5SAbZibWFlpQuOANnOHCh9UOaipd6j7g-0qMaEachMKmTEkk_Z1S6FrwATHz7S-sgKSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAHxanPO6gHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBCqiT_SCAkIgOGAEBABGB-ACgHICwHYEw3QFQGAFwGyFxoKGAgAEhRwdWItOTMzMjA2Njk3NzUxMTA4OQ&sigh=1aY0U9LhV-4&template_id=419

Requested by

Host: opovoemfoco.com
URL: https://opovoemfoco.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=240&adk=2224437777&adf=1742890281&pi=t.aa~a.255320007~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x240&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1263&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280%2C300x600%2C430x280&nras=6&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=3761&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=BqTbiRK3gN&p=https%3A//opovoemfoco.com&dtd=86
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Fri, 28 May 2021 08:08:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/ Frame 1F23 17 KB
7 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=240&adk=2224437777&adf=1742890281&pi=t.aa~a.255320007~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x240&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1263&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280%2C300x600%2C430x280&nras=6&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=3761&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=BqTbiRK3gN&p=https%3A//opovoemfoco.com&dtd=86

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4cc755a99349527933df50f5338a02d972da947a4c25f4a5309f4545ddc40ee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:04:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7025
x-xss-protection: 0
server: cafe
etag: 8821855511435206686
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Jun 2021 08:04:32 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame 1F23 2 KB
1 KB 18ms
14ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:06:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 104
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Jun 2021 08:06:39 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1F23 121 KB
37 KB 24ms
20ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e45ca14bc59eff23fa77a56b5a047910b4bb21832fb69ef9308c3e16caabbe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622028738751036"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37763
x-xss-protection: 0
expires: Fri, 28 May 2021 08:08:23 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame 1F23 13 KB
6 KB 16ms
12ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

684722f2ec67f3a1b4aad3b445dd37b60d048d66701dfff1f5c40b3bad4fae8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:05:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 177
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5635
x-xss-protection: 0
server: cafe
etag: 1319581658596578636
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Jun 2021 08:05:26 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 1F23 0
0 24ms
20ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRJMC1MOVnQbkoG0PAPxybcxbY_eB3lAnusKSy7dQw6XclN9MUeddmzsHVh06A8he4OyFgG_4TW3CGVJ-COI0D08MDHxA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=240&adk=2224437777&adf=1742890281&pi=t.aa~a.255320007~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x240&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1263&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280%2C300x600%2C430x280&nras=6&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=3761&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=BqTbiRK3gN&p=https%3A//opovoemfoco.com&dtd=86
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C93E 143 B
163 B 16ms
12ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=100&adk=3941245255&adf=2053992917&pi=t.aa~a.1229739246~rp.3&w=430&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=430x100&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=2&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280%2C300x600%2C430x280%2C300x240&nras=7&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=4226&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=XYcxN1DZhy&p=https%3A//opovoemfoco.com&dtd=91
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkbGiSaK9_UedFk2NHrIRYxHpN2tvoV0bbW73TJNCraD2ObHRTT6b_dywSp0es
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=100&adk=3941245255&adf=2053992917&pi=t.aa~a.1229739246~rp.3&w=430&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=430x100&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=2&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280%2C300x600%2C430x280%2C300x240&nras=7&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=4226&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=XYcxN1DZhy&p=https%3A//opovoemfoco.com&dtd=91

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 28 May 2021 07:57:10 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 673
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 502 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame A9BF 0
0 42ms
23ms Image
text/html 2606:4700:3032::6815:57ae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: ad4m.at
URL: https://ad4m.at/0.1.122-318/style/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:57ae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 4473 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 179a1be3766eb5573db97f0fdbd19c44b4fe40a893864583cf904fb74f3f17b2

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

POST
H3-29 204 gen_csp
pagead2.googlesyndication.com/pagead/ Frame 4473 0
20 B 46ms
46ms Other
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPu9r4n26_ACFaVJFQgdGf0C8w&gqi=96SwYLSfB8i5tgfNkIb4Bw&layout=/sadbundle/%24csp%253Der3%24/14836163691176517106/index.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Fri, 28 May 2021 08:08:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 frame.html Show response
ad4m.at/ Frame D47C 2 KB
2 KB 20ms
19ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad4m.at/ad/dr?ed=1gpyv9vpd8rx1gerc99gf0kkjtt4e3pb076vz234dv8ataae417c3d0bq2bjenvaewf2a8cvxc9cgq9a69yav6vywjzpsa8d4m20jgyh3r9ja9ka27hcrgkwet5ny4678jzsc6he6ft117ypz65c1wht296a23sf8yt8d78gzdvyakne57ngf64cmjk9q9tb2tgj1b4hvqrv8ssgn0enxb35bfwn5d7akrgsrt46jcr18c1rne8znpsjyvejw2mpvtd8m3tz3v9w3jrzyhjnkhvdqfh3m0axgejy02s3w8mqm3mdv5t7259ex2caha8hyqb920psn0eh8eq7rv7zb7y64cjzhyyna45av6fnw6yhmwa15ykxzq01pt834&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCmCAq96SwYNLvBovN1fAPt9-7mA-Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTkzMzIwNjY5Nzc1MTEwODmgAcKu6N0DyAEJqQL2ymYTNnO0PqgDAaoE2QFP0DoTplVXfmgezT44Rj9qwDGLxhR8NtG8JtzBaMTaUlky4FPPe-po3ViMA0BALqwGciVcpjPlWOhpBakuOFr2O7eP5zfTydY6q-0nQKIJFc_HeK4jJGM9tWWGBMzWVsBImfN9seRxnIKdyOorYoKBk9WsHMzj6nHTxuO0iFT5zBglxkUu1LmofYMPKWAM-N7Me4Zj555UpNxhrag8j_wJ_xeeINI5QgIGd3oOHw0RGr99tfJjt9Rl-0lhh-rKMxmA1QbM2NEqTSEEQLSTkhFUdkIhpXhNCJF4gAa4vcSTyJTXop8BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHipyxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3uDr--Oq0PM8dGa-CfOQ3uDGB6bA%26client%3Dca-pub-9332066977511089%26adurl%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad4m.at/ad/dr?ed=1gpyv9vpd8rx1gerc99gf0kkjtt4e3pb076vz234dv8ataae417c3d0bq2bjenvaewf2a8cvxc9cgq9a69yav6vywjzpsa8d4m20jgyh3r9ja9ka27hcrgkwet5ny4678jzsc6he6ft117ypz65c1wht296a23sf8yt8d78gzdvyakne57ngf64cmjk9q9tb2tgj1b4hvqrv8ssgn0enxb35bfwn5d7akrgsrt46jcr18c1rne8znpsjyvejw2mpvtd8m3tz3v9w3jrzyhjnkhvdqfh3m0axgejy02s3w8mqm3mdv5t7259ex2caha8hyqb920psn0eh8eq7rv7zb7y64cjzhyyna45av6fnw6yhmwa15ykxzq01pt834&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCmCAq96SwYNLvBovN1fAPt9-7mA-Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTkzMzIwNjY5Nzc1MTEwODmgAcKu6N0DyAEJqQL2ymYTNnO0PqgDAaoE2QFP0DoTplVXfmgezT44Rj9qwDGLxhR8NtG8JtzBaMTaUlky4FPPe-po3ViMA0BALqwGciVcpjPlWOhpBakuOFr2O7eP5zfTydY6q-0nQKIJFc_HeK4jJGM9tWWGBMzWVsBImfN9seRxnIKdyOorYoKBk9WsHMzj6nHTxuO0iFT5zBglxkUu1LmofYMPKWAM-N7Me4Zj555UpNxhrag8j_wJ_xeeINI5QgIGd3oOHw0RGr99tfJjt9Rl-0lhh-rKMxmA1QbM2NEqTSEEQLSTkhFUdkIhpXhNCJF4gAa4vcSTyJTXop8BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHipyxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3uDr--Oq0PM8dGa-CfOQ3uDGB6bA%26client%3Dca-pub-9332066977511089%26adurl%3D

Response headers

date: Fri, 28 May 2021 08:08:23 GMT
content-type: text/html
x-guploader-uploadid: ABg5-UyHG4nMyrBK5WNqT49HT3fkOWy09Qi7AMHmefEGKv6EedjpZshPX4m1mr0_df4AnWlv4nSV1j8tT1-PHgSflkckYhyoGQ
expires: Fri, 28 May 2021 09:08:23 GMT
last-modified: Wed, 06 May 2020 15:09:30 GMT
x-goog-generation: 1588777770164783
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1681
content-language: en
x-goog-hash: crc32c=iTDHew== md5=c2ZaqCqAXxKd4MgeeQDU8g==
x-goog-storage-class: MULTI_REGIONAL
age: 385947
cache-control: public, max-age=3600
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
cf-request-id: 0a539d7f730000d6c930b73000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=k4TDnmglNzGDhYgijp5j6s5YeDNGGjVsO69T8xbSrZryrQgrZyVPGmj3kQOU9N1ilXffgDQ3SPdGdRqTLTDhOFhwNzH8HK5xTduIWaBMphQ14C1cctvNA%2FesnrGZc9n3"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 6565feabecfad6c9-FRA
content-encoding: br

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D330 143 B
163 B 18ms
12ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=240&adk=2224437777&adf=1742890281&pi=t.aa~a.255320007~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x240&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1263&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280%2C300x600%2C430x280&nras=6&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=3761&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=BqTbiRK3gN&p=https%3A//opovoemfoco.com&dtd=86
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkbGiSaK9_UedFk2NHrIRYxHpN2tvoV0bbW73TJNCraD2ObHRTT6b_dywSp0es
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=240&adk=2224437777&adf=1742890281&pi=t.aa~a.255320007~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x240&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1263&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280%2C300x600%2C430x280&nras=6&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=3761&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=5&fsb=1&xpc=BqTbiRK3gN&p=https%3A//opovoemfoco.com&dtd=86

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 28 May 2021 07:57:10 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 673
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 1F23 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: edeae7fd9f5df67d69528719845e474c9e29f24632165ab271154d0ebc302622

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame A797 9 KB
3 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 03:57:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15082
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 29 May 2021 03:57:01 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame A797 26 KB
10 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 18:54:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 47623
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Fri, 28 May 2021 18:54:40 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame A797 1 KB
457 B 22ms
21ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Cabin:500&subset=latin

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9b58c69772b440653ae4c351faa78a8ac8c9924a32240a69eade4af50a008bf2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 28 May 2021 08:04:07 GMT
server: ESF
date: Fri, 28 May 2021 08:08:23 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 28 May 2021 08:08:23 GMT

GET
H3-29 200 HYPE-648.thin.min.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/ Frame A797 53 KB
23 KB 17ms
16ms Script
application/x-javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/HYPE-648.thin.min.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2baccefb5cede601d5fc018290c68a748e3199cf5c00cc77dbbf6491531d3592

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 590373
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23314
x-xss-protection: 0
last-modified: Tue, 06 Oct 2020 13:55:04 GMT
server: sffe
date: Fri, 21 May 2021 12:08:50 GMT
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 21 May 2022 12:08:50 GMT

POST
H3-29 204 gen_csp
pagead2.googlesyndication.com/pagead/ Frame 1F23 0
20 B 46ms
46ms Other
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPWqr4n26_ACFSdJFQgdNHgEgg&gqi=96SwYJCSB5GRtgeV27aoAw&layout=/sadbundle/%24csp%253Der3%24/5442514344972767536/index.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Fri, 28 May 2021 08:08:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 9289 0
0 74ms
66ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C51HM96SwYIPbBcLK1fAPpuQOkOGBhFy2qMKK8ALAjbcBEAEgAGCVAoIBF2NhLXB1Yi05MzMyMDY2OTc3NTExMDg5oAHCrujdA8gBCakC9spmEzZztD6oAwGqBNwBT9ATrOtTxY5cgMXGzU9RWIP8MOP7H4XGI_NeKFXUMGAwiScpJAts_QllCE9xayMHJyCEeAegb7-rHk_brQlbvnjvxsyrLbA3QJBwEMk5sbN8vMf9JOpiVUftlz4FACvdk6dk3fda6zZYR4qzsGFDmx4GsbkCxyMQCNiAUEkybGpQf-PX7sKB6ZGrZnq9o8uxbnKxEM5dpxxvqfCNvlVUG2-mw-cz55Nw2HzuJ9yv3ki_V-YJAzSlJC21SSXPOITo5Zvfm7DgbTZyA8ezOoH_oyICY7iLD_s6MMQYEoAGuL3Ek8iU16KfAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxgKFhIUcHViLTkzMzIwNjY5Nzc1MTEwODk&sigh=LWWN1xokyWU

Requested by

Host: opovoemfoco.com
URL: https://opovoemfoco.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=280&adk=419266829&adf=4214403535&pi=t.aa~a.3242869890~rp.3&w=430&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=430x280&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600&nras=3&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1511&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Q2YNh3ihEz&p=https%3A//opovoemfoco.com&dtd=63
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Fri, 28 May 2021 08:08:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame 9289 0
0 18ms
15ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1g24b54gsns753sqnntvhbrycnkg8htdwpqs0006ecqn2gv191kj7qearae4hpdrdncrnap0w2y4n7v9r527w0yg1yvz0q50rzbxnbh9cfh8vf5815synym240xdpcgnt9bcmyjvr9c1nxyffkttxgb5sh8x26w187m4hdp39tsd55dk1khcq4g9mvmakeqr36tm54wvhkbywepx01xx7r13wjfm5kbkcstnzdj5vc049paty9dt3r7y1gv2bcdjp8g9c5500tq8b1zra7v1y63ajd2rn2j91fdnetjn5jzkpwk6yz18avn4cdah9fa8ztz237mxx5ek3xznbxtw74sw9j0sdwntq9whrdgkpxxzmq02ehdsgd7339fzy9g52rg8z96d&b=YLCk9wABbYMIFWVCAAOyJq5dmiFXqW6-Mdej0A
Requested by: Host: opovoemfoco.com
URL: https://opovoemfoco.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 28 May 2021 08:08:23 GMT
via: 1.1 google
alt-svc: clear
content-type: image/gif

GET
H3-29 200 dr Show response
ad4m.at/ad/ Frame 024F 2 KB
2 KB 65ms
63ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad4m.at/ad/dr?ed=1kg88hzq5fzjv3kbq2ste3bgs29a5c13y0ft5f7h02jpzatc2epefxbhqskk799g9982jb9j1681mrbzbf2p4btwa4rheddmw7xkc68vngdmwrq32c6m3h35hq62t54q6g7pdycevhzkt357p0gvcp0bz0pfme7pq344bd5pvbw9cmnvdejzw0nrs3r5tas6wdbhbpndzsvh319mhr8j3tbds22435c2sdydsqc9gj6nea738byj90756xnpnf5k0p995xggp1crb55dag9ajdqt8qzk8mty806pe0ncc0318vmg3jznkxkpjewgdwdpakh2seh1qakyvgdt404yd31xx66cspdjx7ngveskq9k8nfd2dp8c8q88an53m&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8KkK96SwYIPbBcLK1fAPpuQOkOGBhFy2qMKK8ALAjbcBEAEgAGCVAoIBF2NhLXB1Yi05MzMyMDY2OTc3NTExMDg5oAHCrujdA8gBCakC9spmEzZztD6oAwGqBN8BT9ATrOtTxY5cgMXGzU9RWIP8MOP7H4XGI_NeKFXUMGAwiScpJAts_QllCE9xayMHJyCEeAegb7-rHk_brQlbvnjvxsyrLbA3QJBwEMk5sbN8vMf9JOpiVUftlz4FACvdk6dk3fda6zZYR4qzsGFDmx4GsbkCxyMQCNiAUEkybGpQf-PX7sKB6ZGrZnq9o8uxbnKxEM5dpxxvqfCNvlVUG2-mw-cz55Nw2HzuJ9yv3ki_V-YJAzSlJC21SSXPOITo5Zvfm7DgbTZyA4WxNxModqVCqz_DmSFzojYhBv4IeoAGuL3Ek8iU16KfAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1EBUSz79QnxrTeR6FADs-uq9EDvw%26client%3Dca-pub-9332066977511089%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=280&adk=419266829&adf=4214403535&pi=t.aa~a.3242869890~rp.3&w=430&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=430x280&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600&nras=3&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1511&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Q2YNh3ihEz&p=https%3A//opovoemfoco.com&dtd=63

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ffa3e3877f004c31297d495d2466a218a830221b6c1d97dff9bf04ee8030e64a

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /ad/dr?ed=1kg88hzq5fzjv3kbq2ste3bgs29a5c13y0ft5f7h02jpzatc2epefxbhqskk799g9982jb9j1681mrbzbf2p4btwa4rheddmw7xkc68vngdmwrq32c6m3h35hq62t54q6g7pdycevhzkt357p0gvcp0bz0pfme7pq344bd5pvbw9cmnvdejzw0nrs3r5tas6wdbhbpndzsvh319mhr8j3tbds22435c2sdydsqc9gj6nea738byj90756xnpnf5k0p995xggp1crb55dag9ajdqt8qzk8mty806pe0ncc0318vmg3jznkxkpjewgdwdpakh2seh1qakyvgdt404yd31xx66cspdjx7ngveskq9k8nfd2dp8c8q88an53m&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8KkK96SwYIPbBcLK1fAPpuQOkOGBhFy2qMKK8ALAjbcBEAEgAGCVAoIBF2NhLXB1Yi05MzMyMDY2OTc3NTExMDg5oAHCrujdA8gBCakC9spmEzZztD6oAwGqBN8BT9ATrOtTxY5cgMXGzU9RWIP8MOP7H4XGI_NeKFXUMGAwiScpJAts_QllCE9xayMHJyCEeAegb7-rHk_brQlbvnjvxsyrLbA3QJBwEMk5sbN8vMf9JOpiVUftlz4FACvdk6dk3fda6zZYR4qzsGFDmx4GsbkCxyMQCNiAUEkybGpQf-PX7sKB6ZGrZnq9o8uxbnKxEM5dpxxvqfCNvlVUG2-mw-cz55Nw2HzuJ9yv3ki_V-YJAzSlJC21SSXPOITo5Zvfm7DgbTZyA4WxNxModqVCqz_DmSFzojYhBv4IeoAGuL3Ek8iU16KfAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1EBUSz79QnxrTeR6FADs-uq9EDvw%26client%3Dca-pub-9332066977511089%26adurl%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Fri, 28 May 2021 08:08:23 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https://as.ad4m.at/ad/vre"}],"group":"report-endpoint","max_age":86400}
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0"}
expires: 0
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy: block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
referrer-policy: same-origin
pragma: no-cache
surrogate-control: no-store
x-fastcgi-cache: BYPASS
x-backend-server: adsrv-7d3s
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-request-id: 0a539d7fdf0000d6c9f0834000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6565feac9dedd6c9-FRA
content-encoding: br

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame 9289 2 KB
1 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:06:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 104
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Jun 2021 08:06:39 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 5CEF 1 KB
749 B 17ms
16ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 28 May 2021 03:14:09 GMT
expires: Sat, 29 May 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 17654
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9289 121 KB
37 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e45ca14bc59eff23fa77a56b5a047910b4bb21832fb69ef9308c3e16caabbe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622028738751036"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37763
x-xss-protection: 0
expires: Fri, 28 May 2021 08:08:23 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame 9289 13 KB
6 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

684722f2ec67f3a1b4aad3b445dd37b60d048d66701dfff1f5c40b3bad4fae8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:05:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 177
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5635
x-xss-protection: 0
server: cafe
etag: 1319581658596578636
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Jun 2021 08:05:26 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 9289 0
0 49ms
48ms Image
text/html 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS0wHrMa9CtsLO_ull0VYgHrC5LYrdYMXZFWCD7ccPULZshUhqjwandSvyzKgi2Klt_MmVy903g2bysQBkZFdrBeKiQYw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=280&adk=419266829&adf=4214403535&pi=t.aa~a.3242869890~rp.3&w=430&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=430x280&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600&nras=3&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1511&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Q2YNh3ihEz&p=https%3A//opovoemfoco.com&dtd=63
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 18DB 9 KB
3 KB 19ms
16ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 03:57:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15082
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 29 May 2021 03:57:01 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 18DB 26 KB
10 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 18:54:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 47623
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Fri, 28 May 2021 18:54:40 GMT

GET
H2 200 gsap_3.2.4_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 18DB 57 KB
23 KB 116ms
20ms Script
text/javascript 2a00:1450:4001:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.2.4_min.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23276
x-xss-protection: 0
last-modified: Thu, 05 Mar 2020 03:53:22 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 28 May 2021 08:08:23 GMT

GET
H2 200 320x50_logo-block.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/ Frame A797 2 KB
2 KB 110ms
69ms Image
image/jpeg 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/320x50_logo-block.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b21fb0bd5faabc5ab60dcf9fc559084712df71ad1158f52856cc489e5a22770

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1786
x-xss-protection: 0
last-modified: Tue, 06 Oct 2020 13:55:04 GMT
server: sffe
date: Fri, 28 May 2021 08:08:23 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 28 May 2022 08:08:23 GMT

GET
H2 200 468x60_koenigsmakrele-hugo.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/ Frame A797 4 KB
4 KB 105ms
66ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/468x60_koenigsmakrele-hugo.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef028ef3202a70f936d9e896313209b3d97f2c6a544ebecb0317463076a1a91b

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4238
x-xss-protection: 0
last-modified: Tue, 06 Oct 2020 13:55:04 GMT
server: sffe
date: Fri, 28 May 2021 08:08:23 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 28 May 2022 08:08:23 GMT

GET
H2 200 468x60_torpedomakrele-jakob.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/ Frame A797 4 KB
4 KB 83ms
45ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/468x60_torpedomakrele-jakob.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e56ceb514c1a898cd5132f4f26e6ad36079c0990309c4f22365bdb3113df9ae

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4286
x-xss-protection: 0
last-modified: Tue, 06 Oct 2020 13:55:04 GMT
server: sffe
date: Fri, 28 May 2021 08:08:23 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 28 May 2022 08:08:23 GMT

GET
H2 200 468x60_makrele-oskar.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/ Frame A797 4 KB
4 KB 106ms
68ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/468x60_makrele-oskar.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

28de92066c39391dedeed0ab9b4a2a548e8342c70567b9059af1c07bb0b58322

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4300
x-xss-protection: 0
last-modified: Tue, 06 Oct 2020 13:55:04 GMT
server: sffe
date: Fri, 28 May 2021 08:08:23 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 28 May 2022 08:08:23 GMT

GET
H2 200 468x60_koenigsmakrele-felipe.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/ Frame A797 4 KB
4 KB 106ms
65ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/468x60_koenigsmakrele-felipe.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76365b2896e7dd2b2f5ce947b9f9f658c03431a19872d35de63aa9f1dfa5fc30

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4121
x-xss-protection: 0
last-modified: Tue, 06 Oct 2020 13:55:04 GMT
server: sffe
date: Fri, 28 May 2021 08:08:23 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 28 May 2022 08:08:23 GMT

GET
H2 200 468x60_makrele-ferdinand.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/ Frame A797 4 KB
4 KB 109ms
67ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/468x60_makrele-ferdinand.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14836163691176517106/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

38337eecd051312b9321bcdb7a380f8df732fa7c2ea117b85fed5a688b4c1966

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4453
x-xss-protection: 0
last-modified: Tue, 06 Oct 2020 13:55:04 GMT
server: sffe
date: Fri, 28 May 2021 08:08:23 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 28 May 2022 08:08:23 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/ Frame 6365 17 KB
7 KB 38ms
10ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=600&adk=2562254491&adf=3253293875&pi=t.aa~a.2594507593~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x600&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=5&bdt=1263&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0&nras=2&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=1449&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=vfMVYJQuUJ&p=https%3A//opovoemfoco.com&dtd=54

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4cc755a99349527933df50f5338a02d972da947a4c25f4a5309f4545ddc40ee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:04:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7025
x-xss-protection: 0
server: cafe
etag: 8821855511435206686
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Jun 2021 08:04:32 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame 6365 2 KB
1 KB 56ms
39ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:04:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 231
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Jun 2021 08:04:32 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6365 121 KB
37 KB 52ms
39ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e45ca14bc59eff23fa77a56b5a047910b4bb21832fb69ef9308c3e16caabbe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622028738751036"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37763
x-xss-protection: 0
expires: Fri, 28 May 2021 08:08:23 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame 6365 13 KB
6 KB 29ms
12ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

684722f2ec67f3a1b4aad3b445dd37b60d048d66701dfff1f5c40b3bad4fae8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:05:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 177
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5635
x-xss-protection: 0
server: cafe
etag: 1319581658596578636
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Jun 2021 08:05:26 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 6365 0
0 52ms
37ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSv_iMMK-zIV7hcrLfStlBZi_XJa6Czkt0Zm3tekMOAK08nX2v29CCykPijJsI6s3CT8CqLtI6076bbRHOa0ucsfoyfWQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=600&adk=2562254491&adf=3253293875&pi=t.aa~a.2594507593~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x600&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=5&bdt=1263&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0&nras=2&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=1449&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=vfMVYJQuUJ&p=https%3A//opovoemfoco.com&dtd=54
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame C93E
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

50ms
47ms

Document
text/html

2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUm53WdnX55SQ79SpAH26mXFrryvD7DFdjxcJKJcUPrwOW8F5kui8rmxbdrhzMs
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 28 May 2021 08:08:23 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Fri, 28-May-2021 09:08:23 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 28 May 2021 08:08:23 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 28 May 2021 08:08:23 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/ Frame 28CF 11 KB
4 KB 22ms
11ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/index.html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bef3142e3e8e977ab554f50a7dceed6dfda9b20703a7519faf43fc4944705df9

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/16986808040249150219/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2990
date: Fri, 28 May 2021 04:51:05 GMT
expires: Sat, 28 May 2022 04:51:05 GMT
last-modified: Thu, 11 Feb 2021 09:56:43 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
age: 11838
cache-control: public, max-age=31536000
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 adview
googleads.g.doubleclick.net/pagead/ Frame 6365 0
0 52ms
38ms Fetch
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CIcGp96SwYKnUBYPE1fAP2Nm9wAONpPKkYe6qg96rDZDvxMedFhABILD3qBJglQKgAaPWsMQDyAEJqQL2ymYTNnO0PqgDAcgDSKoE3AFP0EEk9HFtM_lL6GUwTrR-TLPgGaCG9IrDuQMu2-eylBlW9RDA1-9Hj6AkDuIlNbKi7i7SRHP2rKr9CRti3qlKtlzQytLfQsuF3kjBzJK292-sSILqtxOX0FLdhq1DAIifRZqQJI0xvVwViXsrh9qQ_iqgfhDn0uPRdSraukJYnMt9kbbNBu1-gmiIHBYo-_OJ94IK7QnYRc6vUS2Kyz28xHcEsY8OzE0IU-nJUwQJ-rT86ma1xS2CTws9zfevebNiza3iLJl8mYXAzpGUmwVF1OOquX_tLHtGwy1HwATHz7S-sgKSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAHxanPO6gHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBC1plbSCAkIgOGAEBABGB-ACgHICwHYEw3QFQGAFwGyFxoKGAgAEhRwdWItOTMzMjA2Njk3NzUxMTA4OQ&sigh=NdjOLywUFOo&template_id=419

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=600&adk=2562254491&adf=3253293875&pi=t.aa~a.2594507593~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x600&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=5&bdt=1263&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0&nras=2&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=1449&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=vfMVYJQuUJ&p=https%3A//opovoemfoco.com&dtd=54
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Fri, 28 May 2021 08:08:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 28 May 2021 08:08:23 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame D330
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

49ms
46ms

Document
text/html

2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUm53WdnX55SQ79SpAH26mXFrryvD7DFdjxcJKJcUPrwOW8F5kui8rmxbdrhzMs
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 28 May 2021 08:08:23 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Fri, 28-May-2021 09:08:23 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 28 May 2021 08:08:23 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 28 May 2021 08:08:23 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 9289 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6c8b63f9bf16fe1c987110ea1dd5a34fc6592df25e98d42ab5e7f4d53f0239ed

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 502 frame.html
ad4mat.net/ Frame BEE8 0
0 25ms
23ms Document
text/html 2606:4700:3032::6815:57ae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad4mat.net/frame.html

Requested by

Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:57ae , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

:method: GET
:authority: ad4mat.net
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:23 GMT
content-type: text/html; charset=UTF-8
set-cookie: cf_ob_info=502:6565feadaf062b22:FRA; path=/; expires=Fri, 28-May-21 08:08:53 GMT cf_use_ob=443; path=/; expires=Fri, 28-May-21 08:08:53 GMT
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cf-ray: 6565feadaf062b22-FRA
server: cloudflare

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CB61 143 B
163 B 25ms
24ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=600&adk=2562254491&adf=3253293875&pi=t.aa~a.2594507593~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x600&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=5&bdt=1263&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0&nras=2&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=1449&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=vfMVYJQuUJ&p=https%3A//opovoemfoco.com&dtd=54
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUm53WdnX55SQ79SpAH26mXFrryvD7DFdjxcJKJcUPrwOW8F5kui8rmxbdrhzMs
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=600&adk=2562254491&adf=3253293875&pi=t.aa~a.2594507593~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x600&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=5&bdt=1263&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0&nras=2&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=1449&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=vfMVYJQuUJ&p=https%3A//opovoemfoco.com&dtd=54

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 28 May 2021 07:57:10 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 673
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 imagesuv0myt5eb1rnnbxsp1ds.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/ Frame 18DB 906 B
932 B 17ms
16ms Image
image/png 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/imagesuv0myt5eb1rnnbxsp1ds.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a9ff3f6b8d132ef3022c28d875ab2217b7b35259a6bfd10b8e56b4b87046019

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 358978
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 906
x-xss-protection: 0
last-modified: Thu, 11 Feb 2021 09:56:43 GMT
server: sffe
date: Mon, 24 May 2021 04:25:26 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 24 May 2022 04:25:26 GMT

GET
H3-29 200 1ad6b5aa39cdeb703ff094f477328c96.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/ Frame 18DB 38 KB
38 KB 17ms
16ms Image
image/png 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/1ad6b5aa39cdeb703ff094f477328c96.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5442514344972767536/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

953ad5605189ea38166999307dd0641b5a3c42d4bd1dfd183848143c3fc2252b

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 554500
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38697
x-xss-protection: 0
last-modified: Thu, 11 Feb 2021 09:56:43 GMT
server: sffe
date: Fri, 21 May 2021 22:06:44 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 21 May 2022 22:06:44 GMT

GET
DATA 200
OK truncated
/ Frame 6365 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cdae2bb11f0f73e198ecf4678a9e75c593276530ac58fc8af77f6b57bff2676c

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 204 gen_csp
pagead2.googlesyndication.com/pagead/ Frame 6365 0
58 B 24ms
24ms Other
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COmrrYn26_ACFQNiFQgd2GwPOA&gqi=96SwYLfXBMTytwfnm4WoDA&layout=/sadbundle/%24csp%253Der3%24/16986808040249150219/index.html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Fri, 28 May 2021 08:08:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 default.css
ad4m.at/0.1.122-318/style/one-ad/ Frame 024F 58 KB
58 KB 17ms
16ms Stylesheet
text/css 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/0.1.122-318/style/one-ad/default.css
Requested by: Host: ad4m.at
URL: https://ad4m.at/ad/dr?ed=1kg88hzq5fzjv3kbq2ste3bgs29a5c13y0ft5f7h02jpzatc2epefxbhqskk799g9982jb9j1681mrbzbf2p4btwa4rheddmw7xkc68vngdmwrq32c6m3h35hq62t54q6g7pdycevhzkt357p0gvcp0bz0pfme7pq344bd5pvbw9cmnvdejzw0nrs3r5tas6wdbhbpndzsvh319mhr8j3tbds22435c2sdydsqc9gj6nea738byj90756xnpnf5k0p995xggp1crb55dag9ajdqt8qzk8mty806pe0ncc0318vmg3jznkxkpjewgdwdpakh2seh1qakyvgdt404yd31xx66cspdjx7ngveskq9k8nfd2dp8c8q88an53m&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8KkK96SwYIPbBcLK1fAPpuQOkOGBhFy2qMKK8ALAjbcBEAEgAGCVAoIBF2NhLXB1Yi05MzMyMDY2OTc3NTExMDg5oAHCrujdA8gBCakC9spmEzZztD6oAwGqBN8BT9ATrOtTxY5cgMXGzU9RWIP8MOP7H4XGI_NeKFXUMGAwiScpJAts_QllCE9xayMHJyCEeAegb7-rHk_brQlbvnjvxsyrLbA3QJBwEMk5sbN8vMf9JOpiVUftlz4FACvdk6dk3fda6zZYR4qzsGFDmx4GsbkCxyMQCNiAUEkybGpQf-PX7sKB6ZGrZnq9o8uxbnKxEM5dpxxvqfCNvlVUG2-mw-cz55Nw2HzuJ9yv3ki_V-YJAzSlJC21SSXPOITo5Zvfm7DgbTZyA4WxNxModqVCqz_DmSFzojYhBv4IeoAGuL3Ek8iU16KfAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1EBUSz79QnxrTeR6FADs-uq9EDvw%26client%3Dca-pub-9332066977511089%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 494627acb3c86254c238efaf66afcaf30d4293c7512a37a72b51a380d55e3880

Request headers

Referer: https://ad4m.at/ad/dr?ed=1kg88hzq5fzjv3kbq2ste3bgs29a5c13y0ft5f7h02jpzatc2epefxbhqskk799g9982jb9j1681mrbzbf2p4btwa4rheddmw7xkc68vngdmwrq32c6m3h35hq62t54q6g7pdycevhzkt357p0gvcp0bz0pfme7pq344bd5pvbw9cmnvdejzw0nrs3r5tas6wdbhbpndzsvh319mhr8j3tbds22435c2sdydsqc9gj6nea738byj90756xnpnf5k0p995xggp1crb55dag9ajdqt8qzk8mty806pe0ncc0318vmg3jznkxkpjewgdwdpakh2seh1qakyvgdt404yd31xx66cspdjx7ngveskq9k8nfd2dp8c8q88an53m&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8KkK96SwYIPbBcLK1fAPpuQOkOGBhFy2qMKK8ALAjbcBEAEgAGCVAoIBF2NhLXB1Yi05MzMyMDY2OTc3NTExMDg5oAHCrujdA8gBCakC9spmEzZztD6oAwGqBN8BT9ATrOtTxY5cgMXGzU9RWIP8MOP7H4XGI_NeKFXUMGAwiScpJAts_QllCE9xayMHJyCEeAegb7-rHk_brQlbvnjvxsyrLbA3QJBwEMk5sbN8vMf9JOpiVUftlz4FACvdk6dk3fda6zZYR4qzsGFDmx4GsbkCxyMQCNiAUEkybGpQf-PX7sKB6ZGrZnq9o8uxbnKxEM5dpxxvqfCNvlVUG2-mw-cz55Nw2HzuJ9yv3ki_V-YJAzSlJC21SSXPOITo5Zvfm7DgbTZyA4WxNxModqVCqz_DmSFzojYhBv4IeoAGuL3Ek8iU16KfAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1EBUSz79QnxrTeR6FADs-uq9EDvw%26client%3Dca-pub-9332066977511089%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=XxVHlg==, md5=RCdMWH7YOCWDIhuwI9UcWg==
date: Fri, 28 May 2021 08:08:24 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 5742557
cf-polished: origSize=59196
x-guploader-uploadid: ABg5-Uy4aivieyuBWrRiQC4_Ppn1uUsCErWp3PCNabOAR1DHIeajjF0MmTZg9JuSRGfocIdDxNZdYx3-JXnC-nTF81uHDLT_kw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 58969
cf-request-id: 0a539d811f00004aa33e9c8000000001
last-modified: Tue, 16 Mar 2021 10:53:32 GMT
server: cloudflare
etag: "44274c587ed8382583221bb023d51c5a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Bh3almecZ0X2peTAKh3uCplIyLQwo47YHeurtghknbOPuZNKYEQkj1Q46HotWa4gUTsGNxSnaLrQ6w0LEMq%2B%2BqjspeP0Z4r7ri%2FuA%2BvpM5uYudk5%2FCYZIzN2cD%2B0o8RX"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1615892011975494
content-type: text/css
expires: Tue, 22 Mar 2022 20:59:07 GMT
cache-control: public, max-age=31536000, no-transform
x-goog-stored-content-length: 6688
accept-ranges: bytes
cf-ray: 6565feae9dec4aa3-FRA
cf-bgj: minify

GET
H2 200 fxpcopuw.js Show response
ad4m.at/ Frame 024F 36 KB
12 KB 23ms
22ms Script
application/javascript 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/fxpcopuw.js
Requested by: Host: ad4m.at
URL: https://ad4m.at/ad/dr?ed=1kg88hzq5fzjv3kbq2ste3bgs29a5c13y0ft5f7h02jpzatc2epefxbhqskk799g9982jb9j1681mrbzbf2p4btwa4rheddmw7xkc68vngdmwrq32c6m3h35hq62t54q6g7pdycevhzkt357p0gvcp0bz0pfme7pq344bd5pvbw9cmnvdejzw0nrs3r5tas6wdbhbpndzsvh319mhr8j3tbds22435c2sdydsqc9gj6nea738byj90756xnpnf5k0p995xggp1crb55dag9ajdqt8qzk8mty806pe0ncc0318vmg3jznkxkpjewgdwdpakh2seh1qakyvgdt404yd31xx66cspdjx7ngveskq9k8nfd2dp8c8q88an53m&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8KkK96SwYIPbBcLK1fAPpuQOkOGBhFy2qMKK8ALAjbcBEAEgAGCVAoIBF2NhLXB1Yi05MzMyMDY2OTc3NTExMDg5oAHCrujdA8gBCakC9spmEzZztD6oAwGqBN8BT9ATrOtTxY5cgMXGzU9RWIP8MOP7H4XGI_NeKFXUMGAwiScpJAts_QllCE9xayMHJyCEeAegb7-rHk_brQlbvnjvxsyrLbA3QJBwEMk5sbN8vMf9JOpiVUftlz4FACvdk6dk3fda6zZYR4qzsGFDmx4GsbkCxyMQCNiAUEkybGpQf-PX7sKB6ZGrZnq9o8uxbnKxEM5dpxxvqfCNvlVUG2-mw-cz55Nw2HzuJ9yv3ki_V-YJAzSlJC21SSXPOITo5Zvfm7DgbTZyA4WxNxModqVCqz_DmSFzojYhBv4IeoAGuL3Ek8iU16KfAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1EBUSz79QnxrTeR6FADs-uq9EDvw%26client%3Dca-pub-9332066977511089%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c01c98dc32c9889b4120afd376d61fe7a172b6cb323b48011b71572a4d97ff8a

Request headers

Referer: https://ad4m.at/ad/dr?ed=1kg88hzq5fzjv3kbq2ste3bgs29a5c13y0ft5f7h02jpzatc2epefxbhqskk799g9982jb9j1681mrbzbf2p4btwa4rheddmw7xkc68vngdmwrq32c6m3h35hq62t54q6g7pdycevhzkt357p0gvcp0bz0pfme7pq344bd5pvbw9cmnvdejzw0nrs3r5tas6wdbhbpndzsvh319mhr8j3tbds22435c2sdydsqc9gj6nea738byj90756xnpnf5k0p995xggp1crb55dag9ajdqt8qzk8mty806pe0ncc0318vmg3jznkxkpjewgdwdpakh2seh1qakyvgdt404yd31xx66cspdjx7ngveskq9k8nfd2dp8c8q88an53m&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8KkK96SwYIPbBcLK1fAPpuQOkOGBhFy2qMKK8ALAjbcBEAEgAGCVAoIBF2NhLXB1Yi05MzMyMDY2OTc3NTExMDg5oAHCrujdA8gBCakC9spmEzZztD6oAwGqBN8BT9ATrOtTxY5cgMXGzU9RWIP8MOP7H4XGI_NeKFXUMGAwiScpJAts_QllCE9xayMHJyCEeAegb7-rHk_brQlbvnjvxsyrLbA3QJBwEMk5sbN8vMf9JOpiVUftlz4FACvdk6dk3fda6zZYR4qzsGFDmx4GsbkCxyMQCNiAUEkybGpQf-PX7sKB6ZGrZnq9o8uxbnKxEM5dpxxvqfCNvlVUG2-mw-cz55Nw2HzuJ9yv3ki_V-YJAzSlJC21SSXPOITo5Zvfm7DgbTZyA4WxNxModqVCqz_DmSFzojYhBv4IeoAGuL3Ek8iU16KfAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1EBUSz79QnxrTeR6FADs-uq9EDvw%26client%3Dca-pub-9332066977511089%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=VHPQMw==, md5=O4FGM/ivTqRkLkRDXbVbMw==
date: Fri, 28 May 2021 08:08:24 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 52964
x-guploader-uploadid: ABg5-UyHG-hOHMrblKFIYL7z0-xw-9pArwKph-VJrtcWULownBnqKUo-1GLHEGsXvwH8Zp6QorI5FIk9wmVPTpub1M4
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
cf-bgj: minify
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a539d812400004aa33a372000000001
last-modified: Thu, 06 May 2021 17:25:03 GMT
server: cloudflare
etag: W/"3b814633f8af4ea4642e44435db55b33"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=YzPe1OekSIpnIAWgoKa3xXoIAnd3dZQMc0XAWojWtFwfyu3CJxDSTyVuoTrgH8GPvim%2FDBIw292IDEzmsfPcPlQg53Q3PebpyVZruBXMifJg3sfam3rAgHPTGRB%2BGwJ3"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1620321903630655
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length: 12034
cf-ray: 6565feae9def4aa3-FRA
expires: Thu, 27 May 2021 17:25:40 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 5CEF 35 B
462 B 16ms
7ms Image
image/gif 2620:116:800d:21:51e4:db4b:4436:b305
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEES5IgkUgUqjqSHhLkuo_Ng&google_cver=1&google_push=AQvitUJLWsHgeyIIJqZWQXFCwEeaouYrswy_ek1H2B78pItf9MgVVkMRuXGth-JTaKCUFgKFKmiwFrwp8WazPnqOD5VWFAmnBIQ

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 May 2021 08:08:24 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5CEF
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUJIXl8z...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAQvitUJIXl8z...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA1MjgwODA4MjQ2ODkzMjc3MTQwMjQxOA%3D%3D&google_push=AQvitUJIXl8zaS4zi3NBOEoDI2pdtG4tUeDiifoRS22isuRlm9pN_MePQ9UFK1fvf8UvNK...

170 B
188 B

65ms
65ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA1MjgwODA4MjQ2ODkzMjc3MTQwMjQxOA%3D%3D&google_push=AQvitUJIXl8zaS4zi3NBOEoDI2pdtG4tUeDiifoRS22isuRlm9pN_MePQ9UFK1fvf8UvNKsMB8uSEwCKTPiZjlSeG3CXcHl7Bw

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 May 2021 08:08:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA1MjgwODA4MjQ2ODkzMjc3MTQwMjQxOA%3D%3D&google_push=AQvitUJIXl8zaS4zi3NBOEoDI2pdtG4tUeDiifoRS22isuRlm9pN_MePQ9UFK1fvf8UvNKsMB8uSEwCKTPiZjlSeG3CXcHl7Bw
Pragma: no-cache
Date: Fri, 28 May 2021 08:08:24 GMT
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5CEF
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEMQ7zEkV9F8tyh6i8dR3Fhs&google_cver=1&google_push=AQvitUK_TZR3bvI5Lz4qiXhjB318obLws1hLYV4cJcRuVeUdoP9Dlgh7qICH0IJO8LXNDkYcd14e86kMC8cTjl10-P1eB44rhAM
https://rtb.openx.net/sync/dds?google_gid=CAESEMQ7zEkV9F8tyh6i8dR3Fhs&google_cver=1&google_push=AQvitUK_TZR3bvI5Lz4qiXhjB318obLws1hLYV4cJcRuVeUdoP9Dlgh7qICH0IJO8LXNDkYcd14e86kMC8cTjl10-P1eB44rhAM&o...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUK_TZR3bvI5Lz4qiXhjB318obLws1hLYV4cJcRuVeUdoP9Dlgh7qICH0IJO8LXNDkYcd14e86kMC8cTjl10-P1eB44rhAM&google_hm=T_-b9SAqyrc-dFAjfK-Q4w==

170 B
188 B

67ms
65ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUK_TZR3bvI5Lz4qiXhjB318obLws1hLYV4cJcRuVeUdoP9Dlgh7qICH0IJO8LXNDkYcd14e86kMC8cTjl10-P1eB44rhAM&google_hm=T_-b9SAqyrc-dFAjfK-Q4w==

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 May 2021 08:08:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 28 May 2021 08:08:23 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitUK_TZR3bvI5Lz4qiXhjB318obLws1hLYV4cJcRuVeUdoP9Dlgh7qICH0IJO8LXNDkYcd14e86kMC8cTjl10-P1eB44rhAM&google_hm=T_-b9SAqyrc-dFAjfK-Q4w==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: fvl9btodbff9qupsrajmc657lufe3l1i

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5CEF
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=m2fcKnFNQ8mSmh96ydKAEw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

68ms
67ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=m2fcKnFNQ8mSmh96ydKAEw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitULY5iWxazj6C-BEUHUppyEp4zuV6_lMTGglTn3u6wV9Vo3ZprQK10NlP967tFjLhfHm0pdA0RhgR7XrmtJx6VTRYVdzMw

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 May 2021 08:08:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=m2fcKnFNQ8mSmh96ydKAEw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitULY5iWxazj6C-BEUHUppyEp4zuV6_lMTGglTn3u6wV9Vo3ZprQK10NlP967tFjLhfHm0pdA0RhgR7XrmtJx6VTRYVdzMw
date: Fri, 28 May 2021 08:08:23 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 5CEF
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEOl3PECQ3tOXj-m5kKWNwgE&google_cver=1&google_push=AQvitUINK25Krc-4HSm5NY0AfSBk7MS92WZmETvq1U6-ryJsjG3tGHFQEI_vDokxDOwCsFpMjSH...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1A4MU1MV0YtMTEtMkM1Ug==&google_push=AQvitUINK25Krc-4HSm5NY0AfSBk7MS92WZmETvq1U6-ryJsjG3tGHFQEI_vDokxDOwCsFpMjSH0q11j61McWPKq6DtXUlQY7ik

170 B
188 B

65ms
65ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1A4MU1MV0YtMTEtMkM1Ug==&google_push=AQvitUINK25Krc-4HSm5NY0AfSBk7MS92WZmETvq1U6-ryJsjG3tGHFQEI_vDokxDOwCsFpMjSH0q11j61McWPKq6DtXUlQY7ik

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 May 2021 08:08:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1A4MU1MV0YtMTEtMkM1Ug==&google_push=AQvitUINK25Krc-4HSm5NY0AfSBk7MS92WZmETvq1U6-ryJsjG3tGHFQEI_vDokxDOwCsFpMjSH0q11j61McWPKq6DtXUlQY7ik
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 5CEF
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEC2pyQb1BVleiEOEjV2W__Y&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7Vb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7Vb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7Vb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7Vb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7Vb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7Vb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7Vb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7Vb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7Vb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7Vb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7Vb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7Vb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7Vb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7Vb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7Vb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7Vb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7Vb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7Vb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7Vb...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7Vb...

0
0

GET
H2 200 trk
ag.innovid.com/ Frame 5CEF 43 B
296 B 92ms
33ms Image
image/gif 2a05:d01c:1d8:8102:9cdd:d1ce:f1f6:d7df
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESENVKQrXtjtAck5BkeFM2xzY&google_cver=1&google_push=AQvitUKHxB61k5gVFkJWwy_J4ohW7IgN262aBesYS-utJk_fXxJoq3F93bUqYMPBTv7ujDu7gTtsAiDje-14nOnP9O3CO2Wskg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=280&adk=419266829&adf=4214403535&pi=t.aa~a.3242869890~rp.3&w=430&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=430x280&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600&nras=3&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1511&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Q2YNh3ihEz&p=https%3A//opovoemfoco.com&dtd=63
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8102:9cdd:d1ce:f1f6:d7df London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 May 2021 08:08:24 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 0
expires: -1

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 5CEF 0
12 B 76ms
68ms Image
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IlhwNhKmOSJa9RRRmco1CFGzyl23i_kROOJ33eU3D9JigikqRy7LSZxMJ9_eMxsAfnHhhi

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:24 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 28CF 9 KB
3 KB 20ms
13ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 03:57:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15083
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 29 May 2021 03:57:01 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 28CF 26 KB
10 KB 18ms
14ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 18:54:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 47624
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Fri, 28 May 2021 18:54:40 GMT

GET
H3-29 200 gsap_3.2.4_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 28CF 57 KB
23 KB 44ms
21ms Script
text/javascript 2a00:1450:4001:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.2.4_min.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23276
x-xss-protection: 0
last-modified: Thu, 05 Mar 2020 03:53:22 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 28 May 2021 08:08:24 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/ Frame DDE3 17 KB
7 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=600&adk=2562254491&adf=4276347427&pi=t.aa~a.3891073050~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x600&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280&nras=4&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=2552&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=WdhEJn3e9x&p=https%3A//opovoemfoco.com&dtd=77

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4cc755a99349527933df50f5338a02d972da947a4c25f4a5309f4545ddc40ee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:04:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 232
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7025
x-xss-protection: 0
server: cafe
etag: 8821855511435206686
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Jun 2021 08:04:32 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame DDE3 2 KB
1 KB 17ms
15ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=600&adk=2562254491&adf=4276347427&pi=t.aa~a.3891073050~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x600&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280&nras=4&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=2552&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=WdhEJn3e9x&p=https%3A//opovoemfoco.com&dtd=77

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:06:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 105
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Jun 2021 08:06:39 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DDE3 121 KB
37 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=600&adk=2562254491&adf=4276347427&pi=t.aa~a.3891073050~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x600&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280&nras=4&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=2552&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=WdhEJn3e9x&p=https%3A//opovoemfoco.com&dtd=77

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e45ca14bc59eff23fa77a56b5a047910b4bb21832fb69ef9308c3e16caabbe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622028738751036"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37763
x-xss-protection: 0
expires: Fri, 28 May 2021 08:08:24 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/ Frame DDE3 13 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210524/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=600&adk=2562254491&adf=4276347427&pi=t.aa~a.3891073050~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x600&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280&nras=4&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=2552&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=WdhEJn3e9x&p=https%3A//opovoemfoco.com&dtd=77

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

684722f2ec67f3a1b4aad3b445dd37b60d048d66701dfff1f5c40b3bad4fae8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:05:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 178
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5635
x-xss-protection: 0
server: cafe
etag: 1319581658596578636
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Jun 2021 08:05:26 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame DDE3 0
0 21ms
20ms Image
text/html 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRzitYPRw-dP6tYYN06qMgfKAYQn4voJXGr8K4xukRDfPJLS-z9gk5Ujn3Kek6yKzGd4kliQxHZaw3TTzV6g8YD6kq6sQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=600&adk=2562254491&adf=4276347427&pi=t.aa~a.3891073050~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x600&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280&nras=4&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=2552&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=WdhEJn3e9x&p=https%3A//opovoemfoco.com&dtd=77
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/ Frame 5070 11 KB
3 KB 15ms
13ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/index.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=600&adk=2562254491&adf=4276347427&pi=t.aa~a.3891073050~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x600&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280&nras=4&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=2552&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=WdhEJn3e9x&p=https%3A//opovoemfoco.com&dtd=77

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bef3142e3e8e977ab554f50a7dceed6dfda9b20703a7519faf43fc4944705df9

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/16986808040249150219/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2990
date: Fri, 28 May 2021 04:51:05 GMT
expires: Sat, 28 May 2022 04:51:05 GMT
last-modified: Thu, 11 Feb 2021 09:56:43 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
age: 11839
cache-control: public, max-age=31536000
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame DDE3 0
0 62ms
61ms Fetch
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CTzXq96SwYKvEBrnK1fAPmtOguAuNpPKkYe6qg96rDZDvxMedFhABILD3qBJglQKgAaPWsMQDyAEJqQL2ymYTNnO0PqgDAcgDSKoE3AFP0Fq3HGehi-7kWIKbmla9dPgqc98eCgIG6CIrUvAlYQ-L1W70xEY5upmmKjJRrj766DhhTAx6CFaE64pFJc8y8GZYj2UA9zIg8PCPLbwu4YlcLSds703SBfqNSZM_2EUP14hYjNXUL-c4lYIzgCLbOWZgvHrfiQGGT1e4YtmvIvzGo8Bj_qnmUxHHcv4j5YxyMvCnVNO2uSlzBku6GCmUq0MhyALANL-uEexcjNznHMZTRR-Npz18z3Mttkx8VZyXOF6qcUEfaZ3tANEoPNkukI6p9n6Eh0jbeLMwwATHz7S-sgKSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAHxanPO6gHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBC9jlvSCAkIgOGAEBABGB-ACgHICwHYEw3QFQGAFwGyFxoKGAgAEhRwdWItOTMzMjA2Njk3NzUxMTA4OQ&sigh=7150qwEMNZ4&template_id=419

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=600&adk=2562254491&adf=4276347427&pi=t.aa~a.3891073050~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x600&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280&nras=4&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=2552&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=WdhEJn3e9x&p=https%3A//opovoemfoco.com&dtd=77

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=600&adk=2562254491&adf=4276347427&pi=t.aa~a.3891073050~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x600&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280&nras=4&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=2552&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=WdhEJn3e9x&p=https%3A//opovoemfoco.com&dtd=77
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Fri, 28 May 2021 08:08:24 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 502 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame 024F 0
0 23ms
22ms Image
text/html 2606:4700:3032::6815:57ae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: ad4m.at
URL: https://ad4m.at/0.1.122-318/style/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:57ae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 A_FDV7LeaVqlTDL2qmVdouMMODA1wM6tcjTIBRf3dAs.js Show response
pagead2.googlesyndication.com/bg/ Frame A797 14 KB
6 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A_FDV7LeaVqlTDL2qmVdouMMODA1wM6tcjTIBRf3dAs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03f14357b2de695aa54c32f6aa655da2e30c383035c0cead7234c80517f7740b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 07:42:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1579
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5771
x-xss-protection: 0
last-modified: Mon, 17 May 2021 11:28:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 28 May 2022 07:42:05 GMT

GET
H3-29 200 A_FDV7LeaVqlTDL2qmVdouMMODA1wM6tcjTIBRf3dAs.js Show response
pagead2.googlesyndication.com/bg/ Frame 18DB 14 KB
6 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A_FDV7LeaVqlTDL2qmVdouMMODA1wM6tcjTIBRf3dAs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03f14357b2de695aa54c32f6aa655da2e30c383035c0cead7234c80517f7740b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 07:42:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1579
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5771
x-xss-protection: 0
last-modified: Mon, 17 May 2021 11:28:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 28 May 2022 07:42:05 GMT

GET
H3-29 200 frame.html Show response
ad4m.at/ Frame 4558 2 KB
2 KB 18ms
17ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad4m.at/ad/dr?ed=1kg88hzq5fzjv3kbq2ste3bgs29a5c13y0ft5f7h02jpzatc2epefxbhqskk799g9982jb9j1681mrbzbf2p4btwa4rheddmw7xkc68vngdmwrq32c6m3h35hq62t54q6g7pdycevhzkt357p0gvcp0bz0pfme7pq344bd5pvbw9cmnvdejzw0nrs3r5tas6wdbhbpndzsvh319mhr8j3tbds22435c2sdydsqc9gj6nea738byj90756xnpnf5k0p995xggp1crb55dag9ajdqt8qzk8mty806pe0ncc0318vmg3jznkxkpjewgdwdpakh2seh1qakyvgdt404yd31xx66cspdjx7ngveskq9k8nfd2dp8c8q88an53m&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8KkK96SwYIPbBcLK1fAPpuQOkOGBhFy2qMKK8ALAjbcBEAEgAGCVAoIBF2NhLXB1Yi05MzMyMDY2OTc3NTExMDg5oAHCrujdA8gBCakC9spmEzZztD6oAwGqBN8BT9ATrOtTxY5cgMXGzU9RWIP8MOP7H4XGI_NeKFXUMGAwiScpJAts_QllCE9xayMHJyCEeAegb7-rHk_brQlbvnjvxsyrLbA3QJBwEMk5sbN8vMf9JOpiVUftlz4FACvdk6dk3fda6zZYR4qzsGFDmx4GsbkCxyMQCNiAUEkybGpQf-PX7sKB6ZGrZnq9o8uxbnKxEM5dpxxvqfCNvlVUG2-mw-cz55Nw2HzuJ9yv3ki_V-YJAzSlJC21SSXPOITo5Zvfm7DgbTZyA4WxNxModqVCqz_DmSFzojYhBv4IeoAGuL3Ek8iU16KfAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1EBUSz79QnxrTeR6FADs-uq9EDvw%26client%3Dca-pub-9332066977511089%26adurl%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad4m.at/ad/dr?ed=1kg88hzq5fzjv3kbq2ste3bgs29a5c13y0ft5f7h02jpzatc2epefxbhqskk799g9982jb9j1681mrbzbf2p4btwa4rheddmw7xkc68vngdmwrq32c6m3h35hq62t54q6g7pdycevhzkt357p0gvcp0bz0pfme7pq344bd5pvbw9cmnvdejzw0nrs3r5tas6wdbhbpndzsvh319mhr8j3tbds22435c2sdydsqc9gj6nea738byj90756xnpnf5k0p995xggp1crb55dag9ajdqt8qzk8mty806pe0ncc0318vmg3jznkxkpjewgdwdpakh2seh1qakyvgdt404yd31xx66cspdjx7ngveskq9k8nfd2dp8c8q88an53m&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8KkK96SwYIPbBcLK1fAPpuQOkOGBhFy2qMKK8ALAjbcBEAEgAGCVAoIBF2NhLXB1Yi05MzMyMDY2OTc3NTExMDg5oAHCrujdA8gBCakC9spmEzZztD6oAwGqBN8BT9ATrOtTxY5cgMXGzU9RWIP8MOP7H4XGI_NeKFXUMGAwiScpJAts_QllCE9xayMHJyCEeAegb7-rHk_brQlbvnjvxsyrLbA3QJBwEMk5sbN8vMf9JOpiVUftlz4FACvdk6dk3fda6zZYR4qzsGFDmx4GsbkCxyMQCNiAUEkybGpQf-PX7sKB6ZGrZnq9o8uxbnKxEM5dpxxvqfCNvlVUG2-mw-cz55Nw2HzuJ9yv3ki_V-YJAzSlJC21SSXPOITo5Zvfm7DgbTZyA4WxNxModqVCqz_DmSFzojYhBv4IeoAGuL3Ek8iU16KfAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1EBUSz79QnxrTeR6FADs-uq9EDvw%26client%3Dca-pub-9332066977511089%26adurl%3D

Response headers

date: Fri, 28 May 2021 08:08:24 GMT
content-type: text/html
x-guploader-uploadid: ABg5-UyHG4nMyrBK5WNqT49HT3fkOWy09Qi7AMHmefEGKv6EedjpZshPX4m1mr0_df4AnWlv4nSV1j8tT1-PHgSflkckYhyoGQ
expires: Fri, 28 May 2021 09:08:24 GMT
last-modified: Wed, 06 May 2020 15:09:30 GMT
x-goog-generation: 1588777770164783
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1681
content-language: en
x-goog-hash: crc32c=iTDHew== md5=c2ZaqCqAXxKd4MgeeQDU8g==
x-goog-storage-class: MULTI_REGIONAL
age: 385948
cache-control: public, max-age=3600
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
cf-request-id: 0a539d81630000d6c90e28e000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=7GYa5VHRcXUr90cwcYaWiei%2FGcKJeDc0gail%2BIZvIEECJf3Y1ysrfDFOlAZ8Rqwbb%2Bm6DYMUiTMvlQ0jfFPfiOon5lOyHbLmojYeeyWU596pWc0AinooUkef81iPFYKw"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 6565feaf0a2fd6c9-FRA
content-encoding: br

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A114 143 B
163 B 15ms
14ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=600&adk=2562254491&adf=4276347427&pi=t.aa~a.3891073050~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x600&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280&nras=4&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=2552&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=WdhEJn3e9x&p=https%3A//opovoemfoco.com&dtd=77

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=600&adk=2562254491&adf=4276347427&pi=t.aa~a.3891073050~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x600&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280&nras=4&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=2552&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=WdhEJn3e9x&p=https%3A//opovoemfoco.com&dtd=77
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUm53WdnX55SQ79SpAH26mXFrryvD7DFdjxcJKJcUPrwOW8F5kui8rmxbdrhzMs; DSID=NO_DATA; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=600&adk=2562254491&adf=4276347427&pi=t.aa~a.3891073050~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x600&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280&nras=4&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=2552&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=WdhEJn3e9x&p=https%3A//opovoemfoco.com&dtd=77

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 28 May 2021 07:57:10 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 674
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 204 gen_csp
pagead2.googlesyndication.com/pagead/ Frame DDE3 0
20 B 48ms
47ms Other
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COubron26_ACFTllFQgdmikItw&gqi=96SwYLCBBtvOtwfXmJOwBw&layout=/sadbundle/%24csp%253Der3%24/16986808040249150219/index.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=600&adk=2562254491&adf=4276347427&pi=t.aa~a.3891073050~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x600&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280&nras=4&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=2552&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=WdhEJn3e9x&p=https%3A//opovoemfoco.com&dtd=77

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Fri, 28 May 2021 08:08:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CB61
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

46ms
45ms

Document
text/html

2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUm53WdnX55SQ79SpAH26mXFrryvD7DFdjxcJKJcUPrwOW8F5kui8rmxbdrhzMs; DSID=NO_DATA; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 28 May 2021 08:08:24 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Fri, 28-May-2021 09:08:24 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 28 May 2021 08:08:24 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 28 May 2021 08:08:24 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame DDE3 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 878b3b4ac2b6c8e46cbd635129b4e42c76768b18fbb90708745229af6cbc1bae

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 imagesuv0myt5eb1rnnbxsp1ds.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/ Frame 28CF 989 B
1021 B 15ms
13ms Image
image/png 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/imagesuv0myt5eb1rnnbxsp1ds.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aca9b5b4cbfd4bc4c8c3f0e6b803f4f17e8e7c79c4166e33dd19363e793143c3

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 553146
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 989
x-xss-protection: 0
last-modified: Thu, 11 Feb 2021 09:56:43 GMT
server: sffe
date: Fri, 21 May 2021 22:29:18 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 21 May 2022 22:29:18 GMT

GET
H3-29 200 18b0007183d0bb7a5606546c7ff0290f.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/ Frame 28CF 116 KB
116 KB 15ms
14ms Image
image/png 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/18b0007183d0bb7a5606546c7ff0290f.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11511854996e430afe2570349b74301d0042353244ebb4a768d49274c2788a8f

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 553146
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119162
x-xss-protection: 0
last-modified: Thu, 11 Feb 2021 09:56:43 GMT
server: sffe
date: Fri, 21 May 2021 22:29:18 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 21 May 2022 22:29:18 GMT

GET
H3-29 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 5070 9 KB
3 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 03:57:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15083
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 29 May 2021 03:57:01 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 5070 26 KB
10 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 18:54:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 47624
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Fri, 28 May 2021 18:54:40 GMT

GET
H3-29 200 gsap_3.2.4_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 5070 57 KB
23 KB 24ms
22ms Script
text/javascript 2a00:1450:4001:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.2.4_min.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23276
x-xss-protection: 0
last-modified: Thu, 05 Mar 2020 03:53:22 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 28 May 2021 08:08:24 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A114
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

47ms
47ms

Document
text/html

2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9332066977511089&output=html&h=600&adk=2562254491&adf=4276347427&pi=t.aa~a.3891073050~rp.4&w=300&fwrn=4&fwrnh=100&lmt=1622189303&rafmt=1&to=qs&pwprc=4451224861&psa=0&format=300x600&url=https%3A%2F%2Fopovoemfoco.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=4&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1622189303000&bpp=2&bdt=1264&idt=-M&shv=r20210524&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D68d57270cac7531c-22f7be364cc80055%3AT%3D1622189302%3ART%3D1622189302%3AS%3DALNI_Maqz0oMxx6k1BJakCiB-g0ylVguZw&prev_fmts=0x0%2C300x600%2C430x280&nras=4&correlator=6138441665258&frm=20&pv=1&ga_vid=1889738695.1622189303&ga_sid=1622189303&ga_hid=417693967&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1100&ady=2552&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060566%2C44743002%2C31061048&oid=3&pvsid=1024768486791718&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=WdhEJn3e9x&p=https%3A//opovoemfoco.com&dtd=77

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUm53WdnX55SQ79SpAH26mXFrryvD7DFdjxcJKJcUPrwOW8F5kui8rmxbdrhzMs; DSID=NO_DATA; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 28 May 2021 08:08:24 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Fri, 28-May-2021 09:08:24 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 28 May 2021 08:08:24 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 28 May 2021 08:08:24 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 A_FDV7LeaVqlTDL2qmVdouMMODA1wM6tcjTIBRf3dAs.js Show response
pagead2.googlesyndication.com/bg/ Frame 28CF 14 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A_FDV7LeaVqlTDL2qmVdouMMODA1wM6tcjTIBRf3dAs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03f14357b2de695aa54c32f6aa655da2e30c383035c0cead7234c80517f7740b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 07:42:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1579
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5771
x-xss-protection: 0
last-modified: Mon, 17 May 2021 11:28:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 28 May 2022 07:42:05 GMT

GET
H2 502 frame.html
ad4mat.net/ Frame 1F9D 0
0 24ms
24ms Document
text/html 2606:4700:3032::6815:57ae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad4mat.net/frame.html

Requested by

Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:57ae , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

:method: GET
:authority: ad4mat.net
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:24 GMT
content-type: text/html; charset=UTF-8
set-cookie: cf_ob_info=502:6565feb0bd232b22:FRA; path=/; expires=Fri, 28-May-21 08:08:54 GMT cf_use_ob=443; path=/; expires=Fri, 28-May-21 08:08:54 GMT
x-frame-options: SAMEORIGIN
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cf-ray: 6565feb0bd232b22-FRA
server: cloudflare

GET
H3-29 200 imagesuv0myt5eb1rnnbxsp1ds.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/ Frame 5070 989 B
1021 B 14ms
13ms Image
image/png 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/imagesuv0myt5eb1rnnbxsp1ds.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aca9b5b4cbfd4bc4c8c3f0e6b803f4f17e8e7c79c4166e33dd19363e793143c3

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 553146
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 989
x-xss-protection: 0
last-modified: Thu, 11 Feb 2021 09:56:43 GMT
server: sffe
date: Fri, 21 May 2021 22:29:18 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 21 May 2022 22:29:18 GMT

GET
H3-29 200 18b0007183d0bb7a5606546c7ff0290f.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/ Frame 5070 116 KB
116 KB 54ms
53ms Image
image/png 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/18b0007183d0bb7a5606546c7ff0290f.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/16986808040249150219/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11511854996e430afe2570349b74301d0042353244ebb4a768d49274c2788a8f

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 553146
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119162
x-xss-protection: 0
last-modified: Thu, 11 Feb 2021 09:56:43 GMT
server: sffe
date: Fri, 21 May 2021 22:29:18 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 21 May 2022 22:29:18 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
8 KB 34ms
33ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210524&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

65b7523e9bd5d70fff588f38a3fd85cf0de784add41319c656cf9c8c59b6da00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 28 May 2021 08:08:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8149
x-xss-protection: 0

GET
H3-29 200 A_FDV7LeaVqlTDL2qmVdouMMODA1wM6tcjTIBRf3dAs.js Show response
pagead2.googlesyndication.com/bg/ Frame 5070 14 KB
6 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A_FDV7LeaVqlTDL2qmVdouMMODA1wM6tcjTIBRf3dAs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03f14357b2de695aa54c32f6aa655da2e30c383035c0cead7234c80517f7740b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 07:42:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1579
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5771
x-xss-protection: 0
last-modified: Mon, 17 May 2021 11:28:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 28 May 2022 07:42:05 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Fri, 28 May 2021 08:08:24 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame CC4A 12 KB
5 KB 15ms
15ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://opovoemfoco.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://opovoemfoco.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Fri, 28 May 2021 06:44:20 GMT
expires: Sat, 28 May 2022 06:44:20 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 5044
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 679C 783 B
533 B 22ms
22ms Document
text/html 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ebf14d2ccd814e61d44daf4577675e3734a97c6600b480b908b0518b7e3267dc

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-04UjAeju0rGY77Y+9Q/v9Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://opovoemfoco.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://opovoemfoco.com/

Response headers

expires: Fri, 28 May 2021 08:08:24 GMT
date: Fri, 28 May 2021 08:08:24 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-04UjAeju0rGY77Y+9Q/v9Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 A_FDV7LeaVqlTDL2qmVdouMMODA1wM6tcjTIBRf3dAs.js Show response
pagead2.googlesyndication.com/bg/ Frame CC4A 14 KB
6 KB 18ms
13ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A_FDV7LeaVqlTDL2qmVdouMMODA1wM6tcjTIBRf3dAs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03f14357b2de695aa54c32f6aa655da2e30c383035c0cead7234c80517f7740b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 07:42:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1579
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5771
x-xss-protection: 0
last-modified: Mon, 17 May 2021 11:28:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 28 May 2022 07:42:05 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 51ms
51ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210524&jk=1024768486791718&bg=!6eql6q7NAAaMan2LjGo7ACkAdvg8WrEHwSP2kltLDIjd1CdQBc-ws7q9Npw0ZxDSM6Pc5quk0KXqOgIAAACxUgAAAAloAQcKAN62HPs-fkoTuE5JaSXT7lj57mD1H55Hfhf3klUK80WHO4toVRKwr2zjT0D9yfS8d15zUV-Zf0toEUdYZb1x1gdHVavMohyxSSEqOnb7mi0gojnebCBYhn3IiYBFplTpzquY09DcB-Q7goAW7rHvTgWWXhVX5N8LlU_D_G2EWVHLYeejuPFVx_N9UZWW0nOiCDEovp46Gtn4c2i5HxMxptpX7pNMUS6t46_16PpOWc8feJWEBVRLUYyyGuBV3rxsq5EfYkYHXQ7A00lmEUUPw-BJn7-Kvb0p1mBwtLXOzwOZAkF3frPynXU_fHY1yFGCYCrULI0D3fOghOzhKLxn1s5QGG1nB1G1FOVvu0vV0VotLBL7KQRaQrWXJvEe8ypdOpX4127U1l0OlWYe-JxhMzBplgbgPwe-3I6CEMJUhQkl2k__GwAs6ZPGJ6_S3KCUXJQ5mN_QAwQzOkbb_gVg9dIq_VvfQ_uZHKzv7d_bYeV-0BUyCD7RfEQCDNj6kWwwnpMmsRVOhbGfGExa6zhm6X2TVSJB_vbden6g7GvIPslJTFaggCfvj8woOIqliNRi2UZ6bYqS72MNp02AySWRj0GCgZiFXrweX9KdwOvLmjzQtSfCnZ0qs8r6HhbtkE9oNRckVloTE4oFRo4gLg2fBiv0susr7-zBlNCZS1rRtml7Lscu2iXssTF3UCe9ehvreNHx7hKKC1z1K8FD-u-FNNLLHHtqHG3-ji3Z3F2nIywJXcrfWdS9YDSIerkscq_9h-0sFVNa-eWPyEsmMCM5WPjh6OzIg6Eu4SF-hlUUlXDjFXbU0b9DiywaTGgLf0DOYFgoevP8By_9O04jrKeHjAV5m6CPf6dlt3QAkC2aekh9YFRNkjFowPj46BrdOq8VPX1D9MocpsILqdvkqwnHoAsfn17ndo45XpBJg5tHYAdPbZdVAhHLlWbSJxVSHwn5tqV-C7M2IgaIZojDX0RDfgLHhPwZvc3F9MpqtcEBj6uTyXJS7OuJ7Qdz-zV0l-PxwfbZ5VyL-3RxGm6b-J7d_fQmo_YiLb7fIopGGFSXnMDfdoTF

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://opovoemfoco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 May 2021 08:08:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 rs Show response
ad4m.at/ Frame A9BF 1 KB
1 KB 31ms
31ms XHR
text/plain 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2c83e05865c46c3f918bd3714160b94d19df8dad0556df05ee0d08041686659

Request headers

Referer: https://ad4m.at/ad/dr?ed=1gpyv9vpd8rx1gerc99gf0kkjtt4e3pb076vz234dv8ataae417c3d0bq2bjenvaewf2a8cvxc9cgq9a69yav6vywjzpsa8d4m20jgyh3r9ja9ka27hcrgkwet5ny4678jzsc6he6ft117ypz65c1wht296a23sf8yt8d78gzdvyakne57ngf64cmjk9q9tb2tgj1b4hvqrv8ssgn0enxb35bfwn5d7akrgsrt46jcr18c1rne8znpsjyvejw2mpvtd8m3tz3v9w3jrzyhjnkhvdqfh3m0axgejy02s3w8mqm3mdv5t7259ex2caha8hyqb920psn0eh8eq7rv7zb7y64cjzhyyna45av6fnw6yhmwa15ykxzq01pt834&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCmCAq96SwYNLvBovN1fAPt9-7mA-Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTkzMzIwNjY5Nzc1MTEwODmgAcKu6N0DyAEJqQL2ymYTNnO0PqgDAaoE2QFP0DoTplVXfmgezT44Rj9qwDGLxhR8NtG8JtzBaMTaUlky4FPPe-po3ViMA0BALqwGciVcpjPlWOhpBakuOFr2O7eP5zfTydY6q-0nQKIJFc_HeK4jJGM9tWWGBMzWVsBImfN9seRxnIKdyOorYoKBk9WsHMzj6nHTxuO0iFT5zBglxkUu1LmofYMPKWAM-N7Me4Zj555UpNxhrag8j_wJ_xeeINI5QgIGd3oOHw0RGr99tfJjt9Rl-0lhh-rKMxmA1QbM2NEqTSEEQLSTkhFUdkIhpXhNCJF4gAa4vcSTyJTXop8BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHipyxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3uDr--Oq0PM8dGa-CfOQ3uDGB6bA%26client%3Dca-pub-9332066977511089%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 28 May 2021 08:08:26 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-backend-server: rs-1tg8
cf-request-id: 0a539d895400004aa35fa37000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=LIK%2FaIf69%2BdbfwTH7DzKMtJVTlmMwuKhA1ivd4GoFQGOZrAQYBBb6AKH7k2A3kf7CLruyeDywbJWwaKFYkv10nJHy9nBGhYA4Rfr78b%2FQMxL8Uz9MuW8eb6kBR6Mzcvo"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://ad4m.at
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
access-control-allow-credentials: true
cf-ray: 6565febbbb674aa3-FRA

GET
H2 200 rar Show response
as.ad4m.at/ad/ Frame 9393 9 KB
4 KB 65ms
37ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=3653908c79b84db482645c70afbfb855%2F3004696383333724816&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20zkz2mjtp97kvb08a16z4ybe3y37gbrsa5w2fs1h4e2xn7jq4vbw3d3m93hxn0mbt6d4b5s0pj2fj5r38s4xqa8y5gt064re9sq0d9x12qxfmfsystzfrkvz5szbfeh1n8e7r5dhcbchxn5rr7gkm9g8nrvyqe1qya17d159ww2shem03d37dtsh1fv1ne2wwkpwpxtgc2txhkwp9pr8jv55xngcdkfw13an2ey3pvbf9zg6dmqjjf3apy8p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCmCAq96SwYNLvBovN1fAPt9-7mA-Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTkzMzIwNjY5Nzc1MTEwODmgAcKu6N0DyAEJqQL2ymYTNnO0PqgDAaoE2QFP0DoTplVXfmgezT44Rj9qwDGLxhR8NtG8JtzBaMTaUlky4FPPe-po3ViMA0BALqwGciVcpjPlWOhpBakuOFr2O7eP5zfTydY6q-0nQKIJFc_HeK4jJGM9tWWGBMzWVsBImfN9seRxnIKdyOorYoKBk9WsHMzj6nHTxuO0iFT5zBglxkUu1LmofYMPKWAM-N7Me4Zj555UpNxhrag8j_wJ_xeeINI5QgIGd3oOHw0RGr99tfJjt9Rl-0lhh-rKMxmA1QbM2NEqTSEEQLSTkhFUdkIhpXhNCJF4gAa4vcSTyJTXop8BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHipyxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_3uDr--Oq0PM8dGa-CfOQ3uDGB6bA%2526client%253Dca-pub-9332066977511089%2526adurl%253D&y=0&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8bb394b0e01ddd617ad2e4a7d1f5f4fcd4d9a7d956fee5f83c3171d14f6a4f7a

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: as.ad4m.at
:scheme: https
:path: /ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=3653908c79b84db482645c70afbfb855%2F3004696383333724816&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20zkz2mjtp97kvb08a16z4ybe3y37gbrsa5w2fs1h4e2xn7jq4vbw3d3m93hxn0mbt6d4b5s0pj2fj5r38s4xqa8y5gt064re9sq0d9x12qxfmfsystzfrkvz5szbfeh1n8e7r5dhcbchxn5rr7gkm9g8nrvyqe1qya17d159ww2shem03d37dtsh1fv1ne2wwkpwpxtgc2txhkwp9pr8jv55xngcdkfw13an2ey3pvbf9zg6dmqjjf3apy8p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCmCAq96SwYNLvBovN1fAPt9-7mA-Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTkzMzIwNjY5Nzc1MTEwODmgAcKu6N0DyAEJqQL2ymYTNnO0PqgDAaoE2QFP0DoTplVXfmgezT44Rj9qwDGLxhR8NtG8JtzBaMTaUlky4FPPe-po3ViMA0BALqwGciVcpjPlWOhpBakuOFr2O7eP5zfTydY6q-0nQKIJFc_HeK4jJGM9tWWGBMzWVsBImfN9seRxnIKdyOorYoKBk9WsHMzj6nHTxuO0iFT5zBglxkUu1LmofYMPKWAM-N7Me4Zj555UpNxhrag8j_wJ_xeeINI5QgIGd3oOHw0RGr99tfJjt9Rl-0lhh-rKMxmA1QbM2NEqTSEEQLSTkhFUdkIhpXhNCJF4gAa4vcSTyJTXop8BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHipyxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_3uDr--Oq0PM8dGa-CfOQ3uDGB6bA%2526client%253Dca-pub-9332066977511089%2526adurl%253D&y=0&z=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:26 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-request-id: 0a539d89b400004aa3881a5000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6565febc5ccc4aa3-FRA
content-encoding: br

GET
H3-29 200 default.css
as.ad4m.at/ad/style/0.1.6/one-ad/ Frame 9393 59 KB
7 KB 19ms
18ms Stylesheet
text/css 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.6/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=3653908c79b84db482645c70afbfb855%2F3004696383333724816&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20zkz2mjtp97kvb08a16z4ybe3y37gbrsa5w2fs1h4e2xn7jq4vbw3d3m93hxn0mbt6d4b5s0pj2fj5r38s4xqa8y5gt064re9sq0d9x12qxfmfsystzfrkvz5szbfeh1n8e7r5dhcbchxn5rr7gkm9g8nrvyqe1qya17d159ww2shem03d37dtsh1fv1ne2wwkpwpxtgc2txhkwp9pr8jv55xngcdkfw13an2ey3pvbf9zg6dmqjjf3apy8p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCmCAq96SwYNLvBovN1fAPt9-7mA-Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTkzMzIwNjY5Nzc1MTEwODmgAcKu6N0DyAEJqQL2ymYTNnO0PqgDAaoE2QFP0DoTplVXfmgezT44Rj9qwDGLxhR8NtG8JtzBaMTaUlky4FPPe-po3ViMA0BALqwGciVcpjPlWOhpBakuOFr2O7eP5zfTydY6q-0nQKIJFc_HeK4jJGM9tWWGBMzWVsBImfN9seRxnIKdyOorYoKBk9WsHMzj6nHTxuO0iFT5zBglxkUu1LmofYMPKWAM-N7Me4Zj555UpNxhrag8j_wJ_xeeINI5QgIGd3oOHw0RGr99tfJjt9Rl-0lhh-rKMxmA1QbM2NEqTSEEQLSTkhFUdkIhpXhNCJF4gAa4vcSTyJTXop8BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHipyxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_3uDr--Oq0PM8dGa-CfOQ3uDGB6bA%2526client%253Dca-pub-9332066977511089%2526adurl%253D&y=0&z=0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36ae5665d20b3043d7c330846a2712a01de07cc1a8819d08f306853249a3bb52

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=3653908c79b84db482645c70afbfb855%2F3004696383333724816&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20zkz2mjtp97kvb08a16z4ybe3y37gbrsa5w2fs1h4e2xn7jq4vbw3d3m93hxn0mbt6d4b5s0pj2fj5r38s4xqa8y5gt064re9sq0d9x12qxfmfsystzfrkvz5szbfeh1n8e7r5dhcbchxn5rr7gkm9g8nrvyqe1qya17d159ww2shem03d37dtsh1fv1ne2wwkpwpxtgc2txhkwp9pr8jv55xngcdkfw13an2ey3pvbf9zg6dmqjjf3apy8p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCmCAq96SwYNLvBovN1fAPt9-7mA-Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTkzMzIwNjY5Nzc1MTEwODmgAcKu6N0DyAEJqQL2ymYTNnO0PqgDAaoE2QFP0DoTplVXfmgezT44Rj9qwDGLxhR8NtG8JtzBaMTaUlky4FPPe-po3ViMA0BALqwGciVcpjPlWOhpBakuOFr2O7eP5zfTydY6q-0nQKIJFc_HeK4jJGM9tWWGBMzWVsBImfN9seRxnIKdyOorYoKBk9WsHMzj6nHTxuO0iFT5zBglxkUu1LmofYMPKWAM-N7Me4Zj555UpNxhrag8j_wJ_xeeINI5QgIGd3oOHw0RGr99tfJjt9Rl-0lhh-rKMxmA1QbM2NEqTSEEQLSTkhFUdkIhpXhNCJF4gAa4vcSTyJTXop8BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHipyxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_3uDr--Oq0PM8dGa-CfOQ3uDGB6bA%2526client%253Dca-pub-9332066977511089%2526adurl%253D&y=0&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:26 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 769838
cf-polished: origSize=60706
surrogate-control: no-store
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=3600
cf-request-id: 0a539d89ec0000d6c9dc2b5000000001
cf-ray: 6565febca9f0d6c9-FRA
expires: Fri, 28 May 2021 09:08:26 GMT

GET
H2 200 B4CB880477BA810028D7D7613EE7E9E1448DC35AF48781E4B95EC6ECB7049A9AA27B107B317198EC504A03E948F7EC5A02BC2426A27879C893669BA93941B528
assets.ad4m.at/logo/ Frame 9393 18 KB
19 KB 48ms
20ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/B4CB880477BA810028D7D7613EE7E9E1448DC35AF48781E4B95EC6ECB7049A9AA27B107B317198EC504A03E948F7EC5A02BC2426A27879C893669BA93941B528
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=3653908c79b84db482645c70afbfb855%2F3004696383333724816&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20zkz2mjtp97kvb08a16z4ybe3y37gbrsa5w2fs1h4e2xn7jq4vbw3d3m93hxn0mbt6d4b5s0pj2fj5r38s4xqa8y5gt064re9sq0d9x12qxfmfsystzfrkvz5szbfeh1n8e7r5dhcbchxn5rr7gkm9g8nrvyqe1qya17d159ww2shem03d37dtsh1fv1ne2wwkpwpxtgc2txhkwp9pr8jv55xngcdkfw13an2ey3pvbf9zg6dmqjjf3apy8p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCmCAq96SwYNLvBovN1fAPt9-7mA-Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTkzMzIwNjY5Nzc1MTEwODmgAcKu6N0DyAEJqQL2ymYTNnO0PqgDAaoE2QFP0DoTplVXfmgezT44Rj9qwDGLxhR8NtG8JtzBaMTaUlky4FPPe-po3ViMA0BALqwGciVcpjPlWOhpBakuOFr2O7eP5zfTydY6q-0nQKIJFc_HeK4jJGM9tWWGBMzWVsBImfN9seRxnIKdyOorYoKBk9WsHMzj6nHTxuO0iFT5zBglxkUu1LmofYMPKWAM-N7Me4Zj555UpNxhrag8j_wJ_xeeINI5QgIGd3oOHw0RGr99tfJjt9Rl-0lhh-rKMxmA1QbM2NEqTSEEQLSTkhFUdkIhpXhNCJF4gAa4vcSTyJTXop8BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHipyxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_3uDr--Oq0PM8dGa-CfOQ3uDGB6bA%2526client%253Dca-pub-9332066977511089%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54d35e66675f9cc2ab471d0c389573b5ab0902937b397914a177712b27678a46

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=GT8dCw==, md5=4YyWNM3TGeacJ2VHXynNEw==
date: Fri, 28 May 2021 08:08:26 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 130166
cf-polished: origFmt=png, origSize=35453
x-guploader-uploadid: ABg5-Uwa0pHO7p2KwdWZ6A8ZHcFIkQUlgjPhsd8G8bqx4cWC-xpVXJrDEK-e_ZlHLKcIK4mqQ40q-IIwdNNX4JYmbgW8DGCfiw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 18872
cf-request-id: 0a539d89fe00004aa32794c000000001
last-modified: Mon, 18 May 2020 12:30:29 GMT
server: cloudflare
etag: "e18c9634cdd319e69c2765475f29cd13"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Neeb4%2FU39t2q8De42ybY4aRg%2Fsw04ot6FhQt825eF63e%2ByiDNjoUPawHryJiKrXXmwsVMgwAuAvwnaVXfazK8hjQJAPd%2BnJeQ2d5LnXbvsX%2BCz7WixQNDbnlaXHBL4M%2BUEtFoUbzxg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1589805029334103
content-type: image/webp
expires: Sat, 29 May 2021 08:08:26 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 35453
accept-ranges: bytes
cf-ray: 6565febccdcc4aa3-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 A012F5D8E216B662BCC639EFCE48E0BB093DAE488B3795D30A56E98E58F3F85831088246988EB178E8D9AAEC22C831FEB67C179E776973AC655CFF57EDC5D13C
assets.ad4m.at/product_image/ Frame 9393 2 KB
2 KB 46ms
17ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/A012F5D8E216B662BCC639EFCE48E0BB093DAE488B3795D30A56E98E58F3F85831088246988EB178E8D9AAEC22C831FEB67C179E776973AC655CFF57EDC5D13C
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=3653908c79b84db482645c70afbfb855%2F3004696383333724816&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20zkz2mjtp97kvb08a16z4ybe3y37gbrsa5w2fs1h4e2xn7jq4vbw3d3m93hxn0mbt6d4b5s0pj2fj5r38s4xqa8y5gt064re9sq0d9x12qxfmfsystzfrkvz5szbfeh1n8e7r5dhcbchxn5rr7gkm9g8nrvyqe1qya17d159ww2shem03d37dtsh1fv1ne2wwkpwpxtgc2txhkwp9pr8jv55xngcdkfw13an2ey3pvbf9zg6dmqjjf3apy8p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCmCAq96SwYNLvBovN1fAPt9-7mA-Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTkzMzIwNjY5Nzc1MTEwODmgAcKu6N0DyAEJqQL2ymYTNnO0PqgDAaoE2QFP0DoTplVXfmgezT44Rj9qwDGLxhR8NtG8JtzBaMTaUlky4FPPe-po3ViMA0BALqwGciVcpjPlWOhpBakuOFr2O7eP5zfTydY6q-0nQKIJFc_HeK4jJGM9tWWGBMzWVsBImfN9seRxnIKdyOorYoKBk9WsHMzj6nHTxuO0iFT5zBglxkUu1LmofYMPKWAM-N7Me4Zj555UpNxhrag8j_wJ_xeeINI5QgIGd3oOHw0RGr99tfJjt9Rl-0lhh-rKMxmA1QbM2NEqTSEEQLSTkhFUdkIhpXhNCJF4gAa4vcSTyJTXop8BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHipyxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_3uDr--Oq0PM8dGa-CfOQ3uDGB6bA%2526client%253Dca-pub-9332066977511089%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79a1fd9f71c69648edfe742cc8b1d2141a95d063e630aaa06a5cdf5faa50650d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=bJ9ALA==, md5=ejqY/mc9t7JQK9XG0TFuLA==
date: Fri, 28 May 2021 08:08:26 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 131370
cf-polished: origFmt=png, origSize=4031
x-guploader-uploadid: ABg5-UzGiRR4yimbWKfGJZpmBb7Y7HRFdwG_OsOerIJSuqRrvfrFIfTgIYrYfkjPNAsraqsGAdYkDRgmZq7_XAan-8Y
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1598
cf-request-id: 0a539d8a0900004aa372361000000001
last-modified: Wed, 20 Jan 2021 17:03:56 GMT
server: cloudflare
etag: "7a3a98fe673db7b2502bd5c6d1316e2c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ePC%2BvkQ9BssUrob8N5Ep5saXo1obD%2Bx16NvKSmYho117ex3U3JCpdRGBvvJTQznRWb1rRxT62x2bsFcU4AqNaV7DtJo6dJl8f5z50orDYKbNg0wSRK4axuq1VlOD5aXrSBDz4MOfBg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1611162235947637
content-type: image/webp
expires: Sat, 29 May 2021 08:08:26 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 4031
accept-ranges: bytes
cf-ray: 6565febcddef4aa3-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 9393 43 B
702 B 242ms
88ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519498&v=14098&q=368694&r=412871&pv=1&pref3=oneidDjeT3fwfbqPS3HmH9t1twAmF4tmTk8roneid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 28 May 2021 08:08:26 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H2 200 092AF182BFAEB6FB9384BCD487C1B5A43125CF153AA6D3EDEC71241055FD8B61372C6BFDCCACC22CAB8E52B77906D491F783793EC97701304A15CA510282E399
assets.ad4m.at/logo/ Frame 9393 38 KB
39 KB 37ms
24ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/092AF182BFAEB6FB9384BCD487C1B5A43125CF153AA6D3EDEC71241055FD8B61372C6BFDCCACC22CAB8E52B77906D491F783793EC97701304A15CA510282E399
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=3653908c79b84db482645c70afbfb855%2F3004696383333724816&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20zkz2mjtp97kvb08a16z4ybe3y37gbrsa5w2fs1h4e2xn7jq4vbw3d3m93hxn0mbt6d4b5s0pj2fj5r38s4xqa8y5gt064re9sq0d9x12qxfmfsystzfrkvz5szbfeh1n8e7r5dhcbchxn5rr7gkm9g8nrvyqe1qya17d159ww2shem03d37dtsh1fv1ne2wwkpwpxtgc2txhkwp9pr8jv55xngcdkfw13an2ey3pvbf9zg6dmqjjf3apy8p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCmCAq96SwYNLvBovN1fAPt9-7mA-Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTkzMzIwNjY5Nzc1MTEwODmgAcKu6N0DyAEJqQL2ymYTNnO0PqgDAaoE2QFP0DoTplVXfmgezT44Rj9qwDGLxhR8NtG8JtzBaMTaUlky4FPPe-po3ViMA0BALqwGciVcpjPlWOhpBakuOFr2O7eP5zfTydY6q-0nQKIJFc_HeK4jJGM9tWWGBMzWVsBImfN9seRxnIKdyOorYoKBk9WsHMzj6nHTxuO0iFT5zBglxkUu1LmofYMPKWAM-N7Me4Zj555UpNxhrag8j_wJ_xeeINI5QgIGd3oOHw0RGr99tfJjt9Rl-0lhh-rKMxmA1QbM2NEqTSEEQLSTkhFUdkIhpXhNCJF4gAa4vcSTyJTXop8BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHipyxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_3uDr--Oq0PM8dGa-CfOQ3uDGB6bA%2526client%253Dca-pub-9332066977511089%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79a636d2c8ace706866349aaf2d1661b25c94a9523ab602e32d106fbba2a2b23

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=EKOc3w==, md5=wqT4IuWoMfO1yrOci8rmHQ==
date: Fri, 28 May 2021 08:08:26 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 132677
cf-polished: origFmt=png, origSize=44613
x-guploader-uploadid: ABg5-UwWzV8Vi9wwWB9_t92BZ3hXsqxnGcNPAW0LaVCSpyGkAeICaRXs_LpZzjWYyirMRzo7C0cmfApc-NiuzLQfsg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 39202
cf-request-id: 0a539d8a0900004aa3448a7000000001
last-modified: Wed, 22 Jan 2020 13:11:41 GMT
server: cloudflare
etag: "c2a4f822e5a831f3b5cab39c8bcae61d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=5QtRPLV7FVUw6Xb7jmUQU1qfNkX3DFZ8d3DapXDlX2Dh8plvqZtjMsfy%2FGX03f%2FzgNwP5T9KSMxQmiDx%2BfWd26NU%2FpE7S%2F0%2BVo81IJQWMfwEtS0Od60kZsMCeATToh%2FlG7g0y3X7oQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1579698701189315
content-type: image/webp
expires: Sat, 29 May 2021 08:08:26 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 44613
accept-ranges: bytes
cf-ray: 6565febcddf24aa3-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 69E7FB78A72BC29D22049638675F152BD0F020C6E7E7DD83AC85D812D70F34E088215F53E301063143245A4B72ED47974DE7618A14B827D305F065371D2DBE4A
assets.ad4m.at/ Frame 9393 113 KB
113 KB 36ms
23ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/69E7FB78A72BC29D22049638675F152BD0F020C6E7E7DD83AC85D812D70F34E088215F53E301063143245A4B72ED47974DE7618A14B827D305F065371D2DBE4A
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=3653908c79b84db482645c70afbfb855%2F3004696383333724816&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20zkz2mjtp97kvb08a16z4ybe3y37gbrsa5w2fs1h4e2xn7jq4vbw3d3m93hxn0mbt6d4b5s0pj2fj5r38s4xqa8y5gt064re9sq0d9x12qxfmfsystzfrkvz5szbfeh1n8e7r5dhcbchxn5rr7gkm9g8nrvyqe1qya17d159ww2shem03d37dtsh1fv1ne2wwkpwpxtgc2txhkwp9pr8jv55xngcdkfw13an2ey3pvbf9zg6dmqjjf3apy8p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCmCAq96SwYNLvBovN1fAPt9-7mA-Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTkzMzIwNjY5Nzc1MTEwODmgAcKu6N0DyAEJqQL2ymYTNnO0PqgDAaoE2QFP0DoTplVXfmgezT44Rj9qwDGLxhR8NtG8JtzBaMTaUlky4FPPe-po3ViMA0BALqwGciVcpjPlWOhpBakuOFr2O7eP5zfTydY6q-0nQKIJFc_HeK4jJGM9tWWGBMzWVsBImfN9seRxnIKdyOorYoKBk9WsHMzj6nHTxuO0iFT5zBglxkUu1LmofYMPKWAM-N7Me4Zj555UpNxhrag8j_wJ_xeeINI5QgIGd3oOHw0RGr99tfJjt9Rl-0lhh-rKMxmA1QbM2NEqTSEEQLSTkhFUdkIhpXhNCJF4gAa4vcSTyJTXop8BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHipyxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_3uDr--Oq0PM8dGa-CfOQ3uDGB6bA%2526client%253Dca-pub-9332066977511089%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85a096c073faa7b2f0cd16adf42aef4c64f0e2b34dedcd1379b6cc48e126f7fa

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=UWAYGw==, md5=A1esecs/9FudVn6rgMfjTA==
date: Fri, 28 May 2021 08:08:26 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 133323
cf-polished: origFmt=png, origSize=136328
x-guploader-uploadid: ABg5-UwkjW7D1NIP-SGMO0-kZ76TtZfUKrCHcFefqvfPhPmPd2kUA2JGX59C6myv_SM-svP_Kdq_okuTD9MVCpFHug
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 115268
cf-request-id: 0a539d8a0900004aa37f9db000000001
last-modified: Tue, 29 Oct 2019 09:42:57 GMT
server: cloudflare
etag: "0357ac79cb3ff45b9d567eab80c7e34c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=5Kx5n8GqGc6mcciEe1mcmB%2BiGbJTfD%2BzKxL%2BYgkuO8pPlAD7A1eud8rroI84h1VnzG6OqxSN91ig3oXHMcyTEZj2dcUrr9iYg4MpUnMsu8z2ArbK4SLyRlIjMGjg%2BDm6iW9DlvRNsw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1572342177666668
content-type: image/webp
expires: Sat, 29 May 2021 08:08:26 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 136328
accept-ranges: bytes
cf-ray: 6565febcddf34aa3-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 9393 43 B
702 B 235ms
86ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2338586&v=11830&q=357066&r=412871&pv=1&pref3=oneidDjeT3fwfe9T3HmH9t1tEjxT4tmTk8roneid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 28 May 2021 08:08:26 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H2 200 E8A0B3404CF65D67FABF74F38D2E787E97D75F650E6720B8A047EFE226A7A598DA94FFCF3CDCC52A3B206A422DD3D5082778689277BC79BF962DEE607C6331D8
assets.ad4m.at/logo/ Frame 9393 38 KB
38 KB 31ms
18ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/E8A0B3404CF65D67FABF74F38D2E787E97D75F650E6720B8A047EFE226A7A598DA94FFCF3CDCC52A3B206A422DD3D5082778689277BC79BF962DEE607C6331D8
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=3653908c79b84db482645c70afbfb855%2F3004696383333724816&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20zkz2mjtp97kvb08a16z4ybe3y37gbrsa5w2fs1h4e2xn7jq4vbw3d3m93hxn0mbt6d4b5s0pj2fj5r38s4xqa8y5gt064re9sq0d9x12qxfmfsystzfrkvz5szbfeh1n8e7r5dhcbchxn5rr7gkm9g8nrvyqe1qya17d159ww2shem03d37dtsh1fv1ne2wwkpwpxtgc2txhkwp9pr8jv55xngcdkfw13an2ey3pvbf9zg6dmqjjf3apy8p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCmCAq96SwYNLvBovN1fAPt9-7mA-Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTkzMzIwNjY5Nzc1MTEwODmgAcKu6N0DyAEJqQL2ymYTNnO0PqgDAaoE2QFP0DoTplVXfmgezT44Rj9qwDGLxhR8NtG8JtzBaMTaUlky4FPPe-po3ViMA0BALqwGciVcpjPlWOhpBakuOFr2O7eP5zfTydY6q-0nQKIJFc_HeK4jJGM9tWWGBMzWVsBImfN9seRxnIKdyOorYoKBk9WsHMzj6nHTxuO0iFT5zBglxkUu1LmofYMPKWAM-N7Me4Zj555UpNxhrag8j_wJ_xeeINI5QgIGd3oOHw0RGr99tfJjt9Rl-0lhh-rKMxmA1QbM2NEqTSEEQLSTkhFUdkIhpXhNCJF4gAa4vcSTyJTXop8BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHipyxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_3uDr--Oq0PM8dGa-CfOQ3uDGB6bA%2526client%253Dca-pub-9332066977511089%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d997fba7832cb78b0933a9eb2ce191d53234c978e25c6c8fc50c75923ea8405e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=RkBJ3g==, md5=Kw4C6d3nfjHTjXjXPcaeTw==
date: Fri, 28 May 2021 08:08:26 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 130470
cf-polished: origFmt=png, origSize=77267
x-guploader-uploadid: ABg5-UwEVnjd7dR3HhxvLjp_sWRKJYH0caMiuu_CyivY0DOCPBFePnJOMgFk4q-EOhBvW8wM7HavdGsiweoV4l2mI3KykCijyg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 38696
cf-request-id: 0a539d8a0900004aa367b23000000001
last-modified: Wed, 22 Jan 2020 13:11:48 GMT
server: cloudflare
etag: "2b0e02e9dde77e31d38d78d73dc69e4f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=q0PXBPy6JFUF2FWp5%2FQfNX3Foq1V7%2BO7hv3rEDPSzd9%2B43Xk%2BLFDrs8nJw7Lm44slFwLcK9i7BlZLvQCWs8OLeuU55QGxiwq7dwzUNByxhhEuSMrVHjrsIRiBCA2YB6Um783hLtHhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1579698708801217
content-type: image/webp
expires: Sat, 29 May 2021 08:08:26 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 77267
accept-ranges: bytes
cf-ray: 6565febcddf44aa3-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 B45F893E9FFC024BF63F31BCCBD125167CBC3446F3678FC31F706A695A83CDCA7427229BCA4C5992B83E2F60A147FCD1B6148725AA0AF3ABB801A6BB7EA78390
assets.ad4m.at/ Frame 9393 84 KB
84 KB 32ms
19ms Image
image/jpeg 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/B45F893E9FFC024BF63F31BCCBD125167CBC3446F3678FC31F706A695A83CDCA7427229BCA4C5992B83E2F60A147FCD1B6148725AA0AF3ABB801A6BB7EA78390
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=3653908c79b84db482645c70afbfb855%2F3004696383333724816&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20zkz2mjtp97kvb08a16z4ybe3y37gbrsa5w2fs1h4e2xn7jq4vbw3d3m93hxn0mbt6d4b5s0pj2fj5r38s4xqa8y5gt064re9sq0d9x12qxfmfsystzfrkvz5szbfeh1n8e7r5dhcbchxn5rr7gkm9g8nrvyqe1qya17d159ww2shem03d37dtsh1fv1ne2wwkpwpxtgc2txhkwp9pr8jv55xngcdkfw13an2ey3pvbf9zg6dmqjjf3apy8p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCmCAq96SwYNLvBovN1fAPt9-7mA-Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTkzMzIwNjY5Nzc1MTEwODmgAcKu6N0DyAEJqQL2ymYTNnO0PqgDAaoE2QFP0DoTplVXfmgezT44Rj9qwDGLxhR8NtG8JtzBaMTaUlky4FPPe-po3ViMA0BALqwGciVcpjPlWOhpBakuOFr2O7eP5zfTydY6q-0nQKIJFc_HeK4jJGM9tWWGBMzWVsBImfN9seRxnIKdyOorYoKBk9WsHMzj6nHTxuO0iFT5zBglxkUu1LmofYMPKWAM-N7Me4Zj555UpNxhrag8j_wJ_xeeINI5QgIGd3oOHw0RGr99tfJjt9Rl-0lhh-rKMxmA1QbM2NEqTSEEQLSTkhFUdkIhpXhNCJF4gAa4vcSTyJTXop8BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHipyxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_3uDr--Oq0PM8dGa-CfOQ3uDGB6bA%2526client%253Dca-pub-9332066977511089%2526adurl%253D&y=0&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4832f5768a8d71f5e7504a48274d822a72e79b39fe43a071c13852097da8ec6b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=e08Zuw==, md5=psibsHmVB2WUau7aQuE9AQ==
date: Fri, 28 May 2021 08:08:26 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 385859
cf-polished: origSize=90165, status=webp_bigger
x-guploader-uploadid: ABg5-UwpHlAtA2qVPfv3ecx4V7j-_tqzuivxuNwBFwB9F0Tqg3buBEkTuErpWsLNYW6yOWM3URGwbMAmc2fRHKIfAFA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 85604
cf-request-id: 0a539d8a0900004aa363090000000001
last-modified: Wed, 09 Oct 2019 16:06:53 GMT
server: cloudflare
etag: "a6c89bb079950765946aeeda42e13d01"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=w0P3eHXLa35dpz0A0F5Y1tU9OtAi2WRW8ZbgO0skji0RkBHb5B1b6nn%2BLRlFXB87BLnQwIDJQiH5Y%2BEVTEuBLvDkavvrlOL%2BmUxqt30H5m0v3N5zFrhwjfZjpV%2FObeIy5d%2Fee4Wcjg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1570637213281727
content-type: image/jpeg
expires: Sat, 29 May 2021 08:08:26 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 90165
accept-ranges: bytes
cf-ray: 6565febcddf54aa3-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK link.html Show response
track.webgains.com/ Frame 9393 12 KB
12 KB 387ms
141ms Script
text/html 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=713569&wgcampaignid=1384975&js=1&nw=1&clickref=oneidbM4CQfZfp5QFYHbHzt8Cwr5uetJT5Weoneid__dc_reach_suite02wkz&viewref=oneidPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7oneid__dc_reach_suite02wkz
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=3653908c79b84db482645c70afbfb855%2F3004696383333724816&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20zkz2mjtp97kvb08a16z4ybe3y37gbrsa5w2fs1h4e2xn7jq4vbw3d3m93hxn0mbt6d4b5s0pj2fj5r38s4xqa8y5gt064re9sq0d9x12qxfmfsystzfrkvz5szbfeh1n8e7r5dhcbchxn5rr7gkm9g8nrvyqe1qya17d159ww2shem03d37dtsh1fv1ne2wwkpwpxtgc2txhkwp9pr8jv55xngcdkfw13an2ey3pvbf9zg6dmqjjf3apy8p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCmCAq96SwYNLvBovN1fAPt9-7mA-Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTkzMzIwNjY5Nzc1MTEwODmgAcKu6N0DyAEJqQL2ymYTNnO0PqgDAaoE2QFP0DoTplVXfmgezT44Rj9qwDGLxhR8NtG8JtzBaMTaUlky4FPPe-po3ViMA0BALqwGciVcpjPlWOhpBakuOFr2O7eP5zfTydY6q-0nQKIJFc_HeK4jJGM9tWWGBMzWVsBImfN9seRxnIKdyOorYoKBk9WsHMzj6nHTxuO0iFT5zBglxkUu1LmofYMPKWAM-N7Me4Zj555UpNxhrag8j_wJ_xeeINI5QgIGd3oOHw0RGr99tfJjt9Rl-0lhh-rKMxmA1QbM2NEqTSEEQLSTkhFUdkIhpXhNCJF4gAa4vcSTyJTXop8BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHipyxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_3uDr--Oq0PM8dGa-CfOQ3uDGB6bA%2526client%253Dca-pub-9332066977511089%2526adurl%253D&y=0&z=0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: e3d722f4cd7587ef5f049320a1e6b1e59bb30fa65db774e3be30cdef15acc556

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 28 May 2021 08:08:26 GMT
Last-Modified: Fri, 28 May 2021 08:08:26 GMT
Server: Apache
Transfer-Encoding: chunked
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: text/html;charset=utf-8
Expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H3-29 200 rs Show response
ad4m.at/ Frame 024F 1 KB
2 KB 50ms
49ms XHR
text/plain 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0302988617de5cb9f90979b8a86c431e00249c09831c901263f8242615f798ad

Request headers

Referer: https://ad4m.at/ad/dr?ed=1kg88hzq5fzjv3kbq2ste3bgs29a5c13y0ft5f7h02jpzatc2epefxbhqskk799g9982jb9j1681mrbzbf2p4btwa4rheddmw7xkc68vngdmwrq32c6m3h35hq62t54q6g7pdycevhzkt357p0gvcp0bz0pfme7pq344bd5pvbw9cmnvdejzw0nrs3r5tas6wdbhbpndzsvh319mhr8j3tbds22435c2sdydsqc9gj6nea738byj90756xnpnf5k0p995xggp1crb55dag9ajdqt8qzk8mty806pe0ncc0318vmg3jznkxkpjewgdwdpakh2seh1qakyvgdt404yd31xx66cspdjx7ngveskq9k8nfd2dp8c8q88an53m&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC8KkK96SwYIPbBcLK1fAPpuQOkOGBhFy2qMKK8ALAjbcBEAEgAGCVAoIBF2NhLXB1Yi05MzMyMDY2OTc3NTExMDg5oAHCrujdA8gBCakC9spmEzZztD6oAwGqBN8BT9ATrOtTxY5cgMXGzU9RWIP8MOP7H4XGI_NeKFXUMGAwiScpJAts_QllCE9xayMHJyCEeAegb7-rHk_brQlbvnjvxsyrLbA3QJBwEMk5sbN8vMf9JOpiVUftlz4FACvdk6dk3fda6zZYR4qzsGFDmx4GsbkCxyMQCNiAUEkybGpQf-PX7sKB6ZGrZnq9o8uxbnKxEM5dpxxvqfCNvlVUG2-mw-cz55Nw2HzuJ9yv3ki_V-YJAzSlJC21SSXPOITo5Zvfm7DgbTZyA4WxNxModqVCqz_DmSFzojYhBv4IeoAGuL3Ek8iU16KfAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1EBUSz79QnxrTeR6FADs-uq9EDvw%26client%3Dca-pub-9332066977511089%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 28 May 2021 08:08:26 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-backend-server: rs-v23g
cf-request-id: 0a539d8ae60000d6c939a74000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=QEPKgJKCfNCcBfZJrOETiBfYFzFkGfNcB7uYxHTg2%2BQ1wyf0%2FOyY86Px7n3q5fp1IJOk3KHJYfFRVJp22Mgbc1%2BiUTmiWwnjWhOzlWCvrNkvur2vOkhK91q50QnjLy2r"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://ad4m.at
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
access-control-allow-credentials: true
cf-ray: 6565febe3cdcd6c9-FRA

GET
H3-29 200 rar Show response
as.ad4m.at/ad/ Frame E705 9 KB
4 KB 38ms
36ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=d069e32c7908db93fdc6a039252ab84a%2F1986367319666144802&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22ddzxge9yn7e22apa9qgfyyk77mtq72437z461dhgnry20xznn98073tbg5r4v8ap9ts1ke9zp07y44ewms8g2zx7kx2hsj7rwrrh7qnb40qp3sm7t511bjpnm8cqgy6frphkr4bd1mgqeddy6ns028vbn91wq073tbykh0hm1r3270eyvwt1ga5nz8zjnc6sycj5d5xkx2zxjrb6s8fhc7aaaczxjcb4tk9xy2sdne5nx2eyw623zcf2n1r%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC8KkK96SwYIPbBcLK1fAPpuQOkOGBhFy2qMKK8ALAjbcBEAEgAGCVAoIBF2NhLXB1Yi05MzMyMDY2OTc3NTExMDg5oAHCrujdA8gBCakC9spmEzZztD6oAwGqBN8BT9ATrOtTxY5cgMXGzU9RWIP8MOP7H4XGI_NeKFXUMGAwiScpJAts_QllCE9xayMHJyCEeAegb7-rHk_brQlbvnjvxsyrLbA3QJBwEMk5sbN8vMf9JOpiVUftlz4FACvdk6dk3fda6zZYR4qzsGFDmx4GsbkCxyMQCNiAUEkybGpQf-PX7sKB6ZGrZnq9o8uxbnKxEM5dpxxvqfCNvlVUG2-mw-cz55Nw2HzuJ9yv3ki_V-YJAzSlJC21SSXPOITo5Zvfm7DgbTZyA4WxNxModqVCqz_DmSFzojYhBv4IeoAGuL3Ek8iU16KfAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1EBUSz79QnxrTeR6FADs-uq9EDvw%2526client%253Dca-pub-9332066977511089%2526adurl%253D&y=0&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c9bbec21aff10105263cd6064eebd83088705103dea42955edf95acf82dc628

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: as.ad4m.at
:scheme: https
:path: /ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=d069e32c7908db93fdc6a039252ab84a%2F1986367319666144802&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22ddzxge9yn7e22apa9qgfyyk77mtq72437z461dhgnry20xznn98073tbg5r4v8ap9ts1ke9zp07y44ewms8g2zx7kx2hsj7rwrrh7qnb40qp3sm7t511bjpnm8cqgy6frphkr4bd1mgqeddy6ns028vbn91wq073tbykh0hm1r3270eyvwt1ga5nz8zjnc6sycj5d5xkx2zxjrb6s8fhc7aaaczxjcb4tk9xy2sdne5nx2eyw623zcf2n1r%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC8KkK96SwYIPbBcLK1fAPpuQOkOGBhFy2qMKK8ALAjbcBEAEgAGCVAoIBF2NhLXB1Yi05MzMyMDY2OTc3NTExMDg5oAHCrujdA8gBCakC9spmEzZztD6oAwGqBN8BT9ATrOtTxY5cgMXGzU9RWIP8MOP7H4XGI_NeKFXUMGAwiScpJAts_QllCE9xayMHJyCEeAegb7-rHk_brQlbvnjvxsyrLbA3QJBwEMk5sbN8vMf9JOpiVUftlz4FACvdk6dk3fda6zZYR4qzsGFDmx4GsbkCxyMQCNiAUEkybGpQf-PX7sKB6ZGrZnq9o8uxbnKxEM5dpxxvqfCNvlVUG2-mw-cz55Nw2HzuJ9yv3ki_V-YJAzSlJC21SSXPOITo5Zvfm7DgbTZyA4WxNxModqVCqz_DmSFzojYhBv4IeoAGuL3Ek8iU16KfAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1EBUSz79QnxrTeR6FADs-uq9EDvw%2526client%253Dca-pub-9332066977511089%2526adurl%253D&y=0&z=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:27 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-request-id: 0a539d8ced0000d6c939a90000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6565fec17a59d6c9-FRA
content-encoding: br

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 9393 60 KB
60 KB 426ms
72ms Script
application/javascript 13.226.159.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=713569&wgcampaignid=1384975&js=1&nw=1&clickref=oneidbM4CQfZfp5QFYHbHzt8Cwr5uetJT5Weoneid__dc_reach_suite02wkz&viewref=oneidPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7oneid__dc_reach_suite02wkz
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-114.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f992d4e165a593df5d567f6ad58aae2b9609cc3870a5eb91483268e5b48c3e77

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 16:04:04 GMT
via: 1.1 147cd286989da71c73312280bb09c200.cloudfront.net (CloudFront)
last-modified: Mon, 24 May 2021 16:27:08 GMT
server: AmazonS3
age: 58216
etag: "4f1db9fdf90b4f2a5576501528dc54bc"
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-length: 61124
x-amz-cf-id: G9zl-8zPpIks4Ctw-VuNEcXkZrnEPDS27F-zVW5J2AjotJsYLt_OUg==

GET
H/1.1 200
OK hit Show response
diapi.webgains.com/2.0/ Frame 9393 79 B
374 B 278ms
76ms Script
text/javascript 81.29.72.47
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://diapi.webgains.com/2.0/hit?callback=hitCallback&wgpayload=F8a44iFBBNlY5Du4UXuKrnZ2CI9XkPrwVL6tqAhbrmQmkqlE4Ww.GEFF0Yz3ccbbJYMLgiPFU77qZoOSix5ezdstlYysrhsui6STpjB9TjQDKMhO3f9p_nH1u_eH3BhxUC550ialT0iakiEocEcEJ1w.CxUC541jlS7spjt.gEngMQEjZr_WhXTA2s.XTVV26y8GGEDd5ihORoVyFGh8cmvSuCKzIlnY6xljQlpRDuxfTNJxTqRejPm8LKfAaZ4ySy.aPjftcktBttIVugwcAuyPBDjaY2ftckuyPBB2SCX0iakJ1_4uxZkm__0Rhk6Hb9LarUqUdHz16rgPtFFg4Jh5DuISfs.BN1eNBRfeRe4GSr_WUkxMuVU3YMJ5tFFg4K1kl1BNlY6RcApw.A95&wgcookie=%7B%22wgifp12607%22%3A%5B%221384975%22%2C%2212607%22%2C%22713569%22%2C%22%22%2C%221622189306%22%2C%22%22%2C%22%22%2C%22%22%2C%221777709306%22%2C%22oneidPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7oneid__dc_reach_suite02wkz%22%5D%7D&wgchecksum=9e9a2fc5758aa5a9c201eedd06a10ed7&userIP=31.13.191.162&doAffectv=1&wgtime=1622189306
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=713569&wgcampaignid=1384975&js=1&nw=1&clickref=oneidbM4CQfZfp5QFYHbHzt8Cwr5uetJT5Weoneid__dc_reach_suite02wkz&viewref=oneidPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7oneid__dc_reach_suite02wkz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.29.72.47 Croydon, United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 81-29-72-47.servers.dedipower.net
Software: Apache /
Resource Hash: 17b47a1ed2cd2e1ec86f4735497e2956eb34be0a66fc20b427148f65c6ebaca5

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 28 May 2021 08:08:27 GMT
Server: Apache
Connection: close
Content-Length: 79
Content-Type: text/javascript;charset=utf-8

GET
H/1.1 200
OK link.html
track.webgains.com/ Frame 9393 85 KB
85 KB 199ms
69ms Image
image/png 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgcampaignid=1384975&viewref=oneidpA9u1fgfj9WfKC4HmtztQ7Yhbt7tERYoneid__asuidoojNBwrR_AiUapQSxcfXOq2sKfnudAr7asuid__webplexmedia_advancedad_Desktop_300x250&wglinkid=713569
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=3653908c79b84db482645c70afbfb855%2F3004696383333724816&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20zkz2mjtp97kvb08a16z4ybe3y37gbrsa5w2fs1h4e2xn7jq4vbw3d3m93hxn0mbt6d4b5s0pj2fj5r38s4xqa8y5gt064re9sq0d9x12qxfmfsystzfrkvz5szbfeh1n8e7r5dhcbchxn5rr7gkm9g8nrvyqe1qya17d159ww2shem03d37dtsh1fv1ne2wwkpwpxtgc2txhkwp9pr8jv55xngcdkfw13an2ey3pvbf9zg6dmqjjf3apy8p%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCmCAq96SwYNLvBovN1fAPt9-7mA-Q4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTkzMzIwNjY5Nzc1MTEwODmgAcKu6N0DyAEJqQL2ymYTNnO0PqgDAaoE2QFP0DoTplVXfmgezT44Rj9qwDGLxhR8NtG8JtzBaMTaUlky4FPPe-po3ViMA0BALqwGciVcpjPlWOhpBakuOFr2O7eP5zfTydY6q-0nQKIJFc_HeK4jJGM9tWWGBMzWVsBImfN9seRxnIKdyOorYoKBk9WsHMzj6nHTxuO0iFT5zBglxkUu1LmofYMPKWAM-N7Me4Zj555UpNxhrag8j_wJ_xeeINI5QgIGd3oOHw0RGr99tfJjt9Rl-0lhh-rKMxmA1QbM2NEqTSEEQLSTkhFUdkIhpXhNCJF4gAa4vcSTyJTXop8BoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHipyxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_3uDr--Oq0PM8dGa-CfOQ3uDGB6bA%2526client%253Dca-pub-9332066977511089%2526adurl%253D&y=0&z=0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 272d25a3bc4e780b90797dc968a382dbccaa40157d7612ace2f59f2768a6bb86

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 28 May 2021 08:08:27 GMT
Last-Modified: Fri, 28 May 2021 08:08:27 GMT
Server: Apache
Transfer-Encoding: chunked
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: image/png
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3-29 200 default.css
as.ad4m.at/ad/style/0.1.6/one-ad/ Frame E705 59 KB
7 KB 23ms
23ms Stylesheet
text/css 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.6/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=d069e32c7908db93fdc6a039252ab84a%2F1986367319666144802&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22ddzxge9yn7e22apa9qgfyyk77mtq72437z461dhgnry20xznn98073tbg5r4v8ap9ts1ke9zp07y44ewms8g2zx7kx2hsj7rwrrh7qnb40qp3sm7t511bjpnm8cqgy6frphkr4bd1mgqeddy6ns028vbn91wq073tbykh0hm1r3270eyvwt1ga5nz8zjnc6sycj5d5xkx2zxjrb6s8fhc7aaaczxjcb4tk9xy2sdne5nx2eyw623zcf2n1r%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC8KkK96SwYIPbBcLK1fAPpuQOkOGBhFy2qMKK8ALAjbcBEAEgAGCVAoIBF2NhLXB1Yi05MzMyMDY2OTc3NTExMDg5oAHCrujdA8gBCakC9spmEzZztD6oAwGqBN8BT9ATrOtTxY5cgMXGzU9RWIP8MOP7H4XGI_NeKFXUMGAwiScpJAts_QllCE9xayMHJyCEeAegb7-rHk_brQlbvnjvxsyrLbA3QJBwEMk5sbN8vMf9JOpiVUftlz4FACvdk6dk3fda6zZYR4qzsGFDmx4GsbkCxyMQCNiAUEkybGpQf-PX7sKB6ZGrZnq9o8uxbnKxEM5dpxxvqfCNvlVUG2-mw-cz55Nw2HzuJ9yv3ki_V-YJAzSlJC21SSXPOITo5Zvfm7DgbTZyA4WxNxModqVCqz_DmSFzojYhBv4IeoAGuL3Ek8iU16KfAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1EBUSz79QnxrTeR6FADs-uq9EDvw%2526client%253Dca-pub-9332066977511089%2526adurl%253D&y=0&z=0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36ae5665d20b3043d7c330846a2712a01de07cc1a8819d08f306853249a3bb52

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=d069e32c7908db93fdc6a039252ab84a%2F1986367319666144802&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22ddzxge9yn7e22apa9qgfyyk77mtq72437z461dhgnry20xznn98073tbg5r4v8ap9ts1ke9zp07y44ewms8g2zx7kx2hsj7rwrrh7qnb40qp3sm7t511bjpnm8cqgy6frphkr4bd1mgqeddy6ns028vbn91wq073tbykh0hm1r3270eyvwt1ga5nz8zjnc6sycj5d5xkx2zxjrb6s8fhc7aaaczxjcb4tk9xy2sdne5nx2eyw623zcf2n1r%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC8KkK96SwYIPbBcLK1fAPpuQOkOGBhFy2qMKK8ALAjbcBEAEgAGCVAoIBF2NhLXB1Yi05MzMyMDY2OTc3NTExMDg5oAHCrujdA8gBCakC9spmEzZztD6oAwGqBN8BT9ATrOtTxY5cgMXGzU9RWIP8MOP7H4XGI_NeKFXUMGAwiScpJAts_QllCE9xayMHJyCEeAegb7-rHk_brQlbvnjvxsyrLbA3QJBwEMk5sbN8vMf9JOpiVUftlz4FACvdk6dk3fda6zZYR4qzsGFDmx4GsbkCxyMQCNiAUEkybGpQf-PX7sKB6ZGrZnq9o8uxbnKxEM5dpxxvqfCNvlVUG2-mw-cz55Nw2HzuJ9yv3ki_V-YJAzSlJC21SSXPOITo5Zvfm7DgbTZyA4WxNxModqVCqz_DmSFzojYhBv4IeoAGuL3Ek8iU16KfAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1EBUSz79QnxrTeR6FADs-uq9EDvw%2526client%253Dca-pub-9332066977511089%2526adurl%253D&y=0&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:27 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 769839
cf-polished: origSize=60706
surrogate-control: no-store
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=3600
cf-request-id: 0a539d8d4a0000d6c926847000000001
cf-ray: 6565fec20b78d6c9-FRA
expires: Fri, 28 May 2021 09:08:27 GMT

GET
H3-29 200 B4CB880477BA810028D7D7613EE7E9E1448DC35AF48781E4B95EC6ECB7049A9AA27B107B317198EC504A03E948F7EC5A02BC2426A27879C893669BA93941B528
assets.ad4m.at/logo/ Frame E705 18 KB
19 KB 22ms
22ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/B4CB880477BA810028D7D7613EE7E9E1448DC35AF48781E4B95EC6ECB7049A9AA27B107B317198EC504A03E948F7EC5A02BC2426A27879C893669BA93941B528
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=d069e32c7908db93fdc6a039252ab84a%2F1986367319666144802&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22ddzxge9yn7e22apa9qgfyyk77mtq72437z461dhgnry20xznn98073tbg5r4v8ap9ts1ke9zp07y44ewms8g2zx7kx2hsj7rwrrh7qnb40qp3sm7t511bjpnm8cqgy6frphkr4bd1mgqeddy6ns028vbn91wq073tbykh0hm1r3270eyvwt1ga5nz8zjnc6sycj5d5xkx2zxjrb6s8fhc7aaaczxjcb4tk9xy2sdne5nx2eyw623zcf2n1r%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC8KkK96SwYIPbBcLK1fAPpuQOkOGBhFy2qMKK8ALAjbcBEAEgAGCVAoIBF2NhLXB1Yi05MzMyMDY2OTc3NTExMDg5oAHCrujdA8gBCakC9spmEzZztD6oAwGqBN8BT9ATrOtTxY5cgMXGzU9RWIP8MOP7H4XGI_NeKFXUMGAwiScpJAts_QllCE9xayMHJyCEeAegb7-rHk_brQlbvnjvxsyrLbA3QJBwEMk5sbN8vMf9JOpiVUftlz4FACvdk6dk3fda6zZYR4qzsGFDmx4GsbkCxyMQCNiAUEkybGpQf-PX7sKB6ZGrZnq9o8uxbnKxEM5dpxxvqfCNvlVUG2-mw-cz55Nw2HzuJ9yv3ki_V-YJAzSlJC21SSXPOITo5Zvfm7DgbTZyA4WxNxModqVCqz_DmSFzojYhBv4IeoAGuL3Ek8iU16KfAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1EBUSz79QnxrTeR6FADs-uq9EDvw%2526client%253Dca-pub-9332066977511089%2526adurl%253D&y=0&z=0
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54d35e66675f9cc2ab471d0c389573b5ab0902937b397914a177712b27678a46

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=GT8dCw==, md5=4YyWNM3TGeacJ2VHXynNEw==
date: Fri, 28 May 2021 08:08:27 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 130167
cf-polished: origFmt=png, origSize=35453
x-guploader-uploadid: ABg5-Uwa0pHO7p2KwdWZ6A8ZHcFIkQUlgjPhsd8G8bqx4cWC-xpVXJrDEK-e_ZlHLKcIK4mqQ40q-IIwdNNX4JYmbgW8DGCfiw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 18872
cf-request-id: 0a539d8d4a0000d6c9168d3000000001
last-modified: Mon, 18 May 2020 12:30:29 GMT
server: cloudflare
etag: "e18c9634cdd319e69c2765475f29cd13"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=kqcVtgQj0KiwiKxllpHApiYF4s57TXr7DgK%2F2Urj2WLGQ162Uy4nyhL8OVlYxilkyA89%2BsoYH%2FIb8xGNQiZQdf4XQvaU%2Fls5HGWsngc3dAYsluG1gXFK8XNUVT7HHs%2BJf9WYOCgMlg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1589805029334103
content-type: image/webp
expires: Sat, 29 May 2021 08:08:27 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 35453
accept-ranges: bytes
cf-ray: 6565fec20b79d6c9-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 A012F5D8E216B662BCC639EFCE48E0BB093DAE488B3795D30A56E98E58F3F85831088246988EB178E8D9AAEC22C831FEB67C179E776973AC655CFF57EDC5D13C
assets.ad4m.at/product_image/ Frame E705 2 KB
2 KB 21ms
20ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/A012F5D8E216B662BCC639EFCE48E0BB093DAE488B3795D30A56E98E58F3F85831088246988EB178E8D9AAEC22C831FEB67C179E776973AC655CFF57EDC5D13C
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=d069e32c7908db93fdc6a039252ab84a%2F1986367319666144802&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22ddzxge9yn7e22apa9qgfyyk77mtq72437z461dhgnry20xznn98073tbg5r4v8ap9ts1ke9zp07y44ewms8g2zx7kx2hsj7rwrrh7qnb40qp3sm7t511bjpnm8cqgy6frphkr4bd1mgqeddy6ns028vbn91wq073tbykh0hm1r3270eyvwt1ga5nz8zjnc6sycj5d5xkx2zxjrb6s8fhc7aaaczxjcb4tk9xy2sdne5nx2eyw623zcf2n1r%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC8KkK96SwYIPbBcLK1fAPpuQOkOGBhFy2qMKK8ALAjbcBEAEgAGCVAoIBF2NhLXB1Yi05MzMyMDY2OTc3NTExMDg5oAHCrujdA8gBCakC9spmEzZztD6oAwGqBN8BT9ATrOtTxY5cgMXGzU9RWIP8MOP7H4XGI_NeKFXUMGAwiScpJAts_QllCE9xayMHJyCEeAegb7-rHk_brQlbvnjvxsyrLbA3QJBwEMk5sbN8vMf9JOpiVUftlz4FACvdk6dk3fda6zZYR4qzsGFDmx4GsbkCxyMQCNiAUEkybGpQf-PX7sKB6ZGrZnq9o8uxbnKxEM5dpxxvqfCNvlVUG2-mw-cz55Nw2HzuJ9yv3ki_V-YJAzSlJC21SSXPOITo5Zvfm7DgbTZyA4WxNxModqVCqz_DmSFzojYhBv4IeoAGuL3Ek8iU16KfAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1EBUSz79QnxrTeR6FADs-uq9EDvw%2526client%253Dca-pub-9332066977511089%2526adurl%253D&y=0&z=0
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79a1fd9f71c69648edfe742cc8b1d2141a95d063e630aaa06a5cdf5faa50650d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=bJ9ALA==, md5=ejqY/mc9t7JQK9XG0TFuLA==
date: Fri, 28 May 2021 08:08:27 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 131371
cf-polished: origFmt=png, origSize=4031
x-guploader-uploadid: ABg5-UzGiRR4yimbWKfGJZpmBb7Y7HRFdwG_OsOerIJSuqRrvfrFIfTgIYrYfkjPNAsraqsGAdYkDRgmZq7_XAan-8Y
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1598
cf-request-id: 0a539d8d4a0000d6c906a37000000001
last-modified: Wed, 20 Jan 2021 17:03:56 GMT
server: cloudflare
etag: "7a3a98fe673db7b2502bd5c6d1316e2c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=zB3aO51TzGMHT5xllhxU6IBSyhiy2QXgK50maG9NlO5IaDbXAi5Ki30ptE24Ehb89xDfuVriRfxL6OKUBYiysws0Y2x7qWcg44ulCstQ%2F5E%2FJHhdvyYaltxV2V4OGSokkVkr7b5RCg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1611162235947637
content-type: image/webp
expires: Sat, 29 May 2021 08:08:27 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 4031
accept-ranges: bytes
cf-ray: 6565fec20b7ad6c9-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame E705 43 B
702 B 80ms
80ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519498&v=14098&q=368694&r=412871&pv=1&pref3=oneidDjeT3fwfbqPS3HmH9t1twAmF4tmTk8roneid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=d069e32c7908db93fdc6a039252ab84a%2F1986367319666144802&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22ddzxge9yn7e22apa9qgfyyk77mtq72437z461dhgnry20xznn98073tbg5r4v8ap9ts1ke9zp07y44ewms8g2zx7kx2hsj7rwrrh7qnb40qp3sm7t511bjpnm8cqgy6frphkr4bd1mgqeddy6ns028vbn91wq073tbykh0hm1r3270eyvwt1ga5nz8zjnc6sycj5d5xkx2zxjrb6s8fhc7aaaczxjcb4tk9xy2sdne5nx2eyw623zcf2n1r%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC8KkK96SwYIPbBcLK1fAPpuQOkOGBhFy2qMKK8ALAjbcBEAEgAGCVAoIBF2NhLXB1Yi05MzMyMDY2OTc3NTExMDg5oAHCrujdA8gBCakC9spmEzZztD6oAwGqBN8BT9ATrOtTxY5cgMXGzU9RWIP8MOP7H4XGI_NeKFXUMGAwiScpJAts_QllCE9xayMHJyCEeAegb7-rHk_brQlbvnjvxsyrLbA3QJBwEMk5sbN8vMf9JOpiVUftlz4FACvdk6dk3fda6zZYR4qzsGFDmx4GsbkCxyMQCNiAUEkybGpQf-PX7sKB6ZGrZnq9o8uxbnKxEM5dpxxvqfCNvlVUG2-mw-cz55Nw2HzuJ9yv3ki_V-YJAzSlJC21SSXPOITo5Zvfm7DgbTZyA4WxNxModqVCqz_DmSFzojYhBv4IeoAGuL3Ek8iU16KfAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1EBUSz79QnxrTeR6FADs-uq9EDvw%2526client%253Dca-pub-9332066977511089%2526adurl%253D&y=0&z=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 28 May 2021 08:08:27 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H3-29 200 092AF182BFAEB6FB9384BCD487C1B5A43125CF153AA6D3EDEC71241055FD8B61372C6BFDCCACC22CAB8E52B77906D491F783793EC97701304A15CA510282E399
assets.ad4m.at/logo/ Frame E705 38 KB
39 KB 31ms
29ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/092AF182BFAEB6FB9384BCD487C1B5A43125CF153AA6D3EDEC71241055FD8B61372C6BFDCCACC22CAB8E52B77906D491F783793EC97701304A15CA510282E399
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=d069e32c7908db93fdc6a039252ab84a%2F1986367319666144802&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22ddzxge9yn7e22apa9qgfyyk77mtq72437z461dhgnry20xznn98073tbg5r4v8ap9ts1ke9zp07y44ewms8g2zx7kx2hsj7rwrrh7qnb40qp3sm7t511bjpnm8cqgy6frphkr4bd1mgqeddy6ns028vbn91wq073tbykh0hm1r3270eyvwt1ga5nz8zjnc6sycj5d5xkx2zxjrb6s8fhc7aaaczxjcb4tk9xy2sdne5nx2eyw623zcf2n1r%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC8KkK96SwYIPbBcLK1fAPpuQOkOGBhFy2qMKK8ALAjbcBEAEgAGCVAoIBF2NhLXB1Yi05MzMyMDY2OTc3NTExMDg5oAHCrujdA8gBCakC9spmEzZztD6oAwGqBN8BT9ATrOtTxY5cgMXGzU9RWIP8MOP7H4XGI_NeKFXUMGAwiScpJAts_QllCE9xayMHJyCEeAegb7-rHk_brQlbvnjvxsyrLbA3QJBwEMk5sbN8vMf9JOpiVUftlz4FACvdk6dk3fda6zZYR4qzsGFDmx4GsbkCxyMQCNiAUEkybGpQf-PX7sKB6ZGrZnq9o8uxbnKxEM5dpxxvqfCNvlVUG2-mw-cz55Nw2HzuJ9yv3ki_V-YJAzSlJC21SSXPOITo5Zvfm7DgbTZyA4WxNxModqVCqz_DmSFzojYhBv4IeoAGuL3Ek8iU16KfAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1EBUSz79QnxrTeR6FADs-uq9EDvw%2526client%253Dca-pub-9332066977511089%2526adurl%253D&y=0&z=0
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79a636d2c8ace706866349aaf2d1661b25c94a9523ab602e32d106fbba2a2b23

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=EKOc3w==, md5=wqT4IuWoMfO1yrOci8rmHQ==
date: Fri, 28 May 2021 08:08:27 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 132678
cf-polished: origFmt=png, origSize=44613
x-guploader-uploadid: ABg5-UwWzV8Vi9wwWB9_t92BZ3hXsqxnGcNPAW0LaVCSpyGkAeICaRXs_LpZzjWYyirMRzo7C0cmfApc-NiuzLQfsg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 39202
cf-request-id: 0a539d8d540000d6c934885000000001
last-modified: Wed, 22 Jan 2020 13:11:41 GMT
server: cloudflare
etag: "c2a4f822e5a831f3b5cab39c8bcae61d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=R9wNFhNOSeYh5%2BfK3qgs2fRL9eIg%2F%2B1k%2FxwuYroPXt7dkJ8N4Iu9Ho15tHL2H58yHVqA89vwil8mrq7iduQoxSFlGsS8sYWxU76FUPSWgo0wJKsaa%2Fl933EGDpJS8GyCfeog%2Fw4MjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1579698701189315
content-type: image/webp
expires: Sat, 29 May 2021 08:08:27 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 44613
accept-ranges: bytes
cf-ray: 6565fec21b90d6c9-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 69E7FB78A72BC29D22049638675F152BD0F020C6E7E7DD83AC85D812D70F34E088215F53E301063143245A4B72ED47974DE7618A14B827D305F065371D2DBE4A
assets.ad4m.at/ Frame E705 113 KB
114 KB 49ms
47ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/69E7FB78A72BC29D22049638675F152BD0F020C6E7E7DD83AC85D812D70F34E088215F53E301063143245A4B72ED47974DE7618A14B827D305F065371D2DBE4A
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=d069e32c7908db93fdc6a039252ab84a%2F1986367319666144802&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22ddzxge9yn7e22apa9qgfyyk77mtq72437z461dhgnry20xznn98073tbg5r4v8ap9ts1ke9zp07y44ewms8g2zx7kx2hsj7rwrrh7qnb40qp3sm7t511bjpnm8cqgy6frphkr4bd1mgqeddy6ns028vbn91wq073tbykh0hm1r3270eyvwt1ga5nz8zjnc6sycj5d5xkx2zxjrb6s8fhc7aaaczxjcb4tk9xy2sdne5nx2eyw623zcf2n1r%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC8KkK96SwYIPbBcLK1fAPpuQOkOGBhFy2qMKK8ALAjbcBEAEgAGCVAoIBF2NhLXB1Yi05MzMyMDY2OTc3NTExMDg5oAHCrujdA8gBCakC9spmEzZztD6oAwGqBN8BT9ATrOtTxY5cgMXGzU9RWIP8MOP7H4XGI_NeKFXUMGAwiScpJAts_QllCE9xayMHJyCEeAegb7-rHk_brQlbvnjvxsyrLbA3QJBwEMk5sbN8vMf9JOpiVUftlz4FACvdk6dk3fda6zZYR4qzsGFDmx4GsbkCxyMQCNiAUEkybGpQf-PX7sKB6ZGrZnq9o8uxbnKxEM5dpxxvqfCNvlVUG2-mw-cz55Nw2HzuJ9yv3ki_V-YJAzSlJC21SSXPOITo5Zvfm7DgbTZyA4WxNxModqVCqz_DmSFzojYhBv4IeoAGuL3Ek8iU16KfAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1EBUSz79QnxrTeR6FADs-uq9EDvw%2526client%253Dca-pub-9332066977511089%2526adurl%253D&y=0&z=0
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85a096c073faa7b2f0cd16adf42aef4c64f0e2b34dedcd1379b6cc48e126f7fa

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=UWAYGw==, md5=A1esecs/9FudVn6rgMfjTA==
date: Fri, 28 May 2021 08:08:27 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 133324
cf-polished: origFmt=png, origSize=136328
x-guploader-uploadid: ABg5-UwkjW7D1NIP-SGMO0-kZ76TtZfUKrCHcFefqvfPhPmPd2kUA2JGX59C6myv_SM-svP_Kdq_okuTD9MVCpFHug
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 115268
cf-request-id: 0a539d8d540000d6c93d205000000001
last-modified: Tue, 29 Oct 2019 09:42:57 GMT
server: cloudflare
etag: "0357ac79cb3ff45b9d567eab80c7e34c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=xvR8YM02ofKfEd%2Fm%2ByrWsHjFwOzsgbj8OcDBHQQ%2FIJBPMoupjeHy9caC5uh3cTBUimGkmDoMDW0ArNvfGdoeSA1dPKrc1Yn%2F81KikXFJm5eGVNPq2MQkQBI4%2BKgnqRSCWEVH9nbcTg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1572342177666668
content-type: image/webp
expires: Sat, 29 May 2021 08:08:27 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 136328
accept-ranges: bytes
cf-ray: 6565fec21b91d6c9-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame E705 43 B
702 B 74ms
72ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2338586&v=11830&q=357066&r=412871&pv=1&pref3=oneidDjeT3fwfe9T3HmH9t1tEjxT4tmTk8roneid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=d069e32c7908db93fdc6a039252ab84a%2F1986367319666144802&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22ddzxge9yn7e22apa9qgfyyk77mtq72437z461dhgnry20xznn98073tbg5r4v8ap9ts1ke9zp07y44ewms8g2zx7kx2hsj7rwrrh7qnb40qp3sm7t511bjpnm8cqgy6frphkr4bd1mgqeddy6ns028vbn91wq073tbykh0hm1r3270eyvwt1ga5nz8zjnc6sycj5d5xkx2zxjrb6s8fhc7aaaczxjcb4tk9xy2sdne5nx2eyw623zcf2n1r%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC8KkK96SwYIPbBcLK1fAPpuQOkOGBhFy2qMKK8ALAjbcBEAEgAGCVAoIBF2NhLXB1Yi05MzMyMDY2OTc3NTExMDg5oAHCrujdA8gBCakC9spmEzZztD6oAwGqBN8BT9ATrOtTxY5cgMXGzU9RWIP8MOP7H4XGI_NeKFXUMGAwiScpJAts_QllCE9xayMHJyCEeAegb7-rHk_brQlbvnjvxsyrLbA3QJBwEMk5sbN8vMf9JOpiVUftlz4FACvdk6dk3fda6zZYR4qzsGFDmx4GsbkCxyMQCNiAUEkybGpQf-PX7sKB6ZGrZnq9o8uxbnKxEM5dpxxvqfCNvlVUG2-mw-cz55Nw2HzuJ9yv3ki_V-YJAzSlJC21SSXPOITo5Zvfm7DgbTZyA4WxNxModqVCqz_DmSFzojYhBv4IeoAGuL3Ek8iU16KfAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1EBUSz79QnxrTeR6FADs-uq9EDvw%2526client%253Dca-pub-9332066977511089%2526adurl%253D&y=0&z=0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 28 May 2021 08:08:27 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H3-29 200 E8A0B3404CF65D67FABF74F38D2E787E97D75F650E6720B8A047EFE226A7A598DA94FFCF3CDCC52A3B206A422DD3D5082778689277BC79BF962DEE607C6331D8
assets.ad4m.at/logo/ Frame E705 38 KB
39 KB 21ms
19ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/E8A0B3404CF65D67FABF74F38D2E787E97D75F650E6720B8A047EFE226A7A598DA94FFCF3CDCC52A3B206A422DD3D5082778689277BC79BF962DEE607C6331D8
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=d069e32c7908db93fdc6a039252ab84a%2F1986367319666144802&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22ddzxge9yn7e22apa9qgfyyk77mtq72437z461dhgnry20xznn98073tbg5r4v8ap9ts1ke9zp07y44ewms8g2zx7kx2hsj7rwrrh7qnb40qp3sm7t511bjpnm8cqgy6frphkr4bd1mgqeddy6ns028vbn91wq073tbykh0hm1r3270eyvwt1ga5nz8zjnc6sycj5d5xkx2zxjrb6s8fhc7aaaczxjcb4tk9xy2sdne5nx2eyw623zcf2n1r%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC8KkK96SwYIPbBcLK1fAPpuQOkOGBhFy2qMKK8ALAjbcBEAEgAGCVAoIBF2NhLXB1Yi05MzMyMDY2OTc3NTExMDg5oAHCrujdA8gBCakC9spmEzZztD6oAwGqBN8BT9ATrOtTxY5cgMXGzU9RWIP8MOP7H4XGI_NeKFXUMGAwiScpJAts_QllCE9xayMHJyCEeAegb7-rHk_brQlbvnjvxsyrLbA3QJBwEMk5sbN8vMf9JOpiVUftlz4FACvdk6dk3fda6zZYR4qzsGFDmx4GsbkCxyMQCNiAUEkybGpQf-PX7sKB6ZGrZnq9o8uxbnKxEM5dpxxvqfCNvlVUG2-mw-cz55Nw2HzuJ9yv3ki_V-YJAzSlJC21SSXPOITo5Zvfm7DgbTZyA4WxNxModqVCqz_DmSFzojYhBv4IeoAGuL3Ek8iU16KfAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1EBUSz79QnxrTeR6FADs-uq9EDvw%2526client%253Dca-pub-9332066977511089%2526adurl%253D&y=0&z=0
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d997fba7832cb78b0933a9eb2ce191d53234c978e25c6c8fc50c75923ea8405e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=RkBJ3g==, md5=Kw4C6d3nfjHTjXjXPcaeTw==
date: Fri, 28 May 2021 08:08:27 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 130471
cf-polished: origFmt=png, origSize=77267
x-guploader-uploadid: ABg5-UwEVnjd7dR3HhxvLjp_sWRKJYH0caMiuu_CyivY0DOCPBFePnJOMgFk4q-EOhBvW8wM7HavdGsiweoV4l2mI3KykCijyg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 38696
cf-request-id: 0a539d8d550000d6c92e092000000001
last-modified: Wed, 22 Jan 2020 13:11:48 GMT
server: cloudflare
etag: "2b0e02e9dde77e31d38d78d73dc69e4f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=gA6JPVbSqVDCESwekl3Gt2FfPErA7IAn7jJpB8kLtcsmghIX9iKVgbHnf7XW1CvmOajKxNiKWm%2B1B6wsIQR7OEtgr6%2B8yiJxnIgntFtgu0gYxuDgPTPkNtYMMNj0Pdq69ibpUBGmPA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1579698708801217
content-type: image/webp
expires: Sat, 29 May 2021 08:08:27 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 77267
accept-ranges: bytes
cf-ray: 6565fec21b92d6c9-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 B45F893E9FFC024BF63F31BCCBD125167CBC3446F3678FC31F706A695A83CDCA7427229BCA4C5992B83E2F60A147FCD1B6148725AA0AF3ABB801A6BB7EA78390
assets.ad4m.at/ Frame E705 84 KB
85 KB 22ms
20ms Image
image/jpeg 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/B45F893E9FFC024BF63F31BCCBD125167CBC3446F3678FC31F706A695A83CDCA7427229BCA4C5992B83E2F60A147FCD1B6148725AA0AF3ABB801A6BB7EA78390
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=d069e32c7908db93fdc6a039252ab84a%2F1986367319666144802&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22ddzxge9yn7e22apa9qgfyyk77mtq72437z461dhgnry20xznn98073tbg5r4v8ap9ts1ke9zp07y44ewms8g2zx7kx2hsj7rwrrh7qnb40qp3sm7t511bjpnm8cqgy6frphkr4bd1mgqeddy6ns028vbn91wq073tbykh0hm1r3270eyvwt1ga5nz8zjnc6sycj5d5xkx2zxjrb6s8fhc7aaaczxjcb4tk9xy2sdne5nx2eyw623zcf2n1r%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC8KkK96SwYIPbBcLK1fAPpuQOkOGBhFy2qMKK8ALAjbcBEAEgAGCVAoIBF2NhLXB1Yi05MzMyMDY2OTc3NTExMDg5oAHCrujdA8gBCakC9spmEzZztD6oAwGqBN8BT9ATrOtTxY5cgMXGzU9RWIP8MOP7H4XGI_NeKFXUMGAwiScpJAts_QllCE9xayMHJyCEeAegb7-rHk_brQlbvnjvxsyrLbA3QJBwEMk5sbN8vMf9JOpiVUftlz4FACvdk6dk3fda6zZYR4qzsGFDmx4GsbkCxyMQCNiAUEkybGpQf-PX7sKB6ZGrZnq9o8uxbnKxEM5dpxxvqfCNvlVUG2-mw-cz55Nw2HzuJ9yv3ki_V-YJAzSlJC21SSXPOITo5Zvfm7DgbTZyA4WxNxModqVCqz_DmSFzojYhBv4IeoAGuL3Ek8iU16KfAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1EBUSz79QnxrTeR6FADs-uq9EDvw%2526client%253Dca-pub-9332066977511089%2526adurl%253D&y=0&z=0
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4832f5768a8d71f5e7504a48274d822a72e79b39fe43a071c13852097da8ec6b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=e08Zuw==, md5=psibsHmVB2WUau7aQuE9AQ==
date: Fri, 28 May 2021 08:08:27 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 385860
cf-polished: origSize=90165, status=webp_bigger
x-guploader-uploadid: ABg5-UwpHlAtA2qVPfv3ecx4V7j-_tqzuivxuNwBFwB9F0Tqg3buBEkTuErpWsLNYW6yOWM3URGwbMAmc2fRHKIfAFA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 85604
cf-request-id: 0a539d8d550000d6c93a07b000000001
last-modified: Wed, 09 Oct 2019 16:06:53 GMT
server: cloudflare
etag: "a6c89bb079950765946aeeda42e13d01"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Z%2F4YP%2FMYj2JYKEqm1vEhleiwUUoA97hL4C%2FwpUYdDmfTg8%2BJBFWEO767B7CqNg5hiKjS0uM0KJrGMIZqgWjqk2FtnzNG6igyInVXNVwBPfIHLHc5kJboJhso2ksbmiEnev8oFAUTFw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1570637213281727
content-type: image/jpeg
expires: Sat, 29 May 2021 08:08:27 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 90165
accept-ranges: bytes
cf-ray: 6565fec21b94d6c9-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK link.html Show response
track.webgains.com/ Frame E705 12 KB
12 KB 275ms
144ms Script
text/html 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=713569&wgcampaignid=1384975&js=1&nw=1&clickref=oneidbM4CQfZfp5QFYHbHzt8Cwr5uetJT5Weoneid__dc_reach_suite02wkz&viewref=oneidPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7oneid__dc_reach_suite02wkz
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=d069e32c7908db93fdc6a039252ab84a%2F1986367319666144802&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22ddzxge9yn7e22apa9qgfyyk77mtq72437z461dhgnry20xznn98073tbg5r4v8ap9ts1ke9zp07y44ewms8g2zx7kx2hsj7rwrrh7qnb40qp3sm7t511bjpnm8cqgy6frphkr4bd1mgqeddy6ns028vbn91wq073tbykh0hm1r3270eyvwt1ga5nz8zjnc6sycj5d5xkx2zxjrb6s8fhc7aaaczxjcb4tk9xy2sdne5nx2eyw623zcf2n1r%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC8KkK96SwYIPbBcLK1fAPpuQOkOGBhFy2qMKK8ALAjbcBEAEgAGCVAoIBF2NhLXB1Yi05MzMyMDY2OTc3NTExMDg5oAHCrujdA8gBCakC9spmEzZztD6oAwGqBN8BT9ATrOtTxY5cgMXGzU9RWIP8MOP7H4XGI_NeKFXUMGAwiScpJAts_QllCE9xayMHJyCEeAegb7-rHk_brQlbvnjvxsyrLbA3QJBwEMk5sbN8vMf9JOpiVUftlz4FACvdk6dk3fda6zZYR4qzsGFDmx4GsbkCxyMQCNiAUEkybGpQf-PX7sKB6ZGrZnq9o8uxbnKxEM5dpxxvqfCNvlVUG2-mw-cz55Nw2HzuJ9yv3ki_V-YJAzSlJC21SSXPOITo5Zvfm7DgbTZyA4WxNxModqVCqz_DmSFzojYhBv4IeoAGuL3Ek8iU16KfAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1EBUSz79QnxrTeR6FADs-uq9EDvw%2526client%253Dca-pub-9332066977511089%2526adurl%253D&y=0&z=0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 4785799974e8259133e54bc2ed269b4e3897585bb45148f04ce4cd8ef507ed0b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 28 May 2021 08:08:27 GMT
Last-Modified: Fri, 28 May 2021 08:08:27 GMT
Server: Apache
Transfer-Encoding: chunked
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: text/html;charset=utf-8
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK fp_decode.html Show response
track.webgains.com/ Frame 9393 63 B
270 B 305ms
76ms Fetch
application/json 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/fp_decode.html?wgpayload=.8a44iFBBNlY5Du4UXuKrnZ2CI9XkPrwVL6tqAhbrmQmkqlE4Ww.GEFF0Yz3ccbbJYMLgiPFU77qZoOSix5ezdstlYysrhsui6STpjB9TjQDKMhO3f9p_nH1u_eH3BhxUC550ialT0iakiEocEcEJ1w.CxUC541jlS7spjt.gEngMQEjZr_WhXTA2s.XTVV26y8GGEDd5ihORoVyFGh8cmvSuCKzIlnY6xljQlpRDuxfTNJxTqRejPm8LKfAaZ4ySy.aPjftcktBttIVugwcAuyPBDjaY2ftckuyPBB2SCX0iakJ1_4uxZkmdWvMAR0odm_dhrxbuJjkWxv5iJ3A0KAGYiey.25.ea269ub9WJMStNMwEKyeMsZPuVr914VecL57GY5BNv_0TjV.2Z7
Requested by: Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 84f8704bdc07ab2809b5a9dd028ef0c9e0001bd0b21c32fc06c18231069a581e

Request headers

Accept: application/json
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 28 May 2021 08:08:27 GMT
Server: Apache
Connection: close
Keep-Alive: timeout=1, max=100
Content-Length: 63
Content-Type: application/json

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame E705 60 KB
60 KB 66ms
64ms Script
application/javascript 13.226.159.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=713569&wgcampaignid=1384975&js=1&nw=1&clickref=oneidbM4CQfZfp5QFYHbHzt8Cwr5uetJT5Weoneid__dc_reach_suite02wkz&viewref=oneidPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7oneid__dc_reach_suite02wkz
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-114.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f992d4e165a593df5d567f6ad58aae2b9609cc3870a5eb91483268e5b48c3e77

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 16:04:04 GMT
via: 1.1 147cd286989da71c73312280bb09c200.cloudfront.net (CloudFront)
last-modified: Mon, 24 May 2021 16:27:08 GMT
server: AmazonS3
age: 58216
etag: "4f1db9fdf90b4f2a5576501528dc54bc"
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-length: 61124
x-amz-cf-id: ajbF_OPHJFxa408moGzT9GVwMfnxgOpw4r3lf6rOQOMXWZUbb1LXWQ==

GET
H/1.1 200
OK hit Show response
diapi.webgains.com/2.0/ Frame E705 79 B
374 B 204ms
77ms Script
text/javascript 81.29.72.47
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://diapi.webgains.com/2.0/hit?callback=hitCallback&wgpayload=.8a44iFBBNlY5Du4UXuKrnZ2CI9XkPrwVL6tqAhbrmQmkqlE4Ww.GEFF0Yz3ccbbJYMLgiPFU77qZoOSix5ezdstlYysrhsui6STpjB9TjQDKMhO3f9p_nH1u_eH3BhxUC550ialT0iakiEocEcEJ1w.CxUC541jlS7spjt.gEngMQEjZr_WhXTA2s.XTVV26y8GGEDd5ihORoVyFGh8cmvSuCKzIlnY6xljQlpRDuxfTNJxTqRejPm8LKfAaZ4ySy.aPjftcktBttIVugwcAuyPBDjaY2ftckuyPBB2SCX0iakJ1_4uxZkmav.iLs2dI_AIQjvEodUW2vqCRc7L1eLY6SCw.5B0KB5DKpDK1civmkjsTfxJjl7pp0iJ3A0KFgBFY5BNlr91xU..AXL&wgcookie=%7B%22wgifp12607%22%3A%5B%221384975%22%2C%2212607%22%2C%22713569%22%2C%22%22%2C%221622189307%22%2C%22%22%2C%22%22%2C%22%22%2C%221777709307%22%2C%22oneidPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7oneid__dc_reach_suite02wkz%22%5D%7D&wgchecksum=7a3f5dd2fba83fe859425ed113949ebc&userIP=31.13.191.162&doAffectv=1&wgtime=1622189307
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=713569&wgcampaignid=1384975&js=1&nw=1&clickref=oneidbM4CQfZfp5QFYHbHzt8Cwr5uetJT5Weoneid__dc_reach_suite02wkz&viewref=oneidPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7oneid__dc_reach_suite02wkz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.29.72.47 Croydon, United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 81-29-72-47.servers.dedipower.net
Software: Apache /
Resource Hash: 17b47a1ed2cd2e1ec86f4735497e2956eb34be0a66fc20b427148f65c6ebaca5

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 28 May 2021 08:08:27 GMT
Server: Apache
Connection: close
Content-Length: 79
Content-Type: text/javascript;charset=utf-8

GET
H/1.1 200
OK link.html
track.webgains.com/ Frame E705 85 KB
85 KB 194ms
67ms Image
image/png 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgcampaignid=1384975&viewref=oneide56Wa3fVfMrWs8CZHet1t42BT7tQTxGxoneid__asuid7dGGJeSOp99_AUjyue9HdfeiPF0Tbx7iasuid__Stroeer_Freenet_mobile_300x250&wglinkid=713569
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C24673&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CPxefBfbfRbzh9HjHbtMtPzEHbt9TPM7&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CbM4CQfZfp5QFYHbHzt8Cwr5uetJT5We&c=300&d=250&e=&g=d069e32c7908db93fdc6a039252ab84a%2F1986367319666144802&i=25007%2C9719%2C20430&j=16%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22ddzxge9yn7e22apa9qgfyyk77mtq72437z461dhgnry20xznn98073tbg5r4v8ap9ts1ke9zp07y44ewms8g2zx7kx2hsj7rwrrh7qnb40qp3sm7t511bjpnm8cqgy6frphkr4bd1mgqeddy6ns028vbn91wq073tbykh0hm1r3270eyvwt1ga5nz8zjnc6sycj5d5xkx2zxjrb6s8fhc7aaaczxjcb4tk9xy2sdne5nx2eyw623zcf2n1r%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC8KkK96SwYIPbBcLK1fAPpuQOkOGBhFy2qMKK8ALAjbcBEAEgAGCVAoIBF2NhLXB1Yi05MzMyMDY2OTc3NTExMDg5oAHCrujdA8gBCakC9spmEzZztD6oAwGqBN8BT9ATrOtTxY5cgMXGzU9RWIP8MOP7H4XGI_NeKFXUMGAwiScpJAts_QllCE9xayMHJyCEeAegb7-rHk_brQlbvnjvxsyrLbA3QJBwEMk5sbN8vMf9JOpiVUftlz4FACvdk6dk3fda6zZYR4qzsGFDmx4GsbkCxyMQCNiAUEkybGpQf-PX7sKB6ZGrZnq9o8uxbnKxEM5dpxxvqfCNvlVUG2-mw-cz55Nw2HzuJ9yv3ki_V-YJAzSlJC21SSXPOITo5Zvfm7DgbTZyA4WxNxModqVCqz_DmSFzojYhBv4IeoAGuL3Ek8iU16KfAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB4qcsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1EBUSz79QnxrTeR6FADs-uq9EDvw%2526client%253Dca-pub-9332066977511089%2526adurl%253D&y=0&z=0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 272d25a3bc4e780b90797dc968a382dbccaa40157d7612ace2f59f2768a6bb86

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 28 May 2021 08:08:27 GMT
Last-Modified: Fri, 28 May 2021 08:08:27 GMT
Server: Apache
Transfer-Encoding: chunked
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: image/png
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK fp_decode.html Show response
track.webgains.com/ Frame E705 63 B
270 B 205ms
77ms Fetch
application/json 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/fp_decode.html?wgpayload=.8a44iFBBNlY5Du4UXuKrnZ2CI9XkPrwVL6tqAhbrmQmkqlE4Ww.GEFF0Yz3ccbbJYMLgiPFU77qZoOSix5ezdstlYysrhsui6STpjB9TjQDKMhO3f9p_nH1u_eH3BhxUC550ialT0iakiEocEcEJ1w.CxUC541jlS7spjt.gEngMQEjZr_WhXTA2s.XTVV26y8GGEDd5ihORoVyFGh8cmvSuCKzIlnY6xljQlpRDuxfTNJxTqRejPm8LKfAaZ4ySy.aPjftcktBttIVugwcAuyPBDjaY2ftckuyPBB2SCX0iakJ1_4uxZkmVv5iLs2dI_AIQjvEodUW2vqCRc7L1eLY6Rhw.5B0KB5DKpDK1civmkjsTfxJjl7pp0iJ3A0KFgBFY5BNlr91xU..AE4
Requested by: Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 84f8704bdc07ab2809b5a9dd028ef0c9e0001bd0b21c32fc06c18231069a581e

Request headers

Accept: application/json
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 28 May 2021 08:08:27 GMT
Server: Apache
Connection: close
Keep-Alive: timeout=1, max=100
Content-Length: 63
Content-Type: application/json

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 9393 16 B
232 B 104ms
104ms Fetch
application/json 34.253.75.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.253.75.69 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-253-75-69.eu-west-1.compute.amazonaws.com

Software

nginx / PHP/7.4.19

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 28 May 2021 08:08:28 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.19
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

GET
H2 200 tech-essence-clk.min.js Show response
analytics-wg.webgains.io/ Frame 9393 44 KB
45 KB 65ms
63ms Script
application/javascript 13.226.159.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics-wg.webgains.io/tech-essence-clk.min.js
Requested by: Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-114.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 97cfbffddbcbf00dcf4b38e122383cbc49f8bde482552271ef0a127ea03e5ae5

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:01:48 GMT
via: 1.1 147cd286989da71c73312280bb09c200.cloudfront.net (CloudFront)
last-modified: Tue, 02 Feb 2021 10:42:29 GMT
server: AmazonS3
age: 68801
etag: "8c03dbb33c82f21c7644b0fbe99c300a"
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-length: 45522
x-amz-cf-id: Q4NrbVLDb2pKLXd97PKoVpnqcgMqi72Atc-o8bUf0GbwDZdRDXTJXw==

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 218ms
71ms Preflight 34.253.75.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Server: 34.253.75.69 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-75-69.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://as.ad4m.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 28 May 2021 08:08:28 GMT
server: nginx
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 216ms
71ms Preflight 34.253.75.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Server: 34.253.75.69 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-75-69.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://as.ad4m.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 28 May 2021 08:08:28 GMT
server: nginx
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame E705 16 B
232 B 112ms
112ms Fetch
application/json 34.253.75.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.253.75.69 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-253-75-69.eu-west-1.compute.amazonaws.com

Software

nginx / PHP/7.4.19

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 28 May 2021 08:08:28 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.19
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

GET
H2 200 tech-essence-clk.min.js Show response
analytics-wg.webgains.io/ Frame E705 44 KB
45 KB 64ms
63ms Script
application/javascript 13.226.159.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics-wg.webgains.io/tech-essence-clk.min.js
Requested by: Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-114.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 97cfbffddbcbf00dcf4b38e122383cbc49f8bde482552271ef0a127ea03e5ae5

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 27 May 2021 13:01:48 GMT
via: 1.1 147cd286989da71c73312280bb09c200.cloudfront.net (CloudFront)
last-modified: Tue, 02 Feb 2021 10:42:29 GMT
server: AmazonS3
age: 68801
etag: "8c03dbb33c82f21c7644b0fbe99c300a"
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
content-length: 45522
x-amz-cf-id: BBVNIyH-7KXGGNiRyleFhzUthL-7IrBojEa_G64llBr-rgELg30YAQ==

GET
H2 200 tag Show response
w-it.m-t.io/ Frame 9393 18 B
204 B 66ms
30ms Script
application/javascript 2a00:1450:4001:827::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://w-it.m-t.io/tag?type=impr&date=1622189308456
Requested by: Host: analytics-wg.webgains.io
URL: https://analytics-wg.webgains.io/tech-essence-clk.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: f981ac999350c901e815738482797ae651bd0d240aae589d56f5b027ad9715da

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:28 GMT
content-encoding: gzip
server: Google Frontend
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
x-cloud-trace-context: b00ac4cdd6e90211dad6bd1a12f1d959
cache-control: private
content-length: 38

GET
H2 200 tag Show response
w-it.m-t.io/ Frame E705 18 B
123 B 93ms
66ms Script
application/javascript 2a00:1450:4001:827::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://w-it.m-t.io/tag?type=impr&date=1622189308466
Requested by: Host: analytics-wg.webgains.io
URL: https://analytics-wg.webgains.io/tech-essence-clk.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: f981ac999350c901e815738482797ae651bd0d240aae589d56f5b027ad9715da

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 28 May 2021 08:08:28 GMT
content-encoding: gzip
server: Google Frontend
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
x-cloud-trace-context: 446b760d0e48aa1d62bacfec039c77a4
cache-control: private
content-length: 38

GET
H2 200 track Show response
w-it.m-t.io/ Frame 9393 0
73 B 28ms
28ms Script
application/javascript 2a00:1450:4001:827::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://w-it.m-t.io/track?campaignId=1384975&clickId=12607_1384975_16221893066663_d97d96cc35&programId=12607&expiry=1777709306&acc=wg&scriptTag=&type=postview&indicator=df7fdf376058e01a1608907c6397971c&
Requested by: Host: analytics-wg.webgains.io
URL: https://analytics-wg.webgains.io/tech-essence-clk.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-cloud-trace-context: b010b5170c81afabc50d81f0df2ea8ae
server: Google Frontend
date: Fri, 28 May 2021 08:08:28 GMT
content-length: 0
content-type: application/javascript;charset=utf-8

GET
H2 200 track Show response
w-it.m-t.io/ Frame E705 0
73 B 28ms
28ms Script
application/javascript 2a00:1450:4001:827::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://w-it.m-t.io/track?campaignId=1384975&clickId=12607_1384975_16221893074146_93633ad495&programId=12607&expiry=1777709307&acc=wg&scriptTag=&type=postview&indicator=df7fdf376058e01a1608907c6397971c&
Requested by: Host: analytics-wg.webgains.io
URL: https://analytics-wg.webgains.io/tech-essence-clk.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-cloud-trace-context: b1c556185f61c631eb7f1761348f5229
server: Google Frontend
date: Fri, 28 May 2021 08:08:28 GMT
content-length: 0
content-type: application/javascript;charset=utf-8

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5070 0
56 B 202ms
202ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=html5-mon&a0=layout&f0=layout&s0=0&d0=430.0000&a1=https&f1=layout_html&s1=0&d1=18.0000&i=497845311963&t=419&c=p&lp=%2Fsadbundle%2F%24csp%253Der3%24%2F16986808040249150219%2Findex.html&gqi=96SwYLCBBtvOtwfXmJOwBw&qqi=COubron26_ACFTllFQgdmikItw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 May 2021 08:08:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUIx2gOsXiQSvae8pm902vx0UssZFdPDUjRVqQ4ZcKrDm2pNV4dDJ8dzaCTMTw2OYn73Prd1m-dwBHd4VI2w25vyK0VN-W8&google_gid=CAESEHqFmmbPNNrXwVMncUwmHWM&google_cver=1&google_tc=

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YLCk95sgohCSk6m_FZE_kgAAAokAAAIB&google_push=AQvitUJrrIs9y3-kbbahEQms2z48_ax2KlgC4NqNaQlkFb9l-mQujwjV3T5h6bCwNm3fsYAxwlEmffqGudB8IgX7VbFHNBMzVDk&google_cver=1&google_gid=CAESEC2pyQb1BVleiEOEjV2W__Y&google_tc=

Verdicts & Comments Add Verdict or Comment

99 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-19 18:36:30	Name: test_cookie Value: CheckForPermission
.doubleclick.net/	1970-01-19 18:36:32	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-20 03:58:05	Name: IDE Value: AHWqTUm53WdnX55SQ79SpAH26mXFrryvD7DFdjxcJKJcUPrwOW8F5kui8rmxbdrhzMs

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://opovoemfoco.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2(Line 2) Message: JQMIGRATE: Migrate is installed, version 3.3.2
console-api	log	URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=5.6.4(Line 1) Message: OneSignal: Using fallback ES5 Stub for backwards compatibility.
console-api	log	URL: https://analytics.webgains.io/pvClk.min.js(Line 1) Message: Webgains [object Object]
console-api	log	URL: https://analytics.webgains.io/pvClk.min.js(Line 1) Message: Webgains [object Object]

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad4m.at
ad4mat.net
adservice.google.com
adservice.google.de
ag.innovid.com
analytics-wg.webgains.io
analytics.webgains.io
api.webgains.io
as.ad4m.at
assets.ad4m.at
buttons-config.sharethis.com
c.sharethis.mgr.consensu.org
cdn.onesignal.com
cm.g.doubleclick.net
cms.quantserve.com
count-server.sharethis.com
diapi.webgains.com
e.dlx.addthis.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
image6.pubmatic.com
l.sharethis.com
odr.mookie1.com
opovoemfoco.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.rubiconproject.com
platform-api.sharethis.com
platform-cdn.sharethis.com
prod-rtb.ad4mat.net
rtb.openx.net
s0.2mdn.net
static-de.ad4mat.net
tpc.googlesyndication.com
track.webgains.com
w-it.m-t.io
www.awin1.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.happythemes.com
cm.g.doubleclick.net
104.111.239.217
13.226.159.114
142.250.181.226
142.250.186.162
185.64.189.115
194.1.147.53
2600:1901:0:76b9::
2600:9000:2182:8a00:1d:85c3:6640:93a1
2600:9000:2182:d800:c:abe:f440:93a1
2600:9000:2182:e400:1c:8a07:5e80:93a1
2600:9000:2182:e400:c:a9b7:ddc0:93a1
2606:4700:20::681a:bd1
2606:4700:3032::6815:57ae
2606:4700::6812:e134
2620:116:800d:21:51e4:db4b:4436:b305
2a00:1450:4001:800::2001
2a00:1450:4001:803::2006
2a00:1450:4001:809::2002
2a00:1450:4001:809::2004
2a00:1450:4001:80e::2002
2a00:1450:4001:813::2001
2a00:1450:4001:813::2002
2a00:1450:4001:827::2002
2a00:1450:4001:827::2004
2a00:1450:4001:827::200e
2a00:1450:4001:827::2013
2a00:1450:4001:829::2003
2a00:1450:4001:82a::2008
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2002
2a00:1450:4001:831::2002
2a00:1450:4001:831::200a
2a05:d01c:1d8:8102:9cdd:d1ce:f1f6:d7df
3.213.224.136
34.253.75.69
34.98.67.61
35.227.252.103
46.236.13.147
52.29.0.64
52.41.116.81
67.23.238.41
69.173.144.138
81.29.72.47
0139f086e9d87dc85607e71fac32f16532ca97215e38b40682135dd26e19275e
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
0302988617de5cb9f90979b8a86c431e00249c09831c901263f8242615f798ad
03f14357b2de695aa54c32f6aa655da2e30c383035c0cead7234c80517f7740b
054e2d18a62aa37e22197f207de266ba9fad9260d840725394f62ad3782a2a4f
063bae7d5926f34fcadc7d5bd53c7345dc319b7aa3b16ea8db7266e2a9eb2c96
0a9ff3f6b8d132ef3022c28d875ab2217b7b35259a6bfd10b8e56b4b87046019
0b2c56f3ae0352662a9670dfb537517f8d7f69c2c99792041cdf5da6b94e99e7
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c
0f1326c79eb459f8e2c24cfbe32aa15fb387e93c990639c170ccabbe9b3ecd01
0fabfd36287fde44b0909f8979e7a5c0cab49f90e6d3c00fe1d4ddaa5637d9dd
113e153cd01d73c26f4f1015ed0d4ffbb0c9a1c909fe6b3793c780d71814fec7
11511854996e430afe2570349b74301d0042353244ebb4a768d49274c2788a8f
11524b66217eac379fd5ee24d150dc0999d8510e63034efab37670a28d8dc591
142889913df3fc2d875920871ce23546e0b95937a3e65186c3338f6e3fc228d6
179a1be3766eb5573db97f0fdbd19c44b4fe40a893864583cf904fb74f3f17b2
17b47a1ed2cd2e1ec86f4735497e2956eb34be0a66fc20b427148f65c6ebaca5
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1bae747c7fd090f56608956a97c870391e1c43f89d24d5766129b75628985c1e
1cfd32e37f8aba263101f06e8f702adfaef55a6601857cf5e2c6dd0b0388dcd6
1dad6cb9a0903898a8f82f89c0d10ee6e94f8459228530fa5df3078100c9f650
1e45ca14bc59eff23fa77a56b5a047910b4bb21832fb69ef9308c3e16caabbe4
23fc400a12c29f66e5ccec206bbef0b8256d1896537bbdcf5516ec2933c10bea
243ca6f69aee231807db24289809106b6f50b87697fdf3856493164ea5eabd5a
272d25a3bc4e780b90797dc968a382dbccaa40157d7612ace2f59f2768a6bb86
28de92066c39391dedeed0ab9b4a2a548e8342c70567b9059af1c07bb0b58322
2b62ab86703c0ff1beff7591d4151685a6335fa4013a895e441b749ebea049f7
2baccefb5cede601d5fc018290c68a748e3199cf5c00cc77dbbf6491531d3592
2c9bbec21aff10105263cd6064eebd83088705103dea42955edf95acf82dc628
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
310922b929aa57b74de517f74fb52edf5201c2f3d007ff49e43af71ad38d6310
3486c9f9e01ce861333b3952122752ff4849efebdb12e2ae2edcd5d1b19a50a2
36225e386f80d3706232990cc4ca5d50c69bfb3dfb8bbf99d89acfd892c158a5
36ae5665d20b3043d7c330846a2712a01de07cc1a8819d08f306853249a3bb52
36cba8b96faf45e4d6a6291bf10a7a88ee0f73d13a0640ad3547bdf572b1aed9
378251db9dc7c47ab37d55dfc82287bd892c3b01d34735541f6cf670de39a668
38337eecd051312b9321bcdb7a380f8df732fa7c2ea117b85fed5a688b4c1966
43d8fce3a337b7a745c3b12c1e1c2f6fbf03512342dfe3044e4577a59eaaf48a
46e501ef3758e7be7dea2c33d72786d45f610e682b24bffd8da2090ae8b06e97
4778dcab6b996cd56cf5b0650f970a88bb5dc045504e2c80dbc22a7ff6c1937f
4785799974e8259133e54bc2ed269b4e3897585bb45148f04ce4cd8ef507ed0b
4832f5768a8d71f5e7504a48274d822a72e79b39fe43a071c13852097da8ec6b
4893752656cc7d5f8690be5389519314eb776cc152bc299c4a55f90bc954ac40
494627acb3c86254c238efaf66afcaf30d4293c7512a37a72b51a380d55e3880
4bd938863d8e473540c7300aec8fd156822f4701cee5fb6b3328a2cc9b0a012b
4cc755a99349527933df50f5338a02d972da947a4c25f4a5309f4545ddc40ee1
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e56ceb514c1a898cd5132f4f26e6ad36079c0990309c4f22365bdb3113df9ae
4ed10d0d64bb1515397e8666a63f484d640dbc5678fa62574e077b7aef1c3af2
546ecebb52eb90dcd74cc7f06279be1b7247d2d720318592402ddc8c0585c21a
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
54d35e66675f9cc2ab471d0c389573b5ab0902937b397914a177712b27678a46
581fcf751e03dc8cd4a3f6f8c1ff93a30ac92fc3d7d2a64943c842c1cc00b117
59f0087575708b2b469eb68ce76b6bf00456e436552c5a12e614bd66a3001005
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5c833b1818762f1e134fbb158447fb0b92f2b018b15aa36f2e2405213f830d38
5dc4d251da696f0cdaccec5c8fc32cad7c6e58448558991d3b8b9435165a9ef0
5f5012132c752db2433e17712d91ef8689f1bc95167b2720e23224c2ae62e009
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
6366599460988d5a2573f89253658648fffa1dec7b363fe8fe8931680da5ff7d
658fc82cab2e749e613b64b4b9e80fc14677773de8ab9677a739b9ce5a3def27
65b7523e9bd5d70fff588f38a3fd85cf0de784add41319c656cf9c8c59b6da00
67bc675875f4e5e7d636dbc7da38268c23f3a5370233ac2331a7193add7cfd76
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
684722f2ec67f3a1b4aad3b445dd37b60d048d66701dfff1f5c40b3bad4fae8a
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c8b63f9bf16fe1c987110ea1dd5a34fc6592df25e98d42ab5e7f4d53f0239ed
6dd3fa0ac0babf2ccc9285caa721a145c225a7d5207e9a662f32bf6e8b99e56e
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
75817d352ea4450be4fea3cd7e03603e6391d8c6178d3dbb9992439695a16343
76365b2896e7dd2b2f5ce947b9f9f658c03431a19872d35de63aa9f1dfa5fc30
768d97ec0916217ae82c70aeda3a61b9b0dab344edc4a3240a4f7cd94af00307
79a1fd9f71c69648edfe742cc8b1d2141a95d063e630aaa06a5cdf5faa50650d
79a636d2c8ace706866349aaf2d1661b25c94a9523ab602e32d106fbba2a2b23
7b21fb0bd5faabc5ab60dcf9fc559084712df71ad1158f52856cc489e5a22770
7c93346d4f681a0be90d1dfc19346382a4700f1810f41caa54415688dee1777f
7e3559d6ffac7fc54d6edaa79b6e7330fab33fbdffc174a27c58b25e5b3952d2
7ed0f094ab5e56199e6f86d3a19c8faa75801ef8f1b6824bef8fc0869fb93514
847eb36b4dc4b05f94052dcd98077319e74d882334a106bb9ca451ba211c9c2c
84f8704bdc07ab2809b5a9dd028ef0c9e0001bd0b21c32fc06c18231069a581e
85a096c073faa7b2f0cd16adf42aef4c64f0e2b34dedcd1379b6cc48e126f7fa
86293e44d58e1e8f256d27908d26824c28184c4588d7d34a60e5276121c548dc
878b3b4ac2b6c8e46cbd635129b4e42c76768b18fbb90708745229af6cbc1bae
87f22b4839be51ff0db3f4a36971a541d8775486441207fa64bdb97948700a3f
8b75a67f5c8b6cfac7c8113bb7c7cf13bed72f7b8c8c299cbb897a6ff9466c31
8bb394b0e01ddd617ad2e4a7d1f5f4fcd4d9a7d956fee5f83c3171d14f6a4f7a
8d7401bef80e31a1aa3a2d1daab189dfba7f02a21e7cfef216e011f0c05a74da
8ef80b9484ec57f96a4cfe363afe777cb54dd1deda8aae48c7394b8335bca048
8f359cea41f7e97a585f44c7c318c4f2314b2981060da1623e39d8d348ff9150
932c9568d4e84014b305a72fff85330093277abf03f68eee9c8c7d9088498256
953ad5605189ea38166999307dd0641b5a3c42d4bd1dfd183848143c3fc2252b
97cfbffddbcbf00dcf4b38e122383cbc49f8bde482552271ef0a127ea03e5ae5
995e2aca18a20c8e1007e5d647faa600907b1a237c633fd7b9f7dbaa23beac81
9a83c65bdd0ff9488af9d25720686457ea7295c9c44f9f1d285a0c9ec89bab99
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b58c69772b440653ae4c351faa78a8ac8c9924a32240a69eade4af50a008bf2
9ce3d720e9864d2056ed14be116925c01ae9cd2c176036a181c32f806f802bc7
9f09381f73891decdd6ad9d9d14e983e2886a5371abe806bb991ef059cf6a70a
9f91bdc0226ee0299e83d54f8d4fb1e2b151590211a41a899e3593e20b6f2e0f
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1d43c3ea114a0038c6a880b6cbf54ea2313fd52d6437c6579c3062703aa8413
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4b3b91b775b356ac4b5c34ac94dbcc1212ef23b5e89bfa9bfcc92e285a4447a
a72ad4a87387d87e2e90c3505e8798323f1ff00ecbbf721aefe588a6aedc776c
a7848e0345cbfdda55325a5e4804dacac9b5885411c1be9dc63bac8b04894af0
a98e42b2d4ab1ae36f3b270a0dff6ad2f158100833978ff0a549674a2543e78a
ac84513c4c5ea7e4458e91c46e33ba71b56e19fabf93cc079ffcb01a975c2e3d
aca9b5b4cbfd4bc4c8c3f0e6b803f4f17e8e7c79c4166e33dd19363e793143c3
b1ab923e96eccf0eb1f421a78781a102ad8885ddcae4ee9328f8512215945b6b
b347e21baf5cae51c305d98fe76947aaaa6dd86bedd2141025ff5ca2acf63f8e
bef3142e3e8e977ab554f50a7dceed6dfda9b20703a7519faf43fc4944705df9
bf3ca351db5713c36f13be049365168a1cbe8e9e6c246e0d85f0dfc3a6767ec5
c01c98dc32c9889b4120afd376d61fe7a172b6cb323b48011b71572a4d97ff8a
c2c83e05865c46c3f918bd3714160b94d19df8dad0556df05ee0d08041686659
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c65bbe7e278afea762b40363a4bcdc29301b63057d4ec21e0e9ba90e6c751783
c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
cdae2bb11f0f73e198ecf4678a9e75c593276530ac58fc8af77f6b57bff2676c
cf25ec18f223f4c51ce1128a42e644cdc2244d88f89d1a51440d9dbe51f4efe8
d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4
d1fdc83f40b6872fbf82ad027168954ccaa7eee12c7e6fcbe52e26c36bf915de
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d997fba7832cb78b0933a9eb2ce191d53234c978e25c6c8fc50c75923ea8405e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d722f4cd7587ef5f049320a1e6b1e59bb30fa65db774e3be30cdef15acc556
e55869541d8d62428b5dbe5b9fb103a5f6d4279d92d501ffefc6933f09327c42
e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770
ebf14d2ccd814e61d44daf4577675e3734a97c6600b480b908b0518b7e3267dc
edeae7fd9f5df67d69528719845e474c9e29f24632165ab271154d0ebc302622
ef028ef3202a70f936d9e896313209b3d97f2c6a544ebecb0317463076a1a91b
efc737b4f58cfe73a9bd0e57d7570365701381da31e628b269e7217a0ce3359d
f11b175fe8bf3197476825c16801f8c13b0e60aee14f3b5ef627b4990be17a1e
f31e06b14eedac7dbd09f17a0dcff197375200d21b1cbf3457f7bd8c940340fc
f353e91b2f6882817486cb4c31da79a519c6e29de2359880352ab14f2b11ac78
f85e538e44687fc0feaa2f66a67831ec9f9b03446f115dec74b996da4a0a4a52
f981ac999350c901e815738482797ae651bd0d240aae589d56f5b027ad9715da
f992d4e165a593df5d567f6ad58aae2b9609cc3870a5eb91483268e5b48c3e77
fdcfb16c177192bab98613cd3ece660d0cd85719b16739615b3056609f14fc21
fe9ad9796d39e706fe661ddf90151c0ebc03251164354d55f1ee95ca06878b40
ff7cbd7d791c0f01f1b7db211981bb0506701f663e9e41422586b9e625753ba3
ffa3e3877f004c31297d495d2466a218a830221b6c1d97dff9bf04ee8030e64a

opovoemfoco.com Open in urlscan Pro 67.23.238.41 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

251 Requests

95 %HTTPS

63 %IPv6

29 Domains

43 Subdomains

40 IPs

4 Countries

3753 kBTransfer

5842 kBSize

3 Cookies

4 Outgoing links

Redirected requests

251 HTTP transactions Everything HTML Script AJAX CSS Image Expand all -3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

opovoemfoco.com Open in urlscan Pro
67.23.238.41 Public Scan

Screenshot
Live screenshot

Full Image

251
Requests

95 %
HTTPS

63 %
IPv6

29
Domains

43
Subdomains

40
IPs

4
Countries

3753 kB
Transfer

5842 kB
Size

3
Cookies

251 HTTP transactions
-3 data transactions