www.posthaus.com.br Open in urlscan Pro
200.193.43.110 Public Scan

URL: https://www.instagram.com/posthaus

URL: http://www.modaposthaus.com.br/

URL: https://www.youtube.com/user/portalposthaus

URL: https://br.pinterest.com/portalposthaus/

URL: https://www.reclameaqui.com.br/empresa/posthaus-com/

URL: https://www.ebit.com.br/posthaus

URL: https://seal.godaddy.com/getSeal?sealID=vCOMSJTHd2yJeB2ccw4qXXxCOEafIwMAmO54QopvzYgJmZqTlXoESHmWxQzL

URL: https://play.google.com/store/apps/details?id=br.com.supero.posthaus.site&referrer=utm_source%3DSite%20Posthaus%20PWA

URL: https://itunes.apple.com/app/apple-store/id808758618?pt=117739538&ct=Site%20Posthaus%20PWA&mt=8

URL: https://www.larelazer.com.br/cama?mkt=POSTHAUS&utm_source=POSTHAUS
Title: Aproveite para conhecer o portal Lar e Lazer, especializado em produtos de Cama, Mesa e Banho. Tudo com até 70% de desconto!

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.posthau.com.br/ HTTP 301
https://llinks.io/?fmFhB1k Page URL
https://llinks.io/?fmFhB1k&forwardA=true HTTP 303
https://www.awin1.com/cread.php?awinmid=17634&awinaffid=691863&ued=https%3A%2F%2Fwww.posthaus.com.br%2F HTTP 302
https://www.zenaps.com/rclick.php?mid=17634&c_len=2592000&c_ts=1658367311&c_cnt=691863%7C0%7C0%7C1658367311%7C%7Caw%7C0&ir=5cb46930-0895-11ed-b9b9-223765e4ceee&pr=https%3A%2F%2Fwww.posthaus.com.br%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&bId=HLEX_62d8ad4f414b19.47346097&cookie=1&c_d=zenaps.com HTTP 302
https://www.posthaus.com.br/?awc=17634_1658367311_72c6c5e2dee14a76c6c80354341f6145&lnk=1458_0_0_0&ordprd=6&utm_source=ZANOX&utm_medium=AFILIADOSEXTERNOS&utm_campaign=LINKTEXTO&mkt=ZANOX054&utm_term=http%3A%2F%2Fdecoracao.com+ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://www.posthau.com.br/ HTTP 301
https://llinks.io/?fmFhB1k

Request Chain 36

https://us.creativecdn.com/tags?type=iframe&id=pr_hhX6cMuePreWPuw9xLe2&ncm=1&id=pr_hhX6cMuePreWPuw9xLe2_lid_lZ5WO4gTGjkmOhNolOph&su=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&sr=&ts=1658367316499 HTTP 302
https://us.creativecdn.com/tags?type=iframe&id=pr_hhX6cMuePreWPuw9xLe2&ncm=1&id=pr_hhX6cMuePreWPuw9xLe2_lid_lZ5WO4gTGjkmOhNolOph&su=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&sr=&ts=1658367316499&tc=1

Request Chain 52

https://us.creativecdn.com/tags?type=iframe&id=pr_hhX6cMuePreWPuw9xLe2_home&id=pr_hhX6cMuePreWPuw9xLe2_lid_lZ5WO4gTGjkmOhNolOph&su=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&sr=&ts=1658367316805 HTTP 302
https://us.creativecdn.com/tags?type=iframe&id=pr_hhX6cMuePreWPuw9xLe2_home&id=pr_hhX6cMuePreWPuw9xLe2_lid_lZ5WO4gTGjkmOhNolOph&su=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&sr=&ts=1658367316805&tc=1

Request Chain 100

https://gum.criteo.com/sid/json?origin=onetag&domain=posthaus.com.br&sn=ChromeSyncframe&so=0&topUrl=www.posthaus.com.br&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=UYurLnxtUDBVSGs1VHE1NFppL1QvUkxkTXRncnFCeS82TTBWbXhqNTJpMThqQkhTZkdwM0RSS2hZdnMvRUpaZFB6dFVRa1pJem5WbU1WMko5bkJiZWIvQzYyL0p0YWp4R3hyZ2U0QmswYVRjdGNXblhrWVdnK1pjSC82WlVwcmJlS2h6cVk3NVQwWlJsc0dwNnVGNUJ1bTFCd3RDdktBcXNmK3ZWVjZUUS9Icll4VTJQbGQwU1BpTy9FUnFiWlZrQVhCNE1ocWZYTXdkS3FpQWZ4cTJ3dWIzaisyM1RrdGZCc1pJL1pzQ3Bpa2xTcFRZRXdFUVhuKy8xc25kZkpreXZPNnMxa0NPWDcrWmYwYVdObWh4KzJmd0E0cVFZRGRxc3c5WkFTSW9RNFZFeVl1Yz18&cppv=2

Request Chain 103

https://cm.g.doubleclick.net/pixel?google_nid=rtb_house&google_cm&google_sc&google_ula=5153224&google_hm=em9xQ0lQaU5DcFpVVjNCNzJ3T1I%3D&pi=adx&tdc=ash&chain= HTTP 302
https://cm.creativecdn.com/adx/cm?v=2&pi=adx&tdc=ash&chain=&google_gid=CAESEOLD7fmX5jCqzubXTRQMmdo&google_cver=1&google_ula=5153224,0 HTTP 302
https://ash.creativecdn.com/adx/cm?v=2&pi=adx&tdc=ash&chain=&google_gid=CAESEOLD7fmX5jCqzubXTRQMmdo&google_cver=1&google_ula=5153224,0

Request Chain 110

https://sslwidget.criteo.com/event?a=4764&v=5.12.0&p0=e%3Dce%26m%3D%255B%255D&p1=e%3Dexd%26site_type%3Dd&p2=e%3Dvh&p3=e%3Ddis&adce=1&bundle=ijS9Sl9EVE00U21VNjNTeGFmdWY2QnZYbmQ1OTFxTVU4Yjl3ekJOeE5PWXNNYXk4Nm1RSG1GZjBDbFU0MUhtZHVWWHJHb2tVZjMzVVFmWWtOWFZNcnh0MVdCNHRjWUI5eTJwN3pXMFd5T0RxdHJwUVExNWo0VzI3eEVFUVBzUVYwb0I4NlJBSyUyQjYyJTJCU3ViSFpaRHF6bThCQkZnJTNEJTNE&tld=posthaus.com.br&fu=https%253A%252F%252Fwww.posthaus.com.br%252F%253Fawc%253D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%2526lnk%253D1458_0_0_0%2526ordprd%253D6%2526utm_source%253DZANOX%2526utm_medium%253DAFILIADOSEXTERNOS%2526utm_campaign%253DLINKTEXTO%2526mkt%253DZANOX054%2526utm_term%253Dhttp%25253A%25252F%25252Fdecoracao.com%252B&dtycbr=21393 HTTP 302
https://widget.us.criteo.com/event?a=4764&v=5.12.0&p0=e%3Dce%26m%3D%255B%255D&p1=e%3Dexd%26site_type%3Dd&p2=e%3Dvh&p3=e%3Ddis&adce=1&bundle=ijS9Sl9EVE00U21VNjNTeGFmdWY2QnZYbmQ1OTFxTVU4Yjl3ekJOeE5PWXNNYXk4Nm1RSG1GZjBDbFU0MUhtZHVWWHJHb2tVZjMzVVFmWWtOWFZNcnh0MVdCNHRjWUI5eTJwN3pXMFd5T0RxdHJwUVExNWo0VzI3eEVFUVBzUVYwb0I4NlJBSyUyQjYyJTJCU3ViSFpaRHF6bThCQkZnJTNEJTNE&tld=posthaus.com.br&fu=https%253A%252F%252Fwww.posthaus.com.br%252F%253Fawc%253D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%2526lnk%253D1458_0_0_0%2526ordprd%253D6%2526utm_source%253DZANOX%2526utm_medium%253DAFILIADOSEXTERNOS%2526utm_campaign%253DLINKTEXTO%2526mkt%253DZANOX054%2526utm_term%253Dhttp%25253A%25252F%25252Fdecoracao.com%252B&dtycbr=21393

Request Chain 157

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECc84GP0nEexQZAz2GgK-b0&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECc84GP0nEexQZAz2GgK-b0&google_cver=1&C=1

Request Chain 158

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YtitVsJAtjYYMMJiSetzKgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECc84GP0nEexQZAz2GgK-b0&google_cver=1

Request Chain 159

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESELqzhOBNAWeHf6_f1IRum2o&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESELqzhOBNAWeHf6_f1IRum2o%26google_cver%3D1

Request Chain 160

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQ0NzQzNTk3OTI1NDIwMjkzMw%3D%3D

Request Chain 161

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECc84GP0nEexQZAz2GgK-b0&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECc84GP0nEexQZAz2GgK-b0&google_cver=1&C=1

Request Chain 162

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YtitVpjYWc4B9dX3ue8zJwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECc84GP0nEexQZAz2GgK-b0&google_cver=1

Request Chain 163

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESELqzhOBNAWeHf6_f1IRum2o&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESELqzhOBNAWeHf6_f1IRum2o%26google_cver%3D1

Request Chain 164

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQ0NzQzNTk3OTI1NDIwMjkzMw%3D%3D

Request Chain 165

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFG29T2go1txdApQEZPBF3M&google_cver=1

Request Chain 167

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEGzJe47UfGSAbC1Ht1mVvio&google_cver=1

Request Chain 169

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFG29T2go1txdApQEZPBF3M&google_cver=1

Request Chain 171

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEGzJe47UfGSAbC1Ht1mVvio&google_cver=1

Request Chain 231

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELsEiBt7qR3cdZCwneYUfnc&google_cver=1&google_push=AehlK4AnJb4R31nWM5mzW6UH23s4a8q_o5WbkNW7nSxYyI3njashe1r38DRps_dRieLcjbdudxuOyZCmzf8e1NJ8rle-M0enmF4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESELsEiBt7qR3cdZCwneYUfnc&google_hm=YtitVtO1gfmBxJ3p1uXQgAAABFkAAAIB&google_nid=index&google_push=AehlK4AnJb4R31nWM5mzW6UH23s4a8q_o5WbkNW7nSxYyI3njashe1r38DRps_dRieLcjbdudxuOyZCmzf8e1NJ8rle-M0enmF4

Request Chain 232

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEAv3Ce6vmNVF8DJpct8MlZg&google_cver=1&google_push=AehlK4DPcHW9WXMYnKatwPIpwJR0sn4cc64DsUSoMGdVixHJF5BlBqKD3lhALUnTVirKezgTXtbPiROZa3GzKRtWzw072IEjORo HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEAv3Ce6vmNVF8DJpct8MlZg&google_cver=1&google_push=AehlK4DPcHW9WXMYnKatwPIpwJR0sn4cc64DsUSoMGdVixHJF5BlBqKD3lhALUnTVirKezgTXtbPiROZa3GzKRtWzw072IEjORo&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AehlK4DPcHW9WXMYnKatwPIpwJR0sn4cc64DsUSoMGdVixHJF5BlBqKD3lhALUnTVirKezgTXtbPiROZa3GzKRtWzw072IEjORo&google_hm=FApfrGZHUWGJ6MPzR4OQPElt

Request Chain 233

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEGlDyCqphb47V48h92sxr5I&google_cver=1&google_push=AehlK4DOScdGGQEu83fV66zjGeEnK_sIauzWH4S0v8pEV3ETlEao_UIY_KwnOMRy2a2Ahz3thTPqsFV9nVmaZ4vagyTsyu9qiU0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AehlK4DOScdGGQEu83fV66zjGeEnK_sIauzWH4S0v8pEV3ETlEao_UIY_KwnOMRy2a2Ahz3thTPqsFV9nVmaZ4vagyTsyu9qiU0

Request Chain 234

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEDXTeXnogvpbf_B41ZWIIQU&google_cver=1&google_push=AehlK4AknLkE-e_KXEuiKKoGeYW7lY5_zyK8tB-JyE89bvC89kRHZdGa68n192msaeh12rW28I7b0GLpfHDFyfommXZmt3r3GlM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4AknLkE-e_KXEuiKKoGeYW7lY5_zyK8tB-JyE89bvC89kRHZdGa68n192msaeh12rW28I7b0GLpfHDFyfommXZmt3r3GlM

Request Chain 235

https://match.360yield.com/match/ebda?google_gid=CAESENjWlkUDB944TntIVbOlLSo&google_cver=1&google_push=AehlK4CqpVMNie7pfrg0iosXCaMWttAbIhVPBpdyCdVG8mw_nWaAsGGp7Dc_gu5YY19hb4prClTJKzv0sTDLq1PaepTxqXpLXV4 HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESENjWlkUDB944TntIVbOlLSo&google_cver=1&google_push=AehlK4CqpVMNie7pfrg0iosXCaMWttAbIhVPBpdyCdVG8mw_nWaAsGGp7Dc_gu5YY19hb4prClTJKzv0sTDLq1PaepTxqXpLXV4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ZTQATXutQkWO7Nl6SgNC5A&google_push=AehlK4CqpVMNie7pfrg0iosXCaMWttAbIhVPBpdyCdVG8mw_nWaAsGGp7Dc_gu5YY19hb4prClTJKzv0sTDLq1PaepTxqXpLXV4

Request Chain 236

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEJVLTc3pEGtUlfjvE3UKTIU&google_cver=1&google_push=AehlK4DtnTE2_J7zJ6aGTIUjccjnh-9ltbD0bDiA95KWy3SFg_fbGlnJdqEqZr0XK1sHdDG1d1nQJmGx6RfPXSDSv-5TJjF9qQ HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AehlK4DtnTE2_J7zJ6aGTIUjccjnh-9ltbD0bDiA95KWy3SFg_fbGlnJdqEqZr0XK1sHdDG1d1nQJmGx6RfPXSDSv-5TJjF9qQ&google_gid=CAESEJVLTc3pEGtUlfjvE3UKTIU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=Mzk1NDA2MzQ0MzM0Mjk5NjQ2Nzk5Nw%3D%3D&google_push=AehlK4DtnTE2_J7zJ6aGTIUjccjnh-9ltbD0bDiA95KWy3SFg_fbGlnJdqEqZr0XK1sHdDG1d1nQJmGx6RfPXSDSv-5TJjF9qQ

Request Chain 246

https://a.tribalfusion.com/i.match?p=b6&u=CAESEM4of3sWXuqbFbiuGtcyEHg&google_cver=1&google_push=AehlK4BhbG0hFMCSm9Lc-7VB7grFKta79PQnyI304muLuGGOkvRiuvdvDny3Lk8e85BFu_z3kepdCyAhrZLW-UY_WrMlx66U3TO6&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAehlK4BhbG0hFMCSm9Lc-7VB7grFKta79PQnyI304muLuGGOkvRiuvdvDny3Lk8e85BFu_z3kepdCyAhrZLW-UY_WrMlx66U3TO6%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEM4of3sWXuqbFbiuGtcyEHg&google_cver=1&google_push=AehlK4BhbG0hFMCSm9Lc-7VB7grFKta79PQnyI304muLuGGOkvRiuvdvDny3Lk8e85BFu_z3kepdCyAhrZLW-UY_WrMlx66U3TO6&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAehlK4BhbG0hFMCSm9Lc-7VB7grFKta79PQnyI304muLuGGOkvRiuvdvDny3Lk8e85BFu_z3kepdCyAhrZLW-UY_WrMlx66U3TO6%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 247

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEELQD5F-lq_Ax0Xnl1jFvio&google_cver=1&google_push=AehlK4CFnK6JDj26NVXQk2vVKsae7NpxFEo_AdKqVMMI5uY5xL747eyDQp8nisxEq_pNXMiiORIsECVburrJ_KIb121nqbJVmNsW HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEELQD5F-lq_Ax0Xnl1jFvio&google_cver=1&google_push=AehlK4CFnK6JDj26NVXQk2vVKsae7NpxFEo_AdKqVMMI5uY5xL747eyDQp8nisxEq_pNXMiiORIsECVburrJ_KIb121nqbJVmNsW HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AehlK4CFnK6JDj26NVXQk2vVKsae7NpxFEo_AdKqVMMI5uY5xL747eyDQp8nisxEq_pNXMiiORIsECVburrJ_KIb121nqbJVmNsW&google_hm=meAluqjbSGall42PHpTzsw==

Request Chain 248

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEKX6q3zJFfXqwKSLpeiMU1Y&google_cver=1&google_push=AehlK4AzYUhQ1qVR8ymHfH2RsA0hpQs-cJ7dEry2pz0v8BuIB5334SXTTBtKZt8CXAJ4DhxVVb0GvpCSQKmDHbZ7Iw8SEjqTkHM0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AehlK4AzYUhQ1qVR8ymHfH2RsA0hpQs-cJ7dEry2pz0v8BuIB5334SXTTBtKZt8CXAJ4DhxVVb0GvpCSQKmDHbZ7Iw8SEjqTkHM0&google_hm=NTk1OTIzNTU5Mjk2ODA4MzkxOQ%3D%3D

Request Chain 249

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELsEiBt7qR3cdZCwneYUfnc&google_cver=1&google_push=AehlK4B6b-NZCgpq9GDyV92_XMyGWDEdSypj_mgUUk_XLcTa-1WqX6mjxCudP5KF4PaoNat97FsmvAU3YxD8djdDy7DjFGQFP2g5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESELsEiBt7qR3cdZCwneYUfnc&google_hm=YtitVtO1gfmBxJ3p1uXQgAAABFkAAAIB&google_nid=index&google_push=AehlK4B6b-NZCgpq9GDyV92_XMyGWDEdSypj_mgUUk_XLcTa-1WqX6mjxCudP5KF4PaoNat97FsmvAU3YxD8djdDy7DjFGQFP2g5

Request Chain 250

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEOw4VduihU1he43FB1_U2Dk&google_cver=1&google_push=AehlK4A-BvDpAupdST9ZtoUs78cxolrT-Zpo3YqniJvzQmbh9BIeuvYRM6F45AhEQiYOh9ZsX88g0AvA8r9y1oPlS1ELx7Sf-dZd HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AehlK4A-BvDpAupdST9ZtoUs78cxolrT-Zpo3YqniJvzQmbh9BIeuvYRM6F45AhEQiYOh9ZsX88g0AvA8r9y1oPlS1ELx7Sf-dZd&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1658367318858 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-011e4435-c231-4be7-ba4d-8e77d15584eb-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAehlK4A-BvDpAupdST9ZtoUs78cxolrT-Zpo3YqniJvzQmbh9BIeuvYRM6F45AhEQiYOh9ZsX88g0AvA8r9y1oPlS1ELx7Sf-dZd%26google_hm%3DAwEeRDXCMUvnuk2Od9FVhOs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AehlK4A-BvDpAupdST9ZtoUs78cxolrT-Zpo3YqniJvzQmbh9BIeuvYRM6F45AhEQiYOh9ZsX88g0AvA8r9y1oPlS1ELx7Sf-dZd&google_hm=AwEeRDXCMUvnuk2Od9FVhOs

Request Chain 251

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEJVLTc3pEGtUlfjvE3UKTIU&google_cver=1&google_push=AehlK4AL-lO29Gi32X_cLEv_Hvisa6ARz_0WSamnbr2HN7eliEZRQIYStNZhLBMw--zzruJNInTG5IzjjNwDuzCGvwZUdD4TIVF1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=Mzk1NDA2MzQ0MzM0Mjk5NjQ2Nzk5Nw%3D%3D&google_push=AehlK4AL-lO29Gi32X_cLEv_Hvisa6ARz_0WSamnbr2HN7eliEZRQIYStNZhLBMw--zzruJNInTG5IzjjNwDuzCGvwZUdD4TIVF1

Request Chain 261

https://um.simpli.fi/gp_match?google_gid=CAESEGp6oln8f1QRnTAbYo4qbPs&google_cver=1&google_push=AehlK4BJ7TiYhKAmqh9LebgOWPB9iQKGupDBaT5cccA6i5sY1R19mJREtyFbWhpoAW_6kDYg8-9vquAc55_O33zX59LgHTxBaNU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=CD4C7C6761A54250B371F5F7ED77847F&google_push=AehlK4BJ7TiYhKAmqh9LebgOWPB9iQKGupDBaT5cccA6i5sY1R19mJREtyFbWhpoAW_6kDYg8-9vquAc55_O33zX59LgHTxBaNU

Request Chain 262

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEBf953UiRyWKZ9fID8RGR7Y&google_cver=1&google_push=AehlK4C3QoHtEXxxaL8Mvgb7znKg0pSw586s0SOUAV9c8VOCR8pgk7pCNu1WVC4n6_lPlXecoH8RKte9PUM72cj2tVI4DH6X3Jaf HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=8&google_gid=CAESEBf953UiRyWKZ9fID8RGR7Y&google_cver=1&google_push=AehlK4C3QoHtEXxxaL8Mvgb7znKg0pSw586s0SOUAV9c8VOCR8pgk7pCNu1WVC4n6_lPlXecoH8RKte9PUM72cj2tVI4DH6X3Jaf HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=pjWk4S2oQYeZeedN22LzkGLYrVY

Request Chain 263

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEELQD5F-lq_Ax0Xnl1jFvio&google_cver=1&google_push=AehlK4AkDNVnDY0Xej8Sn7rWbyvZ1VWvTv4aQiZmZS2pb172tSo696L53gZWyLh8HEygkQBh63wLXZpxJd1WsUkJFekbgU16Jd0Q HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEELQD5F-lq_Ax0Xnl1jFvio&google_cver=1&google_push=AehlK4AkDNVnDY0Xej8Sn7rWbyvZ1VWvTv4aQiZmZS2pb172tSo696L53gZWyLh8HEygkQBh63wLXZpxJd1WsUkJFekbgU16Jd0Q HTTP 302
https://r.scoota.co/sync?ssp=bidswitch&bidswitch_ssp_id=google HTTP 302
https://r.scoota.co/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=google HTTP 302
https://x.bidswitch.net/sync?dsp_id=29&expires=30&user_id=efcb6630-2320-4ede-9060-715e1561a926&ssp=google HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AehlK4AkDNVnDY0Xej8Sn7rWbyvZ1VWvTv4aQiZmZS2pb172tSo696L53gZWyLh8HEygkQBh63wLXZpxJd1WsUkJFekbgU16Jd0Q&google_hm=meAluqjbSGall42PHpTzsw==

Request Chain 265

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEDXTeXnogvpbf_B41ZWIIQU&google_cver=1&google_push=AehlK4D6X91us8ZHFPY2YvtwoCkwvZs2pV-SX0ORlQJHs-Vmnnq8OI74rsxHLebrG5z8bfBLRNpUJ0nNMlb4SYvFzKMZqE0rpvK3 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4D6X91us8ZHFPY2YvtwoCkwvZs2pV-SX0ORlQJHs-Vmnnq8OI74rsxHLebrG5z8bfBLRNpUJ0nNMlb4SYvFzKMZqE0rpvK3

Request Chain 266

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEOboEjiOzDomB53zHSp3_XM&google_cver=1&google_push=AehlK4Aog2GNiFYipmD-Ubd9y4spTg916ukSCMI7tp5zOykoEiI8Ck6HehhVbMnGm9gLrdPwLfDBiMQIznHipaxmFgintrAqMmgxBQ HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEOboEjiOzDomB53zHSp3_XM&google_cver=1&google_push=AehlK4Aog2GNiFYipmD-Ubd9y4spTg916ukSCMI7tp5zOykoEiI8Ck6HehhVbMnGm9gLrdPwLfDBiMQIznHipaxmFgintrAqMmgxBQ&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1EZ3B4VTNsRTJ1RVZuejh3QmU5d0FocWlyN09SN3dqQ35B&google_push=AehlK4Aog2GNiFYipmD-Ubd9y4spTg916ukSCMI7tp5zOykoEiI8Ck6HehhVbMnGm9gLrdPwLfDBiMQIznHipaxmFgintrAqMmgxBQ

Request Chain 279

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEHzwqsmdNHj0AfBW4JnB97A&google_cver=1&google_push=AehlK4BPe4hTi5q8CVm6yBBwR0XM08PBRLIyo_M030p2CVzjlmrZVUI-BE7rPdPBEJZnTizqynxF66J9QdscwI-wSW3pjifzlao_ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzEyMjYzMzM5OTg2MDkxODQyNw%3D%3D&google_push=AehlK4BPe4hTi5q8CVm6yBBwR0XM08PBRLIyo_M030p2CVzjlmrZVUI-BE7rPdPBEJZnTizqynxF66J9QdscwI-wSW3pjifzlao_

Request Chain 280

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEKX6q3zJFfXqwKSLpeiMU1Y&google_cver=1&google_push=AehlK4CSk821DyGg7EAOuPf4vavypHlkKYKB-Mpk0CAZHuiHrUUuajVr16TAZFusJInhoJQHTvjje9tlnv2rh454WtrpBSHfdlXD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AehlK4CSk821DyGg7EAOuPf4vavypHlkKYKB-Mpk0CAZHuiHrUUuajVr16TAZFusJInhoJQHTvjje9tlnv2rh454WtrpBSHfdlXD&google_hm=NTk1OTIzNTU5Mjk2ODA4MzkxOQ%3D%3D

Request Chain 281

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEDXTeXnogvpbf_B41ZWIIQU&google_cver=1&google_push=AehlK4BT-hIJ2g_CsaioBp83jeWewpXMGmpy1jEqc57J3VxASQUqR79Amh45rVOU7wkP8p8eTMQiUwEXtn0tDAAxRwV7jIYwMyju HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4BT-hIJ2g_CsaioBp83jeWewpXMGmpy1jEqc57J3VxASQUqR79Amh45rVOU7wkP8p8eTMQiUwEXtn0tDAAxRwV7jIYwMyju

Request Chain 282

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEOw4VduihU1he43FB1_U2Dk&google_cver=1&google_push=AehlK4BMczuw6zWzsMqRHTvK6PcuBo_GattB3ydUt7kuscNfPUAhwDPQ6B6lnrkAdQOnVJ4cKQj7S_U9dj6_P-xx6X5AcMRct2qs HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-011e4435-c231-4be7-ba4d-8e77d15584eb-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAehlK4BMczuw6zWzsMqRHTvK6PcuBo_GattB3ydUt7kuscNfPUAhwDPQ6B6lnrkAdQOnVJ4cKQj7S_U9dj6_P-xx6X5AcMRct2qs%26google_hm%3DAwEeRDXCMUvnuk2Od9FVhOs HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AehlK4BMczuw6zWzsMqRHTvK6PcuBo_GattB3ydUt7kuscNfPUAhwDPQ6B6lnrkAdQOnVJ4cKQj7S_U9dj6_P-xx6X5AcMRct2qs&google_hm=AwEeRDXCMUvnuk2Od9FVhOs

Request Chain 283

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEOboEjiOzDomB53zHSp3_XM&google_cver=1&google_push=AehlK4BQohAsYYgS-xKkjnAXt2PI7kaWMA6Ylk5WKwVP-RyNkLonSSywthfs0zT5wS13YeeEIUGKXTbkvAMSID-jZPnc2OVGRkBMwQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1EZ3B4VTNsRTJ1RVZuejh3QmU5d0FocWlyN09SN3dqQ35B&google_push=AehlK4BQohAsYYgS-xKkjnAXt2PI7kaWMA6Ylk5WKwVP-RyNkLonSSywthfs0zT5wS13YeeEIUGKXTbkvAMSID-jZPnc2OVGRkBMwQ

Request Chain 284

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEDXTeXnogvpbf_B41ZWIIQU&google_cver=1&google_push=AehlK4DZIzSewiwZNlb2GTnv1HrP7KhNB_kV0BSYI0ykReak8Ryyx3_0SQ4OVtscK3nbfNr0lpgmOvY2wzAsNC8aC2ZmNAdf9LM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4DZIzSewiwZNlb2GTnv1HrP7KhNB_kV0BSYI0ykReak8Ryyx3_0SQ4OVtscK3nbfNr0lpgmOvY2wzAsNC8aC2ZmNAdf9LM HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 302

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=AABC1130FF664D4B8EFCD0DBEBC99B85&RedC=c.clarity.ms&MXFR=19A6A3D55E6B631900CFB23D5A6B6D10 HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=AABC1130FF664D4B8EFCD0DBEBC99B85&MUID=0B3342234B7462BD042653CB4AFF6396

Request Chain 313

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-L-tLyHUSS0Q0WPzBJhtcI9Gff5mtuE_jVY0jbg&google_cm&google_hm=ay1MLXRMeUhVU1MwUTBXUHpCSmh0Y0k5R2ZmNW10dUVfalZZMGpiZw HTTP 302
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-L-tLyHUSS0Q0WPzBJhtcI9Gff5mtuE_jVY0jbg&google_gid=CAESEHoefX1_0RZJ8tg11z-_QCI&google_cver=1&google_ula=913071,0

Request Chain 314

https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID HTTP 302
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7210014654759958532

Request Chain 315

https://ih.adscale.de/adscale-ih/tpui?tpid=40&tpuid=k-Ev3POnUSS0Q0WPzBJhtcI9Gff5mYrYFWspgQqQ&cburl=https%3A%2F%2Fcotads.adscale.de%2Fads%2Fpixel%2F1by1.png%3Fuid%3D__ADSCALE_USER_ID__ HTTP 302
https://ih.adscale.de/adscale-ih/tpui?tpid=40&tpuid=k-Ev3POnUSS0Q0WPzBJhtcI9Gff5mYrYFWspgQqQ&cburl=https%3A%2F%2Fcotads.adscale.de%2Fads%2Fpixel%2F1by1.png%3Fuid%3D__ADSCALE_USER_ID__&nut&uu=f42103f3768f46bdbcbf1082f85cc211 HTTP 307
https://cotads.adscale.de/ads/pixel/1by1.png?uid=f47ae3aa00617e57cfc7fab3e17333f6172b8bd76c67538452c1a51b77260427

Request Chain 319

https://gum.criteo.com/sync?c=6&r=1&k=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397596.gif%3Fpartner_uid%3D%40USERID%40 HTTP 302
https://idsync.rlcdn.com/397596.gif?partner_uid=qYtA1T_YuF3t1n6vn8AxqXE2leMz1I1i

Request Chain 333

https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-iORXl3USS0Q0WPzBJhtcI9Gff5kmxXMas6Rm9g HTTP 303
https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-iORXl3USS0Q0WPzBJhtcI9Gff5kmxXMas6Rm9g&_li_chk=true&previous_uuid=d102883645e14ee9b8ab650733fcfa5f HTTP 303
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-iORXl3USS0Q0WPzBJhtcI9Gff5kmxXMas6Rm9g

Request Chain 335

https://sync.aralego.com/idSync/?ucf_nid=dsp-833DD22BEB97673FB4E8B8DBB882B99&ucf_user_id=k-aOB98XUSS0Q0WPzBJhtcI9Gff5lWH7KOEFfiOQ HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=

Request Chain 346

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40 HTTP 302
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=QkS_R4-8f6RfzKJr_Z5j-VeIm2POv68t HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=QkS_R4-8f6RfzKJr_Z5j-VeIm2POv68t

Request Chain 390

https://gum.criteo.com/sync?c=9&r=1&a=1&u=https%3A%2F%2Faa.agkn.com%2Fadscores%2Fg.pixel%3Fsid%3D9212273938%26ct%3D%40USERID%40 HTTP 302
https://aa.agkn.com/adscores/g.pixel?sid=9212273938&ct=R99mzghVhF79U6bmi8S28Ccw02eEfoHJ

Request Chain 391

https://gum.criteo.com/sync?c=10&r=1&u=https%3A%2F%2Fs.thebrighttag.com%2Fcs%3Fbtt%3D0%26tp%3Dcr%26uid%3D%40USERID%40 HTTP 302
https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=68MkDkzz6hNO7NzO8VdXnDGl-v_AnuyY

386 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/
llinks.io/
Redirect Chain

https://www.posthau.com.br/
https://llinks.io/?fmFhB1k

822 B
1023 B

466ms
324ms

Document
text/html

2606:4700:3030::6815:2f56
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://llinks.io/?fmFhB1k

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::6815:2f56 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 72e032ce79cd9223-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 21 Jul 2022 01:35:11 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bb3HeetIkwA47F4Iake5HFpdpNr2LqjGAEP%2Bn9IPRzzEx5pVNkqRXy5HjCbMHMPqEx5GwhJ11l9tUuL4KjHh1%2Btx%2B1WOa261%2B4Xg3OvBlBjJNbnb0NKqFzC51LhFoQkbpRyCgVsdY1M%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-robots-tag: none, noindex, nofollow
x-turbo-charged-by: LiteSpeed

Redirect headers

content-length: 234
content-type: text/html; charset=iso-8859-1
date: Thu, 21 Jul 2022 01:35:10 GMT
location: https://llinks.io/?fmFhB1k
server: Apache

GET
H/1.1

200
OK

Primary Request / Show response
www.posthaus.com.br/
Redirect Chain

https://llinks.io/?fmFhB1k&forwardA=true
https://www.awin1.com/cread.php?awinmid=17634&awinaffid=691863&ued=https%3A%2F%2Fwww.posthaus.com.br%2F
https://www.zenaps.com/rclick.php?mid=17634&c_len=2592000&c_ts=1658367311&c_cnt=691863%7C0%7C0%7C1658367311%7C%7Caw%7C0&ir=5cb46930-0895-11ed-b9b9-223765e4ceee&pr=https%3A%2F%2Fwww.posthaus.com.br%...
https://www.posthaus.com.br/?awc=17634_1658367311_72c6c5e2dee14a76c6c80354341f6145&lnk=1458_0_0_0&ordprd=6&utm_source=ZANOX&utm_medium=AFILIADOSEXTERNOS&utm_campaign=LINKTEXTO&mkt=ZANOX054&utm_term...

108 KB
41 KB

1908ms
361ms

Document
text/html

200.193.43.110
V tal

General

Check archive.org

Show headers Download Go to

Full URL

https://www.posthaus.com.br/?awc=17634_1658367311_72c6c5e2dee14a76c6c80354341f6145&lnk=1458_0_0_0&ordprd=6&utm_source=ZANOX&utm_medium=AFILIADOSEXTERNOS&utm_campaign=LINKTEXTO&mkt=ZANOX054&utm_term=http%3A%2F%2Fdecoracao.com+

Requested by

Host: llinks.io
URL: https://llinks.io/?fmFhB1k

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

200.193.43.110 Itajaí, Brazil, ASN8167 (V tal, BR),

Reverse DNS

Software

Resource Hash

8a3017b20f09a8a286af5bce20a4f1744625096be5eff4c6c1ea32f596c5b871

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: null
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
Age: 0
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
DBR-Company: posthaus
DBR-Device: desktop-6
DBR-REFER: 0
DBR-USER: mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/537.36 (khtml, like gecko) chrome/103.0.5060.134 safari/537.36
Date: Thu, 21 Jul 2022 01:35:13 GMT
Dbr-Company: posthaus
Dbr-Device: desktop
Dbr-Orquestrador: true
Etag: W/"1b1c9-Qh+3HcWslYbrM6l+xy2cuNWlepQ"
Strict-Transport-Security: max-age=15552000; includeSubDomains
Transfer-Encoding: chunked
Vary: Accept-Encoding
Via: AX-CACHE-4.1:110
X-Content-Type-Options: nosniff
X-Dns-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block

Redirect headers

Allow: GET
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 0
Date: Thu, 21 Jul 2022 01:35:11 GMT
Location: https://www.posthaus.com.br?awc=17634_1658367311_72c6c5e2dee14a76c6c80354341f6145&lnk=1458_0_0_0&ordprd=6&utm_source=ZANOX&utm_medium=AFILIADOSEXTERNOS&utm_campaign=LINKTEXTO&mkt=ZANOX054&utm_term=http%3A%2F%2Fdecoracao.com+
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Strict-Transport-Security: max-age=86400

GET
H2 200 css
fonts.googleapis.com/ 11 KB
1 KB 43ms
16ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700&display=swap

Requested by

Host: www.posthaus.com.br
URL: https://www.posthaus.com.br/?awc=17634_1658367311_72c6c5e2dee14a76c6c80354341f6145&lnk=1458_0_0_0&ordprd=6&utm_source=ZANOX&utm_medium=AFILIADOSEXTERNOS&utm_campaign=LINKTEXTO&mkt=ZANOX054&utm_term=http%3A%2F%2Fdecoracao.com+

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

384e668a765ad88ee27d4937f0baeef54171ac9ec18791e839640ebb6bc29fc0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 21 Jul 2022 00:19:07 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 21 Jul 2022 01:35:13 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 21 Jul 2022 01:35:13 GMT

GET
H/1.1 200
OK vendors~app.css
www.posthaus.com.br/ 37 KB
8 KB 245ms
244ms Stylesheet
text/css 200.193.43.110
V tal

General

Check archive.org

Show headers Download Go to

Full URL

https://www.posthaus.com.br/vendors~app.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

200.193.43.110 Itajaí, Brazil, ASN8167 (V tal, BR),

Reverse DNS

Software

Resource Hash

b9fc8970b43979f1fb6a303fb3aa85d6c17119f74ff25aa3c4290f9030f3f7f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/?awc=17634_1658367311_72c6c5e2dee14a76c6c80354341f6145&lnk=1458_0_0_0&ordprd=6&utm_source=ZANOX&utm_medium=AFILIADOSEXTERNOS&utm_campaign=LINKTEXTO&mkt=ZANOX054&utm_term=http%3A%2F%2Fdecoracao.com+
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Thu, 21 Jul 2022 01:26:25 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 528
Dbr-Orquestrador: true
X-Dns-Prefetch-Control: off
Dbr-Company: posthaus, posthaus
Vary: Accept-Encoding
X-Xss-Protection: 1; mode=block
DBR-REFER: https://www.posthaus.com.br/minha-conta/login?error_code=1349126&error_message=aplicativo+n%c3%a3o+configurado%3a+este+aplicativo+ainda+est%c3%a1+em+modo+de+desenvolvimento%2c+e+voc%c3%aa+n%c3%a3o+tem+acesso+a+ele.+mude+para+um+usu%c3%a1rio+de+teste+registrado+ou+pe%c3%a7a+permiss%c3%a3o+a+um+administrador+do+aplicativo.
Access-Control-Allow-Origin: *
Dbr-Device: desktop, desktop-6
Last-Modified: Tue, 12 Jul 2022 09:20:53 GMT
X-Frame-Options: SAMEORIGIN
Etag: W/"9211-181f1b61d08"
DBR-USER: mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/537.36 (khtml, like gecko) chrome/103.0.0.0 safari/537.36
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
Content-Type: text/css; charset=UTF-8
Via: AX-CACHE-4.1:110
Cache-Control: public, max-age=1800
Transfer-Encoding: chunked
Accept-Ranges: bytes

GET
H/1.1 200
OK app.7dff4ca166e527c49334.bundle.js Show response
www.posthaus.com.br/ 626 KB
159 KB 507ms
262ms Script
application/javascript 200.193.43.110
V tal

General

Check archive.org

Show headers Download Go to

Full URL

https://www.posthaus.com.br/app.7dff4ca166e527c49334.bundle.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

200.193.43.110 Itajaí, Brazil, ASN8167 (V tal, BR),

Reverse DNS

Software

Resource Hash

8dce2ad1bc86b12d256760b5360f5cf0b3be1a9b4c11e509db17e56e36e96a3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/?awc=17634_1658367311_72c6c5e2dee14a76c6c80354341f6145&lnk=1458_0_0_0&ordprd=6&utm_source=ZANOX&utm_medium=AFILIADOSEXTERNOS&utm_campaign=LINKTEXTO&mkt=ZANOX054&utm_term=http%3A%2F%2Fdecoracao.com+
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Thu, 21 Jul 2022 01:35:14 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Dbr-Orquestrador: true
X-Dns-Prefetch-Control: off
Dbr-Company: posthaus, posthaus
Vary: Accept-Encoding
X-Xss-Protection: 1; mode=block
DBR-REFER: https://www.posthaus.com.br/?awc=17634_1658367311_72c6c5e2dee14a76c6c80354341f6145&lnk=1458_0_0_0&ordprd=6&utm_source=zanox&utm_medium=afiliadosexternos&utm_campaign=linktexto&mkt=zanox054&utm_term=http%3a%2f%2fdecoracao.com+
Dbr-Device: desktop, desktop-6
Last-Modified: Tue, 12 Jul 2022 09:20:53 GMT
X-Frame-Options: SAMEORIGIN
Etag: W/"9c6d3-181f1b61d08"
DBR-USER: mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/537.36 (khtml, like gecko) chrome/103.0.5060.134 safari/537.36
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
Transfer-Encoding: chunked
Accept-Ranges: bytes

GET
H/1.1 200
OK polyfills.8262a284b8650760d111.bundle.js Show response
www.posthaus.com.br/ 8 KB
4 KB 721ms
239ms Script
application/javascript 200.193.43.110
V tal

General

Check archive.org

Show headers Download Go to

Full URL

https://www.posthaus.com.br/polyfills.8262a284b8650760d111.bundle.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

200.193.43.110 Itajaí, Brazil, ASN8167 (V tal, BR),

Reverse DNS

Software

Resource Hash

c79c00fcb953a291f07f54a08f27fbcbdc0903921d25a0489deb7fafb15c1ca8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/?awc=17634_1658367311_72c6c5e2dee14a76c6c80354341f6145&lnk=1458_0_0_0&ordprd=6&utm_source=ZANOX&utm_medium=AFILIADOSEXTERNOS&utm_campaign=LINKTEXTO&mkt=ZANOX054&utm_term=http%3A%2F%2Fdecoracao.com+
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Thu, 21 Jul 2022 01:29:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 342
Dbr-Orquestrador: true
X-Dns-Prefetch-Control: off
Dbr-Company: posthaus, posthaus
Vary: Accept-Encoding
X-Xss-Protection: 1; mode=block
DBR-REFER: https://www.posthaus.com.br/alma-dolce/roupa-para-menina/biquini-busto-infantil-rosa-com-babado-na-frente_art322705
Access-Control-Allow-Origin: *
Dbr-Device: desktop, desktop-6
Last-Modified: Tue, 12 Jul 2022 09:20:53 GMT
X-Frame-Options: SAMEORIGIN
Etag: W/"1eae-181f1b61d08"
DBR-USER: mozilla/5.0 (windows nt 6.1; win64; x64) applewebkit/537.36 (khtml, like gecko) chrome/103.0.0.0 safari/537.36
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
Content-Type: application/javascript; charset=UTF-8
Via: AX-CACHE-4.1:110
Cache-Control: public, max-age=1800
Transfer-Encoding: chunked
Accept-Ranges: bytes

GET
H/1.1 200
OK vendors~app.b1684717124cfb9769fe.chunk.js Show response
www.posthaus.com.br/ 720 KB
220 KB 735ms
249ms Script
application/javascript 200.193.43.110
V tal

General

Check archive.org

Show headers Download Go to

Full URL

https://www.posthaus.com.br/vendors~app.b1684717124cfb9769fe.chunk.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

200.193.43.110 Itajaí, Brazil, ASN8167 (V tal, BR),

Reverse DNS

Software

Resource Hash

6fa9e0fdd6af717063711269cd9e673ba1367f7de6f28034443db521663d8ab1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/?awc=17634_1658367311_72c6c5e2dee14a76c6c80354341f6145&lnk=1458_0_0_0&ordprd=6&utm_source=ZANOX&utm_medium=AFILIADOSEXTERNOS&utm_campaign=LINKTEXTO&mkt=ZANOX054&utm_term=http%3A%2F%2Fdecoracao.com+
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Thu, 21 Jul 2022 01:26:25 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 529
Dbr-Orquestrador: true
X-Dns-Prefetch-Control: off
Dbr-Company: posthaus, posthaus
Vary: Accept-Encoding
X-Xss-Protection: 1; mode=block
DBR-REFER: https://www.posthaus.com.br/minha-conta/login?error_code=1349126&error_message=aplicativo+n%c3%a3o+configurado%3a+este+aplicativo+ainda+est%c3%a1+em+modo+de+desenvolvimento%2c+e+voc%c3%aa+n%c3%a3o+tem+acesso+a+ele.+mude+para+um+usu%c3%a1rio+de+teste+registrado+ou+pe%c3%a7a+permiss%c3%a3o+a+um+administrador+do+aplicativo.
Access-Control-Allow-Origin: *
Dbr-Device: desktop, desktop-6
Last-Modified: Tue, 12 Jul 2022 09:20:53 GMT
X-Frame-Options: SAMEORIGIN
Etag: W/"b3e38-181f1b61d08"
DBR-USER: mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/537.36 (khtml, like gecko) chrome/103.0.0.0 safari/537.36
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
Content-Type: application/javascript; charset=UTF-8
Via: AX-CACHE-4.1:110
Cache-Control: public, max-age=1800
Transfer-Encoding: chunked
Accept-Ranges: bytes

GET
H/1.1 200
OK home.6d3e7184e4f3e73c5ea2.chunk.js Show response
www.posthaus.com.br/ 3 KB
2 KB 731ms
243ms Script
application/javascript 200.193.43.110
V tal

General

Check archive.org

Show headers Download Go to

Full URL

https://www.posthaus.com.br/home.6d3e7184e4f3e73c5ea2.chunk.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

200.193.43.110 Itajaí, Brazil, ASN8167 (V tal, BR),

Reverse DNS

Software

Resource Hash

6417c067a40c567f32b344102f6b076f4559ecdf5a796726474e06c2f044ca67

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/?awc=17634_1658367311_72c6c5e2dee14a76c6c80354341f6145&lnk=1458_0_0_0&ordprd=6&utm_source=ZANOX&utm_medium=AFILIADOSEXTERNOS&utm_campaign=LINKTEXTO&mkt=ZANOX054&utm_term=http%3A%2F%2Fdecoracao.com+
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Thu, 21 Jul 2022 01:31:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 241
Dbr-Orquestrador: true
X-Dns-Prefetch-Control: off
Dbr-Company: posthaus, posthaus
Vary: Accept-Encoding
X-Xss-Protection: 1; mode=block
DBR-REFER: https://www.posthaus.com.br/moda-feminina/vestido-soltinho-paisley_art319202?sku=319202-gg&mkt=wgpshopmaxtopvendas&utm_source=google&utm_medium=shopping&utm_campaign=wgpshopmaxtopvendas&gclid=cj0kcqjwz96wbhc8arisaatr253niy2nmqpsybdvcymh54tmt2isux2xxg5nmamcvdejcfne7bhv6qwaahi8ealw_wcb
Access-Control-Allow-Origin: *
Dbr-Device: desktop, desktop-6
Last-Modified: Tue, 12 Jul 2022 09:20:53 GMT
X-Frame-Options: SAMEORIGIN
Etag: W/"d89-181f1b61d08"
DBR-USER: mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/537.36 (khtml, like gecko) chrome/103.0.0.0 safari/537.36
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
Content-Type: application/javascript; charset=UTF-8
Via: AX-CACHE-4.1:110
Cache-Control: public, max-age=1800
Transfer-Encoding: chunked
Accept-Ranges: bytes

GET
H/1.1 200
OK desk-home.84ae1503fa27bd7b328c.chunk.js Show response
www.posthaus.com.br/ 8 KB
3 KB 769ms
256ms Script
application/javascript 200.193.43.110
V tal

General

Check archive.org

Show headers Download Go to

Full URL

https://www.posthaus.com.br/desk-home.84ae1503fa27bd7b328c.chunk.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

200.193.43.110 Itajaí, Brazil, ASN8167 (V tal, BR),

Reverse DNS

Software

Resource Hash

2e989e305590b3de2dc79b3ba4f24e7f90f9c5031e5d39e2f143c50608fd9ffb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/?awc=17634_1658367311_72c6c5e2dee14a76c6c80354341f6145&lnk=1458_0_0_0&ordprd=6&utm_source=ZANOX&utm_medium=AFILIADOSEXTERNOS&utm_campaign=LINKTEXTO&mkt=ZANOX054&utm_term=http%3A%2F%2Fdecoracao.com+
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Thu, 21 Jul 2022 01:26:26 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 528
Dbr-Orquestrador: true
X-Dns-Prefetch-Control: off
Dbr-Company: posthaus, posthaus
Vary: Accept-Encoding
X-Xss-Protection: 1; mode=block
DBR-REFER: https://www.posthaus.com.br/
Access-Control-Allow-Origin: *
Dbr-Device: desktop, desktop-6
Last-Modified: Tue, 12 Jul 2022 09:20:53 GMT
X-Frame-Options: SAMEORIGIN
Etag: W/"1e56-181f1b61d08"
DBR-USER: mozilla/5.0 (windows nt 10.0; win64; x64; rv:102.0) gecko/20100101 firefox/102.0
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
Content-Type: application/javascript; charset=UTF-8
Via: AX-CACHE-4.1:110
Cache-Control: public, max-age=1800
Transfer-Encoding: chunked
Accept-Ranges: bytes

GET
H2 200 ic-navbar-logo.svg
ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/store/posthaus/ 7 KB
3 KB 2684ms
32ms Image
image/svg+xml 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/store/posthaus/ic-navbar-logo.svg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

69740dde1b2dcafc780b3b79e4f41ac98d5aeb282cda3f68d961aded4d0d2eb2

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 27 Dec 2018 19:29:01 GMT
age: 0
servidor: orq-cdn
vary: Accept-Encoding, Origin, Accept-Encoding
x-cache: MISS
content-type: image/svg+xml
cache-control: max-age=86400
content-security-policy: block-all-mixed-content
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-request-id: 1703A9592E30DC09
x-xss-protection: 1; mode=block
expires: Fri, 22 Jul 2022 01:35:17 GMT

GET
H2 200 ic-mastercard.png
ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/icons/ 853 B
1 KB 2685ms
33ms Image
image/png 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/icons/ic-mastercard.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

31dfb7610d826d312c1720e980234de2269bedb09591f134f87ab8d6840ccb6c

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:17 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 0
x-cache: MISS
content-length: 853
vary: Origin, Accept-Encoding
x-amz-request-id: 16E9DB09534EC2D3
x-xss-protection: 1; mode=block
last-modified: Mon, 07 Dec 2020 19:48:59 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
cache-control: max-age=86400
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Fri, 22 Jul 2022 01:35:17 GMT

GET
H2 200 ic-visa.png
ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/icons/ 629 B
1 KB 2685ms
34ms Image
image/png 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/icons/ic-visa.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

fe8237cfa6bab4b205320dc57775dc118244de737cf5b08047359195f5a07f55

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:17 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 0
x-cache: MISS
content-length: 629
vary: Origin, Accept-Encoding
x-amz-request-id: 16E9DB09538411DE
x-xss-protection: 1; mode=block
last-modified: Mon, 07 Dec 2020 19:49:00 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
cache-control: max-age=86400
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Fri, 22 Jul 2022 01:35:17 GMT

GET
H2 200 ic-amex.png
ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/icons/ 534 B
957 B 2684ms
33ms Image
image/png 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/icons/ic-amex.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

1bb39f2e41475075c585cf8a90bb256c35177f80036af0267f3a5d35385df576

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:17 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 0
x-cache: MISS
content-length: 534
vary: Origin, Accept-Encoding
x-amz-request-id: 16EE277304FDC0A0
x-xss-protection: 1; mode=block
last-modified: Mon, 07 Dec 2020 19:48:54 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
cache-control: max-age=86400
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Fri, 22 Jul 2022 01:35:17 GMT

GET
H2 200 ic-caixa.png
ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/icons/ 876 B
1 KB 2686ms
34ms Image
image/png 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/icons/ic-caixa.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

399c127003488f2737c0e966d2a6cabf25ec632a7e94bb087d4f2df67566d4c7

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:17 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 0
x-cache: MISS
content-length: 876
vary: Origin, Accept-Encoding
x-amz-request-id: 16E9DB098236DEA2
x-xss-protection: 1; mode=block
last-modified: Mon, 07 Dec 2020 19:48:55 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
cache-control: max-age=86400
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Fri, 22 Jul 2022 01:35:17 GMT

GET
H2 200 ic-hipercard.png
ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/icons/ 771 B
1 KB 2684ms
33ms Image
image/png 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/icons/ic-hipercard.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

e444e8744871fda2c920b0526bd9eaee33660153dbe548cd5df4055d970b8d78

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:17 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 0
x-cache: MISS
content-length: 771
vary: Origin, Accept-Encoding
x-amz-request-id: 16E9DB097A940FCA
x-xss-protection: 1; mode=block
last-modified: Wed, 25 Jul 2018 19:05:44 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
cache-control: max-age=86400
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Fri, 22 Jul 2022 01:35:17 GMT

GET
H2 200 ic-elo.png
ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/icons/ 781 B
1 KB 15ms
13ms Image
image/png 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/icons/ic-elo.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

fe145141adf7a295eb02f9ea18fdeb289330ce47fb5837927272ac21b6da4bbc

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:17 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 0
x-cache: MISS
content-length: 781
vary: Origin, Accept-Encoding
x-amz-request-id: 16E9E5874518C292
x-xss-protection: 1; mode=block
last-modified: Mon, 07 Dec 2020 19:48:56 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
cache-control: max-age=86400
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Fri, 22 Jul 2022 01:35:17 GMT

GET
H2 200 ic-discover.png
ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/icons/ 762 B
1 KB 15ms
13ms Image
image/png 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/icons/ic-discover.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

37756fc4581c844e472ce599eb9ef847b6a668fadfaef9599b7ea9afceb54f46

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:17 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 0
x-cache: MISS
content-length: 762
vary: Origin, Accept-Encoding
x-amz-request-id: 16E9DB097E01291A
x-xss-protection: 1; mode=block
last-modified: Mon, 07 Dec 2020 19:48:55 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
cache-control: max-age=86400
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Fri, 22 Jul 2022 01:35:17 GMT

GET
H2 200 img-reclame-aqui.png
ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/store/posthaus/ 1 KB
2 KB 15ms
14ms Image
image/png 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/store/posthaus/img-reclame-aqui.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

7e140f35e7c47baaf574e9321f534de355df62e958841f1900fe62e8cab897ec

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:17 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 0
x-cache: MISS
content-length: 1152
vary: Origin, Accept-Encoding
x-amz-request-id: 16E9E09BCAA8C08D
x-xss-protection: 1; mode=block
last-modified: Mon, 07 Dec 2020 19:49:01 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
cache-control: max-age=86400
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Fri, 22 Jul 2022 01:35:17 GMT

GET
H2 200 img-ebit.png
ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/store/posthaus/ 1 KB
2 KB 16ms
14ms Image
image/png 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/store/posthaus/img-ebit.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

7b5702e19970ce41380ca449d54519f428482977c78275255e909046ae97c445

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:17 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 0
x-cache: MISS
content-length: 1139
vary: Origin, Accept-Encoding
x-amz-request-id: 16EC0700945DA49F
x-xss-protection: 1; mode=block
last-modified: Mon, 07 Dec 2020 19:49:00 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
cache-control: max-age=86400
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Fri, 22 Jul 2022 01:35:17 GMT

GET
H2 200 img-go-daddy.jpg
ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/store/posthaus/ 3 KB
3 KB 16ms
15ms Image
image/jpeg 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/store/posthaus/img-go-daddy.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

8e77aa0c8ce495b82e8c0cdb2da40716a5c84ab66a1ecf2e2b1adce2341da931

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:17 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 0
x-cache: MISS
content-length: 3014
vary: Origin, Accept-Encoding
x-amz-request-id: 16E9E09BD2E266B9
x-xss-protection: 1; mode=block
last-modified: Tue, 26 May 2020 14:25:14 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
cache-control: max-age=86400
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Fri, 22 Jul 2022 01:35:17 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v29/ 44 KB
44 KB 29ms
7ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v29/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a658b2be7323c57d4bd5c4197b657e1f5360d1b950131dc377efec1d5111ffd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.posthaus.com.br
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Mon, 18 Jul 2022 23:10:25 GMT
x-content-type-options: nosniff
age: 181489
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44800
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:25:14 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 18 Jul 2023 23:10:25 GMT

GET
H/1.1 200
OK fontawesome-webfont.woff2
www.posthaus.com.br/assets/fonts/ 75 KB
76 KB 257ms
257ms Font
font/woff2 200.193.43.110
V tal

General

Check archive.org

Show headers Download Go to

Full URL

https://www.posthaus.com.br/assets/fonts/fontawesome-webfont.woff2

Requested by

Host: www.posthaus.com.br
URL: https://www.posthaus.com.br/vendors~app.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

200.193.43.110 Itajaí, Brazil, ASN8167 (V tal, BR),

Reverse DNS

Software

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.posthaus.com.br/vendors~app.css
Origin: https://www.posthaus.com.br
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Thu, 21 Jul 2022 01:35:05 GMT
DBR-USER: mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/537.36 (khtml, like gecko) chrome/102.0.5005.115 safari/537.36 opr/88.0.4412.85
X-Content-Type-Options: nosniff
Age: 9
Dbr-Orquestrador: true
X-Dns-Prefetch-Control: off
Dbr-Company: posthaus, posthaus
Content-Length: 77160
X-Xss-Protection: 1; mode=block
DBR-REFER: https://www.posthaus.com.br/vendors~app.css?__wb_revision__=4650b46c687c03ccdc66
Access-Control-Allow-Origin: *
Dbr-Device: desktop, desktop-6
Last-Modified: Tue, 12 Jul 2022 09:20:53 GMT
X-Frame-Options: SAMEORIGIN
Etag: W/"12d68-181f1b61d08"
X-Download-Options: noopen
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Type: font/woff2
Via: AX-CACHE-4.1:110
Cache-Control: public, max-age=1800
Accept-Ranges: bytes

GET
H2 200 ic-facebook.png
ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/icons/ 197 B
621 B 17ms
15ms Image
image/png 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/icons/ic-facebook.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

42163a7c55b8f00f4276c06c1b47118dff268c8027b9b436efe5be5fbdd30cbe

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:17 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 0
x-cache: MISS
content-length: 197
vary: Origin, Accept-Encoding
x-amz-request-id: 16EBFE277EA49501
x-xss-protection: 1; mode=block
last-modified: Mon, 07 Dec 2020 19:48:56 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
cache-control: max-age=86400
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Fri, 22 Jul 2022 01:35:17 GMT

GET
H2 200 ic-instagram.png
ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/icons/ 3 KB
4 KB 17ms
16ms Image
image/png 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/icons/ic-instagram.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

ec2-52-67-205-162.sa-east-1.compute.amazonaws.com

Software

Resource Hash

1df1bedfc6649bf041238e418e2b67864dfa1905e57e6ff05a60381726413940

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:17 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 0
x-cache: MISS
content-length: 3231
vary: Origin, Accept-Encoding
x-amz-request-id: 16EBFE2774F266A4
x-xss-protection: 1; mode=block
last-modified: Mon, 07 Dec 2020 19:48:58 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
cache-control: max-age=86400
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Fri, 22 Jul 2022 01:35:17 GMT

GET
DATA 200
OK truncated
/ 16 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 24333fd1c10e2127184a4a8fa0552b3341720b3289c15dbfe0146fe8b4a29892

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 17 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3739254e267a5f9d7f1a73e7fcc4beb47c2eca194e3334519a078d9ba96f211d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 29ms
7ms Script
text/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.posthaus.com.br
URL: https://www.posthaus.com.br/vendors~app.b1684717124cfb9769fe.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 1996
date: Thu, 21 Jul 2022 01:02:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 21 Jul 2022 03:02:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 331 KB
96 KB 63ms
41ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-T4KNHML&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Requested by

Host: llinks.io
URL: https://llinks.io/?fmFhB1k

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7b712aa4be002b66791ec62ac95e9d86707176856052d38203276aa718244c01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:16 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 97930
x-xss-protection: 0
last-modified: Thu, 21 Jul 2022 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 21 Jul 2022 01:35:16 GMT

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 32ms
14ms Script
application/javascript 2606:4700::6812:e134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by: Host: www.posthaus.com.br
URL: https://www.posthaus.com.br/app.7dff4ca166e527c49334.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5df9eee36a61ef8f89d39c04ff402ded30aa9c627b6ef2134f55fa0e8b537153

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

cf-ray: 72e032ef9eb9bbd1-FRA
date: Thu, 21 Jul 2022 01:35:16 GMT
via: 1.1 google
cf-cache-status: HIT
server: cloudflare
age: 2371
etag: W/"a393ad4e03deeab316f7121a80708ce6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sun, 24 Jul 2022 01:35:16 GMT

GET
H/1.1 200
OK default~desk-home~home.f0e8605394094400b3b2.chunk.js Show response
www.posthaus.com.br/ 17 KB
7 KB 251ms
251ms Script
application/javascript 200.193.43.110
V tal

General

Check archive.org

Show headers Download Go to

Full URL

https://www.posthaus.com.br/default~desk-home~home.f0e8605394094400b3b2.chunk.js

Requested by

Host: www.posthaus.com.br
URL: https://www.posthaus.com.br/app.7dff4ca166e527c49334.bundle.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

200.193.43.110 Itajaí, Brazil, ASN8167 (V tal, BR),

Reverse DNS

Software

Resource Hash

2845c9f2b87964c3fed767ba9d7faeffc445405541637975fd4830e828825839

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/?awc=17634_1658367311_72c6c5e2dee14a76c6c80354341f6145&lnk=1458_0_0_0&ordprd=6&utm_source=ZANOX&utm_medium=AFILIADOSEXTERNOS&utm_campaign=LINKTEXTO&mkt=ZANOX054&utm_term=http%3A%2F%2Fdecoracao.com+
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Thu, 21 Jul 2022 01:29:24 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 353
Dbr-Orquestrador: true
X-Dns-Prefetch-Control: off
Dbr-Company: posthaus, posthaus
Vary: Accept-Encoding
X-Xss-Protection: 1; mode=block
DBR-REFER: https://www.posthaus.com.br/?mkt=wbp01022015prmarcas&utm_source=bing&utm_medium=search&utm_campaign=marcaposthaus&msclkid=9ca1781b7dab15310d631ac3d647094f
Access-Control-Allow-Origin: *
Dbr-Device: desktop, desktop-6
Last-Modified: Tue, 12 Jul 2022 09:20:53 GMT
X-Frame-Options: SAMEORIGIN
Etag: W/"42fd-181f1b61d08"
DBR-USER: mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/537.36 (khtml, like gecko) chrome/98.0.4758.80 safari/537.36 edg/98.0.1108.43
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
Content-Type: application/javascript; charset=UTF-8
Via: AX-CACHE-4.1:110
Cache-Control: public, max-age=1800
Transfer-Encoding: chunked
Accept-Ranges: bytes

GET
H3 200 OneSignalPageSDKES6.js Show response
cdn.onesignal.com/sdks/ 283 KB
68 KB 31ms
20ms Script
application/javascript 2606:4700::6812:e134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151513
Requested by: Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7512bf3b9ec62642bc0800d0ca3c5b8b37a1384814cc7a29d31f6823740fd403

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

cf-ray: 72e032effe5d90d6-FRA
date: Thu, 21 Jul 2022 01:35:16 GMT
via: 1.1 google
cf-cache-status: HIT
server: cloudflare
age: 1459
etag: W/"0e269028feac530d16f00d8dad8ece74"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sun, 24 Jul 2022 01:35:16 GMT

GET
H3 200 ecommerce.js Show response
www.google-analytics.com/plugins/ua/ 1 KB
763 B 27ms
10ms Script
text/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ecommerce.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:02:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1957
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 21 Jul 2022 02:02:39 GMT

GET
H3 200 js Show response
www.google-analytics.com/gtm/ 124 KB
45 KB 41ms
30ms Script
application/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-5XLVWG6&cid=2085958768.1658367316

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0f72abd0c24da902c90790e5d72ce41bd80c6c08a55c49f8d6c2731f0b9c0609

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:16 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46252
x-xss-protection: 0
expires: Thu, 21 Jul 2022 01:35:16 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 198 KB
71 KB 44ms
25ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-YMVGMTMSHW&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T4KNHML&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2deb1d7bde7d257a4656df2beb63c66cb684cfe574c29df972a99a614104d0d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:16 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 72322
x-xss-protection: 0
expires: Thu, 21 Jul 2022 01:35:16 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 29ms
8ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: llinks.io
URL: https://llinks.io/?fmFhB1k

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6e164ad4aa1f1905c44c2e4e57088f313738d18320a99a7e6a984b862523d96d

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26001
x-xss-protection: 0
pragma: public
x-fb-debug: tZjIVNBvElV73vPhTIi+8/er0EAggHM0p2svMWcwU6gDURW7PfISEDOg9sXR0Mlc3AvoS/F/Bnelj1poNRlS4w==
x-fb-trip-id: 2050670934
x-frame-options: DENY
date: Thu, 21 Jul 2022 01:35:16 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK tag.js Show response
cdn.pmweb.com.br/df/ 17 KB
7 KB 960ms
227ms Script
application/javascript 52.67.205.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.pmweb.com.br/df/tag.js?id=PM-NW3T6C

Requested by

Host: llinks.io
URL: https://llinks.io/?fmFhB1k

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.67.205.162 São Paulo, Brazil, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

25b97e29877447c9874d494a7af4c9d102f196c0bc26dce57efc733a353ad627

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Thu, 21 Jul 2022 01:35:17 GMT
Content-Encoding: gzip
Last-Modified: Fri, 15 Jul 2022 20:55:25 GMT
Server: nginx
ETag: W/"62d1d43d-4372"
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript
Cache-Control: max-age=300
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Content-Length: 6830
Expires: Thu, 21 Jul 2022 01:40:17 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 40 KB
15 KB 55ms
17ms Script
text/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T4KNHML&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

b3b810fd46e7aad5b789896519011ab5366b39dbb19a5663c53525f756e89bfb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15160
x-xss-protection: 0
server: cafe
etag: 9823212955285023900
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 21 Jul 2022 01:35:16 GMT

GET
H2

200

tags Show response
us.creativecdn.com/ Frame EB3C
Redirect Chain

https://us.creativecdn.com/tags?type=iframe&id=pr_hhX6cMuePreWPuw9xLe2&ncm=1&id=pr_hhX6cMuePreWPuw9xLe2_lid_lZ5WO4gTGjkmOhNolOph&su=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c...
https://us.creativecdn.com/tags?type=iframe&id=pr_hhX6cMuePreWPuw9xLe2&ncm=1&id=pr_hhX6cMuePreWPuw9xLe2_lid_lZ5WO4gTGjkmOhNolOph&su=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c...

26 B
377 B

157ms
156ms

Document
text/html

185.184.10.30
RTB-HOUSE-ASH

General

Check archive.org

Show headers Download Go to

Full URL: https://us.creativecdn.com/tags?type=iframe&id=pr_hhX6cMuePreWPuw9xLe2&ncm=1&id=pr_hhX6cMuePreWPuw9xLe2_lid_lZ5WO4gTGjkmOhNolOph&su=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&sr=&ts=1658367316499&tc=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T4KNHML&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.10.30 , Poland, ASN203690 (RTB-HOUSE-ASH, PL),
Reverse DNS: ip-185-184-10-30.rtbhouse.net
Software: /
Resource Hash: f70b370debd085dd9e9fb6495c796cdccf41c44574cc185dbe124f3ea8237623

Request headers

Referer: about:blank
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-methods: GET, POST
access-control-allow-origin: *
access-control-max-age: 3600
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 26
content-type: text/html;charset=utf-8
date: Thu, 21 Jul 2022 01:35:17 GMT Thu, 21 Jul 2022 01:35:17 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
vary: Origin, Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-methods: GET, POST
access-control-allow-origin: *
access-control-max-age: 3600
content-length: 0
date: Thu, 21 Jul 2022 01:35:16 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://us.creativecdn.com/tags?type=iframe&id=pr_hhX6cMuePreWPuw9xLe2&ncm=1&id=pr_hhX6cMuePreWPuw9xLe2_lid_lZ5WO4gTGjkmOhNolOph&su=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&sr=&ts=1658367316499&tc=1
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
vary: Origin

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 309ms
14ms Script
application/javascript 199.232.188.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: llinks.io
URL: https://llinks.io/?fmFhB1k
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.188.157 Munich, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ae57d5e97bf1a0db8777b7531cd32cb09ee6f07bed183bb880469cc20f355086

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:16 GMT
content-encoding: gzip
last-modified: Tue, 19 Jul 2022 17:28:46 GMT
etag: "ca88912498e17137955859948f14e272+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 15196
x-served-by: cache-iad-kjyo7100023-IAD, cache-muc13932-MUC

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 489ms
452ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: llinks.io
URL: https://llinks.io/?fmFhB1k

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

0fcff9391b8f4560e9bc64c28dcd9101f66de7b93676ea8cc254980567f663db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Thu, 16 Jun 2022 18:22:08 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7C872D100CE84D87BC5F0665903BAFC0 Ref B: FRA31EDGE0210 Ref C: 2022-07-21T01:35:16Z
etag: "0c8eafcad81d81:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
date: Thu, 21 Jul 2022 01:35:16 GMT
accept-ranges: bytes
content-length: 11360

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 140 KB
40 KB 159ms
120ms Script
application/javascript 23.36.163.232
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C24Q4CFMU8Q03RAI27R0&lib=ttq
Requested by: Host: llinks.io
URL: https://llinks.io/?fmFhB1k
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.232 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-232.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 4469738774ec56d829889d18a602546702e46456ef0690bd67913ff6be046797

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-akamai-request-id: 15d34f40.87a2c5bc
date: Thu, 21 Jul 2022 01:35:16 GMT
content-encoding: gzip
x-cache-remote: TCP_MISS from a23-221-225-237.deploy.akamaitechnologies.com (AkamaiGHost/10.9.0-42538714) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-36-161-204.deploy.akamaitechnologies.com (AkamaiGHost/10.9.0-42538714) (-)
x-parent-response-time: 107,23.36.161.204
server-timing: cdn-cache; desc=MISS, edge; dur=82, origin; dur=25, inner; dur=3
pragma: no-cache
server: nginx
x-tt-logid: 20220721013516010004005006003001061C0252
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 26,23.221.225.237
x-tt-trace-host: 01071338e576d3120912a2d25762897a4e7a0d9fbb4ee826938dbe86eb33a4b2ecba689d52fbdd651db33fd6acf266f106139702479f85eae259fc11705b91f44daba5b84cc40d86ed65d6e906a70fbdee81353b0d789607d282a130b235dfeaf803a17db78b9d58493ae872dc8b816684
expires: Thu, 21 Jul 2022 01:35:16 GMT

GET
H2 200 core.js Show response
s.pinimg.com/ct/ 1 KB
1 KB 453ms
109ms Script
application/javascript 2a02:26f0:6c00:281::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/core.js
Requested by: Host: llinks.io
URL: https://llinks.io/?fmFhB1k
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:281::1931 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: f17de407562ed5814892a1b44c6e349761f067cf6f2360ebe2aef4f03a5bea4e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

akamai-x-true-ttl: 7200
x-cdn: akamai
etag: "c4a0eea377c5e0da574e46f4d6e838e5"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=7200
accept-ranges: bytes
content-length: 1142
access-control-expose-headers: X-CDN

GET
H2 200 md5.min.js Show response
cdnjs.cloudflare.com/ajax/libs/blueimp-md5/2.10.0/js/ 4 KB
2 KB 30ms
13ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/blueimp-md5/2.10.0/js/md5.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T4KNHML&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27d221be42096f476245524ecaef8d76d838d5189b16417c79a03ad23763b41f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:16 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1220184
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1339
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:06:35 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d8b-eb6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mMQNCXa88y0vR0Hn9vPmAr55wQbT1gWT%2BD2rDTBKkhVptZVilVIxiB2OUqLkjIuYTDOOO7KLOnGpk6G14Ztm24Exie6S1gZQ7oseCPKN2F9MUSpAc11tu8hr57%2BnW2B2WqhhJYlEWdSHoILnS3MGaoAO"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 72e032f1afda9113-FRA
expires: Tue, 11 Jul 2023 01:35:16 GMT

GET
H2 200 tagtag.min.js Show response
www.artfut.com/static/ 3 KB
2 KB 43ms
17ms Script
application/javascript 2606:4700:20::681a:6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.artfut.com/static/tagtag.min.js?campaign_code=d11d781f62

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T4KNHML&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:20::681a:6d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6b1300d909d9777dd97614dc1778aaa570ea95e65a9d63958c716f599b8f400

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:16 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1037
pragma: public
last-modified: Mon, 23 May 2022 09:16:36 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"628b50f4-d05"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1OYjIi%2B046dR9dpJ1nvOn%2BPkb%2B2XdLMS%2BuKy1F37fDpwQgJJazoe47jVtfAzPfspnKzmj9zcXL2BfejHgFWJwj6faMSSkNfrVVcqVYC5YnMuMuiSptZID9gPYNR12wXDFWwYv%2FTLvVMSNxAO"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1200, public
cf-ray: 72e032f1ed979091-FRA
expires: Thu, 21 Jul 2022 01:37:59 GMT

GET
H2 200 web Show response
onesignal.com/api/v1/sync/9f6a59f6-9ea0-4c28-84d2-17e2d38fe719/ 3 KB
2 KB 1708ms
1707ms Script
text/javascript 2606:4700::6812:e134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/sync/9f6a59f6-9ea0-4c28-84d2-17e2d38fe719/web?callback=__jp0

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151513

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49edf1ecf9ba3932c8aa45aed666db4a403af0d168fdd7067a6fe303ff985412

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:18 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-permitted-cross-domain-policies: none
status: 200 OK
x-envoy-upstream-service-time: 651
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: 0ddff1dd-4016-4790-9d9d-c383670b0492
x-runtime: 0.027298
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"49edf1ecf9ba3932c8aa45aed666db4a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-download-options: noopen
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
cf-ray: 72e032f1f899bbd1-FRA
access-control-allow-headers: SDK-Version
expires: Thu, 21 Jul 2022 02:35:18 GMT

GET
H3 200 1464688870412041 Show response
connect.facebook.net/signals/config/ 292 KB
84 KB 66ms
55ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1464688870412041?v=2.9.65&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ea02edc8a9f7629213c4d3b3c86ca65511a0aa4f2c1d1f0fb191cb169f32c6db

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coop_report","include_subdomains":true}
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: ojHmJJVhUq05qOVJv1ZbVsjso0luUbpzQyHf4f3j1ogmuZgfIknIe7mANBT9jf5pjlGoMD8DpUXS0Iu5to3F1A==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 21 Jul 2022 01:35:16 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-content-cdn-origin-ts: 1658367316629
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1048808556/ 3 KB
2 KB 41ms
19ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1048808556/?random=1658367316573&cv=9&fst=1658367316573&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg7i0&sendb=1&ig=1&data=event%3Dpage_view&frm=0&url=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&tiba=Posthaus%20%7C%20Moda%20do%20seu%20jeito&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c8935cefbb302894e4079ffdcbe75a2091f8a663173f3febc6fdbe6b69989f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1198
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
350 B 37ms
14ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-YMVGMTMSHW&gtm=2oe7i0&_p=623455674&_z=ccd.v9B&cid=2085958768.1658367316&ul=en-us&sr=1600x1200&_s=1&sid=1658367316&sct=1&seg=0&dl=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&dt=Posthaus%20%7C%20Moda%20do%20seu%20jeito&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-YMVGMTMSHW&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:16 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.posthaus.com.br
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 1040557206700558 Show response
connect.facebook.net/signals/config/ 292 KB
84 KB 83ms
83ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1040557206700558?v=2.9.65&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

02942d663e071caa909e62196ec65f60153a1e3433cac8f36b3350c8d58d4724

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coop_report","include_subdomains":true}
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: hGD24SPXKvwW1XNuKRSD8gqHqvUu40YfNTtYUILza5m43lxTTUlNMkQDld/ByPiQ4KG8/ElktwBNH5EeyBN7Ew==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 21 Jul 2022 01:35:16 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-content-cdn-origin-ts: 1658367316744
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
297 B 27ms
8ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1464688870412041&ev=PageView&dl=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&rl=&if=false&ts=1658367316663&cd[eventID]=PageView_undefined&sw=1600&sh=1200&v=2.9.65&r=stable&ec=0&o=30&fbp=fb.2.1658367316662.1550010848&it=1658367316565&coo=false&exp=u0&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:16 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Thu, 21 Jul 2022 01:35:16 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 14ms
14ms XHR
text/plain 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=623455674&t=pageview&_s=1&dl=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&dp=%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&ul=en-us&de=UTF-8&dt=Posthaus%20%7C%20Moda%20do%20seu%20jeito&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAAEITQAAAAC~&jid=1678670475&gjid=124658302&cid=2085958768.1658367316&tid=UA-1640709-1&_gid=94022816.1658367316&_r=1&_slc=1&z=817237296

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.posthaus.com.br/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:16 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.posthaus.com.br
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
ipv4.icanhazip.com/ 15 B
474 B 39ms
13ms XHR
text/plain 104.18.114.97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv4.icanhazip.com/
Requested by: Host: www.posthaus.com.br
URL: https://www.posthaus.com.br/vendors~app.b1684717124cfb9769fe.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.114.97 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 48cb98a0929aab44002a184726335f1095534088e04955f61ca899f3d66fcf42

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/plain
access-control-allow-origin: *
cf-ray: 72e032f1b8f9697b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1048808556/ 3 KB
1 KB 44ms
24ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1048808556/?random=1658367316803&cv=9&fst=1658367316803&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg7i0&sendb=1&ig=1&data=event%3Dpage_view&frm=0&url=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&tiba=Posthaus%20%7C%20Moda%20do%20seu%20jeito&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6bc5251fe03706da7de4d9199f007a2323f8bcb2694e2e2c76abc57c6f952f9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1198
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

tags Show response
us.creativecdn.com/ Frame 6539
Redirect Chain

https://us.creativecdn.com/tags?type=iframe&id=pr_hhX6cMuePreWPuw9xLe2_home&id=pr_hhX6cMuePreWPuw9xLe2_lid_lZ5WO4gTGjkmOhNolOph&su=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6...
https://us.creativecdn.com/tags?type=iframe&id=pr_hhX6cMuePreWPuw9xLe2_home&id=pr_hhX6cMuePreWPuw9xLe2_lid_lZ5WO4gTGjkmOhNolOph&su=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6...

465 B
699 B

158ms
158ms

Document
text/html

185.184.10.30
RTB-HOUSE-ASH

General

Check archive.org

Show headers Download Go to

Full URL: https://us.creativecdn.com/tags?type=iframe&id=pr_hhX6cMuePreWPuw9xLe2_home&id=pr_hhX6cMuePreWPuw9xLe2_lid_lZ5WO4gTGjkmOhNolOph&su=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&sr=&ts=1658367316805&tc=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T4KNHML&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.10.30 , Poland, ASN203690 (RTB-HOUSE-ASH, PL),
Reverse DNS: ip-185-184-10-30.rtbhouse.net
Software: /
Resource Hash: 1d6ad50aa4bbac453c99dbd7d315108b7b10f6bdaf937612517e636f779db0b5

Request headers

Referer: about:blank
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-methods: GET, POST
access-control-allow-origin: *
access-control-max-age: 3600
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-encoding: gzip
content-length: 341
content-type: text/html;charset=utf-8
date: Thu, 21 Jul 2022 01:35:17 GMT Thu, 21 Jul 2022 01:35:17 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
vary: Origin, Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-methods: GET, POST
access-control-allow-origin: *
access-control-max-age: 3600
content-length: 0
date: Thu, 21 Jul 2022 01:35:16 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://us.creativecdn.com/tags?type=iframe&id=pr_hhX6cMuePreWPuw9xLe2_home&id=pr_hhX6cMuePreWPuw9xLe2_lid_lZ5WO4gTGjkmOhNolOph&su=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&sr=&ts=1658367316805&tc=1
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
vary: Origin

OPTIONS
H/1.1 200
OK /
ws-ph.ecosweb.com.br/rest/shopping/addCampaignWithoutWarn/v1/ Frame 0
0 2638ms
229ms Preflight 177.101.99.63
Unifique Telecomu...

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-ph.ecosweb.com.br/rest/shopping/addCampaignWithoutWarn/v1/?campaign=ZANOX054
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 177.101.99.63 Doutor Pedrinho, Brazil, ASN28343 (Unifique Telecomunicacoes SA, BR),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: anonymous,authorization,content-type
Access-Control-Request-Method: POST
Origin: https://www.posthaus.com.br
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: referer,amp-access-control-allow-source-origin,origin,amp-same-origin,save-data,x-forwarded-for,login,access-control-request-method,accept,access-control-allow-origin,authorization,x-requested-with,access-control-request-headers,anonymous,content-type,cache-control,user-agent
Access-Control-Allow-Methods: HEAD,DELETE,POST,GET,OPTIONS,PUT
Access-Control-Allow-Origin: https://www.posthaus.com.br
Access-Control-Expose-Headers: DBR-Device,Access-Control-Expose-Headers,AMP-Access-Control-Allow-Source-Origin,Access-Control-Allow-Origin,Access-Control-Allow-Methods,Access-Control-Allow-Credentials,DBR-Company,Access-Control-Max-Age,Access-Control-Allow-Headers,AMP-Same-Origin
Access-Control-Max-Age: 10
Content-Length: 0
Date: Thu, 21 Jul 2022 01:35:18 GMT
Vary: origin,access-control-request-method,Access-Control-Request-Headers

OPTIONS
H/1.1 200
OK /
ws-ph.ecosweb.com.br/rest/products/autocomplete/v10/ Frame 0
0 2639ms
230ms Preflight 177.101.99.63
Unifique Telecomu...

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-ph.ecosweb.com.br/rest/products/autocomplete/v10/?relativeURL=%2Fbusca%3Fpalavra%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 177.101.99.63 Doutor Pedrinho, Brazil, ASN28343 (Unifique Telecomunicacoes SA, BR),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: anonymous,authorization
Access-Control-Request-Method: GET
Origin: https://www.posthaus.com.br
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: referer,amp-access-control-allow-source-origin,origin,amp-same-origin,save-data,x-forwarded-for,login,access-control-request-method,accept,access-control-allow-origin,authorization,x-requested-with,access-control-request-headers,anonymous,content-type,cache-control,user-agent
Access-Control-Allow-Methods: HEAD,DELETE,POST,GET,OPTIONS,PUT
Access-Control-Allow-Origin: https://www.posthaus.com.br
Access-Control-Expose-Headers: DBR-Device,Access-Control-Expose-Headers,AMP-Access-Control-Allow-Source-Origin,Access-Control-Allow-Origin,Access-Control-Allow-Methods,Access-Control-Allow-Credentials,DBR-Company,Access-Control-Max-Age,Access-Control-Allow-Headers,AMP-Same-Origin
Access-Control-Max-Age: 10
Content-Length: 0
Date: Thu, 21 Jul 2022 01:35:18 GMT
Vary: origin,access-control-request-method,Access-Control-Request-Headers

OPTIONS
H/1.1 200
OK /
ws-ph.ecosweb.com.br/rest/store/home/v10/ Frame 0
0 2639ms
231ms Preflight 177.101.99.63
Unifique Telecomu...

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-ph.ecosweb.com.br/rest/store/home/v10/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 177.101.99.63 Doutor Pedrinho, Brazil, ASN28343 (Unifique Telecomunicacoes SA, BR),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: anonymous,authorization
Access-Control-Request-Method: GET
Origin: https://www.posthaus.com.br
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: referer,amp-access-control-allow-source-origin,origin,amp-same-origin,save-data,x-forwarded-for,login,access-control-request-method,accept,access-control-allow-origin,authorization,x-requested-with,access-control-request-headers,anonymous,content-type,cache-control,user-agent
Access-Control-Allow-Methods: HEAD,DELETE,POST,GET,OPTIONS,PUT
Access-Control-Allow-Origin: https://www.posthaus.com.br
Access-Control-Expose-Headers: DBR-Device,Access-Control-Expose-Headers,AMP-Access-Control-Allow-Source-Origin,Access-Control-Allow-Origin,Access-Control-Allow-Methods,Access-Control-Allow-Credentials,DBR-Company,Access-Control-Max-Age,Access-Control-Allow-Headers,AMP-Same-Origin
Access-Control-Max-Age: 10
Content-Length: 0
Date: Thu, 21 Jul 2022 01:35:19 GMT
Vary: origin,access-control-request-method,Access-Control-Request-Headers

OPTIONS
H/1.1 200
OK /
ws-ph.ecosweb.com.br/rest/shopping/quantityshoppingcart/v1/ Frame 0
0 2640ms
233ms Preflight 177.101.99.63
Unifique Telecomu...

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-ph.ecosweb.com.br/rest/shopping/quantityshoppingcart/v1/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 177.101.99.63 Doutor Pedrinho, Brazil, ASN28343 (Unifique Telecomunicacoes SA, BR),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: anonymous,authorization
Access-Control-Request-Method: GET
Origin: https://www.posthaus.com.br
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: referer,amp-access-control-allow-source-origin,origin,amp-same-origin,save-data,x-forwarded-for,login,access-control-request-method,accept,access-control-allow-origin,authorization,x-requested-with,access-control-request-headers,anonymous,content-type,cache-control,user-agent
Access-Control-Allow-Methods: HEAD,DELETE,POST,GET,OPTIONS,PUT
Access-Control-Allow-Origin: https://www.posthaus.com.br
Access-Control-Expose-Headers: DBR-Device,Access-Control-Expose-Headers,AMP-Access-Control-Allow-Source-Origin,Access-Control-Allow-Origin,Access-Control-Allow-Methods,Access-Control-Allow-Credentials,DBR-Company,Access-Control-Max-Age,Access-Control-Allow-Headers,AMP-Same-Origin
Access-Control-Max-Age: 10
Content-Length: 0
Date: Thu, 21 Jul 2022 01:35:18 GMT
Vary: origin,access-control-request-method,Access-Control-Request-Headers

OPTIONS
H/1.1 200
OK /
ws-ph.ecosweb.com.br/rest/store/banner/benefit/v10/ Frame 0
0 2666ms
243ms Preflight 177.101.99.63
Unifique Telecomu...

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-ph.ecosweb.com.br/rest/store/banner/benefit/v10/?relativeURL=%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 177.101.99.63 Doutor Pedrinho, Brazil, ASN28343 (Unifique Telecomunicacoes SA, BR),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: anonymous,authorization
Access-Control-Request-Method: GET
Origin: https://www.posthaus.com.br
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: referer,amp-access-control-allow-source-origin,origin,amp-same-origin,save-data,x-forwarded-for,login,access-control-request-method,accept,access-control-allow-origin,authorization,x-requested-with,access-control-request-headers,anonymous,content-type,cache-control,user-agent
Access-Control-Allow-Methods: HEAD,DELETE,POST,GET,OPTIONS,PUT
Access-Control-Allow-Origin: https://www.posthaus.com.br
Access-Control-Expose-Headers: DBR-Device,Access-Control-Expose-Headers,AMP-Access-Control-Allow-Source-Origin,Access-Control-Allow-Origin,Access-Control-Allow-Methods,Access-Control-Allow-Credentials,DBR-Company,Access-Control-Max-Age,Access-Control-Allow-Headers,AMP-Same-Origin
Access-Control-Max-Age: 10
Content-Length: 0
Date: Thu, 21 Jul 2022 01:35:18 GMT
Vary: origin,access-control-request-method,Access-Control-Request-Headers

OPTIONS
H/1.1 200
OK v10
ws-ph.ecosweb.com.br/rest/showCase/ Frame 0
0 2676ms
250ms Preflight 177.101.99.63
Unifique Telecomu...

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-ph.ecosweb.com.br/rest/showCase/v10?page=home&position=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 177.101.99.63 Doutor Pedrinho, Brazil, ASN28343 (Unifique Telecomunicacoes SA, BR),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: anonymous,authorization
Access-Control-Request-Method: GET
Origin: https://www.posthaus.com.br
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: referer,amp-access-control-allow-source-origin,origin,amp-same-origin,save-data,x-forwarded-for,login,access-control-request-method,accept,access-control-allow-origin,authorization,x-requested-with,access-control-request-headers,anonymous,content-type,cache-control,user-agent
Access-Control-Allow-Methods: HEAD,DELETE,POST,GET,OPTIONS,PUT
Access-Control-Allow-Origin: https://www.posthaus.com.br
Access-Control-Expose-Headers: DBR-Device,Access-Control-Expose-Headers,AMP-Access-Control-Allow-Source-Origin,Access-Control-Allow-Origin,Access-Control-Allow-Methods,Access-Control-Allow-Credentials,DBR-Company,Access-Control-Max-Age,Access-Control-Allow-Headers,AMP-Same-Origin
Access-Control-Max-Age: 10
Content-Length: 0
Date: Thu, 21 Jul 2022 01:35:19 GMT
Vary: origin,access-control-request-method,Access-Control-Request-Headers

OPTIONS
H/1.1 200
OK v10
ws-ph.ecosweb.com.br/rest/showCase/ Frame 0
0 2881ms
244ms Preflight 177.101.99.63
Unifique Telecomu...

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-ph.ecosweb.com.br/rest/showCase/v10?page=home&position=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 177.101.99.63 Doutor Pedrinho, Brazil, ASN28343 (Unifique Telecomunicacoes SA, BR),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: anonymous,authorization
Access-Control-Request-Method: GET
Origin: https://www.posthaus.com.br
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: referer,amp-access-control-allow-source-origin,origin,amp-same-origin,save-data,x-forwarded-for,login,access-control-request-method,accept,access-control-allow-origin,authorization,x-requested-with,access-control-request-headers,anonymous,content-type,cache-control,user-agent
Access-Control-Allow-Methods: HEAD,DELETE,POST,GET,OPTIONS,PUT
Access-Control-Allow-Origin: https://www.posthaus.com.br
Access-Control-Expose-Headers: DBR-Device,Access-Control-Expose-Headers,AMP-Access-Control-Allow-Source-Origin,Access-Control-Allow-Origin,Access-Control-Allow-Methods,Access-Control-Allow-Credentials,DBR-Company,Access-Control-Max-Age,Access-Control-Allow-Headers,AMP-Same-Origin
Access-Control-Max-Age: 10
Content-Length: 0
Date: Thu, 21 Jul 2022 01:35:19 GMT
Vary: origin,access-control-request-method,Access-Control-Request-Headers

OPTIONS
H/1.1 200
OK v10
ws-ph.ecosweb.com.br/rest/showCase/ Frame 0
0 2866ms
229ms Preflight 177.101.99.63
Unifique Telecomu...

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-ph.ecosweb.com.br/rest/showCase/v10?page=home&position=2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 177.101.99.63 Doutor Pedrinho, Brazil, ASN28343 (Unifique Telecomunicacoes SA, BR),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: anonymous,authorization
Access-Control-Request-Method: GET
Origin: https://www.posthaus.com.br
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: referer,amp-access-control-allow-source-origin,origin,amp-same-origin,save-data,x-forwarded-for,login,access-control-request-method,accept,access-control-allow-origin,authorization,x-requested-with,access-control-request-headers,anonymous,content-type,cache-control,user-agent
Access-Control-Allow-Methods: HEAD,DELETE,POST,GET,OPTIONS,PUT
Access-Control-Allow-Origin: https://www.posthaus.com.br
Access-Control-Expose-Headers: DBR-Device,Access-Control-Expose-Headers,AMP-Access-Control-Allow-Source-Origin,Access-Control-Allow-Origin,Access-Control-Allow-Methods,Access-Control-Allow-Credentials,DBR-Company,Access-Control-Max-Age,Access-Control-Allow-Headers,AMP-Same-Origin
Access-Control-Max-Age: 10
Content-Length: 0
Date: Thu, 21 Jul 2022 01:35:19 GMT
Vary: origin,access-control-request-method,Access-Control-Request-Headers

GET
H2 200 ld.js Show response
static.criteo.net/js/ld/ 42 KB
14 KB 45ms
16ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/ld.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T4KNHML&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

0e937847c7e07ed15db23b99d02385f8a76a534837159ec603319dab64a5a9ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:16 GMT
content-encoding: gzip
last-modified: Wed, 29 Jun 2022 07:49:23 GMT
server: nginx
etag: W/"62bc0403-a792"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Jul 2022 01:35:16 GMT

POST
H/1.1 204
No Content / Show response
ws-ph.ecosweb.com.br/rest/shopping/addCampaignWithoutWarn/v1/ 0
458 B 265ms
261ms XHR
text/plain 177.101.99.63
Unifique Telecomu...

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-ph.ecosweb.com.br/rest/shopping/addCampaignWithoutWarn/v1/?campaign=ZANOX054
Requested by: Host: www.posthaus.com.br
URL: https://www.posthaus.com.br/vendors~app.b1684717124cfb9769fe.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 177.101.99.63 Doutor Pedrinho, Brazil, ASN28343 (Unifique Telecomunicacoes SA, BR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.posthaus.com.br/
anonymous: 48558a0e-c6df-4dc8-a8e7-dded25f8baba
accept-language: de-DE,de;q=0.9
Authorization: eyJhbGciOiJIUzUxMiJ9.eyJqdGkiOiIwMWVhYTdhYi1iYWRkLTQ0OGMtYmU5Mi1mMjUzNTkzMTljZDQiLCJpYXQiOjE1NjUzNDgwNzksInN1YiI6IntcInBhc3N3b3JkXCI6XCJkYnI0MTAyXCIsXCJzeXN0ZW1cIjpcImRza1wiLFwiaWRDb21wYW55XCI6XCIxMlwiLFwidXNlclwiOlwiZGJyNDEwMlwifSIsImlzcyI6IjEyIiwiYXVkIjoid3MucmVzdC5hcHAifQ.xu8iGoKwk3gKTM_SHiGMS1mRiTXJMck-GT3x8C4pkRqEjVxI6BykYIZjgzKXK2YbAckbKbJ3IaxoemTmO9WC9Q
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: application/json

Response headers

Access-Control-Allow-Origin: https://www.posthaus.com.br
Access-Control-Expose-Headers: DBR-Device,Access-Control-Expose-Headers,AMP-Access-Control-Allow-Source-Origin,Access-Control-Allow-Origin,Access-Control-Allow-Methods,Access-Control-Allow-Credentials,DBR-Company,Access-Control-Max-Age,Access-Control-Allow-Headers,AMP-Same-Origin
Access-Control-Allow-Credentials: true
Date: Thu, 21 Jul 2022 01:35:18 GMT
Vary: Origin

GET
H/1.1 200
OK / Show response
ws-ph.ecosweb.com.br/rest/products/autocomplete/v10/ 12 B
553 B 267ms
237ms XHR
application/json 177.101.99.63
Unifique Telecomu...

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-ph.ecosweb.com.br/rest/products/autocomplete/v10/?relativeURL=%2Fbusca%3Fpalavra%3D
Requested by: Host: www.posthaus.com.br
URL: https://www.posthaus.com.br/vendors~app.b1684717124cfb9769fe.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 177.101.99.63 Doutor Pedrinho, Brazil, ASN28343 (Unifique Telecomunicacoes SA, BR),
Reverse DNS
Software: /
Resource Hash: eef46741adfc3a9f76294d3b78f37a45f113092ac9d44ee77c7a038a88ff09a1

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.posthaus.com.br/
anonymous: 48558a0e-c6df-4dc8-a8e7-dded25f8baba
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Authorization: eyJhbGciOiJIUzUxMiJ9.eyJqdGkiOiIwMWVhYTdhYi1iYWRkLTQ0OGMtYmU5Mi1mMjUzNTkzMTljZDQiLCJpYXQiOjE1NjUzNDgwNzksInN1YiI6IntcInBhc3N3b3JkXCI6XCJkYnI0MTAyXCIsXCJzeXN0ZW1cIjpcImRza1wiLFwiaWRDb21wYW55XCI6XCIxMlwiLFwidXNlclwiOlwiZGJyNDEwMlwifSIsImlzcyI6IjEyIiwiYXVkIjoid3MucmVzdC5hcHAifQ.xu8iGoKwk3gKTM_SHiGMS1mRiTXJMck-GT3x8C4pkRqEjVxI6BykYIZjgzKXK2YbAckbKbJ3IaxoemTmO9WC9Q

Response headers

Date: Thu, 21 Jul 2022 01:28:41 GMT
Via: AX-CACHE-4.1:63
Age: 398
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://www.posthaus.com.br
Access-Control-Expose-Headers: DBR-Device,Access-Control-Expose-Headers,AMP-Access-Control-Allow-Source-Origin,Access-Control-Allow-Origin,Access-Control-Allow-Methods,Access-Control-Allow-Credentials,DBR-Company,Access-Control-Max-Age,Access-Control-Allow-Headers,AMP-Same-Origin
Access-Control-Allow-Credentials: true
Content-Length: 12

GET
H/1.1 200
OK / Show response
ws-ph.ecosweb.com.br/rest/store/home/v10/ 4 KB
4 KB 276ms
238ms XHR
application/json 177.101.99.63
Unifique Telecomu...

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-ph.ecosweb.com.br/rest/store/home/v10/
Requested by: Host: www.posthaus.com.br
URL: https://www.posthaus.com.br/vendors~app.b1684717124cfb9769fe.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 177.101.99.63 Doutor Pedrinho, Brazil, ASN28343 (Unifique Telecomunicacoes SA, BR),
Reverse DNS
Software: /
Resource Hash: 0b581e886dc28e53f3321f2c0b0d736cf9070dad0bf06f6312a532a63903ad32

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.posthaus.com.br/
anonymous: 48558a0e-c6df-4dc8-a8e7-dded25f8baba
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Authorization: eyJhbGciOiJIUzUxMiJ9.eyJqdGkiOiIwMWVhYTdhYi1iYWRkLTQ0OGMtYmU5Mi1mMjUzNTkzMTljZDQiLCJpYXQiOjE1NjUzNDgwNzksInN1YiI6IntcInBhc3N3b3JkXCI6XCJkYnI0MTAyXCIsXCJzeXN0ZW1cIjpcImRza1wiLFwiaWRDb21wYW55XCI6XCIxMlwiLFwidXNlclwiOlwiZGJyNDEwMlwifSIsImlzcyI6IjEyIiwiYXVkIjoid3MucmVzdC5hcHAifQ.xu8iGoKwk3gKTM_SHiGMS1mRiTXJMck-GT3x8C4pkRqEjVxI6BykYIZjgzKXK2YbAckbKbJ3IaxoemTmO9WC9Q

Response headers

Date: Thu, 21 Jul 2022 01:28:58 GMT
Via: AX-CACHE-4.1:63
Age: 381
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://www.posthaus.com.br
Access-Control-Expose-Headers: DBR-Device,Access-Control-Expose-Headers,AMP-Access-Control-Allow-Source-Origin,Access-Control-Allow-Origin,Access-Control-Allow-Methods,Access-Control-Allow-Credentials,DBR-Company,Access-Control-Max-Age,Access-Control-Allow-Headers,AMP-Same-Origin
Access-Control-Allow-Credentials: true
Content-Length: 3920

GET
H/1.1 200
OK / Show response
ws-ph.ecosweb.com.br/rest/shopping/quantityshoppingcart/v1/ 26 B
528 B 465ms
238ms XHR
application/json 177.101.99.63
Unifique Telecomu...

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-ph.ecosweb.com.br/rest/shopping/quantityshoppingcart/v1/
Requested by: Host: www.posthaus.com.br
URL: https://www.posthaus.com.br/vendors~app.b1684717124cfb9769fe.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 177.101.99.63 Doutor Pedrinho, Brazil, ASN28343 (Unifique Telecomunicacoes SA, BR),
Reverse DNS
Software: /
Resource Hash: fe8a41e50211389f086c3697256e2032d68d6dc4e386656640618cecf772bb95

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.posthaus.com.br/
anonymous: 48558a0e-c6df-4dc8-a8e7-dded25f8baba
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Authorization: eyJhbGciOiJIUzUxMiJ9.eyJqdGkiOiIwMWVhYTdhYi1iYWRkLTQ0OGMtYmU5Mi1mMjUzNTkzMTljZDQiLCJpYXQiOjE1NjUzNDgwNzksInN1YiI6IntcInBhc3N3b3JkXCI6XCJkYnI0MTAyXCIsXCJzeXN0ZW1cIjpcImRza1wiLFwiaWRDb21wYW55XCI6XCIxMlwiLFwidXNlclwiOlwiZGJyNDEwMlwifSIsImlzcyI6IjEyIiwiYXVkIjoid3MucmVzdC5hcHAifQ.xu8iGoKwk3gKTM_SHiGMS1mRiTXJMck-GT3x8C4pkRqEjVxI6BykYIZjgzKXK2YbAckbKbJ3IaxoemTmO9WC9Q

Response headers

Access-Control-Allow-Origin: https://www.posthaus.com.br
Access-Control-Expose-Headers: DBR-Device,Access-Control-Expose-Headers,AMP-Access-Control-Allow-Source-Origin,Access-Control-Allow-Origin,Access-Control-Allow-Methods,Access-Control-Allow-Credentials,DBR-Company,Access-Control-Max-Age,Access-Control-Allow-Headers,AMP-Same-Origin
Access-Control-Allow-Credentials: true
Date: Thu, 21 Jul 2022 01:35:19 GMT
Content-Length: 26
Vary: Origin
Content-Type: application/json

GET
H/1.1 200
OK / Show response
ws-ph.ecosweb.com.br/rest/store/banner/benefit/v10/ 211 B
753 B 449ms
241ms XHR
application/json 177.101.99.63
Unifique Telecomu...

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-ph.ecosweb.com.br/rest/store/banner/benefit/v10/?relativeURL=%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B
Requested by: Host: www.posthaus.com.br
URL: https://www.posthaus.com.br/vendors~app.b1684717124cfb9769fe.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 177.101.99.63 Doutor Pedrinho, Brazil, ASN28343 (Unifique Telecomunicacoes SA, BR),
Reverse DNS
Software: /
Resource Hash: 0720c26a4887e546ba29831eb1ffc1348cb3344a269b378eefc499896d30f8c1

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.posthaus.com.br/
anonymous: 48558a0e-c6df-4dc8-a8e7-dded25f8baba
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Authorization: eyJhbGciOiJIUzUxMiJ9.eyJqdGkiOiIwMWVhYTdhYi1iYWRkLTQ0OGMtYmU5Mi1mMjUzNTkzMTljZDQiLCJpYXQiOjE1NjUzNDgwNzksInN1YiI6IntcInBhc3N3b3JkXCI6XCJkYnI0MTAyXCIsXCJzeXN0ZW1cIjpcImRza1wiLFwiaWRDb21wYW55XCI6XCIxMlwiLFwidXNlclwiOlwiZGJyNDEwMlwifSIsImlzcyI6IjEyIiwiYXVkIjoid3MucmVzdC5hcHAifQ.xu8iGoKwk3gKTM_SHiGMS1mRiTXJMck-GT3x8C4pkRqEjVxI6BykYIZjgzKXK2YbAckbKbJ3IaxoemTmO9WC9Q

Response headers

Date: Thu, 21 Jul 2022 01:35:19 GMT
Via: AX-CACHE-4.1:63
Age: 0
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://www.posthaus.com.br
Access-Control-Expose-Headers: DBR-Device,Access-Control-Expose-Headers,AMP-Access-Control-Allow-Source-Origin,Access-Control-Allow-Origin,Access-Control-Allow-Methods,Access-Control-Allow-Credentials,DBR-Company,Access-Control-Max-Age,Access-Control-Allow-Headers,AMP-Same-Origin
Access-Control-Allow-Credentials: true
Content-Length: 211

GET
H/1.1 200
OK v10 Show response
ws-ph.ecosweb.com.br/rest/showCase/ 55 B
557 B 452ms
247ms XHR
application/json 177.101.99.63
Unifique Telecomu...

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-ph.ecosweb.com.br/rest/showCase/v10?page=home&position=0
Requested by: Host: www.posthaus.com.br
URL: https://www.posthaus.com.br/vendors~app.b1684717124cfb9769fe.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 177.101.99.63 Doutor Pedrinho, Brazil, ASN28343 (Unifique Telecomunicacoes SA, BR),
Reverse DNS
Software: /
Resource Hash: e0c4366690ece574497e9d4b6f14c66a527d08531f0bdd240c75b0e4793d4e73

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.posthaus.com.br/
anonymous: 48558a0e-c6df-4dc8-a8e7-dded25f8baba
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Authorization: eyJhbGciOiJIUzUxMiJ9.eyJqdGkiOiIwMWVhYTdhYi1iYWRkLTQ0OGMtYmU5Mi1mMjUzNTkzMTljZDQiLCJpYXQiOjE1NjUzNDgwNzksInN1YiI6IntcInBhc3N3b3JkXCI6XCJkYnI0MTAyXCIsXCJzeXN0ZW1cIjpcImRza1wiLFwiaWRDb21wYW55XCI6XCIxMlwiLFwidXNlclwiOlwiZGJyNDEwMlwifSIsImlzcyI6IjEyIiwiYXVkIjoid3MucmVzdC5hcHAifQ.xu8iGoKwk3gKTM_SHiGMS1mRiTXJMck-GT3x8C4pkRqEjVxI6BykYIZjgzKXK2YbAckbKbJ3IaxoemTmO9WC9Q

Response headers

Access-Control-Allow-Origin: https://www.posthaus.com.br
Access-Control-Expose-Headers: DBR-Device,Access-Control-Expose-Headers,AMP-Access-Control-Allow-Source-Origin,Access-Control-Allow-Origin,Access-Control-Allow-Methods,Access-Control-Allow-Credentials,DBR-Company,Access-Control-Max-Age,Access-Control-Allow-Headers,AMP-Same-Origin
Access-Control-Allow-Credentials: true
Date: Thu, 21 Jul 2022 01:35:19 GMT
Content-Length: 55
Vary: Origin
Content-Type: application/json

OPTIONS
H/1.1 200
OK v10
ws-ph.ecosweb.com.br/rest/showCase/lastViewed/ Frame 0
0 2873ms
234ms Preflight 177.101.99.63
Unifique Telecomu...

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-ph.ecosweb.com.br/rest/showCase/lastViewed/v10
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 177.101.99.63 Doutor Pedrinho, Brazil, ASN28343 (Unifique Telecomunicacoes SA, BR),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: anonymous,authorization
Access-Control-Request-Method: GET
Origin: https://www.posthaus.com.br
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: referer,amp-access-control-allow-source-origin,origin,amp-same-origin,save-data,x-forwarded-for,login,access-control-request-method,accept,access-control-allow-origin,authorization,x-requested-with,access-control-request-headers,anonymous,content-type,cache-control,user-agent
Access-Control-Allow-Methods: HEAD,DELETE,POST,GET,OPTIONS,PUT
Access-Control-Allow-Origin: https://www.posthaus.com.br
Access-Control-Expose-Headers: DBR-Device,Access-Control-Expose-Headers,AMP-Access-Control-Allow-Source-Origin,Access-Control-Allow-Origin,Access-Control-Allow-Methods,Access-Control-Allow-Credentials,DBR-Company,Access-Control-Max-Age,Access-Control-Allow-Headers,AMP-Same-Origin
Access-Control-Max-Age: 10
Content-Length: 0
Date: Thu, 21 Jul 2022 01:35:19 GMT
Vary: origin,access-control-request-method,Access-Control-Request-Headers

GET
H/1.1 200
OK v10 Show response
ws-ph.ecosweb.com.br/rest/showCase/ 40 KB
41 KB 498ms
465ms XHR
application/json 177.101.99.63
Unifique Telecomu...

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-ph.ecosweb.com.br/rest/showCase/v10?page=home&position=1
Requested by: Host: www.posthaus.com.br
URL: https://www.posthaus.com.br/vendors~app.b1684717124cfb9769fe.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 177.101.99.63 Doutor Pedrinho, Brazil, ASN28343 (Unifique Telecomunicacoes SA, BR),
Reverse DNS
Software: /
Resource Hash: 156bc9296e0c180b3c3f4739051bd16d9a0aa596cbec9fa07886221b0ef9acb8

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.posthaus.com.br/
anonymous: 48558a0e-c6df-4dc8-a8e7-dded25f8baba
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Authorization: eyJhbGciOiJIUzUxMiJ9.eyJqdGkiOiIwMWVhYTdhYi1iYWRkLTQ0OGMtYmU5Mi1mMjUzNTkzMTljZDQiLCJpYXQiOjE1NjUzNDgwNzksInN1YiI6IntcInBhc3N3b3JkXCI6XCJkYnI0MTAyXCIsXCJzeXN0ZW1cIjpcImRza1wiLFwiaWRDb21wYW55XCI6XCIxMlwiLFwidXNlclwiOlwiZGJyNDEwMlwifSIsImlzcyI6IjEyIiwiYXVkIjoid3MucmVzdC5hcHAifQ.xu8iGoKwk3gKTM_SHiGMS1mRiTXJMck-GT3x8C4pkRqEjVxI6BykYIZjgzKXK2YbAckbKbJ3IaxoemTmO9WC9Q

Response headers

Access-Control-Allow-Origin: https://www.posthaus.com.br
Access-Control-Expose-Headers: DBR-Device,Access-Control-Expose-Headers,AMP-Access-Control-Allow-Source-Origin,Access-Control-Allow-Origin,Access-Control-Allow-Methods,Access-Control-Allow-Credentials,DBR-Company,Access-Control-Max-Age,Access-Control-Allow-Headers,AMP-Same-Origin
Access-Control-Allow-Credentials: true
Vary: Origin
Date: Thu, 21 Jul 2022 01:35:19 GMT
Transfer-Encoding: chunked
Content-Type: application/json

GET
H/1.1 200
OK v10 Show response
ws-ph.ecosweb.com.br/rest/showCase/ 39 KB
39 KB 289ms
254ms XHR
application/json 177.101.99.63
Unifique Telecomu...

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-ph.ecosweb.com.br/rest/showCase/v10?page=home&position=2
Requested by: Host: www.posthaus.com.br
URL: https://www.posthaus.com.br/vendors~app.b1684717124cfb9769fe.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 177.101.99.63 Doutor Pedrinho, Brazil, ASN28343 (Unifique Telecomunicacoes SA, BR),
Reverse DNS
Software: /
Resource Hash: 54142010bfb2b1c67c4d9d7f916353d7b7ac2feed9545169cd398c2b56a4ffcb

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.posthaus.com.br/
anonymous: 48558a0e-c6df-4dc8-a8e7-dded25f8baba
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Authorization: eyJhbGciOiJIUzUxMiJ9.eyJqdGkiOiIwMWVhYTdhYi1iYWRkLTQ0OGMtYmU5Mi1mMjUzNTkzMTljZDQiLCJpYXQiOjE1NjUzNDgwNzksInN1YiI6IntcInBhc3N3b3JkXCI6XCJkYnI0MTAyXCIsXCJzeXN0ZW1cIjpcImRza1wiLFwiaWRDb21wYW55XCI6XCIxMlwiLFwidXNlclwiOlwiZGJyNDEwMlwifSIsImlzcyI6IjEyIiwiYXVkIjoid3MucmVzdC5hcHAifQ.xu8iGoKwk3gKTM_SHiGMS1mRiTXJMck-GT3x8C4pkRqEjVxI6BykYIZjgzKXK2YbAckbKbJ3IaxoemTmO9WC9Q

Response headers

Access-Control-Allow-Origin: https://www.posthaus.com.br
Access-Control-Expose-Headers: DBR-Device,Access-Control-Expose-Headers,AMP-Access-Control-Allow-Source-Origin,Access-Control-Allow-Origin,Access-Control-Allow-Methods,Access-Control-Allow-Credentials,DBR-Company,Access-Control-Max-Age,Access-Control-Allow-Headers,AMP-Same-Origin
Access-Control-Allow-Credentials: true
Vary: Origin
Date: Thu, 21 Jul 2022 01:35:19 GMT
Transfer-Encoding: chunked
Content-Type: application/json

GET
H/1.1 204
No Content v10 Show response
ws-ph.ecosweb.com.br/rest/showCase/lastViewed/ 0
458 B 283ms
252ms XHR
text/plain 177.101.99.63
Unifique Telecomu...

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-ph.ecosweb.com.br/rest/showCase/lastViewed/v10
Requested by: Host: www.posthaus.com.br
URL: https://www.posthaus.com.br/vendors~app.b1684717124cfb9769fe.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 177.101.99.63 Doutor Pedrinho, Brazil, ASN28343 (Unifique Telecomunicacoes SA, BR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.posthaus.com.br/
anonymous: 48558a0e-c6df-4dc8-a8e7-dded25f8baba
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Authorization: eyJhbGciOiJIUzUxMiJ9.eyJqdGkiOiIwMWVhYTdhYi1iYWRkLTQ0OGMtYmU5Mi1mMjUzNTkzMTljZDQiLCJpYXQiOjE1NjUzNDgwNzksInN1YiI6IntcInBhc3N3b3JkXCI6XCJkYnI0MTAyXCIsXCJzeXN0ZW1cIjpcImRza1wiLFwiaWRDb21wYW55XCI6XCIxMlwiLFwidXNlclwiOlwiZGJyNDEwMlwifSIsImlzcyI6IjEyIiwiYXVkIjoid3MucmVzdC5hcHAifQ.xu8iGoKwk3gKTM_SHiGMS1mRiTXJMck-GT3x8C4pkRqEjVxI6BykYIZjgzKXK2YbAckbKbJ3IaxoemTmO9WC9Q

Response headers

Access-Control-Allow-Origin: https://www.posthaus.com.br
Access-Control-Expose-Headers: DBR-Device,Access-Control-Expose-Headers,AMP-Access-Control-Allow-Source-Origin,Access-Control-Allow-Origin,Access-Control-Allow-Methods,Access-Control-Allow-Credentials,DBR-Company,Access-Control-Max-Age,Access-Control-Allow-Headers,AMP-Same-Origin
Access-Control-Allow-Credentials: true
Date: Thu, 21 Jul 2022 01:35:19 GMT
Vary: Origin

GET
H2 200 img-cadastro-posthaus.jpg
ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/store/posthaus/ 123 KB
124 KB 423ms
6ms Image
image/jpeg 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/store/posthaus/img-cadastro-posthaus.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

b142483a3b225487440d74e621283316ea10107cc6e55f8dc9c953c4c6edaa71

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:17 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 1441
x-cache: MISS
content-length: 126097
vary: Origin, Accept-Encoding
x-amz-request-id: 16FCDB6AFF7706D8
x-xss-protection: 1; mode=block
last-modified: Tue, 28 Jun 2022 11:15:29 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
cache-control: max-age=86400
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Fri, 22 Jul 2022 01:35:17 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 7 B
448 B 75ms
18ms XHR
text/plain 2a00:1450:400c:c07::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-1640709-1&cid=2085958768.1658367316&jid=1678670475&gjid=124658302&_gid=94022816.1658367316&_u=aGBAAEISQAAAAC~&z=2100410940

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.posthaus.com.br/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 21 Jul 2022 01:35:16 GMT
content-type: text/plain
access-control-allow-origin: https://www.posthaus.com.br
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 0_0_100218663_1_1600.jpg
ph-cdn3.ecosweb.com.br/Web/posthaus/banner_JS/ 72 KB
72 KB 419ms
29ms Image
image/jpeg 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/Web/posthaus/banner_JS/0_0_100218663_1_1600.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

8624d58710167d82af8bddd79c18964265587f4c962eca9f454be11f4d7c89f0

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:17 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 3279
x-cache: MISS
content-length: 73396
vary: Origin, Accept-Encoding
x-amz-request-id: 170387E4C3929FC3
x-xss-protection: 1; mode=block
last-modified: Tue, 19 Jul 2022 18:49:46 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
cache-control: max-age=43200
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Thu, 21 Jul 2022 13:35:17 GMT

GET
H2 200 0_0_100218663_2_1600.jpg
ph-cdn3.ecosweb.com.br/Web/posthaus/banner_JS/ 68 KB
68 KB 409ms
19ms Image
image/jpeg 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/Web/posthaus/banner_JS/0_0_100218663_2_1600.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

0c5cbc3f992524e9a93c4a9d677c09d3c5ad0615b551a78deca323702511f196

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:17 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 3279
x-cache: MISS
content-length: 69558
vary: Origin, Accept-Encoding
x-amz-request-id: 170387E4C50ECF24
x-xss-protection: 1; mode=block
last-modified: Tue, 19 Jul 2022 18:49:48 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
cache-control: max-age=43200
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Thu, 21 Jul 2022 13:35:17 GMT

GET
H2 200 0_0_100218663_3_1600.jpg
ph-cdn3.ecosweb.com.br/Web/posthaus/banner_JS/ 91 KB
91 KB 420ms
30ms Image
image/jpeg 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/Web/posthaus/banner_JS/0_0_100218663_3_1600.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

5b3910667d5547b4d9f1accada8154fd300daa7def9acbb31c328043d7b4a701

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:17 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 3279
x-cache: MISS
content-length: 92699
vary: Origin, Accept-Encoding
x-amz-request-id: 170387E4CFDB46F1
x-xss-protection: 1; mode=block
last-modified: Tue, 19 Jul 2022 18:49:50 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
cache-control: max-age=43200
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Thu, 21 Jul 2022 13:35:17 GMT

GET
H2 200 img-frete-gratis.png
ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/store/posthaus/ 6 KB
6 KB 422ms
32ms Image
image/png 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/store/posthaus/img-frete-gratis.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

84affaaa12618c4c6301ebac4273d52f9aa3341ca6079187ac890587ba804c76

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:17 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 0
x-cache: MISS
content-length: 5962
vary: Origin, Accept-Encoding
x-amz-request-id: 16EC4E15AC111631
x-xss-protection: 1; mode=block
last-modified: Tue, 26 May 2020 16:45:22 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
cache-control: max-age=86400
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Fri, 22 Jul 2022 01:35:17 GMT

GET
H2 200 img-troca-gratis.png
ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/store/posthaus/ 5 KB
5 KB 410ms
20ms Image
image/png 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/store/posthaus/img-troca-gratis.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

6e488ad6c6b6afcaf4a252740b31d099a4b316c887566d61b3bd096fb066ab2a

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:17 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 0
x-cache: MISS
content-length: 5141
vary: Origin, Accept-Encoding
x-amz-request-id: 16EA2220F4052361
x-xss-protection: 1; mode=block
last-modified: Tue, 26 May 2020 16:45:22 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
cache-control: max-age=86400
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Fri, 22 Jul 2022 01:35:17 GMT

GET
H2 200 img-payment.png
ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/store/posthaus/ 5 KB
6 KB 420ms
30ms Image
image/png 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/store/posthaus/img-payment.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

8bd899fbb79026f90cc487cf6207cf11f5b2944ed6b42f450a1465348b5ca6f9

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:17 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 0
x-cache: MISS
content-length: 5471
vary: Origin, Accept-Encoding
x-amz-request-id: 16EC4E15AC43113F
x-xss-protection: 1; mode=block
last-modified: Tue, 26 May 2020 16:45:22 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
cache-control: max-age=86400
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Fri, 22 Jul 2022 01:35:17 GMT

GET
H2 200 img-qrcode-app.png
ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/store/posthaus/ 15 KB
16 KB 421ms
31ms Image
image/png 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/imagens01/pwa/assets/store/posthaus/img-qrcode-app.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

de57e553119f7333a752226c60c6c16c3fadadf332928aee6e4e2181642ae361

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:17 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 0
x-cache: MISS
content-length: 15826
vary: Origin, Accept-Encoding
x-amz-request-id: 16EE7585DD4FD827
x-xss-protection: 1; mode=block
last-modified: Wed, 25 Aug 2021 17:36:10 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/png
cache-control: max-age=86400
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Fri, 22 Jul 2022 01:35:17 GMT

GET
H2 200 0_0_100218679_1_1_880.jpg
ph-cdn3.ecosweb.com.br/Web/posthaus/banner_JS/ 39 KB
40 KB 18ms
16ms Image
image/jpeg 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/Web/posthaus/banner_JS/0_0_100218679_1_1_880.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

753f55fb27100971437c26c97d629ab0bd6bfe1de2097a28bd9a51a1cf1c9dd5

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:17 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 0
x-cache: MISS
content-length: 40224
vary: Origin, Accept-Encoding
x-amz-request-id: 170394FB6B8F725E
x-xss-protection: 1; mode=block
last-modified: Wed, 20 Jul 2022 13:31:16 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
cache-control: max-age=43200
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Thu, 21 Jul 2022 13:35:17 GMT

GET
H2 200 0_0_100218679_1_2_880.jpg
ph-cdn3.ecosweb.com.br/Web/posthaus/banner_JS/ 46 KB
47 KB 19ms
17ms Image
image/jpeg 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/Web/posthaus/banner_JS/0_0_100218679_1_2_880.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

a104-90-104-236.deploy.static.akamaitechnologies.com

Software

Resource Hash

3d92550e0e5a7fd2318291f22a35c8b29ef13ecc0afbec76bc2ee7080945d8ff

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:17 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 672
x-cache: MISS
content-length: 47150
vary: Origin, Accept-Encoding
x-amz-request-id: 1703945F81CAF502
x-xss-protection: 1; mode=block
last-modified: Wed, 20 Jul 2022 13:31:16 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
cache-control: max-age=43200
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Thu, 21 Jul 2022 13:35:17 GMT

GET
H2 200 tracking.min.js Show response
www.artfut.com/static/ 24 KB
7 KB 14ms
13ms Script
application/javascript 2606:4700:20::681a:6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.artfut.com/static/tracking.min.js?campaign_code=d11d781f62

Requested by

Host: www.artfut.com
URL: https://www.artfut.com/static/tagtag.min.js?campaign_code=d11d781f62

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:20::681a:6d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c3423e2830e0e8512380b5995774e5d31c763daf4acf434d145a6c2e2fbbfa35

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:16 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1035
pragma: public
last-modified: Mon, 23 May 2022 09:16:36 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"628b50f4-616e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hnCzw%2BCg3bPTJgdWu34eftS6FeqYs6dOH5ce0msoi6VsacJkAxyHx%2BEFJxfyPTYQvhjg0Ix1ipJ643izsrvsb%2FhfNw2qnPbjo4yNZfEwgyYACMp3QHspO4GGTkWeOm5BqSIzZNFWdQ%2FG6301"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1200, public
cf-ray: 72e032f2addb9091-FRA
expires: Thu, 21 Jul 2022 01:38:01 GMT

GET
H2 200 crossdevice.min.js Show response
www.artfut.com/static/ 24 KB
8 KB 15ms
14ms Script
application/javascript 2606:4700:20::681a:6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.artfut.com/static/crossdevice.min.js?campaign_code=d11d781f62

Requested by

Host: www.artfut.com
URL: https://www.artfut.com/static/tagtag.min.js?campaign_code=d11d781f62

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700:20::681a:6d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

30d31eb6c11df6156d1a8616666104c6d44a53c1b0a8e1b5e09ad693836cface

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:16 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1035
pragma: public
last-modified: Mon, 23 May 2022 09:16:36 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"628b50f4-5f2e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=11aFUvFiXqMJpT44EwRsJIxTN3Pqa16PnzgLv4%2BnrXk1yptE4QQAE1J6zxLmOk%2FhLQxO9yc786TKaUOhyLazIfEuhWE9i3%2B8%2BQY1FU1ml02w63Nrv7X74%2Bot%2FtPZR0aT7fJrVNCwy9pe4Hrz"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1200, public
cf-ray: 72e032f2addc9091-FRA
expires: Thu, 21 Jul 2022 01:38:01 GMT

GET
H2 200 identify.js Show response
analytics.tiktok.com/i18n/pixel/ 114 KB
31 KB 103ms
102ms Script
application/javascript 23.36.163.232
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/identify.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C24Q4CFMU8Q03RAI27R0&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.232 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-232.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b2864c65b32cd25bf64a7eb4fddf486dff821f1924172a0083db962615bd6ce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-akamai-request-id: 2632e70f.87a2c71c
date: Thu, 21 Jul 2022 01:35:17 GMT
content-encoding: gzip
x-cache-remote: TCP_MISS from a23-220-104-5.deploy.akamaitechnologies.com (AkamaiGHost/10.9.0-42538714) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-36-161-204.deploy.akamaitechnologies.com (AkamaiGHost/10.9.0-42538714) (-)
x-parent-response-time: 92,23.36.161.204
server-timing: cdn-cache; desc=MISS, edge; dur=87, origin; dur=6, inner; dur=2
pragma: no-cache
server: nginx
x-tt-logid: 202207210135160100020076370040050060030370D538AD0
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 6,23.220.104.5
x-tt-trace-host: 01071338e576d3120912a2d25762897a4e7a0d9fbb4ee826938dbe86eb33a4b2ec791835ae54b8b7e510ce374c8517586975b5bae34d9850cb15f3529ef6b45a3201138566bb74dc5d2785766b9541406a3b939061124f67ab5c8dd6cc5168f724a6c04e879072da292581946aa640b082
expires: Thu, 21 Jul 2022 01:35:17 GMT

GET
H2 200 config.js Show response
analytics.tiktok.com/i18n/pixel/ 869 B
1 KB 105ms
105ms Script
application/javascript 23.36.163.232
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/config.js?sdkid=C24Q4CFMU8Q03RAI27R0&hostname=www.posthaus.com.br
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C24Q4CFMU8Q03RAI27R0&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.232 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-232.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 3264da223f9a72aa7b27c0ab4c0122b8b5816dd3094a752e6e1d1eb4672156b6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-akamai-request-id: 97fb483e.87a2c74b
date: Thu, 21 Jul 2022 01:35:17 GMT
content-encoding: gzip
x-cache-remote: TCP_MISS from a23-220-104-8.deploy.akamaitechnologies.com (AkamaiGHost/10.9.0-42538714) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-36-161-204.deploy.akamaitechnologies.com (AkamaiGHost/10.9.0-42538714) (-)
x-parent-response-time: 93,23.36.161.204
server-timing: cdn-cache; desc=MISS, edge; dur=88, origin; dur=5, inner; dur=2
content-length: 345
pragma: no-cache
server: nginx
x-tt-logid: 202207210135170100020077350020390630C06C
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 5,23.220.104.8
x-tt-trace-host: 01071338e576d3120912a2d25762897a4e7a0d9fbb4ee826938dbe86eb33a4b2ecc91b35f04d02e544966ba9e74421d17a1390031ef6ddb35bb2b23ab94b67e309d5fe223c483dc6aa9fa4303a7ca48ff139f3f7b5f5885a44a5f6d0fb6b4ebba96e49eefb9cf909be74f5a52bdc7015dd
expires: Thu, 21 Jul 2022 01:35:17 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/1048808556/ 42 B
548 B 43ms
20ms Image
image/gif 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1048808556/?random=1658367316573&cv=9&fst=1658365200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg7i0&sendb=1&data=event%3Dpage_view&frm=0&url=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&tiba=Posthaus%20%7C%20Moda%20do%20seu%20jeito&async=1&fmt=3&is_vtc=1&random=889046715&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.co.uk/pagead/1p-user-list/1048808556/ 42 B
548 B 43ms
20ms Image
image/gif 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/pagead/1p-user-list/1048808556/?random=1658367316573&cv=9&fst=1658365200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg7i0&sendb=1&data=event%3Dpage_view&frm=0&url=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&tiba=Posthaus%20%7C%20Moda%20do%20seu%20jeito&async=1&fmt=3&is_vtc=1&random=889046715&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
338 B 137ms
114ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=8afce070-e2bc-4cad-94fe-4182f1d1ca1c&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=366802c9-4969-423a-ae5f-3511c2488433&tw_document_href=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o63u0&type=javascript&version=2.4.15

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-response-time: 107
date: Thu, 21 Jul 2022 01:35:16 GMT
server: tsa_o
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: c874c64cf11de9f8e21e584cd10d1e6aeb90594fdbfb1839d72bf033533376bd
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
355 B 943ms
118ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=8afce070-e2bc-4cad-94fe-4182f1d1ca1c&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=366802c9-4969-423a-ae5f-3511c2488433&tw_document_href=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o63u0&type=javascript&version=2.4.15

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

x-response-time: 110
date: Thu, 21 Jul 2022 01:35:17 GMT
server: tsa_o
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 6b92b609bdf152f5adcff749d9e873bcff66a0e982dfc87edfcdda179097d94f
content-length: 43

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 19ms
8ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1464688870412041&ev=PageView_undefined&dl=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&rl=&if=false&ts=1658367316979&sw=1600&sh=1200&v=2.9.65&r=stable&ec=1&o=30&fbp=fb.2.1658367316662.1550010848&it=1658367316565&coo=false&exp=u0&rqm=GET

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:16 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Thu, 21 Jul 2022 01:35:16 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 18ms
8ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1040557206700558&ev=PageView_undefined&dl=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&rl=&if=false&ts=1658367316980&sw=1600&sh=1200&v=2.9.65&r=stable&ec=0&o=30&fbp=fb.2.1658367316662.1550010848&it=1658367316565&coo=false&exp=u0&rqm=GET

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:16 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Thu, 21 Jul 2022 01:35:16 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 37ms
18ms Image
image/gif 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-1640709-1&cid=2085958768.1658367316&jid=1678670475&_u=aGBAAEISQAAAAC~&z=117117177

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.co.uk/ads/ 42 B
63 B 38ms
19ms Image
image/gif 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-1640709-1&cid=2085958768.1658367316&jid=1678670475&_u=aGBAAEISQAAAAC~&z=117117177

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/1048808556/ 42 B
64 B 39ms
21ms Image
image/gif 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1048808556/?random=1658367316803&cv=9&fst=1658365200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg7i0&sendb=1&data=event%3Dpage_view&frm=0&url=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&tiba=Posthaus%20%7C%20Moda%20do%20seu%20jeito&async=1&fmt=3&is_vtc=1&random=134626238&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.co.uk/pagead/1p-user-list/1048808556/ 42 B
64 B 38ms
20ms Image
image/gif 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/pagead/1p-user-list/1048808556/?random=1658367316803&cv=9&fst=1658365200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg7i0&sendb=1&data=event%3Dpage_view&frm=0&url=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&tiba=Posthaus%20%7C%20Moda%20do%20seu%20jeito&async=1&fmt=3&is_vtc=1&random=134626238&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 6DDE 15 KB
6 KB 54ms
19ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=www.posthaus.com.br&origin=onetag

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/ld.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

5e5c9149be229df7c934f8cd1acf1b3cc9e04e29cbbe6cbe0e2d726e79930cff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://www.posthaus.com.br/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-length: 6144
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 21 Jul 2022 01:35:16 GMT
server-processing-duration-in-ticks: 2028
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 4074602.js Show response
bat.bing.com/p/action/ 827 B
767 B 159ms
159ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/4074602.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

/ ARR/3.0

Resource Hash

ec48c49ec199c83c27cc363ad78521ff1fbed0e15059a0153ed62fcb71d649dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 59098BCB02634B5C9EE9CF6B953DFF8F Ref B: FRA31EDGE0210 Ref C: 2022-07-21T01:35:17Z
x-powered-by: ARR/3.0
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private,max-age=60
date: Thu, 21 Jul 2022 01:35:16 GMT
content-length: 571

GET
H2 204 0
bat.bing.com/action/ 0
176 B 30ms
29ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=4074602&Ver=2&mid=22338c96-185b-469b-b39e-d45eefd4dace&sid=5fe393a0089511edabc5abec7916197e&vid=5fe3ca30089511edbe8737742d7cf304&vids=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Posthaus%20%7C%20Moda%20do%20seu%20jeito&p=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&r=&lt=4989&evt=pageLoad&msclkid=N&sv=1&rn=483879

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 47685FE1D18E48558B384EE5780A5830 Ref B: FRA31EDGE0210 Ref C: 2022-07-21T01:35:17Z
date: Thu, 21 Jul 2022 01:35:16 GMT
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 6DDE
Redirect Chain

https://gum.criteo.com/sid/json?origin=onetag&domain=posthaus.com.br&sn=ChromeSyncframe&so=0&topUrl=www.posthaus.com.br&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=UYurLnxtUDBVSGs1VHE1NFppL1QvUkxkTXRncnFCeS82TTBWbXhqNTJpMThqQkhTZkdwM0RSS2hZdnMvRUpaZFB6dFVRa1pJem5WbU1WMko5bkJiZWIvQzYyL0p0YWp4R3hyZ2U0QmswYVRjdGNXblhrWVdnK1pjSC82Wl...

417 B
628 B

154ms
18ms

Fetch
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=UYurLnxtUDBVSGs1VHE1NFppL1QvUkxkTXRncnFCeS82TTBWbXhqNTJpMThqQkhTZkdwM0RSS2hZdnMvRUpaZFB6dFVRa1pJem5WbU1WMko5bkJiZWIvQzYyL0p0YWp4R3hyZ2U0QmswYVRjdGNXblhrWVdnK1pjSC82WlVwcmJlS2h6cVk3NVQwWlJsc0dwNnVGNUJ1bTFCd3RDdktBcXNmK3ZWVjZUUS9Icll4VTJQbGQwU1BpTy9FUnFiWlZrQVhCNE1ocWZYTXdkS3FpQWZ4cTJ3dWIzaisyM1RrdGZCc1pJL1pzQ3Bpa2xTcFRZRXdFUVhuKy8xc25kZkpreXZPNnMxa0NPWDcrWmYwYVdObWh4KzJmd0E0cVFZRGRxc3c5WkFTSW9RNFZFeVl1Yz18&cppv=2

Requested by

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

2c00be6762aed63fdef4b9bbf0c3d2ee162ee15436cb9250165ff42104a12a09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:17 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 8199
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:17 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=UYurLnxtUDBVSGs1VHE1NFppL1QvUkxkTXRncnFCeS82TTBWbXhqNTJpMThqQkhTZkdwM0RSS2hZdnMvRUpaZFB6dFVRa1pJem5WbU1WMko5bkJiZWIvQzYyL0p0YWp4R3hyZ2U0QmswYVRjdGNXblhrWVdnK1pjSC82WlVwcmJlS2h6cVk3NVQwWlJsc0dwNnVGNUJ1bTFCd3RDdktBcXNmK3ZWVjZUUS9Icll4VTJQbGQwU1BpTy9FUnFiWlZrQVhCNE1ocWZYTXdkS3FpQWZ4cTJ3dWIzaisyM1RrdGZCc1pJL1pzQ3Bpa2xTcFRZRXdFUVhuKy8xc25kZkpreXZPNnMxa0NPWDcrWmYwYVdObWh4KzJmd0E0cVFZRGRxc3c5WkFTSW9RNFZFeVl1Yz18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1796
content-length: 567
expires: 0

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
717 B 309ms
308ms Ping
application/octet-stream 23.36.163.232
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C24Q4CFMU8Q03RAI27R0&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.232 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-232.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.posthaus.com.br/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 263300b7.87a2c7e2
date: Thu, 21 Jul 2022 01:35:17 GMT
x-cache-remote: TCP_MISS from a23-220-104-5.deploy.akamaitechnologies.com (AkamaiGHost/10.9.0-42538714) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-36-161-204.deploy.akamaitechnologies.com (AkamaiGHost/10.9.0-42538714) (-)
x-parent-response-time: 296,23.36.161.204
server-timing: cdn-cache; desc=MISS, edge; dur=90, origin; dur=210, inner; dur=207
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2022072101351701000400300773500201908280668
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 210,23.220.104.5
x-tt-trace-host: 01071338e576d3120912a2d25762897a4e7a0d9fbb4ee826938dbe86eb33a4b2ec791835ae54b8b7e510ce374c85175869b68160352b402e203955eb4fbf0a8c1a844066ea37ddd84d6a674db6bcd65f84a7fa69955fc1b04c626d166be3c9f08a2410dd3e0cfbdecdc816618a291e41a2
expires: Thu, 21 Jul 2022 01:35:17 GMT

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
716 B 151ms
151ms Ping
application/octet-stream 23.36.163.232
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C24Q4CFMU8Q03RAI27R0&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.163.232 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-163-232.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.posthaus.com.br/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 2632ffb9.87a2c7e5
date: Thu, 21 Jul 2022 01:35:17 GMT
x-cache-remote: TCP_MISS from a23-220-104-5.deploy.akamaitechnologies.com (AkamaiGHost/10.9.0-42538714) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-36-161-204.deploy.akamaitechnologies.com (AkamaiGHost/10.9.0-42538714) (-)
x-parent-response-time: 133,23.36.161.204
server-timing: cdn-cache; desc=MISS, edge; dur=125, origin; dur=18, inner; dur=13
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202207210135170100040040077350020000A2F66F7
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 18,23.220.104.5
x-tt-trace-host: 01071338e576d3120912a2d25762897a4e7a0d9fbb4ee826938dbe86eb33a4b2ec791835ae54b8b7e510ce374c8517586951af45e2f8400ba747e7eaf29f4c13acbfd2e2f4c5175af311a1cde6160ec26d6d16d1ee9611fa64355bf888833a5e686a63171911618577c7873df66ca6153b
expires: Thu, 21 Jul 2022 01:35:17 GMT

GET
H2

200

cm
ash.creativecdn.com/adx/ Frame 6539
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rtb_house&google_cm&google_sc&google_ula=5153224&google_hm=em9xQ0lQaU5DcFpVVjNCNzJ3T1I%3D&pi=adx&tdc=ash&chain=
https://cm.creativecdn.com/adx/cm?v=2&pi=adx&tdc=ash&chain=&google_gid=CAESEOLD7fmX5jCqzubXTRQMmdo&google_cver=1&google_ula=5153224,0
https://ash.creativecdn.com/adx/cm?v=2&pi=adx&tdc=ash&chain=&google_gid=CAESEOLD7fmX5jCqzubXTRQMmdo&google_cver=1&google_ula=5153224,0

42 B
243 B

161ms
155ms

Image
image/gif

185.184.10.30
RTB-HOUSE-ASH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ash.creativecdn.com/adx/cm?v=2&pi=adx&tdc=ash&chain=&google_gid=CAESEOLD7fmX5jCqzubXTRQMmdo&google_cver=1&google_ula=5153224,0
Requested by: Host: us.creativecdn.com
URL: https://us.creativecdn.com/tags?type=iframe&id=pr_hhX6cMuePreWPuw9xLe2_home&id=pr_hhX6cMuePreWPuw9xLe2_lid_lZ5WO4gTGjkmOhNolOph&su=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&sr=&ts=1658367316805&tc=1
Protocol: H2
Server: 185.184.10.30 , Poland, ASN203690 (RTB-HOUSE-ASH, PL),
Reverse DNS: ip-185-184-10-30.rtbhouse.net
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://us.creativecdn.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:17 GMT, Thu, 21 Jul 2022 01:35:17 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-type: image/gif
content-length: 42
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://ash.creativecdn.com/adx/cm?v=2&pi=adx&tdc=ash&chain=&google_gid=CAESEOLD7fmX5jCqzubXTRQMmdo&google_cver=1&google_ula=5153224,0
date: Thu, 21 Jul 2022 01:35:17 GMT
content-length: 0

GET
H2 200 fledge-igmembership Show response
fledge-usa.creativecdn.com/ Frame B4FB 1 KB
892 B 178ms
155ms Document
text/html 185.184.10.30
RTB-HOUSE-ASH

General

Check archive.org

Show headers Download Go to

Full URL: https://fledge-usa.creativecdn.com/fledge-igmembership?ntk=dN5nVdGM4pfIueEtYYif5CaXwyYyCPijhqZzMyQHVZBHCb6Hr7pL4bc-zoMY6uV5YKYzdPb670lLfH2FkkEhbg
Requested by: Host: us.creativecdn.com
URL: https://us.creativecdn.com/tags?type=iframe&id=pr_hhX6cMuePreWPuw9xLe2_home&id=pr_hhX6cMuePreWPuw9xLe2_lid_lZ5WO4gTGjkmOhNolOph&su=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&sr=&ts=1658367316805&tc=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.10.30 , Poland, ASN203690 (RTB-HOUSE-ASH, PL),
Reverse DNS: ip-185-184-10-30.rtbhouse.net
Software: /
Resource Hash: 34278f2d25a0abfa1e93df940cc7f40672f420ed0ae7444a8a8a98fe28cefcee

Request headers

Referer: https://us.creativecdn.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: public, max-age=86400
content-encoding: gzip
content-length: 444
content-type: text/html;charset=utf-8
date: Thu, 21 Jul 2022 01:35:17 GMT Thu, 21 Jul 2022 01:35:17 GMT
expires: Fri, 22 Jul 2022 01:35:17 GMT
origin-trial: Au+q421JtVcIdQDg+KLkxg4UdxYCIc5MjP5ceAacKEe95NdFlIYGHr/MZumsGWz8gsSmFiXDMB3IVwjICixv/AYAAABxeyJvcmlnaW4iOiJodHRwczovL2NyZWF0aXZlY2RuLmNvbTo0NDMiLCJmZWF0dXJlIjoiUHJpdmFjeVNhbmRib3hBZHNBUElzIiwiZXhwaXJ5IjoxNjYxMjk5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
vary: Accept-Encoding

GET
H2 200 main.32155010.js Show response
s.pinimg.com/ct/lib/ 52 KB
18 KB 8ms
8ms Script
application/javascript 2a02:26f0:6c00:281::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/lib/main.32155010.js
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/core.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:281::1931 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 83912349e8bc8f0ec2084562dc5e71e06f33a3dfcad4899af80117a7174be14d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

akamai-x-true-ttl: 1209600
content-encoding: gzip
x-cdn: akamai
etag: "fd86de14455274a7c147dc95b77e18e3"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=1209600
accept-ranges: bytes
content-length: 18298
access-control-expose-headers: X-CDN

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 7ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1464688870412041&ev=Microdata&dl=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&rl=&if=false&ts=1658367317165&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%20Posthaus%20%7C%20Moda%20do%20seu%20jeito%20%22%2C%22meta%3Adescription%22%3A%22Aqui%20no%20Posthaus%20voc%C3%AA%20encontra%20Roupas%20femininas%2C%20plus%20size%2C%20moda%20infantil%2C%20moda%20masculina%20e%20muito%20mais.%20Confira%20as%20promo%C3%A7%C3%B5es%20da%20moda%20e%20aproveite!%22%7D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22Posthaus%20%7C%20Moda%20do%20seu%20jeito%22%2C%22og%3Aurl%22%3A%22%2F%22%2C%22og%3Atype%22%3A%22product%22%2C%22og%3Adescription%22%3A%22Aqui%20no%20Posthaus%20voc%C3%AA%20encontra%20Roupas%20femininas%2C%20plus%20size%2C%20moda%20infantil%2C%20moda%20masculina%20e%20muito%20mais.%20Confira%20as%20promo%C3%A7%C3%B5es%20da%20moda%20e%20aproveite!%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.65&r=stable&ec=2&o=30&fbp=fb.2.1658367316662.1550010848&it=1658367316565&coo=false&es=automatic&tm=3&exp=u0&rqm=GET

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:17 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Thu, 21 Jul 2022 01:35:17 GMT

GET
H2 200 / Show response
ct.pinterest.com/user/ 482 B
834 B 102ms
35ms XHR
application/json 104.90.104.236
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ct.pinterest.com/user/?tid=2614078687536&pd=%7B%22em%22%3A%2224aba99b2defbb47ee981b4200313f61f3ae31541d8717bdac1e463c838939b0%22%7D&cb=1658367317174

Requested by

Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.32155010.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.90.104.236 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

Resource Hash

ced49017b1747b55cec9c576da1dc15fa47ce9cd77ec6e0cf27033892e826864

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:17 GMT
content-encoding: gzip
vary: Accept-Encoding
x-cdn: akamai
akamai-grn: 0.784d655f.1658367317.13fc1c5
x-envoy-upstream-service-time: 3
x-pinterest-rid: 1072609981337163
pin-unauth: dWlkPVpXVmhOR00wT0RZdFptSmlaUzAwWkRsbExUazNOalV0Wm1OaU5ETXhPVFE0TXpneA
access-control-allow-origin: https://www.posthaus.com.br
referrer-policy: origin
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
content-type: application/json; charset=utf-8
pragma: no-cache
access-control-expose-headers: Epik,Pin-Unauth
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
content-length: 350
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
ct.pinterest.com/v3/ 35 B
333 B 104ms
40ms Image
image/gif 104.90.104.236
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ct.pinterest.com/v3/?tid=2614078687536&pd=%7B%22em%22%3A%2224aba99b2defbb47ee981b4200313f61f3ae31541d8717bdac1e463c838939b0%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%2232155010%22%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Afalse%7D&cb=1658367317176

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.90.104.236 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-90-104-236.deploy.static.akamaitechnologies.com

Software

Resource Hash

37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:17 GMT
referrer-policy: origin
x-cdn: akamai
akamai-grn: 0.784d655f.1658367317.13fc1c8
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time: 3
content-length: 35
x-pinterest-rid: 8275133597660896
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 4074602 Show response
www.clarity.ms/tag/uet/ 2 KB
2 KB 188ms
115ms Script
application/x-javascript 2620:1ec:27::cafe:1846
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/4074602
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/4074602.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:1846 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 8c05001dd75d34f2911f04198c6ecc5686394505809cb5f060c12846bf1a3490

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:16 GMT
x-powered-by: ASP.NET
x-azure-ref: 0Va3YYgAAAADo0vwqbtn4T4YgH96u6H0TTVVDMzBFREdFMDMxNgA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
request-context: appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8
content-length: 1542
expires: -1

GET
H2

200

event Show response
widget.us.criteo.com/
Redirect Chain

https://sslwidget.criteo.com/event?a=4764&v=5.12.0&p0=e%3Dce%26m%3D%255B%255D&p1=e%3Dexd%26site_type%3Dd&p2=e%3Dvh&p3=e%3Ddis&adce=1&bundle=ijS9Sl9EVE00U21VNjNTeGFmdWY2QnZYbmQ1OTFxTVU4Yjl3ekJOeE5PW...
https://widget.us.criteo.com/event?a=4764&v=5.12.0&p0=e%3Dce%26m%3D%255B%255D&p1=e%3Dexd%26site_type%3Dd&p2=e%3Dvh&p3=e%3Ddis&adce=1&bundle=ijS9Sl9EVE00U21VNjNTeGFmdWY2QnZYbmQ1OTFxTVU4Yjl3ekJOeE5PW...

8 KB
4 KB

324ms
106ms

Script
application/x-javascript

74.119.119.150
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.us.criteo.com/event?a=4764&v=5.12.0&p0=e%3Dce%26m%3D%255B%255D&p1=e%3Dexd%26site_type%3Dd&p2=e%3Dvh&p3=e%3Ddis&adce=1&bundle=ijS9Sl9EVE00U21VNjNTeGFmdWY2QnZYbmQ1OTFxTVU4Yjl3ekJOeE5PWXNNYXk4Nm1RSG1GZjBDbFU0MUhtZHVWWHJHb2tVZjMzVVFmWWtOWFZNcnh0MVdCNHRjWUI5eTJwN3pXMFd5T0RxdHJwUVExNWo0VzI3eEVFUVBzUVYwb0I4NlJBSyUyQjYyJTJCU3ViSFpaRHF6bThCQkZnJTNEJTNE&tld=posthaus.com.br&fu=https%253A%252F%252Fwww.posthaus.com.br%252F%253Fawc%253D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%2526lnk%253D1458_0_0_0%2526ordprd%253D6%2526utm_source%253DZANOX%2526utm_medium%253DAFILIADOSEXTERNOS%2526utm_campaign%253DLINKTEXTO%2526mkt%253DZANOX054%2526utm_term%253Dhttp%25253A%25252F%25252Fdecoracao.com%252B&dtycbr=21393

Requested by

Protocol

Server

74.119.119.150 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

39aa3bfcc94c8bd3f9f3fdb114da621ab3fcd4b20be31d4127c510ec2d2c9fd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:16 GMT
content-encoding: gzip
server: Kestrel
timing-allow-origin: *
strict-transport-security: max-age=31536000; preload;
p3p: NON DSP COR CURa PSA PSD OUR BUS NAV STA
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 12586364
content-type: application/x-javascript
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:17 GMT
content-encoding: gzip
server: Kestrel
location: https://widget.us.criteo.com/event?a=4764&v=5.12.0&p0=e%3Dce%26m%3D%255B%255D&p1=e%3Dexd%26site_type%3Dd&p2=e%3Dvh&p3=e%3Ddis&adce=1&bundle=ijS9Sl9EVE00U21VNjNTeGFmdWY2QnZYbmQ1OTFxTVU4Yjl3ekJOeE5PWXNNYXk4Nm1RSG1GZjBDbFU0MUhtZHVWWHJHb2tVZjMzVVFmWWtOWFZNcnh0MVdCNHRjWUI5eTJwN3pXMFd5T0RxdHJwUVExNWo0VzI3eEVFUVBzUVYwb0I4NlJBSyUyQjYyJTJCU3ViSFpaRHF6bThCQkZnJTNEJTNE&tld=posthaus.com.br&fu=https%253A%252F%252Fwww.posthaus.com.br%252F%253Fawc%253D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%2526lnk%253D1458_0_0_0%2526ordprd%253D6%2526utm_source%253DZANOX%2526utm_medium%253DAFILIADOSEXTERNOS%2526utm_campaign%253DLINKTEXTO%2526mkt%253DZANOX054%2526utm_term%253Dhttp%25253A%25252F%25252Fdecoracao.com%252B&dtycbr=21393
strict-transport-security: max-age=31536000; preload;
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 4116285
timing-allow-origin: *
content-length: 0
expires: 0

GET
H2 200 clarity.js Show response
www.clarity.ms/eus2-f/s/0.6.36/ 52 KB
23 KB 114ms
114ms Script
application/javascript 2620:1ec:27::cafe:1846
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/eus2-f/s/0.6.36/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/4074602
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:1846 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: e8aff6a8426e2182081c0e696ff05c3b10eeb43716fe56bbc9f8b3b3069c6736

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:16 GMT
content-encoding: br
etag: "1d897c159e34826"
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
x-azure-ref: 0Va3YYgAAAAC8CWbDvjRiRpDIQXzSNR88TVVDMzBFREdFMDMxNgA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
accept-ranges: bytes
request-context: appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 8ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1040557206700558&ev=Microdata&dl=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&rl=&if=false&ts=1658367317481&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%20Posthaus%20%7C%20Moda%20do%20seu%20jeito%20%22%2C%22meta%3Adescription%22%3A%22Aqui%20no%20Posthaus%20voc%C3%AA%20encontra%20Roupas%20femininas%2C%20plus%20size%2C%20moda%20infantil%2C%20moda%20masculina%20e%20muito%20mais.%20Confira%20as%20promo%C3%A7%C3%B5es%20da%20moda%20e%20aproveite!%22%7D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22Posthaus%20%7C%20Moda%20do%20seu%20jeito%22%2C%22og%3Aurl%22%3A%22%2F%22%2C%22og%3Atype%22%3A%22product%22%2C%22og%3Adescription%22%3A%22Aqui%20no%20Posthaus%20voc%C3%AA%20encontra%20Roupas%20femininas%2C%20plus%20size%2C%20moda%20infantil%2C%20moda%20masculina%20e%20muito%20mais.%20Confira%20as%20promo%C3%A7%C3%B5es%20da%20moda%20e%20aproveite!%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.65&r=stable&ec=1&o=30&fbp=fb.2.1658367316662.1550010848&it=1658367316565&coo=false&es=automatic&tm=3&exp=u0&rqm=GET

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:17 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Thu, 21 Jul 2022 01:35:17 GMT

GET
H2 200 logoLareLazer.svg
ph-cdn3.ecosweb.com.br/imagens01/ 4 KB
2 KB 7ms
7ms Image
image/svg+xml 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/imagens01/logoLareLazer.svg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

17bcc3658ee656d1a46a696a42e7b40c5b31b36057cf2726bdb1cf8aa90c2db3

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 18 Jun 2020 14:14:06 GMT
age: 0
servidor: orq-cdn
vary: Accept-Encoding, Origin, Accept-Encoding
x-cache: MISS
content-type: image/svg+xml
cache-control: max-age=43200
content-security-policy: block-all-mixed-content
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-request-id: 1703A1CE943EF31A
x-xss-protection: 1; mode=block
expires: Thu, 21 Jul 2022 13:35:17 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 83 KB
28 KB 73ms
20ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: llinks.io
URL: https://llinks.io/?fmFhB1k

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a438643233f6a5349ba491bfbfbf43278e555040446d68a51c0e5736094e8d72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28577
x-xss-protection: 0
server: sffe
etag: "1279 / 650 of 1000 / last-modified: 1658354706"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 21 Jul 2022 01:35:17 GMT

GET
H3 200 pubads_impl_2022071401.js Show response
securepubads.g.doubleclick.net/gpt/ 377 KB
129 KB 23ms
7ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071401.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe7bd8cacf9680625b7da9649a92bee8ab705909190040bad2396b2d6ca9436e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 21:13:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15736
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131659
x-xss-protection: 0
last-modified: Thu, 14 Jul 2022 08:36:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 20 Jul 2023 21:13:01 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 100 B
113 B 54ms
17ms XHR
application/json 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.posthaus.com.br

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ec2-18-229-174-124.sa-east-1.compute.amazonaws.com

Software

cafe /

Resource Hash

6d91312168b495aba8a3575607f7f7595c9590ad20d6cb362a9e1e147f85f843

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 21 Jul 2022 01:35:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 88
x-xss-protection: 0
expires: Thu, 21 Jul 2022 01:35:17 GMT

GET
H/1.1 200
OK / Show response
df.pmweb.com.br/push/ 2 B
511 B 838ms
215ms XHR
text/plain 18.229.174.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://df.pmweb.com.br/push/?aid=PM-NW3T6C&cid=917401658367317457&sid=657678132358861658&pvw=1e6515d0-35b3-4154-a74f-aeec6e67dd5c&v=1.19.0&rs=1600x1200&tt=Posthaus%20%7C%20Moda%20do%20seu%20jeito&ws=1600x1200&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F103.0.5060.134%20Safari%2F537.36&url=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&us=ZANOX&um=AFILIADOSEXTERNOS&uc=LINKTEXTO

Requested by

Host: cdn.pmweb.com.br
URL: https://cdn.pmweb.com.br/df/tag.js?id=PM-NW3T6C

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.229.174.124 São Paulo, Brazil, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

54d626e08c1c802b305dad30b7e54a82f102390cc92c7d4db112048935236e9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 21 Jul 2022 01:35:18 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.posthaus.com.br
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 2
Expires: 0

POST
H2 204 collect Show response
n.clarity.ms/ 0
178 B 502ms
289ms XHR
text/plain 52.184.204.244
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://n.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus2-f/s/0.6.36/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.184.204.244 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.posthaus.com.br/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

access-control-allow-origin: https://www.posthaus.com.br
date: Thu, 21 Jul 2022 01:35:17 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 71 KB
24 KB 363ms
363ms XHR
text/plain 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=111817273647054&correlator=113750208413550&eid=31060438%2C31068159%2C31068458%2C31068502&output=ldjh&gdfp_req=1&vrg=2022071401&ptt=17&impl=fifs&iu_parts=70779096%2Chomedesktop728x90%2Chomedesktop300x250&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F2%2C%2F0%2F2&prev_iu_szs=728x90%2C250x250%7C300x250%2C250x250%7C300x250%2C250x250%7C300x250&ifi=1&adks=1387136263%2C676727686%2C676727687%2C676727684&sfv=1-0-38&ecs=20220721&fsapi=false&sc=1&cookie_enabled=1&abxe=1&dt=1658367317848&lmt=1658367317&dlt=1658367313856&idt=3797&adxs=436%2C409%2C675%2C941&adys=3246%2C3258%2C3258%2C3258&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1%7C2%7C3%7C4&ucis=1%7C2%7C3%7C4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fwww.posthaus.com.br%2F%3Fawc%3D17634_1658367311_72c6c5e2dee14a76c6c80354341f6145%26lnk%3D1458_0_0_0%26ordprd%3D6%26utm_source%3DZANOX%26utm_medium%3DAFILIADOSEXTERNOS%26utm_campaign%3DLINKTEXTO%26mkt%3DZANOX054%26utm_term%3Dhttp%253A%252F%252Fdecoracao.com%2B&frm=20&vis=1&psz=1600x8%7C1600x16%7C1600x16%7C1600x16&msz=728x0%7C250x0%7C250x0%7C250x0&fws=4%2C4%2C4%2C4&ohw=1600%2C1600%2C1600%2C1600&ga_vid=2085958768.1658367316&ga_sid=1658367318&ga_hid=623455674&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071401.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

cafe /

Resource Hash

d5e753855f471ccbb9dfcb9e60c7ed3dfd5b1334ffe70565dc68e2353783b8f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:18 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24675
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.posthaus.com.br
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 66D3 6 KB
4 KB 76ms
15ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.posthaus.com.br/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 21 Jul 2022 01:35:17 GMT
expires: Fri, 21 Jul 2023 01:35:17 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame BEE5 6 KB
3 KB 25ms
9ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071401.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.posthaus.com.br/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 21 Jul 2022 01:35:17 GMT
expires: Fri, 21 Jul 2023 01:35:17 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2F65 6 KB
3 KB 17ms
8ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071401.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.posthaus.com.br/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 21 Jul 2022 01:35:17 GMT
expires: Fri, 21 Jul 2023 01:35:17 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 0F0F 6 KB
3 KB 9ms
9ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071401.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.posthaus.com.br/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 21 Jul 2022 01:35:17 GMT
expires: Fri, 21 Jul 2023 01:35:17 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame FD66 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071401.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.posthaus.com.br/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 21 Jul 2022 01:35:17 GMT
expires: Fri, 21 Jul 2023 01:35:17 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 27BC 624 B
297 B 19ms
18ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYwomcvQEwAQ&v=APEucNUegN5OIzj5KDvIrSu9x-X4GYNkdU3q2WKL3X1NwQEOHz84uvfhPW0YD3f6vjJCk63Huwuer_FPAz7BMKFCZ32xMtz_O8POEPYoEpNbKvPXAGxWDEeXy5zgCSZx34VC5ZlkFivCvjzka3TIBaat_mdCusj8gq69K7WiS7bGFf4SlqO0Tg4

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 21 Jul 2022 01:35:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 2F65 83 KB
34 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D_1qttK8hqGWTSWaCe5cj0V4XKmhLzSXDk5Ku-qTQAMQqvHqQMSeqiA-3IbKKLGLb2BfNlPP7Rvf9PTroe_ueUwOwIe2TOjwHbG7zUt5ySeeMnU4Ce4SZcISjfwb8ASyDEbkpPCJZUstxUaa1DnBoBqoLB_Q&dbm_d=AKAmf-A2X98FXT24KikEXxCgQMVpPuUi8YnUmDGqs_2rbunNDLSs103KFnyFmFaDqQ592v8d5jI9v3Q3P4vukhG56sKAsWVEsV5swfWA7WRVfDEodyliXY50FeDsF2g9LphMJqLoO8XjMjc6V3MGH0gl7uxnX0zKBIsnzr96M8NIjSgqv8_TQhu99LsepTAe31NKBESkIJqd3BLrcC_G3Irdev5g8E_x_owTXRaBsGVXywRoKCsLFtc1EETH54BlGt-7ZXhakE2ivqT5XesxPMn8JFV4dHEvG5kcLnyf_URwwr_XvwZKC1P1doaBX9Qe4KvhBxEsAJ2GcS1u3ka7cBMSXm1kmKLVfONTOG2_iDegHUrPAykTdjncELym2XFWxKdiPxu0WyY5xYuWSHlpnbJTHT2pOJzKxc-7xf5kDmx_74gXKNq39OpzbtvzFMITOngtq67ZQIHsFFeWKNcNVsao9GanvcNP3ysNDRrPCNPGKlR4KjqwHmu8Pf_qpsaRFzvMdWRyD9tCSflKcdNNEEuQNXwIEZIm4Bpfs9sJEK68rioLkvytwbMyTTFw9Qcx9oWpnc2hQCcamBlUDFUkWxk9U7z4DyE3RtrHeeBdQCSdAPKZ9qHi4mQF1gSfjWCzUngqotOc9MPx7jtUqQjj4_lBdN4X4jmTDQ8oLgFVeVD5H2hPiTOh_9VVImkxLniG38uWgowMIsxtMlFNrUw8ZFeMRsGtB8yoTUe474-dj9wWLktPVfwVlDRIO_btNQIM4YaU7pDWtfHneB62wL2ZwBwL8n5atjlbp31QJyYDvXiaYaBE2NmbOKp7G5kt660yCn-Gh7-BAIbticIle1i00kF7HIbmclYE1IQpv7DI7V5jzMR8OxOEqRk3CDVvF1fo00XqUNuSfgJoR9Pvmp7Rnj4_0KxdoZJJuKmR1Y4Cu3vyI4rRw_zAK1y_QpJGUR5uv5SKJcNFBmHhBCfpCoaKnU8Xp6J7ObrsZBo_nns0G0eZM9hWMZhXtG_3G7bE0-YGyKTuTTaadTzlVzpSUlznNwOv19d3GsmWCuqxh7XloNu1UFV5P0KuzGunaZllRS0zcvkIaeuz6gs7KQdcVtycHdKKaUt54AEU0id4o87R7d5NGn1olhMtRsniw789BpdVHQlOykFyIGDsFc4PXlno-mdyN9J5GchnbamtccsKyjRNiL7Jn8ajH44qAbxwiumSPj7oSEsroAaoeByANf4eNPiM6wuYLdzJ0i7VGqr3BqfdipvnC-k_RuYzaqLvSVeT_ToTVyws-v2rhx3jRtt67kNaEZulSpukFPTBJkbN3xZJzfq8AbMw2ACMyo-ztxir7qab_hqJciK7FverBAC4jH20gjmRW4umTI203Ykuva49XPyd-yuxXZ4afTLBlmwvW4zAXtOPv4QWyO6DaSRmrgtwJ70oTcduBFAAAwYA3hPtEhY_StJrjpmbCjrb6lV5pwKmvVn2oQXDw-Lje3HiWg2v9qVw2yJi39bMDBkvwJnt0DN8pRDuKZ2t_UH7lf8yPi06bAXvVYp-zHoMYSnzuD51fFTLUaiyMq-j5qFxOmPINA6PLPJtKir2cB46e6aKWHb4CRxQ0PTc5HiGFEis_bmLGkQHiSGCc0Ec2oRrM0eYNNTFQyIBEAzmfWhfDOkwIEboomySQLuf0EoM5h88ju4CdKvyS6PR0TnBkT7KcyaCO3b5nkzWGnpY381on58bVLTnwfxTnUelIJRe8RtXKt2RsgpLqlasxbzy2kYHisSGls_I9RiLYhy72zR7acYTYPcwAwodklQc_iUrvWaJNLP3b_Gt1wscUcHrR62dhypnjxF276Mlz17S6ZGK2W9Jxt55BhU34xzjOokQJOQI5lMeI6u8WW2QgTGfHD4HANsXiABuEIdTZvvMB48CTP_ANCCYRiXoBrzpdK7RUqoGV8XwO0PUQ--pAC4tFdPoO4dojSlCRcpqHwnG3TnqnTp8slaNCb2LR-wM7vRzNc7DJpQr2Zjq_tjSAqR0_Iiq0Sv9wK5DZbk6GgL_PfKTcNGxpbYs9OdHC5WfKFqG3hi8wnEgOAlxFW5sHUYM6S_oS_MUCXL9Egh5ERo0rooeXL1D_ew7wDXGT6J3DmU1RljSmtvCcM_VXnCCbZTwZVG8Ic5m8H-KZAW58cFUHOCwB9rG1XYqHE6vMVvkCKFNFWXrQkl1JsLoihm6Iuzn26MjUD2u2oDFVipfVFGZ5EbvtPHAmZW9Z_mlbbepxnqYPeNPpKYAQtN7mckCqtVJmDyxKOAa3HcExD78UGGgZWVhXiE9TCDfCDdik0a7dkXbcAHSJNLijx9JdC6R7iZRNFOJRbkjcbUc8kagRqQb_pm4gmrReq2nfrAxw04FX8_JsahAl08WnShsS7Ku8kmTRB8OXUyVnLT6J9cYQYEuHYvOknDzSPebMsLolGRlBuKd5h6or5pxuK9AaTg9lAb4fthp7zs46ecpzi4DF10j9vpDNNijCEUi7uPFih1eOepzcjsy9WCpAX8n3ozvce2_XBxjEMLOFYKDM8XAy2yqButlBEU_7xsrNu0rXrGe01DmgqjCbM0I1qmQb-ERJFX0mStguwZZYToRLwXBy-Z1OPsjrOtRD1-5zUag7B3Ty4p2mdP1UdqFDtzckNpeka_GWYeDovM8kgxSV1_DaQTkdxC9qatNqWikCAif7T7ix5V8Vh0s6cWIjaf0BfHUrYBgdBtxpdHsoSAwtLVBLnCQC9LglI5D38OzskBeDSJpy2FD-1AYAKb7MBLTFqCskayOwMZeZ8pG5pFku0yJDYA6SnRoG5kJN4hyzc4SM0UB70wWQ_9cNX-R5KFVSrQQtmf59QOjkgX7H9BlMBEmkaMxCQ1897TUL1jYW-AMwVKTK5d1zxaEPMe9hB0RX93WCD-5oC3wBu72xq7Bjf7hODzSp7SR03lBudWmoFFPBZamRWCoOTmtQKV17Q5f1JhbcP2g9ET7mMckuFLNEZSFLjHDFmeQnMNtw-hXJahQzifD1GQSiAVmDcdzqjPyaxhRsBes2E1Lctua_RV4PWTUmQm2hzfLdORe5qYA18XqnrDwVMZ2L1G1K3l7pD41DEBk9XeJJRgH-uPdIOnjzfvp_K3bGXhI1wz801Rpe7GQ029EJi6hIuQ3I8EUiadFEIoC2WYVYLBCmjh1QnOd9vQkqSYxs3ixrC0SBvdOyVoa7KwlKfVkgfyzmkopd0QVvkI_j3qxgGt4xbeTYxSHzaszb-ktcfTIrgyQCaONY2FdUC3u7RFRNn2jGDPIVtxBTehxdyiw9CFLRVNnWpYHb-c69qEqDT5xdNpNIpq-w4WBasxAFHqmsyx8zyzYwkoi6wBZytm3D9dMpZSnXwp01FsN4NpK7Zbrj9rxeyQQNanWLkpHRhKOk24jO78VJf2CqqmfE2Maxzt_PHBUMzNa-_dFGF6d2sOdhH6i7tr2YQLz-49xvXjjMmY8WcB4JanpeTwccoobYKNmSjiYzl_kFdnO6xs&cid=CAASJORol1P_ezsuAj6Kf7e5d2Jzm7f57xhfHrCZm3RAyKjoe7k3yA&rfl=1%2Chttps%253A%252F%252Fwww.posthaus.com.br%252F%240

Requested by

Host: llinks.io
URL: https://llinks.io/?fmFhB1k

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bcc3c1cfb0b06b1e3294a65194a72443bab0ea165411eda5c967fa8850b5f5e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34741
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2F65 42 B
107 B 77ms
43ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D3CTOwo4iC9Og9bjk8cGg7yTeWgG9MEekk32jHHyRJE3d68gGEzSIyzZucR0TfgQi-oSurGCsRld9Hd3qH4_7sOj7MGs4GxEFM-iWGv_dbFaEXJ8k

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame 2F65 47 KB
13 KB 135ms
30ms Script
application/javascript 34.241.76.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=925113&advId=818595827&campId=15484256308&pubId=1&placementId=396821698&adsafe_par&bundleId=&dealId=&bidurl=https://www.posthaus.com.br/
Requested by: Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.241.76.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-241-76-101.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e43858b273888bf35f327c2da2cf29ac768ef30d56ae83f108d56b2e29e4ead9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220719/r20110914/client/ Frame 2F65 3 KB
1 KB 50ms
17ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220719/r20110914/client/window_focus_fy2021.js

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:20:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 895
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 04 Aug 2022 01:20:23 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220719/r20110914/client/ Frame 2F65 17 KB
8 KB 42ms
9ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220719/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a163b80061e9d2d04c92e16d194fcb8d79fd0f175738736b0aebcd98600d0175

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 00:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3580
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7334
x-xss-protection: 0
server: cafe
etag: 1169380200214664902
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 04 Aug 2022 00:35:38 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 2F65 0
0 16ms
15ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQLhGD5bgE0PUhd_39kX7Rih5ckd7pbxrEHPdzFIx3TXZ4zNM9PHeRjVKjDGZTG7y4u1aCrCsvcFSbvkKD2WVrKEeXLVQ
Requested by: Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2F65 137 KB
43 KB 53ms
20ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0de50a799ee39bde80bfb0943ba85616975f5c71e0e746b49c27c5b0d1731ef6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43203
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1658144321100200"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 21 Jul 2022 01:35:18 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame A1A9 624 B
297 B 18ms
18ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYr4CcvQEwAQ&v=APEucNVbPZERsUFl9Gd0fqKYCUxCabq2J1B-kZ-OcgDOaHoov7QapnI_QX136sC7KK9u-k7U4HrTQKhuWMd5tu1PSJUKaudhlHZot2q2PXk36mwODqaSHVRnD_3jmCAYUxwsOFDAY42OCUIx6i5mOPoytlO7Qej2bsPN6TurMTqqwe6i7jMLVI8

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 21 Jul 2022 01:35:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame BEE5 84 KB
34 KB 91ms
89ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DQ_8irCoIVuiieSvGfhu5964vzRuZaWlFhhrxkG1v86JJM7HctaNTn-vyPjZDgDRl2L_JRU3eN2X-V1H5XZabK3n3iWapur1TQEQbZ_8nAVj1mmhDizxxKuWBn7R_uNLIiwhh1me3eiJtyuiUQ4LbzbHcEsg&dbm_d=AKAmf-Bmv2wQ3585Roq9Wxr2Vbn7rY6_voe9H7upzDWAbdDr66Iot7qvYAk4pYo5tRgQDR6s1iPli6VejI6wWZpfkrOBVN4oko1aBKaKISQDZBtn0mHty9KQaSWg7YeqLEFcOK2ihlVgom0_vTtQ38vaWmkuh7gjacSneDGQeSxRA6vSkxu-5-RX6qG6_aShwZ4DWwfYZrRHwjrWlS5kCkXcY-2UXVTdnrqRcixh9S87BCN25VReqciqp9CXkyegNN5Y04OowUCrI3CTTSM7BHo-TCq-Ff5XYhvJb75v4oheFM4GJirWloH2JG62G0MR7dWuOfcvu9cKZO8NxvGZ8CPEhRaP0ZdwuDDz1uJyOtQlScNO5IT1bJ4obkpuVzIBDD5ZZsS3V1n02zguzC_pFRmtJhB4FS3GrzKHeJgsGCCW2XVk5l0vMJWR9mj-yKa2xtSSIo5ERJ6EtMz2icpz1HoUSBcaT8SH_rtvX39EceyLm2gu4mVUaZ9Hw3bs0rPFFK88GdQibHEZnlF2tbFtyYfFfLu94r9rcX4z9MPbN2gIdM1OVO_WtT88f9CqQ0VZFob062wGH8i_90G0sxCqWHcnST0HFFnYJTzzrrrJ6g3Q6ebIn89dLCJlv4D4OLltXaFXke1VSDdGOH4c2kcWJi5yQdLyuJMtP4n03FrfYkubnFYYAHVOO1XCJEaTAirtGqLtkmurZmD3aM0ROGKiOApD0Zl7tlo77JvBUCuzYJ5sd3-hEaagfH9M_Gm3ReBJwGWpgSiZL-VTS4kAQW4RHktS-dTdO2G63fdJCdVrWRawXkW3vgAcE0ZLDg9t0IpJ3g0NGxSWZutpbYff3dflsbws90l7GtMdS1RrgPB7wjAek9gNE4dN_t2LPxa3Nzl4DJLPWFCN4qxDUXPOEJkM3NkKc498V4rans9yP1F7ETvwUtwZ_xSKzVMn9iNP7w9zTm790MPgZ6-7xQ5uk4cgBh-PTP-hZ_iqXjAO5nrT42O-UFaufVFEJjYx1z63HYh92gwDY3pjiDD26-LMz9QkuTxAJ_VVcpCBy4_ouF1cVNhjOH1yIRX-2y6gruiIgDLr6HFcI1_Tcr7xq5J5x92zRew4IwfuIk_d5qwW66V-SajjoiuChJ-VbqI8zN37GHuKPggGUwCLv5PbHDKc2O2_qHmKHMMrfLPJVBrYnsF71Ea-SWSXzS90xiN1uxkynUCdtauspwxpxGdiPOyCzPKwVuZ4lRLjCdX9aNVUXAafyCuNNSha4y5wTssjiVNWJ7yj4XWUsFFAhdg3rOI3zlRPVx3LVhQ2YjaG8RJiH2dx4iY4jwPObd44t0CBjw2jB5TXRx9zZr8G3PAKSr8W4qjJCuwfURR833UH_B1bevTEmvChmCR1DGgYGXVNLPlXQmj-zaO7npBX-DAqfrW6csxs5EjyLB6-NLmTsFry8u7i98X4ObSXPEvjzDCIPf4r42SeGN__Ro53qQKE-rZAItUuL2-IuWfee2ZENwhXyrGZcV3FaFVa0ocQvA5zN1tYV2BJMoIZhcyVgGt_Wl6r0AqlpNHN9SFFNbGRUqQ4MfEaNCNZTp5qaGCyr9mM4sz9ioOJzvHIPYTBKI4BwBqKe_dQDP3RcE9BdxVGRQRbZti1b0LvJTrsp_UImac_868rYEgBOafRf2E-QfPyePFZ-6GxO9-RFUcnjN9uo1vhquDjBaw4152vm-YHN6Gc598tsdDDVhZQlm_tw5ahcQY7b0easufXJgnOFHO_Wpsynms1O-Yj2bqVuJ0walwvFF44iHGsrtcYUxtrR0GtFIJ2UE9JBCXubWdQpQxxQKnPQdVWFAvbnL5qJ8frt1OqP0DVT-eZy1JzMWMCUZ-3HT6iL8vHJg8KBbZOvw16g9dQ5gco_huuQmKexPSyN1dt-bYAzVXqdOxuC9fTJugBeYizgGXLvd7iJxuT5J9Idvgc30XFL5n1qK0TGUFPYTW-nWj7_cm3U3Fl261kgmYqdHcZgqeQvgjA0p7HWjrNczT_XvWCCfGIXSb9bXQXS2f28KQFziRIQDtnEKDAf1_l-ZuJFnZ7dmj442aZDNvJjEk-9efMe4NCUYXtawEdcGiKjI8pZkLV_4JNMzIl194bKxWybkRyXB2mQcEup9aJsp3voNWWGecc5Y0kZm7CptyicOn2v3giO_Vu8MIyyTJi3GR07vrZMICB3wJMcR048GiHn8JCo0Jeg28RBt4DfFXy0ixQDOQhG_CDGDZbCQf-U0xHICowa7Bsol4l2WdxgPpG0KrRUJcw6vvo-IeXhJk8C2sCdhuSVVjO30qNmtEZJXLoNok_1do8pFCcnA-7Yw3V7Yi-2Lm1d4UdZkkaslFzmRUMkSoMnypq6oluhUWkKOf88KyEYbfYTvQkEgjX7olFtXwOei6uZYzOxt11tOZFLFXQLQNLeGT8HfArNEyO8VtWgckSal4KcYyLiCYICKIdqiq7qNBGlMhWr0pBkGPhN9I_zXYAmhyhxonjZom0xzP7Zr9ow_Z5DjWD8zeb8jcpChnPzbPveEIpO7pZAa5XMLZEnvwsiyXBuzyjUIW6SEaK0GP4BdCPFmFvhi6TxIO_xR2ywawNViyDtSHENQSBEOh0fGM6tYz8m9aES1QG9KAFGVK41G_mAsx01uXvzGaNZ9yI178J8FqTPV3BNvocwbHQY8Q58YCRlIULLTBUV6auTkqzSxnGqkC9g5CVzCNEEFBHXjdNQpiUlhG3jnSjwFRn_3e5HFyAcMzX00l5uT-2-vlH7T2Gv5diCW5Xayz4-3ixJYaq2dmPCMZJQoRc7R6cwRXQrFtam1xl3UO0Th3-pepUAp0OmTkiNld5rS_O_9Gw1ryQ7D2xMkelIo2ZYrOOcCKfkQFDQfmMjBmBk5lJhywGHMj4rQR1iKaKrGzqrnRVWcdfw_NQxY0WdiyavE2Shq-Ym620ps9ug6eHr2deyoXPCaIor6Grn8Uk83PMoOWI1zS9IuAiDzoT6yWQlTMz0YEON2BN-y6wmEzrCFTZ04sBHvwYvw7_6C_Q2iXMixJhiGideaArdo65vootGJwftlJtpkwlNCqPiZj9wQKAs7ReCP6-6wKnYd_5A6VzVdZ9--8XFFy6foGLPROpJsGMPMPtHbgy70HPDm1QjS-h1tBqWfvFXjp1AHPqq-U04gRASA13JwAo-FYYEgB73PVwMfSbrwPDxt6jP6pNlS8uwiYMGii3PIfHSnvoowPdIEfKjRc_l143iofdCONITfDinL6ePF2Ni5v-xCAEtMKkCkJc7xYSJxpQUgU9rpN89_9eTzdwLWdNsNCQAL9yewzLs6ekmLvqm8tDP8cOhF0MVCU0nYCFJWVUv17k03hIUo_7zT4506SbQVBUFv486CPe1Uq0n5Z7-odvLPZfB90mFa8TErb7-vVptPgSEXIiLFaDqbHoAK80_FgqzEERo13c820OaA5ADvuDmN70x72tuzCZSiYQjYto2xwQnV9FbnZm-NdJEUJ1Km3CLAprU4i65riJeTM9ZhdlAnQ1&cid=CAASJORoivQ8EaIZPjAwJtZTLYrONVecVyuyEJy7Snu4XQb4KOh2XQ&rfl=1%2Chttps%253A%252F%252Fwww.posthaus.com.br%252F%240

Requested by

Host: llinks.io
URL: https://llinks.io/?fmFhB1k

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6169472cd2287e7038e0b8e9871901456669e553b34a8dcddd4e8f8d28ba4bad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34997
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame BEE5 42 B
494 B 73ms
43ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AD-ldSuElEWEYG56CcjEL5mapqNw-y3iGY7Fsvy6dXk3LEbPH7qstY5MlEQ6zCQZTn3sjyUf_0nsAsmjtFDndRVXIRS-edHDAXSI_QOuW3tZrZFK4

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame BEE5 47 KB
13 KB 188ms
87ms Script
application/javascript 34.241.76.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=925113&advId=818595827&campId=15484256308&pubId=1&placementId=396820527&adsafe_par&bundleId=&dealId=&bidurl=https://www.posthaus.com.br/
Requested by: Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.241.76.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-241-76-101.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: a643311c125a3bb156dce4fc5d33c91ead773db2a39087f7d82c74c5da5505d4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220719/r20110914/client/ Frame BEE5 3 KB
1 KB 48ms
18ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220719/r20110914/client/window_focus_fy2021.js

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:20:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 895
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 04 Aug 2022 01:20:23 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220719/r20110914/client/ Frame BEE5 17 KB
7 KB 39ms
9ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220719/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a163b80061e9d2d04c92e16d194fcb8d79fd0f175738736b0aebcd98600d0175

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 00:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3580
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7334
x-xss-protection: 0
server: cafe
etag: 1169380200214664902
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 04 Aug 2022 00:35:38 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame BEE5 0
0 16ms
15ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTYiC-I_oliMjQluPd6AjolmaL95-Lk8xvTjMPCFiKTeGH1zAFn3ePTKLZSU-LYH00Q7ki55IC_onogBKMJrbvQBAwo6g
Requested by: Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BEE5 137 KB
42 KB 69ms
39ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0de50a799ee39bde80bfb0943ba85616975f5c71e0e746b49c27c5b0d1731ef6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43203
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1658144321100200"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 21 Jul 2022 01:35:18 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7AF5 640 B
316 B 22ms
21ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYr4CcvQEwAQ&v=APEucNX0MPzvPD_puwkc7KqjjRfccrbI_tcCEj1yTXjgPG3XB3oXdyEgwqqDraEq3lX0jQPIb7JLLSyuH3TlAtayECdeBrzD7HutOu9wv2wSoY3Dn0Um1qDUPoZLlSwBdhUduKGWv8gJZNCYdqh6qIDpu1yzpWRNXiSJVKbVPIWa2H1_gt01_7g

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 295
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 21 Jul 2022 01:35:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 0F0F 84 KB
34 KB 103ms
101ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B0y4kY4JjDx9xOaJW3DYJDjfi86A_6yrQKv4Q_Red1decZFxb7ryjeqL7orqugqZjgrubmOH_TTQBA1lGUqF7dB2hHVX18Q00tqFJIdO9WNeeAmlYAYTsXj7auWgW8kKqoAv1EBwDVHJO95GEYKQBPV0sR-A&dbm_d=AKAmf-ALh2rwq2cv3qSwyhi5otWqtyIkADLdcAbUd-aqei7hhzDznpanQzaBg0ySP-TdG7WwAIWzzu1QbKnLeAGzGVWIugFRGJTnrGl0ECLKMzK5AGWJCIDLKL3tZq8RdNrdgjNCvv8SJ9p2brVF_st2thFA2URRiBZvKGJw9-zs5mJVFnBtNDWOTBcfrwpoPQwleAf04ifYhHUOZ9xjKcIaWtL1al1JedtctZE2WWesjaYnnkvq21bOK09YonIpgesS38r_wadcL_Q8Plajq3iaisxAJCr04fkGqsEd-f2bYG_vt2ovHjF2IXX_4nNzJM_RXlafqU1e2uYGcpdOqxetYROnO16gbfpqXgSuOakhXllmj1DEtPfeGk26HxdPhpECoROS2xMcnZduRY2LG5k5-7fP6xhG5aEZMq3W2rKvjwFi1ttH_opLnkTd7Ba_0lQh3iHCJeJIa6iuu8_a4yX2OgH2rqdbHEuhuWWT58vu6idayar7JbUyYNAt6haSNeQG3mleLdMlwgijxwNAfFMkHKOHcs_iLl8aVxsVF_GGoLVp-QLkZoqFKBGwHd_9nhiim0xyMv83f_DNzQZgRQ6AF7u6M-tUrAGQs7568wRG0Q195WibCzmzB7fHcYThEkZ_k7Et_vLee_5GgOT12mCAsyEwot1y0CRyNE_n-GeEvQvsrfVPL9EkENqDphK4FdQumJQioHPJU5iNfBf80OKCN17BZRm_KQ6Pr_bsHs84nO9tfA027ElyXFfFsiXOM65jxOprIskMytK5SIa8G4UKsgI_A4fX5ZDzVQLYjxXpyHYg2uShxrDH5nNIICFiGA8W-Jbf73iyIoihFg2IJrMoZZawiSfm2adtWn2DZKmi6ZRV91mmCweG_-g04GdHd55nprxhCmIOGFG1c4JGA9cDdw6nE-elLt2d4dLD096e8bAbvVdgTgeZOxCX-fe2AlZYyIh0RUSr8snK9lIlqpxwvUsmfx6MhBiE6Kyo4xi2Xv3M2QtoSR_UfKDXNHolke_361tatDDPD6Wtm1x5mt1k66ujl63XGC8Yyhk1flDRxCt7ZUcq_cpyKeGJHKU4StufyftT1v7wczqw7_6yDPKP78bR6Mq8lVB2gZw2coOYr_yG5FTS-YnYICwP2NakNSr8y725Z1SoRB1TDdCWkACZ6eHqa6hXlhMPLEjKA_dpaeAmNrluGfIm6_c8S5xqawiJPKYvR4P0DnCFqq2y2kgNcG2vDGNBpaaO3ud7MKROspZn-WiLkG2e7GYvUmqRimB2wTn-XB_ejL3W-kj3gkNwiuAyO4QDf-l6_rxhTZ7znv8Ieo2uGzVQW7tE63y8nEAzArwaYL9HC-G1JGk-D5GXz0h_-XDZyxSW13AQL5uWpYrVXDstdNWqXCzSia0fEZH8jfnE8U9sY3VUifR0x_ipVR_BNB7fiNd6kyMF0rQir94bMxLRMFQUEETYo-4gU8kGI0Wq0hY4bA6BPoHuePTRF2LMKca3lRmx6KeSLp8PidFflCdPTg8jhVm2WSeJ42bna2P4nbaDD1emorkrdUmUzWVxqmX1b7rFhNcUpWLRDCSOgABiJuxVL2ZJREj9q3NI1zeOXNHlRQ-W9Q-vbxuKg1LF8ae9ca7fJaynV15RnVQKTQnwC8648QyPdJE0lfb42226mblDs3xZ-Fu2Nz4d61ZRO95QDyFTc_Q8Am91809N6PT42OVBMp1AeHSoZKwr_6wqi3hYOJ1CssR8v_TRPmXFXkJlkQUrJdFR6b1C8Mng0v_59vN39WIDjM7f-Pauxe2iU_KQxTVfqfw4Vg_J8hLEfQpIZVmdLkdvj1fO7mxucNw3qS1pYOj2LMZtey8F-SNbcIhCd4Um6Y3m1PsKjpnxYik7FAimCZTEggAKtT9_3oDQcHyxqhH8pdiAKvuMAWyIjbsCItT3eM56MlnW9JIIBbBDfkWNhBiMiOV0n--kBocVurODwwAiHRL-7tqLg952izYSHYbIUNAW3gr9mgV4DjhFww5s4sXJ7Jic10EiFjyTYUeXTGQkdv-Y3jkaXQfPxFiMWzchDum3EQoO_XUKrxxvGTnEhPx4fwYc9g2_rYo4efrJ0z-_Wv-FNNheeX9GrPq5HI0M3fkJu9o6cO7STwHgST1uuVL-337tj-Q_GnrW_Ka2pYaaCr4z-u7R018dsA8acuFPJtr30vLxbv7ZR2f48C39hanDOqS7_x1RC0Iga4qBdspGqLs7EXAKYPDA7t_ttb-ljLzhXZMkxwD-y6Gn5a9mm5TT3z4xrtTRy_hF9yXQuVZIiPcsEU9DpJ2Og6aXcyBlq9ffK73i9oB5qOh_KRR6YLvItPjC0cZthmYBlC-_jMumi0mcqqnkxE8xvyAEvD4YXVq1p5eqzl7GY3LkO8Bb-jAHl3m2hTR2nNCFK_4uRdhQsE9lb8VdDzIOidp8a1RjwooHzLLEUIVVX1yVQWZX3LTMIe39s8em56CluOCecpLAaohNqqXWyr6-RKzsXXTob-pY_kyLfY9AQVv5NOpLqIvN-V0sYYwwn2M_OKT2TpDQGjapCsNCKndq2v_rJiJDZOzl9dWipLbvyqF-Ff-euUN7sXhA0Jnp1XQHfHUAnlYu1R6aV_OemJOEqy7BEn_Y9pAgvFKJkpAnQGm5ZPxrsR92FnE9iqzxg_rK0zDsJCn9vNzpdcWxXkNoCLaXYVcWdHX_x0Ttva7yQcuvH4rGnTjdIArF5N38wosGVPt-CfSOQs5WFtq_S92exmGpw0ADkFa65VngER4gji0Nwkqikd88eB57IK5SXbWpmXbz2jpys8-V0xMr7gmBVFWc8n5wpAGZw_ng93s01Y3MTym3VrDvIXElBomrrFurLqJ-q_XTcuiehZxdK_lONXyVVsSaPYUxbao80i6ItZekaCf23u0rHR0oMg_PUxRYOd0EbqLwX9hxDOmlqwF8_Drpj_ETgnJBM2SVuijZZ8LqyYcNboUa83gNLQMkc5OqMm1mCQ46CosI9Xt0-wcZwyLO2aEYpAE0dBW38069BaDKE3vx_77S5b_CQcQ3HifeYRqIf0ZaDRoc9HrXzd3dz_3AD4ElenvHJtynfzBiLF1pkrt2fKp4f-MbCGq8iRw1cMwXFVn2kN-ZJco-9oCzgsFHCmSUxyT4BeYoe8seazoKO8qGNjDfCKOqXaLYckqKEovhhjCt1vXMsshm7l_Q31_6jm8w_NAiFKE7pExPm7OHTE6bA_yyGlam_5kEraga_kNMB1HQZQNNGwRy8m2Xc_eLEB4ofxLK2ALaW2MVP786GSWeURdoIo-TjwJdim_ieDrUrEnvOL3hIZVIkOsYlcD9-quHiIsJmmLHM2f3GZLh39BGz0cj-ANKBOTFJibwFcxi84mG0wXtrVZ9K50NshHz2GTvnNWmkMxe-PtBHDvmXNfOi60p-dvSoQAiUBT8h8ruJVKBNUMQfhMi67MrIT2S0vBV7ZKGInwfN_qe0tmeW4wrbruYb9XvIAWaKC0g5vruBakTW8bBgrEZe_BZ572t&cid=CAASJORoCboZLkrIuA1LDS_ZA69BMr6sGpFsIBcN4CbYCFH5QEE5lA&rfl=1%2Chttps%253A%252F%252Fwww.posthaus.com.br%252F%240

Requested by

Host: llinks.io
URL: https://llinks.io/?fmFhB1k

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7bfe3b1c27499be93aa183c2c0e44e2b5e6f91f274475ab92d1a6aac2958a6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34877
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0F0F 42 B
107 B 71ms
44ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DZ3Jce6KDbaiF7IzyikIsg-OTiwqpVGAQTtr9PB3rv9XFVuA9OBWmGh9wmt9oWZyN957GaePWYqP1zVafX4LgsvCH8-sLAfFmciR4mg2VPVQsF3Xc

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame 0F0F 47 KB
13 KB 129ms
31ms Script
application/javascript 34.241.76.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=925113&advId=818595827&campId=15484256308&pubId=1&placementId=396820527&adsafe_par&bundleId=&dealId=&bidurl=https://www.posthaus.com.br/
Requested by: Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.241.76.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-241-76-101.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: d51b7af5c72cb21a99be2d04c8dd2e44d4ca70b8e08cf84e4979464cf651b8c7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220719/r20110914/client/ Frame 0F0F 3 KB
1 KB 44ms
18ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220719/r20110914/client/window_focus_fy2021.js

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:20:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 895
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 04 Aug 2022 01:20:23 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220719/r20110914/client/ Frame 0F0F 17 KB
7 KB 36ms
10ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220719/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a163b80061e9d2d04c92e16d194fcb8d79fd0f175738736b0aebcd98600d0175

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 00:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3580
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7334
x-xss-protection: 0
server: cafe
etag: 1169380200214664902
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 04 Aug 2022 00:35:38 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 0F0F 0
0 17ms
15ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS905hmLcDaE5ZVVIzTMHAbhqLapj1k8StxLkSaj1rb-xPg3xAmGz-0Aph_HDj6I5iJWwsYsBb6HfE_GONmTHPAvY0Aqg
Requested by: Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0F0F 137 KB
42 KB 74ms
48ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0de50a799ee39bde80bfb0943ba85616975f5c71e0e746b49c27c5b0d1731ef6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43203
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1658144321100200"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 21 Jul 2022 01:35:18 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 06D8 640 B
316 B 19ms
18ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYr4CcvQEwAQ&v=APEucNWNF9XBkZWNKkcYWpoZGGU1fzk5pYWlJs_8o-RkOaQ5wz53GnX2SjUaT0tLX3yHup0qMdMocAz2ynZrOlvNx67QPdgsEisimK_Knb-wPYcK81HB2tcBXV0MD5YjRRzouB1WS_oteOSoIc5hN_YN8WA5I_KE13sgK4JJcyktliqttUP7L00

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 295
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 21 Jul 2022 01:35:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame FD66 84 KB
34 KB 95ms
93ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CQ64H5Ot3AxPJxcWuYE9pVSFQQSYYtZ4wQQHg5kHQGNvOHjicy_cQ3Dp2IV6XEfMT89z3WrHpFlQ__tYCVPtkGBdrvptrvfbLK4p6iEbn0mEeNjM10OlT1fCSlaIVnhql_iUh2TQb0bc-foqT3HHXmd79W_A&dbm_d=AKAmf-Bru5OswHySH6M4_JchLSlzcxMmA7fuKx6qKfsaKQTB0nsAQOPlB8B2TAMWm1oF8hJioMI9RqcJrUhedBcFORQpg6COhOl2NpuMdW3HV6IDZGthEUJOT1iKg-8kQeTtuGYKg2IwnzVDJpzo4plNxjnApxzFiRRSydLElU-j8AzYgUHOmWu_NJziZs0XrRTB4h8edYvCUDfUVwWnIf4r2E-zKIfz07SkDB5Gt-5eqWZtz58tWZcAsFwMKsYJJHoBN55zMlbR0l3e33L5vCs2FJX4_oqYgb-v8_bbn3XguzPZRcbN0Pkyvivo7NPGEc7iG9dKB5gmkoZu9Uq5g-Km_etzTrPQiiteg54e6nYRvSoiWyU2cDctTp5i2A4dYA2XnDGguJPhNO1ZIWTJFAUXDZwvMjM8hXZ6p6XAl4Rt1ZO2T22TG-sBhY_yq2tDVTGENyorrheH_6hxhCFqW5VGz3g32mcaR153SykKWVyvX3n9UGKxX3ho05JDowkgyTLU46eLIuGybJ8uZR0i22sBBenf0xQtPQV9I34tQDf-T7Gq8N3BsKUMLwd_L58Hqr1g6X7bNft2kfQ08--tv50w90zhSScq_hZVz9ef15xQtfB4zqhPDe4JLGrVlxbG06pqBpuuSuLh9nJdlinyKTEFCzMJM_Kz9arQA34eWYvN6jnn3b7Dupt4Tn4OFLLUcxppV9fOCCTO4_ymWblVnWvuJ4OBMtm31rBPrRCn6WiSgHkAb0bDy96FEagsb-5y48cX_B2himETxptjgXHZ72ckmY-rIOQ_vma-UbWuf5x7n4Bl-mQRc5YHHpbgerHb0QbAXI63aR0LlC1JQwBCFLVTnVwFYz33IYDKNj9jVaj8JAdPniR9TuVsHB9myew4n5TxtSKa1HTMInfcc98L_gPCYdRoGcYgrXTuPNVrvndw41BcjoN5hGk2hGO2AaiqXMZ9kWFDw8bH4BpbiOtQmc0aJk7l3skDacZQmm5tyE9sKwmnGpmhd76i-hlxm3CMKUrAFhcBchOGC0h_xewLC2hajE6EjPY2gzS0n5FDgrCKMR3p5LbRAjrjUEKWpJYpDxB5qVwc9juNBQ2cQEspWZJ7EJcjbN1_CLTuSBYvUHg0XhaME20uqGHbEtcFAa9lmsFgGwtjQ0tabiEV_oD4di5dI98gz2X3LyPLjvXY8aaqVGgyPt8guAgID7JQHqYujw5Pz6eIR-Vq9kjmUlwP9WOboc4i_jaW3p1oAAWnRCTn7XbSlqouK3FBCJh1s8WBLde5jiBUyNhGx9_c3xFvDvxX8PsccUxbjg7cUbhfTobG64-jSX7G7wD5nev-xFL7ouU5QnLVrvp0DJEZ69sRv0pb1EZwMKcxUcnz4YTR6RWKSAGlhAMh_xoy9kFdpCUQnkP-M8l6L1tdHrGql_VmkwLSj5BPITh_1yM741dlLvreQOca9oCsURM1IxeAmqQSSeB2sAdVDzKQlk191FwiMbQM95QAG4tlVQq-ZrMs6doxAFVfiIeBv8YoTKN_9nJM_un1cpQ_6GZU74x86szfueoO5a4Kt5STRRyWTORg2ciYwaXaRqVrAp7TYYwdCV8hTv1cpfMBlQtbt5mQezIm12arITdLevRwGoqv4Gjx1YoSxUJgUuJzmLqPvi0vzCa1Ni-D0RcWbAfCIwpaR-pykluXB-rm9aqZkw5Jutu0cPnE3bwlaJeTMm-bEc3xdfvofKl_WW7uNweLZ1duVvvF_UmI-CcGO-fPcMwlu4OiptVrdKslxHcj_xfHi27le8IfSA2lnuZFz1YC14hdYzbh3WNOVFaFTRMg4NOoCyg7SmAMuGOTqAv_HhsRSt41mBq026PCg_vxwQEOWgDqKF_T1JvKF-OKcETDOhXJqYFXqLbcvNJtpGr9QmqWS7VH4Ha-_1YlpUE8LpA1cst9fVZ7wLGb8fak6B3B0FaT3UZmlKxezUBSjFQpdBpiiB6JVQwmPIwaLnwF4K05Uk-NfZYwxCFmWSEGenvKm8epqIPDe8EeFCZoFm7E6uHqEoraU82mxLGKuhmKaUjK5qQrTelaGXmhyxzGcFHOr1bXgHcsvWuz8d1tsE_nqAzIB8QueaQi42eGOmtKh4g4qCGj7dztYU4OUHuTVphvkSaO2Z6bH0jr15MCIO1haB-IQHDIo2QiGcJRdmIcPdd7eaj4w1TIHtdm6iD-2bo1oRgIVFWhkS-_pXAN5SiP9HK_U2fmNJxfrimCcXnETKn9pMisw9qwODlLf-3kPoo8Z2OwVS_T4UK8M2WX2knSrKxzmbmEYbzzuN6vlydErtvzpjZCjB9Hrx6BkX_hgWNfB_8SDbXcRa07vaOwg3Xuh29DlBaLgufIio7TYufGjtqEdaMFCxjncNont44t1jXa8VdufdFheX7Da19M6_0XQ0_zm7s2upWrXkVFg-m3tRBvxo9P_504js_UWnnQZZZl961_P6pyC89xDKT1JeNvlVNGluZ1cmkuEf5A9Eqq10NsJocEkPdGcD01HSvY1t3G5bw-3smWYxpKPYRrGcYL48PJypcuOpPTzkoIHjUavkcf9g5iPOr5ieKv4UauZWQklaM8eyG2qR4zpF6LhQDS3wYWtE0qbhfYQx54lAXhQ4MRJEgruvHJpfXelv8rakS7e_3LHm2twGJ_R2lHXOxuWHF71iQC2wt775DqRkQgiQaIeqIIqEj-umSRGutiZrafPmqs_LrwsgZnbqSzdciK5T2mp1p_03rFoJZ-jSIalrLX_27bbJYhXW0nUIzkz32q3aeXPqIQ-rwmMqJaMXB7HFwZX2wD_bAt1icjRK6L0qDT8sAkiYeavLsOPOzAKMGpAZnbv1vEZfDTQnizM8OlroiufO4rjr3yQBZckIvywzgP99Q9DJq1ELHNyMUT0nze9zgjOyatuSFAoMlzTDJt74EeEmEezFLwgCIOJX9anJJiHM1zeT4URt1B6qHvnO8_YrJmxpMwbvtyngWKqIKtJVVJVcLK-iRZBHzOo874d5SenHv_WlEu0GihAuW5QmwjPMopWkVtYgGw0HlpU8mek7eHXZ8np9XIIUAfFWGyEDeExkfI1MMs2z_WdV11WuQsXWoGi7qDOUXCVEK5mDHOzCM0x7KxEh25GQPGMPgdI6eG89Eodj6pmWSC3elAcN6FVWuN7Zp8DYJhhECg3WPPds450WKnyyFNsgsIv2lHb6vqGm7RXBI9-47ZnwMwu4WGr4yuifkwfPGAKvyAxCm27gWkcfL7PH42APLIsWvK9KPDx0uPrHJa8e6YB5UO5fKc6kpoOpA2C4NIdf7LzDCVt-3bJj4soLZa924BEWEEvMNfeYlR9l2Bi-z7b4aJDdhd2pAURxaUSj8j6lCgPnLi9a6H4jvCA0cdg6_O2guahTi3YJQbbkDO73r1c7mM_uJL-0mGoZAN7CzvvWtMiQSWND25hhnHAAvX6tvQN1hQhUossxltBi5LItG4Uu7XOfrZ5dbi-X667coCisnHvvBNhr4pfZxnkVpSLXajJy4fZDC6&cid=CAASJORoqnLKAXb3z9rtIND3qQGv9sEz7BvoVPbNZUQ5P_onQW_LYg&rfl=1%2Chttps%253A%252F%252Fwww.posthaus.com.br%252F%240

Requested by

Host: llinks.io
URL: https://llinks.io/?fmFhB1k

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

adaa8262e37bfab36b83c57eb4b10da51371faf1f3ea5cf015cef3a68cabdba4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34957
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame FD66 42 B
107 B 67ms
44ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DAcsqprIOLtytLWRQ5CPIriu32-y-tLoL5VgowVLhizJCfJaPljKfjnQmC_BkeALZQrVWP59afmMQzcykUHqzRR9oBUJb1eCDZubiLKezctTUThWA

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame FD66 47 KB
13 KB 153ms
59ms Script
application/javascript 34.241.76.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=925113&advId=818595827&campId=15484256308&pubId=1&placementId=396820527&adsafe_par&bundleId=&dealId=&bidurl=https://www.posthaus.com.br/
Requested by: Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.241.76.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-241-76-101.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: b76f1c5357281681c49b0035c8cc6bfb144c7cb7f008749ea1807ee66897ef65

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220719/r20110914/client/ Frame FD66 3 KB
1 KB 41ms
18ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220719/r20110914/client/window_focus_fy2021.js

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:20:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 895
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 04 Aug 2022 01:20:23 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220719/r20110914/client/ Frame FD66 17 KB
7 KB 39ms
16ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220719/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a163b80061e9d2d04c92e16d194fcb8d79fd0f175738736b0aebcd98600d0175

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 00:35:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3580
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7334
x-xss-protection: 0
server: cafe
etag: 1169380200214664902
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 04 Aug 2022 00:35:38 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame FD66 0
0 20ms
19ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTSLrcuz9Jza7FEcYTVe6GkgIXzOSVGqY8SwS3pn7cHkNahviBZWV95L3N3sOBnthDQeB_2aH0sIBIuqJnBC6-YZ84y-g
Requested by: Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FD66 137 KB
42 KB 71ms
49ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0de50a799ee39bde80bfb0943ba85616975f5c71e0e746b49c27c5b0d1731ef6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43203
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1658144321100200"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 21 Jul 2022 01:35:18 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 27BC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECc84GP0nEexQZAz2GgK-b0&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECc84GP0nEexQZAz2GgK-b0&google_cver=1&C=1

43 B
948 B

32ms
21ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECc84GP0nEexQZAz2GgK-b0&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYwomcvQEwAQ&v=APEucNUegN5OIzj5KDvIrSu9x-X4GYNkdU3q2WKL3X1NwQEOHz84uvfhPW0YD3f6vjJCk63Huwuer_FPAz7BMKFCZ32xMtz_O8POEPYoEpNbKvPXAGxWDEeXy5zgCSZx34VC5ZlkFivCvjzka3TIBaat_mdCusj8gq69K7WiS7bGFf4SlqO0Tg4
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

cf-ray: 72e032fc286e9960-FRA
pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BeOhJrum4V4cXsQmYewrWouaeF%2BuKPmAGOoD7GanJ6r2RDJjvg%2B4Sr%2FMUlpKz4gohjf3x7NG3O7sbUFxZEXR%2BqUMqyHsAkpWI8W2%2BXTrq6JLTtaZHym%2F3CFxhZPseB3iK8t2Ntkmx8fk1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qPNncZF%2FSS41p5BLQOfgk55qceu%2B2P16cVVNhIjO8XG1HgRERTt5K8AX6gTuWNf3911fSjDDc1yArSOEMYdFbQNSZL8cV7WzcPyEusZMNiu0ZPYWBTcrJjUdjFrrRddXSozN7RZN8WBXyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESECc84GP0nEexQZAz2GgK-b0&google_cver=1&C=1
cache-control: no-cache
cf-ray: 72e032fbe9029b46-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 27BC
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YtitVsJAtjYYMMJiSetzKgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECc84GP0nEexQZAz2GgK-b0&google_cver=1

43 B
913 B

24ms
24ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECc84GP0nEexQZAz2GgK-b0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYwomcvQEwAQ&v=APEucNUegN5OIzj5KDvIrSu9x-X4GYNkdU3q2WKL3X1NwQEOHz84uvfhPW0YD3f6vjJCk63Huwuer_FPAz7BMKFCZ32xMtz_O8POEPYoEpNbKvPXAGxWDEeXy5zgCSZx34VC5ZlkFivCvjzka3TIBaat_mdCusj8gq69K7WiS7bGFf4SlqO0Tg4
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

cf-ray: 72e032fc78b59960-FRA
pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rhI4MD6EvEC1wbyZgGK%2BmvtlLg9zCZ3T%2B70Ot9vpsQpwdGgSDV8c%2FBaM5MIuZWUbfJkhgRYr7Rxd5mxzc8c1aW%2FPBX8ILdb%2BStvPPvB8%2Bx07u3Luj8wGrOUESDtDaLvb5IpUjJhzluCxow%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECc84GP0nEexQZAz2GgK-b0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 27BC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESELqzhOBNAWeHf6_f1IRum2o&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESELqzhOBNAWeHf6_f1IRum2o%26google_cver%3D1

43 B
1 KB

14ms
14ms

Image
image/gif

185.89.210.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESELqzhOBNAWeHf6_f1IRum2o%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYwomcvQEwAQ&v=APEucNUegN5OIzj5KDvIrSu9x-X4GYNkdU3q2WKL3X1NwQEOHz84uvfhPW0YD3f6vjJCk63Huwuer_FPAz7BMKFCZ32xMtz_O8POEPYoEpNbKvPXAGxWDEeXy5zgCSZx34VC5ZlkFivCvjzka3TIBaat_mdCusj8gq69K7WiS7bGFf4SlqO0Tg4

Protocol

HTTP/1.1

Server

185.89.210.244 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 21 Jul 2022 01:35:18 GMT
X-Proxy-Origin: 138.199.38.132; 138.199.38.132; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: a7467f55-3bfb-40f5-9467-bbf4908be1d2
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 21 Jul 2022 01:35:18 GMT
X-Proxy-Origin: 138.199.38.132; 138.199.38.132; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 95819391-4859-467b-b4bf-503cf6f4f496
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESELqzhOBNAWeHf6_f1IRum2o%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 27BC
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQ0NzQzNTk3OTI1NDIwMjkzMw%3D%3D

170 B
188 B

20ms
17ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQ0NzQzNTk3OTI1NDIwMjkzMw%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 21 Jul 2022 01:35:18 GMT
X-Proxy-Origin: 138.199.38.132; 138.199.38.132; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: ec1e16d5-1f20-4e12-9522-ee9ad30f006d
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQ0NzQzNTk3OTI1NDIwMjkzMw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame A1A9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECc84GP0nEexQZAz2GgK-b0&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECc84GP0nEexQZAz2GgK-b0&google_cver=1&C=1

43 B
907 B

24ms
24ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECc84GP0nEexQZAz2GgK-b0&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYr4CcvQEwAQ&v=APEucNVbPZERsUFl9Gd0fqKYCUxCabq2J1B-kZ-OcgDOaHoov7QapnI_QX136sC7KK9u-k7U4HrTQKhuWMd5tu1PSJUKaudhlHZot2q2PXk36mwODqaSHVRnD_3jmCAYUxwsOFDAY42OCUIx6i5mOPoytlO7Qej2bsPN6TurMTqqwe6i7jMLVI8
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

cf-ray: 72e032fc387c9960-FRA
pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SbRIq6eshrn0a3OOayO6kEHka0PMFbvu82wlMhLxl52IUxr7eepQbEEWsYi15N8SDZJu3WR0ZDf%2Ff7SmkjaCOowYrqvPvp%2Bcd1xh1ATzH5ZsOLcw1vjK%2BJnJ93BJF7tnB24uGRkxrzG8pw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jyEU2d9sM28iBDlU9IhzxUb3KK5iPaZE3rhnnhBn2zO8zQ3Y6iwUSG9MZq4zgxNa7huxq1X90QLEpsgnN2RsBZS47gHAsBTzP5T4xVuq71w10ZQZiyJfcDk3Qlvo8inDo3Dvt9hUCyiIsw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESECc84GP0nEexQZAz2GgK-b0&google_cver=1&C=1
cache-control: no-cache
cf-ray: 72e032fbe9009b46-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame A1A9
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YtitVpjYWc4B9dX3ue8zJwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECc84GP0nEexQZAz2GgK-b0&google_cver=1

43 B
907 B

27ms
27ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECc84GP0nEexQZAz2GgK-b0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYr4CcvQEwAQ&v=APEucNVbPZERsUFl9Gd0fqKYCUxCabq2J1B-kZ-OcgDOaHoov7QapnI_QX136sC7KK9u-k7U4HrTQKhuWMd5tu1PSJUKaudhlHZot2q2PXk36mwODqaSHVRnD_3jmCAYUxwsOFDAY42OCUIx6i5mOPoytlO7Qej2bsPN6TurMTqqwe6i7jMLVI8
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

cf-ray: 72e032fc78b79960-FRA
pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y6vR%2Bqf%2FToChoRFp4lVKz3iA32QdYmT6zJUU3zxkBMlLCX2Ceo5K1ngo0kw6zdCYeG%2BhXTiJ8eK1uFNbOgCT2rHY4utI8HHFafhUVfssaj1jZORjVBNJ1OUWB17bZ206ObpyIGpR0RghMw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECc84GP0nEexQZAz2GgK-b0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame A1A9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESELqzhOBNAWeHf6_f1IRum2o&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESELqzhOBNAWeHf6_f1IRum2o%26google_cver%3D1

43 B
1 KB

14ms
14ms

Image
image/gif

185.89.210.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESELqzhOBNAWeHf6_f1IRum2o%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYr4CcvQEwAQ&v=APEucNVbPZERsUFl9Gd0fqKYCUxCabq2J1B-kZ-OcgDOaHoov7QapnI_QX136sC7KK9u-k7U4HrTQKhuWMd5tu1PSJUKaudhlHZot2q2PXk36mwODqaSHVRnD_3jmCAYUxwsOFDAY42OCUIx6i5mOPoytlO7Qej2bsPN6TurMTqqwe6i7jMLVI8

Protocol

HTTP/1.1

Server

185.89.210.244 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 21 Jul 2022 01:35:18 GMT
X-Proxy-Origin: 138.199.38.132; 138.199.38.132; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: baa779a2-6c53-458f-af8c-93f89bac6a53
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 21 Jul 2022 01:35:18 GMT
X-Proxy-Origin: 138.199.38.132; 138.199.38.132; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 3deda44b-3c50-4f6b-a62c-bb38df82f962
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESELqzhOBNAWeHf6_f1IRum2o%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A1A9
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQ0NzQzNTk3OTI1NDIwMjkzMw%3D%3D

170 B
188 B

21ms
16ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQ0NzQzNTk3OTI1NDIwMjkzMw%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 21 Jul 2022 01:35:18 GMT
X-Proxy-Origin: 138.199.38.132; 138.199.38.132; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: d96d3b5c-30c1-4b64-a35f-ea41559ff1f7
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQ0NzQzNTk3OTI1NDIwMjkzMw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 7AF5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFG29T2go1txdApQEZPBF3M&google_cver=1

43 B
106 B

34ms
27ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFG29T2go1txdApQEZPBF3M&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYr4CcvQEwAQ&v=APEucNX0MPzvPD_puwkc7KqjjRfccrbI_tcCEj1yTXjgPG3XB3oXdyEgwqqDraEq3lX0jQPIb7JLLSyuH3TlAtayECdeBrzD7HutOu9wv2wSoY3Dn0Um1qDUPoZLlSwBdhUduKGWv8gJZNCYdqh6qIDpu1yzpWRNXiSJVKbVPIWa2H1_gt01_7g
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/485d39a /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
via: 1.1 google
server: OXGW/485d39a
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFG29T2go1txdApQEZPBF3M&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 7AF5 43 B
306 B 54ms
26ms Image
image/gif 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYr4CcvQEwAQ&v=APEucNX0MPzvPD_puwkc7KqjjRfccrbI_tcCEj1yTXjgPG3XB3oXdyEgwqqDraEq3lX0jQPIb7JLLSyuH3TlAtayECdeBrzD7HutOu9wv2wSoY3Dn0Um1qDUPoZLlSwBdhUduKGWv8gJZNCYdqh6qIDpu1yzpWRNXiSJVKbVPIWa2H1_gt01_7g
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/485d39a /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
content-encoding: gzip
server: OXGW/485d39a
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 7AF5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEGzJe47UfGSAbC1Ht1mVvio&google_cver=1

23 B
172 B

153ms
36ms

Image
image/gif

104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEGzJe47UfGSAbC1Ht1mVvio&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYr4CcvQEwAQ&v=APEucNX0MPzvPD_puwkc7KqjjRfccrbI_tcCEj1yTXjgPG3XB3oXdyEgwqqDraEq3lX0jQPIb7JLLSyuH3TlAtayECdeBrzD7HutOu9wv2wSoY3Dn0Um1qDUPoZLlSwBdhUduKGWv8gJZNCYdqh6qIDpu1yzpWRNXiSJVKbVPIWa2H1_gt01_7g
Protocol: H2
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
cache-control: max-age=0, no-cache, no-store
expires: Thu, 21 Jul 2022 01:35:18 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEGzJe47UfGSAbC1Ht1mVvio&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 7AF5 23 B
172 B 171ms
33ms Image
image/gif 104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYr4CcvQEwAQ&v=APEucNX0MPzvPD_puwkc7KqjjRfccrbI_tcCEj1yTXjgPG3XB3oXdyEgwqqDraEq3lX0jQPIb7JLLSyuH3TlAtayECdeBrzD7HutOu9wv2wSoY3Dn0Um1qDUPoZLlSwBdhUduKGWv8gJZNCYdqh6qIDpu1yzpWRNXiSJVKbVPIWa2H1_gt01_7g
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
cache-control: max-age=0, no-cache, no-store
expires: Thu, 21 Jul 2022 01:35:18 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 06D8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFG29T2go1txdApQEZPBF3M&google_cver=1

43 B
114 B

33ms
27ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFG29T2go1txdApQEZPBF3M&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYr4CcvQEwAQ&v=APEucNWNF9XBkZWNKkcYWpoZGGU1fzk5pYWlJs_8o-RkOaQ5wz53GnX2SjUaT0tLX3yHup0qMdMocAz2ynZrOlvNx67QPdgsEisimK_Knb-wPYcK81HB2tcBXV0MD5YjRRzouB1WS_oteOSoIc5hN_YN8WA5I_KE13sgK4JJcyktliqttUP7L00
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/485d39a /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
via: 1.1 google
server: OXGW/485d39a
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEFG29T2go1txdApQEZPBF3M&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 06D8 43 B
120 B 55ms
28ms Image
image/gif 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYr4CcvQEwAQ&v=APEucNWNF9XBkZWNKkcYWpoZGGU1fzk5pYWlJs_8o-RkOaQ5wz53GnX2SjUaT0tLX3yHup0qMdMocAz2ynZrOlvNx67QPdgsEisimK_Knb-wPYcK81HB2tcBXV0MD5YjRRzouB1WS_oteOSoIc5hN_YN8WA5I_KE13sgK4JJcyktliqttUP7L00
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/485d39a /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
content-encoding: gzip
server: OXGW/485d39a
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 06D8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEGzJe47UfGSAbC1Ht1mVvio&google_cver=1

23 B
172 B

220ms
104ms

Image
image/gif

104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEGzJe47UfGSAbC1Ht1mVvio&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYr4CcvQEwAQ&v=APEucNWNF9XBkZWNKkcYWpoZGGU1fzk5pYWlJs_8o-RkOaQ5wz53GnX2SjUaT0tLX3yHup0qMdMocAz2ynZrOlvNx67QPdgsEisimK_Knb-wPYcK81HB2tcBXV0MD5YjRRzouB1WS_oteOSoIc5hN_YN8WA5I_KE13sgK4JJcyktliqttUP7L00
Protocol: H2
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
cache-control: max-age=0, no-cache, no-store
expires: Thu, 21 Jul 2022 01:35:18 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEGzJe47UfGSAbC1Ht1mVvio&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 06D8 23 B
172 B 172ms
34ms Image
image/gif 104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6Q0AIQ84-rhgMYr4CcvQEwAQ&v=APEucNWNF9XBkZWNKkcYWpoZGGU1fzk5pYWlJs_8o-RkOaQ5wz53GnX2SjUaT0tLX3yHup0qMdMocAz2ynZrOlvNx67QPdgsEisimK_Knb-wPYcK81HB2tcBXV0MD5YjRRzouB1WS_oteOSoIc5hN_YN8WA5I_KE13sgK4JJcyktliqttUP7L00
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
cache-control: max-age=0, no-cache, no-store
expires: Thu, 21 Jul 2022 01:35:18 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 2F65 170 KB
59 KB 77ms
8ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: llinks.io
URL: https://llinks.io/?fmFhB1k

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
Origin: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 17:51:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27849
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 17:51:09 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220719/r20110914/elements/html/ Frame 2F65 8 KB
3 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220719/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D_1qttK8hqGWTSWaCe5cj0V4XKmhLzSXDk5Ku-qTQAMQqvHqQMSeqiA-3IbKKLGLb2BfNlPP7Rvf9PTroe_ueUwOwIe2TOjwHbG7zUt5ySeeMnU4Ce4SZcISjfwb8ASyDEbkpPCJZUstxUaa1DnBoBqoLB_Q&dbm_d=AKAmf-A2X98FXT24KikEXxCgQMVpPuUi8YnUmDGqs_2rbunNDLSs103KFnyFmFaDqQ592v8d5jI9v3Q3P4vukhG56sKAsWVEsV5swfWA7WRVfDEodyliXY50FeDsF2g9LphMJqLoO8XjMjc6V3MGH0gl7uxnX0zKBIsnzr96M8NIjSgqv8_TQhu99LsepTAe31NKBESkIJqd3BLrcC_G3Irdev5g8E_x_owTXRaBsGVXywRoKCsLFtc1EETH54BlGt-7ZXhakE2ivqT5XesxPMn8JFV4dHEvG5kcLnyf_URwwr_XvwZKC1P1doaBX9Qe4KvhBxEsAJ2GcS1u3ka7cBMSXm1kmKLVfONTOG2_iDegHUrPAykTdjncELym2XFWxKdiPxu0WyY5xYuWSHlpnbJTHT2pOJzKxc-7xf5kDmx_74gXKNq39OpzbtvzFMITOngtq67ZQIHsFFeWKNcNVsao9GanvcNP3ysNDRrPCNPGKlR4KjqwHmu8Pf_qpsaRFzvMdWRyD9tCSflKcdNNEEuQNXwIEZIm4Bpfs9sJEK68rioLkvytwbMyTTFw9Qcx9oWpnc2hQCcamBlUDFUkWxk9U7z4DyE3RtrHeeBdQCSdAPKZ9qHi4mQF1gSfjWCzUngqotOc9MPx7jtUqQjj4_lBdN4X4jmTDQ8oLgFVeVD5H2hPiTOh_9VVImkxLniG38uWgowMIsxtMlFNrUw8ZFeMRsGtB8yoTUe474-dj9wWLktPVfwVlDRIO_btNQIM4YaU7pDWtfHneB62wL2ZwBwL8n5atjlbp31QJyYDvXiaYaBE2NmbOKp7G5kt660yCn-Gh7-BAIbticIle1i00kF7HIbmclYE1IQpv7DI7V5jzMR8OxOEqRk3CDVvF1fo00XqUNuSfgJoR9Pvmp7Rnj4_0KxdoZJJuKmR1Y4Cu3vyI4rRw_zAK1y_QpJGUR5uv5SKJcNFBmHhBCfpCoaKnU8Xp6J7ObrsZBo_nns0G0eZM9hWMZhXtG_3G7bE0-YGyKTuTTaadTzlVzpSUlznNwOv19d3GsmWCuqxh7XloNu1UFV5P0KuzGunaZllRS0zcvkIaeuz6gs7KQdcVtycHdKKaUt54AEU0id4o87R7d5NGn1olhMtRsniw789BpdVHQlOykFyIGDsFc4PXlno-mdyN9J5GchnbamtccsKyjRNiL7Jn8ajH44qAbxwiumSPj7oSEsroAaoeByANf4eNPiM6wuYLdzJ0i7VGqr3BqfdipvnC-k_RuYzaqLvSVeT_ToTVyws-v2rhx3jRtt67kNaEZulSpukFPTBJkbN3xZJzfq8AbMw2ACMyo-ztxir7qab_hqJciK7FverBAC4jH20gjmRW4umTI203Ykuva49XPyd-yuxXZ4afTLBlmwvW4zAXtOPv4QWyO6DaSRmrgtwJ70oTcduBFAAAwYA3hPtEhY_StJrjpmbCjrb6lV5pwKmvVn2oQXDw-Lje3HiWg2v9qVw2yJi39bMDBkvwJnt0DN8pRDuKZ2t_UH7lf8yPi06bAXvVYp-zHoMYSnzuD51fFTLUaiyMq-j5qFxOmPINA6PLPJtKir2cB46e6aKWHb4CRxQ0PTc5HiGFEis_bmLGkQHiSGCc0Ec2oRrM0eYNNTFQyIBEAzmfWhfDOkwIEboomySQLuf0EoM5h88ju4CdKvyS6PR0TnBkT7KcyaCO3b5nkzWGnpY381on58bVLTnwfxTnUelIJRe8RtXKt2RsgpLqlasxbzy2kYHisSGls_I9RiLYhy72zR7acYTYPcwAwodklQc_iUrvWaJNLP3b_Gt1wscUcHrR62dhypnjxF276Mlz17S6ZGK2W9Jxt55BhU34xzjOokQJOQI5lMeI6u8WW2QgTGfHD4HANsXiABuEIdTZvvMB48CTP_ANCCYRiXoBrzpdK7RUqoGV8XwO0PUQ--pAC4tFdPoO4dojSlCRcpqHwnG3TnqnTp8slaNCb2LR-wM7vRzNc7DJpQr2Zjq_tjSAqR0_Iiq0Sv9wK5DZbk6GgL_PfKTcNGxpbYs9OdHC5WfKFqG3hi8wnEgOAlxFW5sHUYM6S_oS_MUCXL9Egh5ERo0rooeXL1D_ew7wDXGT6J3DmU1RljSmtvCcM_VXnCCbZTwZVG8Ic5m8H-KZAW58cFUHOCwB9rG1XYqHE6vMVvkCKFNFWXrQkl1JsLoihm6Iuzn26MjUD2u2oDFVipfVFGZ5EbvtPHAmZW9Z_mlbbepxnqYPeNPpKYAQtN7mckCqtVJmDyxKOAa3HcExD78UGGgZWVhXiE9TCDfCDdik0a7dkXbcAHSJNLijx9JdC6R7iZRNFOJRbkjcbUc8kagRqQb_pm4gmrReq2nfrAxw04FX8_JsahAl08WnShsS7Ku8kmTRB8OXUyVnLT6J9cYQYEuHYvOknDzSPebMsLolGRlBuKd5h6or5pxuK9AaTg9lAb4fthp7zs46ecpzi4DF10j9vpDNNijCEUi7uPFih1eOepzcjsy9WCpAX8n3ozvce2_XBxjEMLOFYKDM8XAy2yqButlBEU_7xsrNu0rXrGe01DmgqjCbM0I1qmQb-ERJFX0mStguwZZYToRLwXBy-Z1OPsjrOtRD1-5zUag7B3Ty4p2mdP1UdqFDtzckNpeka_GWYeDovM8kgxSV1_DaQTkdxC9qatNqWikCAif7T7ix5V8Vh0s6cWIjaf0BfHUrYBgdBtxpdHsoSAwtLVBLnCQC9LglI5D38OzskBeDSJpy2FD-1AYAKb7MBLTFqCskayOwMZeZ8pG5pFku0yJDYA6SnRoG5kJN4hyzc4SM0UB70wWQ_9cNX-R5KFVSrQQtmf59QOjkgX7H9BlMBEmkaMxCQ1897TUL1jYW-AMwVKTK5d1zxaEPMe9hB0RX93WCD-5oC3wBu72xq7Bjf7hODzSp7SR03lBudWmoFFPBZamRWCoOTmtQKV17Q5f1JhbcP2g9ET7mMckuFLNEZSFLjHDFmeQnMNtw-hXJahQzifD1GQSiAVmDcdzqjPyaxhRsBes2E1Lctua_RV4PWTUmQm2hzfLdORe5qYA18XqnrDwVMZ2L1G1K3l7pD41DEBk9XeJJRgH-uPdIOnjzfvp_K3bGXhI1wz801Rpe7GQ029EJi6hIuQ3I8EUiadFEIoC2WYVYLBCmjh1QnOd9vQkqSYxs3ixrC0SBvdOyVoa7KwlKfVkgfyzmkopd0QVvkI_j3qxgGt4xbeTYxSHzaszb-ktcfTIrgyQCaONY2FdUC3u7RFRNn2jGDPIVtxBTehxdyiw9CFLRVNnWpYHb-c69qEqDT5xdNpNIpq-w4WBasxAFHqmsyx8zyzYwkoi6wBZytm3D9dMpZSnXwp01FsN4NpK7Zbrj9rxeyQQNanWLkpHRhKOk24jO78VJf2CqqmfE2Maxzt_PHBUMzNa-_dFGF6d2sOdhH6i7tr2YQLz-49xvXjjMmY8WcB4JanpeTwccoobYKNmSjiYzl_kFdnO6xs&cid=CAASJORol1P_ezsuAj6Kf7e5d2Jzm7f57xhfHrCZm3RAyKjoe7k3yA&rfl=1%2Chttps%253A%252F%252Fwww.posthaus.com.br%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 00:45:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3012
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 04 Aug 2022 00:45:06 GMT

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220719/r20110914/ Frame 2F65 27 KB
10 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220719/r20110914/abg_lite.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18091a39db3bc6d68a187de5d46d8f28e49beb8d9431e9c8e5e9db7cb071dc65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:30:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 277
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10561
x-xss-protection: 0
server: cafe
etag: 14610481443806215460
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 04 Aug 2022 01:30:41 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 2F65 41 KB
15 KB 27ms
7ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 19 Jul 2022 10:19:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 141346
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Jul 2023 10:19:32 GMT

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame BEE5 170 KB
59 KB 47ms
15ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: llinks.io
URL: https://llinks.io/?fmFhB1k

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
Origin: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 17:51:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27849
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 17:51:09 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220719/r20110914/elements/html/ Frame BEE5 8 KB
3 KB 29ms
14ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220719/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DQ_8irCoIVuiieSvGfhu5964vzRuZaWlFhhrxkG1v86JJM7HctaNTn-vyPjZDgDRl2L_JRU3eN2X-V1H5XZabK3n3iWapur1TQEQbZ_8nAVj1mmhDizxxKuWBn7R_uNLIiwhh1me3eiJtyuiUQ4LbzbHcEsg&dbm_d=AKAmf-Bmv2wQ3585Roq9Wxr2Vbn7rY6_voe9H7upzDWAbdDr66Iot7qvYAk4pYo5tRgQDR6s1iPli6VejI6wWZpfkrOBVN4oko1aBKaKISQDZBtn0mHty9KQaSWg7YeqLEFcOK2ihlVgom0_vTtQ38vaWmkuh7gjacSneDGQeSxRA6vSkxu-5-RX6qG6_aShwZ4DWwfYZrRHwjrWlS5kCkXcY-2UXVTdnrqRcixh9S87BCN25VReqciqp9CXkyegNN5Y04OowUCrI3CTTSM7BHo-TCq-Ff5XYhvJb75v4oheFM4GJirWloH2JG62G0MR7dWuOfcvu9cKZO8NxvGZ8CPEhRaP0ZdwuDDz1uJyOtQlScNO5IT1bJ4obkpuVzIBDD5ZZsS3V1n02zguzC_pFRmtJhB4FS3GrzKHeJgsGCCW2XVk5l0vMJWR9mj-yKa2xtSSIo5ERJ6EtMz2icpz1HoUSBcaT8SH_rtvX39EceyLm2gu4mVUaZ9Hw3bs0rPFFK88GdQibHEZnlF2tbFtyYfFfLu94r9rcX4z9MPbN2gIdM1OVO_WtT88f9CqQ0VZFob062wGH8i_90G0sxCqWHcnST0HFFnYJTzzrrrJ6g3Q6ebIn89dLCJlv4D4OLltXaFXke1VSDdGOH4c2kcWJi5yQdLyuJMtP4n03FrfYkubnFYYAHVOO1XCJEaTAirtGqLtkmurZmD3aM0ROGKiOApD0Zl7tlo77JvBUCuzYJ5sd3-hEaagfH9M_Gm3ReBJwGWpgSiZL-VTS4kAQW4RHktS-dTdO2G63fdJCdVrWRawXkW3vgAcE0ZLDg9t0IpJ3g0NGxSWZutpbYff3dflsbws90l7GtMdS1RrgPB7wjAek9gNE4dN_t2LPxa3Nzl4DJLPWFCN4qxDUXPOEJkM3NkKc498V4rans9yP1F7ETvwUtwZ_xSKzVMn9iNP7w9zTm790MPgZ6-7xQ5uk4cgBh-PTP-hZ_iqXjAO5nrT42O-UFaufVFEJjYx1z63HYh92gwDY3pjiDD26-LMz9QkuTxAJ_VVcpCBy4_ouF1cVNhjOH1yIRX-2y6gruiIgDLr6HFcI1_Tcr7xq5J5x92zRew4IwfuIk_d5qwW66V-SajjoiuChJ-VbqI8zN37GHuKPggGUwCLv5PbHDKc2O2_qHmKHMMrfLPJVBrYnsF71Ea-SWSXzS90xiN1uxkynUCdtauspwxpxGdiPOyCzPKwVuZ4lRLjCdX9aNVUXAafyCuNNSha4y5wTssjiVNWJ7yj4XWUsFFAhdg3rOI3zlRPVx3LVhQ2YjaG8RJiH2dx4iY4jwPObd44t0CBjw2jB5TXRx9zZr8G3PAKSr8W4qjJCuwfURR833UH_B1bevTEmvChmCR1DGgYGXVNLPlXQmj-zaO7npBX-DAqfrW6csxs5EjyLB6-NLmTsFry8u7i98X4ObSXPEvjzDCIPf4r42SeGN__Ro53qQKE-rZAItUuL2-IuWfee2ZENwhXyrGZcV3FaFVa0ocQvA5zN1tYV2BJMoIZhcyVgGt_Wl6r0AqlpNHN9SFFNbGRUqQ4MfEaNCNZTp5qaGCyr9mM4sz9ioOJzvHIPYTBKI4BwBqKe_dQDP3RcE9BdxVGRQRbZti1b0LvJTrsp_UImac_868rYEgBOafRf2E-QfPyePFZ-6GxO9-RFUcnjN9uo1vhquDjBaw4152vm-YHN6Gc598tsdDDVhZQlm_tw5ahcQY7b0easufXJgnOFHO_Wpsynms1O-Yj2bqVuJ0walwvFF44iHGsrtcYUxtrR0GtFIJ2UE9JBCXubWdQpQxxQKnPQdVWFAvbnL5qJ8frt1OqP0DVT-eZy1JzMWMCUZ-3HT6iL8vHJg8KBbZOvw16g9dQ5gco_huuQmKexPSyN1dt-bYAzVXqdOxuC9fTJugBeYizgGXLvd7iJxuT5J9Idvgc30XFL5n1qK0TGUFPYTW-nWj7_cm3U3Fl261kgmYqdHcZgqeQvgjA0p7HWjrNczT_XvWCCfGIXSb9bXQXS2f28KQFziRIQDtnEKDAf1_l-ZuJFnZ7dmj442aZDNvJjEk-9efMe4NCUYXtawEdcGiKjI8pZkLV_4JNMzIl194bKxWybkRyXB2mQcEup9aJsp3voNWWGecc5Y0kZm7CptyicOn2v3giO_Vu8MIyyTJi3GR07vrZMICB3wJMcR048GiHn8JCo0Jeg28RBt4DfFXy0ixQDOQhG_CDGDZbCQf-U0xHICowa7Bsol4l2WdxgPpG0KrRUJcw6vvo-IeXhJk8C2sCdhuSVVjO30qNmtEZJXLoNok_1do8pFCcnA-7Yw3V7Yi-2Lm1d4UdZkkaslFzmRUMkSoMnypq6oluhUWkKOf88KyEYbfYTvQkEgjX7olFtXwOei6uZYzOxt11tOZFLFXQLQNLeGT8HfArNEyO8VtWgckSal4KcYyLiCYICKIdqiq7qNBGlMhWr0pBkGPhN9I_zXYAmhyhxonjZom0xzP7Zr9ow_Z5DjWD8zeb8jcpChnPzbPveEIpO7pZAa5XMLZEnvwsiyXBuzyjUIW6SEaK0GP4BdCPFmFvhi6TxIO_xR2ywawNViyDtSHENQSBEOh0fGM6tYz8m9aES1QG9KAFGVK41G_mAsx01uXvzGaNZ9yI178J8FqTPV3BNvocwbHQY8Q58YCRlIULLTBUV6auTkqzSxnGqkC9g5CVzCNEEFBHXjdNQpiUlhG3jnSjwFRn_3e5HFyAcMzX00l5uT-2-vlH7T2Gv5diCW5Xayz4-3ixJYaq2dmPCMZJQoRc7R6cwRXQrFtam1xl3UO0Th3-pepUAp0OmTkiNld5rS_O_9Gw1ryQ7D2xMkelIo2ZYrOOcCKfkQFDQfmMjBmBk5lJhywGHMj4rQR1iKaKrGzqrnRVWcdfw_NQxY0WdiyavE2Shq-Ym620ps9ug6eHr2deyoXPCaIor6Grn8Uk83PMoOWI1zS9IuAiDzoT6yWQlTMz0YEON2BN-y6wmEzrCFTZ04sBHvwYvw7_6C_Q2iXMixJhiGideaArdo65vootGJwftlJtpkwlNCqPiZj9wQKAs7ReCP6-6wKnYd_5A6VzVdZ9--8XFFy6foGLPROpJsGMPMPtHbgy70HPDm1QjS-h1tBqWfvFXjp1AHPqq-U04gRASA13JwAo-FYYEgB73PVwMfSbrwPDxt6jP6pNlS8uwiYMGii3PIfHSnvoowPdIEfKjRc_l143iofdCONITfDinL6ePF2Ni5v-xCAEtMKkCkJc7xYSJxpQUgU9rpN89_9eTzdwLWdNsNCQAL9yewzLs6ekmLvqm8tDP8cOhF0MVCU0nYCFJWVUv17k03hIUo_7zT4506SbQVBUFv486CPe1Uq0n5Z7-odvLPZfB90mFa8TErb7-vVptPgSEXIiLFaDqbHoAK80_FgqzEERo13c820OaA5ADvuDmN70x72tuzCZSiYQjYto2xwQnV9FbnZm-NdJEUJ1Km3CLAprU4i65riJeTM9ZhdlAnQ1&cid=CAASJORoivQ8EaIZPjAwJtZTLYrONVecVyuyEJy7Snu4XQb4KOh2XQ&rfl=1%2Chttps%253A%252F%252Fwww.posthaus.com.br%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 00:45:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3012
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 04 Aug 2022 00:45:06 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220719/r20110914/ Frame BEE5 27 KB
10 KB 21ms
10ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220719/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18091a39db3bc6d68a187de5d46d8f28e49beb8d9431e9c8e5e9db7cb071dc65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:30:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 277
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10561
x-xss-protection: 0
server: cafe
etag: 14610481443806215460
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 04 Aug 2022 01:30:41 GMT

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame FD66 170 KB
59 KB 42ms
22ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: llinks.io
URL: https://llinks.io/?fmFhB1k

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
Origin: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 17:51:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27849
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 17:51:09 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220719/r20110914/elements/html/ Frame FD66 8 KB
3 KB 12ms
10ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220719/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CQ64H5Ot3AxPJxcWuYE9pVSFQQSYYtZ4wQQHg5kHQGNvOHjicy_cQ3Dp2IV6XEfMT89z3WrHpFlQ__tYCVPtkGBdrvptrvfbLK4p6iEbn0mEeNjM10OlT1fCSlaIVnhql_iUh2TQb0bc-foqT3HHXmd79W_A&dbm_d=AKAmf-Bru5OswHySH6M4_JchLSlzcxMmA7fuKx6qKfsaKQTB0nsAQOPlB8B2TAMWm1oF8hJioMI9RqcJrUhedBcFORQpg6COhOl2NpuMdW3HV6IDZGthEUJOT1iKg-8kQeTtuGYKg2IwnzVDJpzo4plNxjnApxzFiRRSydLElU-j8AzYgUHOmWu_NJziZs0XrRTB4h8edYvCUDfUVwWnIf4r2E-zKIfz07SkDB5Gt-5eqWZtz58tWZcAsFwMKsYJJHoBN55zMlbR0l3e33L5vCs2FJX4_oqYgb-v8_bbn3XguzPZRcbN0Pkyvivo7NPGEc7iG9dKB5gmkoZu9Uq5g-Km_etzTrPQiiteg54e6nYRvSoiWyU2cDctTp5i2A4dYA2XnDGguJPhNO1ZIWTJFAUXDZwvMjM8hXZ6p6XAl4Rt1ZO2T22TG-sBhY_yq2tDVTGENyorrheH_6hxhCFqW5VGz3g32mcaR153SykKWVyvX3n9UGKxX3ho05JDowkgyTLU46eLIuGybJ8uZR0i22sBBenf0xQtPQV9I34tQDf-T7Gq8N3BsKUMLwd_L58Hqr1g6X7bNft2kfQ08--tv50w90zhSScq_hZVz9ef15xQtfB4zqhPDe4JLGrVlxbG06pqBpuuSuLh9nJdlinyKTEFCzMJM_Kz9arQA34eWYvN6jnn3b7Dupt4Tn4OFLLUcxppV9fOCCTO4_ymWblVnWvuJ4OBMtm31rBPrRCn6WiSgHkAb0bDy96FEagsb-5y48cX_B2himETxptjgXHZ72ckmY-rIOQ_vma-UbWuf5x7n4Bl-mQRc5YHHpbgerHb0QbAXI63aR0LlC1JQwBCFLVTnVwFYz33IYDKNj9jVaj8JAdPniR9TuVsHB9myew4n5TxtSKa1HTMInfcc98L_gPCYdRoGcYgrXTuPNVrvndw41BcjoN5hGk2hGO2AaiqXMZ9kWFDw8bH4BpbiOtQmc0aJk7l3skDacZQmm5tyE9sKwmnGpmhd76i-hlxm3CMKUrAFhcBchOGC0h_xewLC2hajE6EjPY2gzS0n5FDgrCKMR3p5LbRAjrjUEKWpJYpDxB5qVwc9juNBQ2cQEspWZJ7EJcjbN1_CLTuSBYvUHg0XhaME20uqGHbEtcFAa9lmsFgGwtjQ0tabiEV_oD4di5dI98gz2X3LyPLjvXY8aaqVGgyPt8guAgID7JQHqYujw5Pz6eIR-Vq9kjmUlwP9WOboc4i_jaW3p1oAAWnRCTn7XbSlqouK3FBCJh1s8WBLde5jiBUyNhGx9_c3xFvDvxX8PsccUxbjg7cUbhfTobG64-jSX7G7wD5nev-xFL7ouU5QnLVrvp0DJEZ69sRv0pb1EZwMKcxUcnz4YTR6RWKSAGlhAMh_xoy9kFdpCUQnkP-M8l6L1tdHrGql_VmkwLSj5BPITh_1yM741dlLvreQOca9oCsURM1IxeAmqQSSeB2sAdVDzKQlk191FwiMbQM95QAG4tlVQq-ZrMs6doxAFVfiIeBv8YoTKN_9nJM_un1cpQ_6GZU74x86szfueoO5a4Kt5STRRyWTORg2ciYwaXaRqVrAp7TYYwdCV8hTv1cpfMBlQtbt5mQezIm12arITdLevRwGoqv4Gjx1YoSxUJgUuJzmLqPvi0vzCa1Ni-D0RcWbAfCIwpaR-pykluXB-rm9aqZkw5Jutu0cPnE3bwlaJeTMm-bEc3xdfvofKl_WW7uNweLZ1duVvvF_UmI-CcGO-fPcMwlu4OiptVrdKslxHcj_xfHi27le8IfSA2lnuZFz1YC14hdYzbh3WNOVFaFTRMg4NOoCyg7SmAMuGOTqAv_HhsRSt41mBq026PCg_vxwQEOWgDqKF_T1JvKF-OKcETDOhXJqYFXqLbcvNJtpGr9QmqWS7VH4Ha-_1YlpUE8LpA1cst9fVZ7wLGb8fak6B3B0FaT3UZmlKxezUBSjFQpdBpiiB6JVQwmPIwaLnwF4K05Uk-NfZYwxCFmWSEGenvKm8epqIPDe8EeFCZoFm7E6uHqEoraU82mxLGKuhmKaUjK5qQrTelaGXmhyxzGcFHOr1bXgHcsvWuz8d1tsE_nqAzIB8QueaQi42eGOmtKh4g4qCGj7dztYU4OUHuTVphvkSaO2Z6bH0jr15MCIO1haB-IQHDIo2QiGcJRdmIcPdd7eaj4w1TIHtdm6iD-2bo1oRgIVFWhkS-_pXAN5SiP9HK_U2fmNJxfrimCcXnETKn9pMisw9qwODlLf-3kPoo8Z2OwVS_T4UK8M2WX2knSrKxzmbmEYbzzuN6vlydErtvzpjZCjB9Hrx6BkX_hgWNfB_8SDbXcRa07vaOwg3Xuh29DlBaLgufIio7TYufGjtqEdaMFCxjncNont44t1jXa8VdufdFheX7Da19M6_0XQ0_zm7s2upWrXkVFg-m3tRBvxo9P_504js_UWnnQZZZl961_P6pyC89xDKT1JeNvlVNGluZ1cmkuEf5A9Eqq10NsJocEkPdGcD01HSvY1t3G5bw-3smWYxpKPYRrGcYL48PJypcuOpPTzkoIHjUavkcf9g5iPOr5ieKv4UauZWQklaM8eyG2qR4zpF6LhQDS3wYWtE0qbhfYQx54lAXhQ4MRJEgruvHJpfXelv8rakS7e_3LHm2twGJ_R2lHXOxuWHF71iQC2wt775DqRkQgiQaIeqIIqEj-umSRGutiZrafPmqs_LrwsgZnbqSzdciK5T2mp1p_03rFoJZ-jSIalrLX_27bbJYhXW0nUIzkz32q3aeXPqIQ-rwmMqJaMXB7HFwZX2wD_bAt1icjRK6L0qDT8sAkiYeavLsOPOzAKMGpAZnbv1vEZfDTQnizM8OlroiufO4rjr3yQBZckIvywzgP99Q9DJq1ELHNyMUT0nze9zgjOyatuSFAoMlzTDJt74EeEmEezFLwgCIOJX9anJJiHM1zeT4URt1B6qHvnO8_YrJmxpMwbvtyngWKqIKtJVVJVcLK-iRZBHzOo874d5SenHv_WlEu0GihAuW5QmwjPMopWkVtYgGw0HlpU8mek7eHXZ8np9XIIUAfFWGyEDeExkfI1MMs2z_WdV11WuQsXWoGi7qDOUXCVEK5mDHOzCM0x7KxEh25GQPGMPgdI6eG89Eodj6pmWSC3elAcN6FVWuN7Zp8DYJhhECg3WPPds450WKnyyFNsgsIv2lHb6vqGm7RXBI9-47ZnwMwu4WGr4yuifkwfPGAKvyAxCm27gWkcfL7PH42APLIsWvK9KPDx0uPrHJa8e6YB5UO5fKc6kpoOpA2C4NIdf7LzDCVt-3bJj4soLZa924BEWEEvMNfeYlR9l2Bi-z7b4aJDdhd2pAURxaUSj8j6lCgPnLi9a6H4jvCA0cdg6_O2guahTi3YJQbbkDO73r1c7mM_uJL-0mGoZAN7CzvvWtMiQSWND25hhnHAAvX6tvQN1hQhUossxltBi5LItG4Uu7XOfrZ5dbi-X667coCisnHvvBNhr4pfZxnkVpSLXajJy4fZDC6&cid=CAASJORoqnLKAXb3z9rtIND3qQGv9sEz7BvoVPbNZUQ5P_onQW_LYg&rfl=1%2Chttps%253A%252F%252Fwww.posthaus.com.br%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 00:45:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3012
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 04 Aug 2022 00:45:06 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220719/r20110914/ Frame FD66 27 KB
10 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220719/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18091a39db3bc6d68a187de5d46d8f28e49beb8d9431e9c8e5e9db7cb071dc65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:30:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 277
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10561
x-xss-protection: 0
server: cafe
etag: 14610481443806215460
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 04 Aug 2022 01:30:41 GMT

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 0F0F 170 KB
59 KB 30ms
19ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: llinks.io
URL: https://llinks.io/?fmFhB1k

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
Origin: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 17:51:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27849
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 17:51:09 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220719/r20110914/elements/html/ Frame 0F0F 8 KB
3 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220719/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B0y4kY4JjDx9xOaJW3DYJDjfi86A_6yrQKv4Q_Red1decZFxb7ryjeqL7orqugqZjgrubmOH_TTQBA1lGUqF7dB2hHVX18Q00tqFJIdO9WNeeAmlYAYTsXj7auWgW8kKqoAv1EBwDVHJO95GEYKQBPV0sR-A&dbm_d=AKAmf-ALh2rwq2cv3qSwyhi5otWqtyIkADLdcAbUd-aqei7hhzDznpanQzaBg0ySP-TdG7WwAIWzzu1QbKnLeAGzGVWIugFRGJTnrGl0ECLKMzK5AGWJCIDLKL3tZq8RdNrdgjNCvv8SJ9p2brVF_st2thFA2URRiBZvKGJw9-zs5mJVFnBtNDWOTBcfrwpoPQwleAf04ifYhHUOZ9xjKcIaWtL1al1JedtctZE2WWesjaYnnkvq21bOK09YonIpgesS38r_wadcL_Q8Plajq3iaisxAJCr04fkGqsEd-f2bYG_vt2ovHjF2IXX_4nNzJM_RXlafqU1e2uYGcpdOqxetYROnO16gbfpqXgSuOakhXllmj1DEtPfeGk26HxdPhpECoROS2xMcnZduRY2LG5k5-7fP6xhG5aEZMq3W2rKvjwFi1ttH_opLnkTd7Ba_0lQh3iHCJeJIa6iuu8_a4yX2OgH2rqdbHEuhuWWT58vu6idayar7JbUyYNAt6haSNeQG3mleLdMlwgijxwNAfFMkHKOHcs_iLl8aVxsVF_GGoLVp-QLkZoqFKBGwHd_9nhiim0xyMv83f_DNzQZgRQ6AF7u6M-tUrAGQs7568wRG0Q195WibCzmzB7fHcYThEkZ_k7Et_vLee_5GgOT12mCAsyEwot1y0CRyNE_n-GeEvQvsrfVPL9EkENqDphK4FdQumJQioHPJU5iNfBf80OKCN17BZRm_KQ6Pr_bsHs84nO9tfA027ElyXFfFsiXOM65jxOprIskMytK5SIa8G4UKsgI_A4fX5ZDzVQLYjxXpyHYg2uShxrDH5nNIICFiGA8W-Jbf73iyIoihFg2IJrMoZZawiSfm2adtWn2DZKmi6ZRV91mmCweG_-g04GdHd55nprxhCmIOGFG1c4JGA9cDdw6nE-elLt2d4dLD096e8bAbvVdgTgeZOxCX-fe2AlZYyIh0RUSr8snK9lIlqpxwvUsmfx6MhBiE6Kyo4xi2Xv3M2QtoSR_UfKDXNHolke_361tatDDPD6Wtm1x5mt1k66ujl63XGC8Yyhk1flDRxCt7ZUcq_cpyKeGJHKU4StufyftT1v7wczqw7_6yDPKP78bR6Mq8lVB2gZw2coOYr_yG5FTS-YnYICwP2NakNSr8y725Z1SoRB1TDdCWkACZ6eHqa6hXlhMPLEjKA_dpaeAmNrluGfIm6_c8S5xqawiJPKYvR4P0DnCFqq2y2kgNcG2vDGNBpaaO3ud7MKROspZn-WiLkG2e7GYvUmqRimB2wTn-XB_ejL3W-kj3gkNwiuAyO4QDf-l6_rxhTZ7znv8Ieo2uGzVQW7tE63y8nEAzArwaYL9HC-G1JGk-D5GXz0h_-XDZyxSW13AQL5uWpYrVXDstdNWqXCzSia0fEZH8jfnE8U9sY3VUifR0x_ipVR_BNB7fiNd6kyMF0rQir94bMxLRMFQUEETYo-4gU8kGI0Wq0hY4bA6BPoHuePTRF2LMKca3lRmx6KeSLp8PidFflCdPTg8jhVm2WSeJ42bna2P4nbaDD1emorkrdUmUzWVxqmX1b7rFhNcUpWLRDCSOgABiJuxVL2ZJREj9q3NI1zeOXNHlRQ-W9Q-vbxuKg1LF8ae9ca7fJaynV15RnVQKTQnwC8648QyPdJE0lfb42226mblDs3xZ-Fu2Nz4d61ZRO95QDyFTc_Q8Am91809N6PT42OVBMp1AeHSoZKwr_6wqi3hYOJ1CssR8v_TRPmXFXkJlkQUrJdFR6b1C8Mng0v_59vN39WIDjM7f-Pauxe2iU_KQxTVfqfw4Vg_J8hLEfQpIZVmdLkdvj1fO7mxucNw3qS1pYOj2LMZtey8F-SNbcIhCd4Um6Y3m1PsKjpnxYik7FAimCZTEggAKtT9_3oDQcHyxqhH8pdiAKvuMAWyIjbsCItT3eM56MlnW9JIIBbBDfkWNhBiMiOV0n--kBocVurODwwAiHRL-7tqLg952izYSHYbIUNAW3gr9mgV4DjhFww5s4sXJ7Jic10EiFjyTYUeXTGQkdv-Y3jkaXQfPxFiMWzchDum3EQoO_XUKrxxvGTnEhPx4fwYc9g2_rYo4efrJ0z-_Wv-FNNheeX9GrPq5HI0M3fkJu9o6cO7STwHgST1uuVL-337tj-Q_GnrW_Ka2pYaaCr4z-u7R018dsA8acuFPJtr30vLxbv7ZR2f48C39hanDOqS7_x1RC0Iga4qBdspGqLs7EXAKYPDA7t_ttb-ljLzhXZMkxwD-y6Gn5a9mm5TT3z4xrtTRy_hF9yXQuVZIiPcsEU9DpJ2Og6aXcyBlq9ffK73i9oB5qOh_KRR6YLvItPjC0cZthmYBlC-_jMumi0mcqqnkxE8xvyAEvD4YXVq1p5eqzl7GY3LkO8Bb-jAHl3m2hTR2nNCFK_4uRdhQsE9lb8VdDzIOidp8a1RjwooHzLLEUIVVX1yVQWZX3LTMIe39s8em56CluOCecpLAaohNqqXWyr6-RKzsXXTob-pY_kyLfY9AQVv5NOpLqIvN-V0sYYwwn2M_OKT2TpDQGjapCsNCKndq2v_rJiJDZOzl9dWipLbvyqF-Ff-euUN7sXhA0Jnp1XQHfHUAnlYu1R6aV_OemJOEqy7BEn_Y9pAgvFKJkpAnQGm5ZPxrsR92FnE9iqzxg_rK0zDsJCn9vNzpdcWxXkNoCLaXYVcWdHX_x0Ttva7yQcuvH4rGnTjdIArF5N38wosGVPt-CfSOQs5WFtq_S92exmGpw0ADkFa65VngER4gji0Nwkqikd88eB57IK5SXbWpmXbz2jpys8-V0xMr7gmBVFWc8n5wpAGZw_ng93s01Y3MTym3VrDvIXElBomrrFurLqJ-q_XTcuiehZxdK_lONXyVVsSaPYUxbao80i6ItZekaCf23u0rHR0oMg_PUxRYOd0EbqLwX9hxDOmlqwF8_Drpj_ETgnJBM2SVuijZZ8LqyYcNboUa83gNLQMkc5OqMm1mCQ46CosI9Xt0-wcZwyLO2aEYpAE0dBW38069BaDKE3vx_77S5b_CQcQ3HifeYRqIf0ZaDRoc9HrXzd3dz_3AD4ElenvHJtynfzBiLF1pkrt2fKp4f-MbCGq8iRw1cMwXFVn2kN-ZJco-9oCzgsFHCmSUxyT4BeYoe8seazoKO8qGNjDfCKOqXaLYckqKEovhhjCt1vXMsshm7l_Q31_6jm8w_NAiFKE7pExPm7OHTE6bA_yyGlam_5kEraga_kNMB1HQZQNNGwRy8m2Xc_eLEB4ofxLK2ALaW2MVP786GSWeURdoIo-TjwJdim_ieDrUrEnvOL3hIZVIkOsYlcD9-quHiIsJmmLHM2f3GZLh39BGz0cj-ANKBOTFJibwFcxi84mG0wXtrVZ9K50NshHz2GTvnNWmkMxe-PtBHDvmXNfOi60p-dvSoQAiUBT8h8ruJVKBNUMQfhMi67MrIT2S0vBV7ZKGInwfN_qe0tmeW4wrbruYb9XvIAWaKC0g5vruBakTW8bBgrEZe_BZ572t&cid=CAASJORoCboZLkrIuA1LDS_ZA69BMr6sGpFsIBcN4CbYCFH5QEE5lA&rfl=1%2Chttps%253A%252F%252Fwww.posthaus.com.br%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 00:45:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3012
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 04 Aug 2022 00:45:06 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220719/r20110914/ Frame 0F0F 27 KB
10 KB 12ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220719/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18091a39db3bc6d68a187de5d46d8f28e49beb8d9431e9c8e5e9db7cb071dc65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:30:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 277
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10561
x-xss-protection: 0
server: cafe
etag: 14610481443806215460
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 04 Aug 2022 01:30:41 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 87C5 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 141345
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 19 Jul 2022 10:19:33 GMT
expires: Wed, 19 Jul 2023 10:19:33 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame BEE5 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 19 Jul 2022 10:19:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 141346
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Jul 2023 10:19:32 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame FD66 41 KB
15 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 19 Jul 2022 10:19:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 141346
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Jul 2023 10:19:32 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 0F0F 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 19 Jul 2022 10:19:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 141346
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Jul 2023 10:19:32 GMT

GET
H2 200 main.gr.19.8.327.js Show response
static.adsafeprotected.com/ Frame 2F65 186 KB
60 KB 44ms
8ms Script
application/javascript 2600:9000:223f:5400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.327.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=925113&advId=818595827&campId=15484256308&pubId=1&placementId=396821698&adsafe_par&bundleId=&dealId=&bidurl=https://www.posthaus.com.br/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:5400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fa9efa00a715700d9dd94213288ca6924c7057dd521206c6d88b314bf096d788

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 19 Jul 2022 18:19:16 GMT
content-encoding: gzip
age: 112563
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Tue, 19 Jul 2022 18:19:05 GMT
server: AmazonS3
etag: W/"29895ca47eaa0e27860bfbc1ef717cee"
vary: Accept-Encoding
x-amz-version-id: NHzcLihB4moHfQbnMqJAhSXgaIBWnCEe
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA56-P5
content-type: application/javascript
x-amz-cf-id: XTUoTxla6jpo2ctM9Kq85I6VjFzWOxIJhORxLoEJ9PV261u1vfqddA==

GET
H2 200 main.gr.19.8.327.js Show response
static.adsafeprotected.com/ Frame 0F0F 186 KB
60 KB 52ms
18ms Script
application/javascript 2600:9000:223f:5400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.327.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=925113&advId=818595827&campId=15484256308&pubId=1&placementId=396820527&adsafe_par&bundleId=&dealId=&bidurl=https://www.posthaus.com.br/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:5400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fa9efa00a715700d9dd94213288ca6924c7057dd521206c6d88b314bf096d788

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 19 Jul 2022 18:19:16 GMT
content-encoding: gzip
age: 112563
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Tue, 19 Jul 2022 18:19:05 GMT
server: AmazonS3
etag: W/"29895ca47eaa0e27860bfbc1ef717cee"
vary: Accept-Encoding
x-amz-version-id: NHzcLihB4moHfQbnMqJAhSXgaIBWnCEe
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA56-P5
content-type: application/javascript
x-amz-cf-id: QSnUNy4ncVuBEOPYezns_v7P9txYIvshLFSscvCDz3a2CsWQCRGe7Q==

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame D894 1 KB
749 B 7ms
7ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 43247
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 20 Jul 2022 13:34:31 GMT
etag: 48472445140208031
expires: Thu, 21 Jul 2022 13:34:31 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 2F65 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fed6d10f5ae580f985370bf2f0606e9fae2b17790830ae48a4c35f65401f569a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame BDBA 1 KB
749 B 8ms
7ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 43247
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 20 Jul 2022 13:34:31 GMT
etag: 48472445140208031
expires: Thu, 21 Jul 2022 13:34:31 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 0F0F 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2f0bf23c8420a753a958c855664268645993beae150f79fe93aa06ee12717d44

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/17214852891647431513/ Frame 5B65 1 KB
653 B 32ms
16ms Document
text/html 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17214852891647431513/index.html?e=69&leftOffset=0&topOffset=0&c=VyjKyA1j6L&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e41ac1d6a7a128b7bae0b3286f23c67705c4af9904943a7f6112d7033379e7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 625
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 21 Jul 2022 01:35:18 GMT
expires: Fri, 21 Jul 2023 01:35:18 GMT
last-modified: Mon, 25 Apr 2022 12:30:35 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2F65 0
64 B 85ms
55ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst5ebw2DS3ZeSM1EKDWRXaUDg4Keh5RTAz_w675EDRlt9SjRc0mOU00n30aucuEs1BiV_XopCIIuiwQetvNPcSe2P8GUgoHlGa76jD6mMpZgzMLud365lxY7WBKOter8g9DLhwFTz1yoyeT-N2Ih1sEJcPj0TnnDgMhqSfe1Z3Hvmd8xqEzHvH_wMHNDl44wRbdfyPgCFET02VnF5vVmzxlaQo7c28NGi5tBF8vYrru9kRWVZWfvWPjzeI5kXfluPOrLscIVr7dx5XQUA7Xqa5kdKaFE3G3oMxLvIvmpWlRQCW08WsT7JqPKovhyoTfIgZb5XIbtxywo2uoSs3kvMGqLYICh_3QPQxWnfAkbv2nsMmEap7z7iClwL71eQ_HDMHe4PjWAOI1tj8VVetmJYQ30_vl85A2zIWy3nNU71H6ljz-MjwG0QZbbGbKGVGPAcvYvZXKC2kcnDfe0ZnQwVIRNLy4OqOK5nbSwKuzttzvKccJvb1YHTPzljQ3A1O8s-bLSXPSOLE4_W5POZsUDTb136SrRumQCwvFLXLYsGVNmASjpvL-wjPfbcLi4bij87I0z8dJvwj9g3CZrVM7quZm4NP4xdAvKSoHajU6x2k416SlCy-EzutIQzGb-f9bA5XsFZTkvlYwWpjrPqIj0aAmNzh8OiLYO24fnlMWTU0v6YTqb0X77WTUnRiRBiipe2EZ8AJWxV0Nwpf21c1SLk4Q2pOojZqInXJlZBjCMn2HU6Akus67GRnKdK4N9NBhBNb65wxFTCP4C9A42rPm8DF-Dv0PMp0-ygohtgcrc-HhW4Aet1tHwvtEs2eIxInwxRdE6xs3FvRt4P6Or1ZKsCEAvcGjtljEOnS9I18_yOOv1SWdX-EX5qbPL3EDUPvCGs5gmC_uc5Z0bSEGccpv1STlW6aoItJ_JfsY9101NlSi8uijIw-SJdiLotHRwxvMvT86sD34qKYhrhynWaPW3r0SVcm96DlKLMVlBK1Q8uJBW0xfFdwMSaen4cOxc9w1m5OCpOiTuJ1Gsd9JD355x6qVSLkRJYWoOcOiKK_6O_7NdMrI7Q9mOh_TgnRx2umyT2hHscX_ZU0HHonLk2wFa4zDezNubuJ5vG7HHdzokNWXsuNZhI24_HcRpEaL1_Px0H-2kV0wAVLldvVKMyqK_bPNdHac_dDvTPKFZUJF_FWUNHfqBt2dT7mbzoNBr9kp-O4wuiVJF5f5EQHQJ813Aa4DD5jOeZH5AhB_tl-hlWqzNbfvEIeE&sai=AMfl-YTjmciA4x3oV6q5Y2fgsv-fHW3Tu9cxSSiqkzt-uu4-NWLk_rsSwnrLBNLhcXPlSBJ26sdey9lc7PMWpVhGGh17NyfKY9xvVCrNBEni1TLjRC98GQtBf-Sv5I6h8sBg23UPncjQ0y3cWznA-4CS0qXIqScQGONGakqJz7kMqIyg8R9ZyjR50iG6m8CL-H3n0tNrkq68oi6B2MfEugkS1g&sig=Cg0ArKJSzEQQnW6tJ7znEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=169&cbvp=1&cstd=164&cisv=r20220719.72125&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: llinks.io
URL: https://llinks.io/?fmFhB1k

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Thu, 21 Jul 2022 01:35:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame 2F65 43 B
1 KB 87ms
19ms Image
image/gif 85.14.248.71
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=63&extPu=lh-mindshare&extProvApi=lh_de&extLi=26966436&extCr=163178340&extPm=322983799&gdpr_consent=&gdpr=

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

85.14.248.71 Kamp-Lintfort, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
Pragma: no-cache
X-ET-Code: 0
Last-Modified: Do, 21 Jul 2022 01:35:18 GMT
Server: Microsoft-IIS/8.5
Date: Thu, 21 Jul 2022 01:35:18 GMT
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 1119
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame E4DF 22 KB
8 KB 8ms
7ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 141345
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 19 Jul 2022 10:19:33 GMT
expires: Wed, 19 Jul 2023 10:19:33 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame ED24 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 141345
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 19 Jul 2022 10:19:33 GMT
expires: Wed, 19 Jul 2023 10:19:33 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 main.gr.19.8.327.js Show response
static.adsafeprotected.com/ Frame FD66 186 KB
60 KB 7ms
7ms Script
application/javascript 2600:9000:223f:5400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.327.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=925113&advId=818595827&campId=15484256308&pubId=1&placementId=396820527&adsafe_par&bundleId=&dealId=&bidurl=https://www.posthaus.com.br/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:5400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fa9efa00a715700d9dd94213288ca6924c7057dd521206c6d88b314bf096d788

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 19 Jul 2022 18:19:16 GMT
content-encoding: gzip
age: 112563
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Tue, 19 Jul 2022 18:19:05 GMT
server: AmazonS3
etag: W/"29895ca47eaa0e27860bfbc1ef717cee"
vary: Accept-Encoding
x-amz-version-id: NHzcLihB4moHfQbnMqJAhSXgaIBWnCEe
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA56-P5
content-type: application/javascript
x-amz-cf-id: 7Xn1pIwaVrSfbx2K_rK9oecNm8Xl-QHbYn4zylmL23VzzS9MoDVwgw==

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/8756305257970053338/ Frame 38B7 1 KB
612 B 15ms
15ms Document
text/html 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=DRMWKuu0uM&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

461d107fc613d9f2192dc29ce8c55a4e7fae5015ea83f891a8eefc8a13015ec1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 584
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 21 Jul 2022 01:35:18 GMT
expires: Fri, 21 Jul 2023 01:35:18 GMT
last-modified: Mon, 25 Apr 2022 12:30:11 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0F0F 0
622 B 52ms
52ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvp8rltGLQLBu0aJ7hhoCgJ9sAwFH0Q9VMozKFwgA0I3y8hvD5o4MNWdWTkqGruGhdAQw29H98DAgX2h-c343e5jfmfn_VgPAfS5VFj7e_bxMW2i1ZDWTTCsGPuJlgdoZ2pJWW3EmsSaZ5t9gnuZyfw9gIsDzpqRmD9tK1BsnZq38HWOMNemGWrVLeRG0cYh05VGhykdTqdC7grdSk7jYJZYE6FOuAtZ2g3AHb9IA8gtHUrEXdx16au4QRk_Orrjl2RDKkPCK2Uyh9I50PvkjNTxe9JkmEgm7_5rdPyMDN4bnoEH7mqAGwCKxm7ydDsrbhD6hnuzHLvanim24b9plpqxIcr4lwPYvzEVDfaK4oz_HuWLMoJf_GnoYQliUYOgqWzRzKuGcEhr9MbZBQ6NaTvABA3svCZnCwRlK84MmOCqg4UOivIFHPHkwCZTmGCozh6ZbqXwoFsAXNbbZcZyrsa-kGd61f_pYOBMniYmE-EThyGE6sd63cEKhexRr1Rzo4EDTIpgTi-0p_rnfG1_wrNsiL_C3gAYRSzSf11Z8GZ_bledMRQth8rd20KlgvFUxsDT4LA3bX0V0Y0CYUJI-QxMEtkUxylKcUOqJd0S85RhoH5icSirOt1fG5Lp-B2uQwkAKhIxtwnpwWX80VUPF0Bt_RsaPlSlrWy9QKMNd1QP-f_zhsNuzDTNUmvr3UGFDl2EV0JWTRZtp5tOcFKArHlAj-EqJR74OAmudBEzqWPA6JpqwRDs_0cUsr1glWx4Xy-Hrg-0nfA7F-vDksJqPOYAKTkl1jtO6PElWfWMRW-AQ1Yy3wrD5Y5JYJzlrWISTtkEgskmii5y_Rqy_8_SFVHJwbVIQs8WhM6mMlQsm385yZcXJ8nLxeZO25RqpuR9siOf-OB8liqcDKggeaFARBqXA4-Fo4OhHY6LF9bVNN-i4FuR3gkYnMmv1X3wDdV43J1pHu1G_TlfN949HnQDKPSxjDQ7q_1IVZZw8_-m10ynUDueDbrcTeIOUw--tds7IsG7MjyD59BMMilF5TfzC34_hBS8rNl52suXgY20efXWG1IZpVNylmYpsTUD3_xtMFQKjJB0Om20-WJkfEGjJIkV8PbBAsnN74EriAbtZZiOH_m1_oKTk_kc_xPh1OGYjpYU8diU2mEtljTDLTH9TBneVhLyFOfX8Vhm8EJDtSIfryfFiOJqJo8Ik3lNWlWrk2YoqRcRdc3Ka1Gi5LSnZCiMKq6f5-ozp6eZ6tITT2pDpaCvEB1fSjQTGM3-yrq&sai=AMfl-YTtoNGFnhLAyOTMVbIunowj58xueHoPFcQ3r-qrQQQL2npUREH0KR0R_xQXQ-B0fK1b0GKQcQbY6_GeaTv17lAmPtnc-tOPCAWMEhArulYEYUuA_HrCB64C16myS1RXCE7gWge_46MP8hc0UCvWJshKPkgWBYHVD19ECs8Yu9hnyR01jT3hdQWLLmV9NH83MLnnZhmCZ-Y0leInHRzXtg&sig=Cg0ArKJSzNWK9U6f1cFyEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=145&cbvp=1&cstd=142&cisv=r20220719.72686&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: llinks.io
URL: https://llinks.io/?fmFhB1k

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Thu, 21 Jul 2022 01:35:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame 0F0F 43 B
1 KB 62ms
20ms Image
image/gif 85.14.248.71
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=63&extPu=lh-mindshare&extProvApi=lh_de&extLi=26966436&extCr=162822677&extPm=322983805&gdpr_consent=&gdpr=

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

85.14.248.71 Kamp-Lintfort, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
Pragma: no-cache
X-ET-Code: 0
Last-Modified: Do, 21 Jul 2022 01:35:18 GMT
Server: Microsoft-IIS/8.5
Date: Thu, 21 Jul 2022 01:35:18 GMT
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 1119
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/8756305257970053338/ Frame 1AE6 1 KB
612 B 15ms
15ms Document
text/html 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=9ECAsUbPOU&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

461d107fc613d9f2192dc29ce8c55a4e7fae5015ea83f891a8eefc8a13015ec1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 584
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 21 Jul 2022 01:35:18 GMT
expires: Fri, 21 Jul 2023 01:35:18 GMT
last-modified: Mon, 25 Apr 2022 12:30:11 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame FD66 0
64 B 52ms
52ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuE_-H47CW-y4b8FNZWvozv30n1BcgZSNgx2q-1reBsbNjlTeiZsw8Rqa5eLgYtx8jrHSeDmMkIXeUiUpY6ZnphLUebOaxsvhY63kLXap_cX4bN51AQjZEKzBCiAI_TnO62U7lTsBcaOR1UIWV0iKv3zuCb_ovRI3AHgztKpYZwifP5CIEI1ZH4gpZW1A7U5K3VKLrKqZLAHHBloxjb-SF9Lo7QqPqnHaNsz4HCtZpV2ZyQrNbjzr9mmmSDpcRlm3Zj4E7WFiRQc9guphLbNV7v6fO59nwZHOow4VaArqFlSfFMdkLo4QV2881LwSzvQhONzggwuqLa17YMi0uoT9zvA_mMnQ7f_FOtE8uW3VEQQWcyFBpcCmFJbgPLIMTufnGvZKRj-ulRzLNd4VIXlmqP_Yf78fhVNFIzI96y7_pI0nAPHdrfidjxEk2M4cKiNH3IBqRxbm343snR0_fDNSPzMHCmE_UMsIQj4r6_EaDbfPnlfb0tLlfXz9XNAdV9oPaHIKrAXreFuuzsyQV6SFx-bypzt9z2mFols95BajPuMKsQcgzIYjkVhJXOBpc7izLXopK4JrqGMSmcwzCwzAKHuETAeVHWGxpiWZESApmcjQ4moWlf19qWfYPJ4RPWcFa7RkX0A1ah--MWtKXhdN47nfJFLg8pfmvtw1CaICvUA9SI7Y3eLhhSiKt_vBewwHfHupr9VV5KkzYms9csow-TexLqiZaFu4b_SPtsrnqic26grk0BdMDnbLqhjNYZDkL2iTMv7jdXC_bMV1ABUdI9CBtEKO5RcPN7HAJvNTGImAlVMRSGHDsHgU1q_Lgcgk-9WzqWQ-6bDoZMa02wFqO6why7BagA7MtSDFvS2YrFth33ZvsY3EI8l26MpagS84IwP_BbgUephVZRPd8MGG2j6B-O6vLpcRHhEiJnGXSa6xf9XK3V8vE9y-42PaCHmLkMzJxqhY7KeLRnhhrz4QgH1KwAYdc2q8ABhRGluXgZpTHcEfp5TKGF363CnhysWNnGZK5FXWABJD57zUj5xaf_AEt7deUEUUttStjDHy5Sppv7psu_Lo7w5OlYIgtmcpFoMBBNT88LY9JVg5uoSZ6aeoSRDwLc77hpbbmyqbbc8gIJU0ng4VsSZBXKwwN7lgSNb1be5pghe8D976b_wapvKB2ziBCQ7N3cXn9pIm8pLTVgWKwAsmlXk6veTCfcsYGgJJsKXlqz-y2u-befwB8q4hfkDBrIHVM1vV7NMIXbR-eAhDHpXnMtd3Z3I-A0&sai=AMfl-YTlMAWIy_PO0wVm7jiBu9fS18Xw0sXjs4Nn6gAX2wzQKr_gEx5zNH0Lb12Ezcy5M0I9qQB1xWtpA-LKrEzcKV8CPgcbVVMjCh1eF72E1lJ6h5tpjaea8vDqvi2LAvu9RUt-tH5yEEqLboTzThFvDqOVdK9yrfcl5Kx2TBviDS6_eZK9gd7YrkchYIWM4fE4pL9CCsXppu2OUOtHfLz3pA&sig=Cg0ArKJSzABaWreyvTr3EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=159&cbvp=1&cstd=156&cisv=r20220719.44922&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: llinks.io
URL: https://llinks.io/?fmFhB1k

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Thu, 21 Jul 2022 01:35:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame FD66 43 B
1 KB 63ms
19ms Image
image/gif 85.14.248.71
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=63&extPu=lh-mindshare&extProvApi=lh_de&extLi=26966436&extCr=162822677&extPm=322983805&gdpr_consent=&gdpr=

Requested by

Host: llinks.io
URL: https://llinks.io/?fmFhB1k

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

85.14.248.71 Kamp-Lintfort, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
Pragma: no-cache
X-ET-Code: 0
Last-Modified: Do, 21 Jul 2022 01:35:18 GMT
Server: Microsoft-IIS/8.5
Date: Thu, 21 Jul 2022 01:35:17 GMT
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 1119
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 5054 22 KB
8 KB 8ms
8ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 141345
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 19 Jul 2022 10:19:33 GMT
expires: Wed, 19 Jul 2023 10:19:33 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/8756305257970053338/ Frame CD59 1 KB
612 B 16ms
15ms Document
text/html 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=P1rqriH6Jf&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

461d107fc613d9f2192dc29ce8c55a4e7fae5015ea83f891a8eefc8a13015ec1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 584
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 21 Jul 2022 01:35:18 GMT
expires: Fri, 21 Jul 2023 01:35:18 GMT
last-modified: Mon, 25 Apr 2022 12:30:11 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame BEE5 0
64 B 58ms
56ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuoVZfoWt_NMIuK8_vyH-0lC6y-CFhic3PEDm1izQPa-brS16RPlyycZa_PsAItQ7XXJpBhqCNQf97uMjBhnstJC8vhBlTNbmoXeZewVfq4U5zXKPCmyZFDAQxzmSnRRHkOnr1LUh4qyvGmCUEdMna_hL27q0NI1VxptSvGoVHdXrOmU6soCGR1rKj5CUD8LwFTeoNMkjvsUrpCFGwIbfadPBrR1npqRAHfo09hI-WwHlPsYfNnvdTZlLFKERpePFyjfmtC_-1tSAIq2stWaeDx8O0b9a-iR7EY3Qm0P_bIoSsYu8SQNNrBM0AG2JFt07xU0v_bJKv6KQR3-PM6j2coowdQ4R-4Bu08WMt2fNQMFDOP0K2tAkyI-4VEpmGY1zSEe05qgf1f883Buo8JhyhCzn-rhJlHJSi1Es8WRoCdUcXavaqNkS5LAMSzbR7OMmPCb4PsQgXB1hFt_k_10q5P7n_MkjiWNNxrngR18yREa0Y7p2_7aAAjqmE15DfkBiAXDtbrnJHfj8F_VsLHe7ECJPUKrX6jfZkxCJpWWfIz3WR2l6J6gHf6J0heytvGIErMHvdcDwluCcZ6DfGix-v_Ay0qcgkxTW0YA7BgippxpkDCejnCBO5fQyQvJd1wOzg95FFeY27Xya1zGJ5l3SunlOFP_RtBdk88sw80bJHrGMcrp5uJqyl8J4LmP55tyP_a7_zRNKM4RYaF6DRYcwuHGlB8pNnUqoRhfjOTmygPReD8Ab813dDTXXtladtDn23P-hsCK00esaKHYNt1yUQDpyWA_nluVu5caE3c1TaeFCYHIkGW49G0P5D7elwJOvU8sxgPfSnNz3ECv94exwEL4ac8fPy1ZuIvwnBMNFLYkuTDqBSynxaLAnKTV_Gxa5dwZKJXs24lLSgIVTCIGAswB9ANFDAAPWdH807kkd6BygQ_k-VC6KfZ19rEwqWmxcsd1c4rlzqxakW7k4yFmv9qi0xg3PyL2E87LiAr55N8P_mzgE4u3wj9xRfjYotMDeSTgb2mLpEH5MqJmozXcM5OCo-5mLVwV55FJtBfSD37rbA-nFj1Vp40B8DqwyQFx-QerXmYugEVWGSPiR80AKGYLMXOXKzJNvSCS2sgOUhcM1mN8U60JBYSGv4VNBSq-PA-p540BvPt509s_XGLcvd8xFD1IaMGr31CSKGXiPMZlBcF46MhC-c5zuLEl-Cqd5srOuZD3M2TDaLPYOSHyQfTXHWf9Wo5OI2KgxExyIEPEULysISL52DnqFIfH9n7&sai=AMfl-YROEdtB69FySpZgqLpr9CdqJMQ-RpaAicHFwjpfarEO-N2D9IXRfA1FuNxVQjiZLIaWv9wTGmpqAts1xmglvUZdQNHE_qC1Rs2fwBKyVL_rARbxO3hlkqxNXSpCUAEco8JdaNwthsJY_KRMcARyEALv5VFAUeb7cbkahNuxIbeM2Jz6tS3WpilnVmoqdqqPLwEHak-vZ4kyBg5CN4kKwg&sig=Cg0ArKJSzMP7yeyle6MjEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=182&cbvp=1&cstd=178&cisv=r20220719.06335&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: llinks.io
URL: https://llinks.io/?fmFhB1k

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Thu, 21 Jul 2022 01:35:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame BEE5 43 B
1 KB 66ms
22ms Image
image/gif 85.14.248.71
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=63&extPu=lh-mindshare&extProvApi=lh_de&extLi=26966436&extCr=162822677&extPm=322983805&gdpr_consent=&gdpr=

Requested by

Host: llinks.io
URL: https://llinks.io/?fmFhB1k

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

85.14.248.71 Kamp-Lintfort, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
Pragma: no-cache
X-ET-Code: 0
Last-Modified: Do, 21 Jul 2022 01:35:18 GMT
Server: Microsoft-IIS/8.5
Date: Thu, 21 Jul 2022 01:35:17 GMT
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 1119
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 Jb5du1wVqba4or3nurh6HQr9svaNG92rNWcoGauPISE.js Show response
pagead2.googlesyndication.com/bg/ Frame 87C5 36 KB
14 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jb5du1wVqba4or3nurh6HQr9svaNG92rNWcoGauPISE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25be5dbb5c15a9b6b8a2bde7bab87a1d0afdb2f68d1bddab35672819ab8f2121

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 17 Jul 2022 03:20:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 339274
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13868
x-xss-protection: 0
last-modified: Thu, 07 Jul 2022 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 17 Jul 2023 03:20:44 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 3886 1 KB
749 B 8ms
7ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 43247
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 20 Jul 2022 13:34:31 GMT
etag: 48472445140208031
expires: Thu, 21 Jul 2022 13:34:31 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame FD66 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 56f033b15751ec8cdff69572e12bce2f1d378e8ad4318fdeebdbece4f939566d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 main.gr.19.8.327.js Show response
static.adsafeprotected.com/ Frame BEE5 186 KB
60 KB 7ms
7ms Script
application/javascript 2600:9000:223f:5400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.327.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=925113&advId=818595827&campId=15484256308&pubId=1&placementId=396820527&adsafe_par&bundleId=&dealId=&bidurl=https://www.posthaus.com.br/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:5400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fa9efa00a715700d9dd94213288ca6924c7057dd521206c6d88b314bf096d788

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Tue, 19 Jul 2022 18:19:16 GMT
content-encoding: gzip
age: 112563
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Tue, 19 Jul 2022 18:19:05 GMT
server: AmazonS3
etag: W/"29895ca47eaa0e27860bfbc1ef717cee"
vary: Accept-Encoding
x-amz-version-id: NHzcLihB4moHfQbnMqJAhSXgaIBWnCEe
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA56-P5
content-type: application/javascript
x-amz-cf-id: PU3EKnV41faqjw_E-ON_tx97iB8FJS72OBvqkljWHiAtd8bxLsACOg==

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 57B0 1 KB
749 B 8ms
7ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 43247
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 20 Jul 2022 13:34:31 GMT
etag: 48472445140208031
expires: Thu, 21 Jul 2022 13:34:31 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame BEE5 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: af71da49cb1492fc1be3939eef28b6c575b06b1c5ee94f59f155b7fc933881a9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 5B65 118 KB
40 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17214852891647431513/index.html?e=69&leftOffset=0&topOffset=0&c=VyjKyA1j6L&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17214852891647431513/index.html?e=69&leftOffset=0&topOffset=0&c=VyjKyA1j6L&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 07:12:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 66150
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 07:12:48 GMT

GET
H3 200 preloadjs_1.0.0_55e44727ad1a72cb590cb504b5394b25_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 5B65 64 KB
16 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/preloadjs_1.0.0_55e44727ad1a72cb590cb504b5394b25_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17214852891647431513/index.html?e=69&leftOffset=0&topOffset=0&c=VyjKyA1j6L&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

659aba74af795768d9d8d2ed688e49cd5f47d9425d5a1630329a845759b4591d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17214852891647431513/index.html?e=69&leftOffset=0&topOffset=0&c=VyjKyA1j6L&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16579
x-xss-protection: 0
last-modified: Mon, 12 Feb 2018 18:09:40 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 01:35:18 GMT

GET
H3 200 tweenmax_1.20.0_d360d9a082ccc13b1a1a9b153f86b378_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 5B65 112 KB
38 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_1.20.0_d360d9a082ccc13b1a1a9b153f86b378_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17214852891647431513/index.html?e=69&leftOffset=0&topOffset=0&c=VyjKyA1j6L&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3b9597a90a43830b2a92897a5ef015ce5310e7f32dbb5cd1db2c807c5e6b036

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17214852891647431513/index.html?e=69&leftOffset=0&topOffset=0&c=VyjKyA1j6L&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38407
x-xss-protection: 0
last-modified: Wed, 04 Oct 2017 18:33:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 01:35:18 GMT

GET
H3 200 de_DE_polite.js Show response
s0.2mdn.net/creatives/assets/2377528/ Frame 5B65 87 KB
27 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17214852891647431513/index.html?e=69&leftOffset=0&topOffset=0&c=VyjKyA1j6L&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

df82103964af79600d60bc2deec44a4910a3435e07325b82f9ce86d6d0489361

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17214852891647431513/index.html?e=69&leftOffset=0&topOffset=0&c=VyjKyA1j6L&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:23:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 681
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27518
x-xss-protection: 0
last-modified: Tue, 08 Feb 2022 13:34:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 01:38:57 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 38B7 118 KB
40 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=DRMWKuu0uM&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=DRMWKuu0uM&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 07:12:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 66150
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 07:12:48 GMT

GET
H3 200 preloadjs_1.0.0_55e44727ad1a72cb590cb504b5394b25_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 38B7 64 KB
16 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/preloadjs_1.0.0_55e44727ad1a72cb590cb504b5394b25_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=DRMWKuu0uM&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

659aba74af795768d9d8d2ed688e49cd5f47d9425d5a1630329a845759b4591d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=DRMWKuu0uM&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16579
x-xss-protection: 0
last-modified: Mon, 12 Feb 2018 18:09:40 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 01:35:18 GMT

GET
H3 200 tweenmax_1.20.0_d360d9a082ccc13b1a1a9b153f86b378_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 38B7 112 KB
38 KB 35ms
34ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_1.20.0_d360d9a082ccc13b1a1a9b153f86b378_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=DRMWKuu0uM&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3b9597a90a43830b2a92897a5ef015ce5310e7f32dbb5cd1db2c807c5e6b036

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=DRMWKuu0uM&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38407
x-xss-protection: 0
last-modified: Wed, 04 Oct 2017 18:33:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 01:35:18 GMT

GET
H3 200 de_DE_polite.js Show response
s0.2mdn.net/creatives/assets/2377528/ Frame 38B7 87 KB
27 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=DRMWKuu0uM&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

df82103964af79600d60bc2deec44a4910a3435e07325b82f9ce86d6d0489361

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=DRMWKuu0uM&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:23:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 681
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27518
x-xss-protection: 0
last-modified: Tue, 08 Feb 2022 13:34:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 01:38:57 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 1AE6 118 KB
40 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=9ECAsUbPOU&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=9ECAsUbPOU&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 07:12:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 66150
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 07:12:48 GMT

GET
H3 200 preloadjs_1.0.0_55e44727ad1a72cb590cb504b5394b25_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 1AE6 64 KB
16 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/preloadjs_1.0.0_55e44727ad1a72cb590cb504b5394b25_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=9ECAsUbPOU&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

659aba74af795768d9d8d2ed688e49cd5f47d9425d5a1630329a845759b4591d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=9ECAsUbPOU&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16579
x-xss-protection: 0
last-modified: Mon, 12 Feb 2018 18:09:40 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 01:35:18 GMT

GET
H3 200 tweenmax_1.20.0_d360d9a082ccc13b1a1a9b153f86b378_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 1AE6 112 KB
38 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_1.20.0_d360d9a082ccc13b1a1a9b153f86b378_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=9ECAsUbPOU&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3b9597a90a43830b2a92897a5ef015ce5310e7f32dbb5cd1db2c807c5e6b036

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=9ECAsUbPOU&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38407
x-xss-protection: 0
last-modified: Wed, 04 Oct 2017 18:33:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 01:35:18 GMT

GET
H3 200 de_DE_polite.js Show response
s0.2mdn.net/creatives/assets/2377528/ Frame 1AE6 87 KB
27 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=9ECAsUbPOU&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

df82103964af79600d60bc2deec44a4910a3435e07325b82f9ce86d6d0489361

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=9ECAsUbPOU&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:23:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 681
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27518
x-xss-protection: 0
last-modified: Tue, 08 Feb 2022 13:34:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 01:38:57 GMT

GET
H3 200 dot.gif
s0.2mdn.net/ Frame D894 43 B
65 B 43ms
40ms Image
image/gif 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEEQ9DC8ogF2DW8qn3mNR59s&google_cver=1&google_push=AehlK4C1jVIMV1fuEiwdZ_4kk0kTqfXrnsakXQ6ggug6QKo_5IiJ-UpxSgbEMKg2aWbH9XS83VJJ0Pry1t5QIIhfQ2wCBdI3osQ

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:18 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 22 Jul 2022 01:35:18 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D894
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELsEiBt7qR3cdZCwneYUfnc&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESELsEiBt7qR3cdZCwneYUfnc&google_hm=YtitVtO1gfmBxJ3p1uXQgAAABFkAAAIB&google_nid=index&google_push=AehlK4AnJb4R31nWM5mzW6UH23s4a8q_o5Wbk...

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESELsEiBt7qR3cdZCwneYUfnc&google_hm=YtitVtO1gfmBxJ3p1uXQgAAABFkAAAIB&google_nid=index&google_push=AehlK4AnJb4R31nWM5mzW6UH23s4a8q_o5WbkNW7nSxYyI3njashe1r38DRps_dRieLcjbdudxuOyZCmzf8e1NJ8rle-M0enmF4

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rJoby3n3kCb4qR06z0silJECkbD3W2NTU5SZp%2BMl3jg3pHajHta%2Fofrhj6tP2V8STxt753%2FSnXGuPHFJuUVoxpWG4NJ0rpHy6PQSlu1z1BJ40KbR87uCYC5PTXks19KioUqRfKY9hQp41w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESELsEiBt7qR3cdZCwneYUfnc&google_hm=YtitVtO1gfmBxJ3p1uXQgAAABFkAAAIB&google_nid=index&google_push=AehlK4AnJb4R31nWM5mzW6UH23s4a8q_o5WbkNW7nSxYyI3njashe1r38DRps_dRieLcjbdudxuOyZCmzf8e1NJ8rle-M0enmF4
cache-control: no-cache
cf-ray: 72e032fe496f9b8f-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D894
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEAv3Ce6vmNVF8DJpct8MlZg&google_cver=1&google_push=AehlK4DPcHW9WXMYnKatwPIpwJR0sn4cc64DsUSoMGdVixHJF5BlBqKD3lhALUnTVirKezgTXtbPiROZa3GzKRtWz...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEAv3Ce6vmNVF8DJpct8MlZg&google_cver=1&google_push=AehlK4DPcHW9WXMYnKatwPIpwJR0sn4cc64DsUSoMGdVixHJF5BlBqKD3lhALUnTVirKezgTXtbPiROZa3GzKRtWz...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AehlK4DPcHW9WXMYnKatwPIpwJR0sn4cc64DsUSoMGdVixHJF5BlBqKD3lhALUnTVirKezgTXtbPiROZa3GzKRtWzw072IEjORo&google_hm=FApfrGZHUWGJ6MPzR4OQPElt

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AehlK4DPcHW9WXMYnKatwPIpwJR0sn4cc64DsUSoMGdVixHJF5BlBqKD3lhALUnTVirKezgTXtbPiROZa3GzKRtWzw072IEjORo&google_hm=FApfrGZHUWGJ6MPzR4OQPElt

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 21 Jul 2022 01:35:18 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AehlK4DPcHW9WXMYnKatwPIpwJR0sn4cc64DsUSoMGdVixHJF5BlBqKD3lhALUnTVirKezgTXtbPiROZa3GzKRtWzw072IEjORo&google_hm=FApfrGZHUWGJ6MPzR4OQPElt
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap3ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D894
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEGlDyCqphb47V48h92sxr5I&google_cver=1&google_push=AehlK4DOScdGGQEu83fV66zjGeEnK_sIauzWH4S0v8pEV3ETlEao_UIY_KwnOMRy2a2Ahz3thTPqsFV9nVmaZ4va...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AehlK4DOScdGGQEu83fV66zjGeEnK_sIauzWH4S0v8pEV3ETlEao_UIY_KwnOMRy2a2Ahz3thTPqsFV9nVmaZ4vagyTsyu9qiU0

170 B
188 B

20ms
19ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AehlK4DOScdGGQEu83fV66zjGeEnK_sIauzWH4S0v8pEV3ETlEao_UIY_KwnOMRy2a2Ahz3thTPqsFV9nVmaZ4vagyTsyu9qiU0

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 21 Jul 2022 01:35:18 GMT
via: 1.1 3a21078459f955a33f79dacf082781c4.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-P5
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AehlK4DOScdGGQEu83fV66zjGeEnK_sIauzWH4S0v8pEV3ETlEao_UIY_KwnOMRy2a2Ahz3thTPqsFV9nVmaZ4vagyTsyu9qiU0
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: llDvkyoyUvASDFVPOwlfU9M_3GJzgjSSw06TLxyzSBULKzpVBgb5xg==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D894
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEDXTeXnogvpbf_B41ZWIIQU&google_cver=1&google_push=AehlK4AknLkE-e_KXEuiKKoGeYW7lY5_zyK8tB-JyE89bvC89kRHZdGa68n192msaeh12rW28I7b0GLpfHDF...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4AknLkE-e_KXEuiKKoGeYW7lY5_zyK8tB-JyE89bvC89kRHZdGa68n192msaeh12rW28I7b0GLpfHDFyfommXZmt3r3GlM

170 B
188 B

20ms
19ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4AknLkE-e_KXEuiKKoGeYW7lY5_zyK8tB-JyE89bvC89kRHZdGa68n192msaeh12rW28I7b0GLpfHDFyfommXZmt3r3GlM

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4AknLkE-e_KXEuiKKoGeYW7lY5_zyK8tB-JyE89bvC89kRHZdGa68n192msaeh12rW28I7b0GLpfHDFyfommXZmt3r3GlM
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D894
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESENjWlkUDB944TntIVbOlLSo&google_cver=1&google_push=AehlK4CqpVMNie7pfrg0iosXCaMWttAbIhVPBpdyCdVG8mw_nWaAsGGp7Dc_gu5YY19hb4prClTJKzv0sTDLq1PaepTxqX...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESENjWlkUDB944TntIVbOlLSo&google_cver=1&google_push=AehlK4CqpVMNie7pfrg0iosXCaMWttAbIhVPBpdyCdVG8mw_nWaAsGGp7Dc_gu5YY19hb4prClTJKzv0sTDLq1Pa...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ZTQATXutQkWO7Nl6SgNC5A&google_push=AehlK4CqpVMNie7pfrg0iosXCaMWttAbIhVPBpdyCdVG8mw_nWaAsGGp7Dc_gu5YY19hb4prClTJKzv0sTDLq1P...

170 B
188 B

18ms
17ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ZTQATXutQkWO7Nl6SgNC5A&google_push=AehlK4CqpVMNie7pfrg0iosXCaMWttAbIhVPBpdyCdVG8mw_nWaAsGGp7Dc_gu5YY19hb4prClTJKzv0sTDLq1PaepTxqXpLXV4

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=ZTQATXutQkWO7Nl6SgNC5A&google_push=AehlK4CqpVMNie7pfrg0iosXCaMWttAbIhVPBpdyCdVG8mw_nWaAsGGp7Dc_gu5YY19hb4prClTJKzv0sTDLq1PaepTxqXpLXV4
date: Thu, 21 Jul 2022 01:35:18 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D894
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEJVLTc3pEGtUlfjvE3UKTIU&google_cver=1&google_push=AehlK4DtnTE2_J7zJ6aGTIUjccjnh-9ltbD0bDiA95KWy3SFg_fbGlnJdqEqZr0XK1sHdDG1d1nQJmGx6RfPXSDSv-5TJjF9qQ
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AehlK4DtnTE2_J7zJ6aGTIUjccjnh-9ltbD0bDiA95KWy3SFg_fbGlnJdqEqZr0XK1sHdDG1d1nQJmGx6RfPXSDSv-5TJjF9qQ&...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=Mzk1NDA2MzQ0MzM0Mjk5NjQ2Nzk5Nw%3D%3D&google_push=AehlK4DtnTE2_J7zJ6aGTIUjccjnh-9ltbD0bDiA95KWy3SFg_fbGlnJ...

170 B
188 B

16ms
16ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=Mzk1NDA2MzQ0MzM0Mjk5NjQ2Nzk5Nw%3D%3D&google_push=AehlK4DtnTE2_J7zJ6aGTIUjccjnh-9ltbD0bDiA95KWy3SFg_fbGlnJdqEqZr0XK1sHdDG1d1nQJmGx6RfPXSDSv-5TJjF9qQ

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=Mzk1NDA2MzQ0MzM0Mjk5NjQ2Nzk5Nw%3D%3D&google_push=AehlK4DtnTE2_J7zJ6aGTIUjccjnh-9ltbD0bDiA95KWy3SFg_fbGlnJdqEqZr0XK1sHdDG1d1nQJmGx6RfPXSDSv-5TJjF9qQ
date: Thu, 21 Jul 2022 01:35:18 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame D894 0
12 B 18ms
16ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JGOqxidDkM_oJe_f3RZhRhEycyd9w0OyMLf2coe8ipyrjXF7Vkq00qovczpsSTHWERc94l

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:18 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame CD59 118 KB
40 KB 16ms
13ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=P1rqriH6Jf&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=P1rqriH6Jf&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 07:12:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 66150
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 07:12:48 GMT

GET
H3 200 preloadjs_1.0.0_55e44727ad1a72cb590cb504b5394b25_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame CD59 64 KB
16 KB 37ms
34ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/preloadjs_1.0.0_55e44727ad1a72cb590cb504b5394b25_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=P1rqriH6Jf&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

659aba74af795768d9d8d2ed688e49cd5f47d9425d5a1630329a845759b4591d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=P1rqriH6Jf&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16579
x-xss-protection: 0
last-modified: Mon, 12 Feb 2018 18:09:40 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 01:35:18 GMT

GET
H3 200 tweenmax_1.20.0_d360d9a082ccc13b1a1a9b153f86b378_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame CD59 112 KB
38 KB 38ms
36ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_1.20.0_d360d9a082ccc13b1a1a9b153f86b378_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=P1rqriH6Jf&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3b9597a90a43830b2a92897a5ef015ce5310e7f32dbb5cd1db2c807c5e6b036

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=P1rqriH6Jf&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38407
x-xss-protection: 0
last-modified: Wed, 04 Oct 2017 18:33:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 01:35:18 GMT

GET
H3 200 de_DE_polite.js Show response
s0.2mdn.net/creatives/assets/2377528/ Frame CD59 87 KB
27 KB 18ms
16ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=P1rqriH6Jf&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

df82103964af79600d60bc2deec44a4910a3435e07325b82f9ce86d6d0489361

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=P1rqriH6Jf&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:23:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 681
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27518
x-xss-protection: 0
last-modified: Tue, 08 Feb 2022 13:34:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 01:38:57 GMT

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame 8452 80 KB
21 KB 12ms
11ms Script
application/javascript 2600:9000:223f:5400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:5400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Mon, 16 May 2022 08:34:34 GMT
content-encoding: gzip
age: 5677245
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA56-P5
content-type: application/javascript
x-amz-cf-id: VSQHTjmT16gD41_A8LfLhXknwo8Klb415mG0qLDBWbaRP8i9QuG1wQ==

GET
H2 200 mon
pixel.adsafeprotected.com/ Frame 2F65 43 B
216 B 40ms
40ms Image
image/gif 34.241.76.101
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=925113&advId=818595827&campId=15484256308&pubId=1&placementId=396821698&adsafe_par&bundleId=&dealId=&bidurl=https://www.posthaus.com.br/&adsafe_url=https%3A%2F%2Fwww.posthaus.com.br%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:4da91060-8d37-959c-8cd9-bf568b5a1c3e,c:iXFDFy,sl:na,em:true,fr:false,thd:1,mn:jsserver-primary-69659766b-nllwl,rg:ie,pt:1-5-15,mu:10000,br:c,an:n,oam:0,scm:publ1.grpm1,nbld:0,mtim:236,mot:0,app:0,maw:0,fm:tcbigny+11%7C121%7C13%7C14%7C15%7C16%7C17%7C18%7C191%7C192%7C193%7C194%7C1a*.925113%7C1a1%7C1a2%7C1a3%7C1a4%7C1b1%7C1b2%7C1b3%7C1b4%7C1c1%7C1c2%7C1c3%7C1c4,idMap:1a*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:1,renddet:DIV.qs.sn,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,et:256,oid:60bafdce-0895-11ed-8756-5af095603c2a,v:19.8.327,sp:1,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Requested by: Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.241.76.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-241-76-101.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
x-server-name: app08.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame 856E 80 KB
21 KB 12ms
12ms Script
application/javascript 2600:9000:223f:5400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:5400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Mon, 16 May 2022 08:34:34 GMT
content-encoding: gzip
age: 5677245
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA56-P5
content-type: application/javascript
x-amz-cf-id: xMZOfIo3jIXcpUaobwGQAXhsWiPQubD8-XGvjDXg0v4pgE2agi5p4A==

GET
H2 200 mon
pixel.adsafeprotected.com/ Frame 0F0F 43 B
216 B 40ms
40ms Image
image/gif 34.241.76.101
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=925113&advId=818595827&campId=15484256308&pubId=1&placementId=396820527&adsafe_par&bundleId=&dealId=&bidurl=https://www.posthaus.com.br/&adsafe_url=https%3A%2F%2Fwww.posthaus.com.br%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:493be14a-dc74-9990-87d8-18c360216320,c:iXFDFT,sl:na,em:true,fr:false,thd:1,mn:jsserver-primary-69659766b-vglkz,rg:ie,pt:1-5-15,mu:10000,br:c,an:n,oam:0,scm:publ1.grpm1,nbld:0,mtim:266,mot:0,app:0,maw:0,fm:tcbignB+11%7C121%7C13%7C14%7C15%7C16%7C17%7C18%7C191%7C192%7C193%7C194%7C1a1%7C1a2%7C1a3%7C1a4%7C1a5%7C1b*.925113%7C1b1%7C1b2%7C1b3%7C1b4%7C1c1%7C1c2%7C1c3%7C1c4,idMap:1b*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:1,renddet:DIV.qs.sn,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,et:274,oid:60bafdf4-0895-11ed-9479-0217c011201d,v:19.8.327,sp:1,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Requested by: Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.241.76.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-241-76-101.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
x-server-name: app09.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame BDBA
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEM4of3sWXuqbFbiuGtcyEHg&google_cver=1&google_push=AehlK4BhbG0hFMCSm9Lc-7VB7grFKta79PQnyI304muLuGGOkvRiuvdvDny3Lk8e85BFu_z3kepdCyAhrZLW-UY_WrMlx66U3TO6&...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEM4of3sWXuqbFbiuGtcyEHg&google_cver=1&google_push=AehlK4BhbG0hFMCSm9Lc-7VB7grFKta79PQnyI304muLuGGOkvRiuvdvDny3Lk8e85BFu_z3kepdCyAhrZLW-UY_WrMlx66U3TO...

43 B
443 B

177ms
168ms

Image
image/gif

2606:4700:4400::6812:230b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEM4of3sWXuqbFbiuGtcyEHg&google_cver=1&google_push=AehlK4BhbG0hFMCSm9Lc-7VB7grFKta79PQnyI304muLuGGOkvRiuvdvDny3Lk8e85BFu_z3kepdCyAhrZLW-UY_WrMlx66U3TO6&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAehlK4BhbG0hFMCSm9Lc-7VB7grFKta79PQnyI304muLuGGOkvRiuvdvDny3Lk8e85BFu_z3kepdCyAhrZLW-UY_WrMlx66U3TO6%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Server: 2606:4700:4400::6812:230b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 72e033000bc65c56-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 768
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 72e032febb095c56-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEM4of3sWXuqbFbiuGtcyEHg&google_cver=1&google_push=AehlK4BhbG0hFMCSm9Lc-7VB7grFKta79PQnyI304muLuGGOkvRiuvdvDny3Lk8e85BFu_z3kepdCyAhrZLW-UY_WrMlx66U3TO6&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAehlK4BhbG0hFMCSm9Lc-7VB7grFKta79PQnyI304muLuGGOkvRiuvdvDny3Lk8e85BFu_z3kepdCyAhrZLW-UY_WrMlx66U3TO6%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
cache-control: no-cache, private
content-type: text/html
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BDBA
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEELQD5F-lq_Ax0Xnl1jFvio&google_cver=1&google_push=AehlK4CFnK6JDj26NVXQk2vVKsae7NpxFEo_AdKqVMMI5uY5xL747eyDQp8nisxEq_pNXMiiORIsECVburrJ_KIb121n...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEELQD5F-lq_Ax0Xnl1jFvio&google_cver=1&google_push=AehlK4CFnK6JDj26NVXQk2vVKsae7NpxFEo_AdKqVMMI5uY5xL747eyDQp8nisxEq_pNXMiiORIsECVburrJ_K...
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AehlK4CFnK6JDj26NVXQk2vVKsae7NpxFEo_AdKqVMMI5uY5xL747eyDQp8nisxEq_pNXMiiORIsECVburrJ_KIb121nqbJVmNsW&google_hm=meAluqjbSGall42PHpTzsw==

170 B
188 B

19ms
17ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AehlK4CFnK6JDj26NVXQk2vVKsae7NpxFEo_AdKqVMMI5uY5xL747eyDQp8nisxEq_pNXMiiORIsECVburrJ_KIb121nqbJVmNsW&google_hm=meAluqjbSGall42PHpTzsw==

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AehlK4CFnK6JDj26NVXQk2vVKsae7NpxFEo_AdKqVMMI5uY5xL747eyDQp8nisxEq_pNXMiiORIsECVburrJ_KIb121nqbJVmNsW&google_hm=meAluqjbSGall42PHpTzsw==
Date: Thu, 21 Jul 2022 01:35:19 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BDBA
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEKX6q3zJFfXqwKSLpeiMU1Y&google_cver=1&google_push=AehlK4AzYUhQ1qVR8ymHfH2RsA0hpQs-cJ7dEry2pz0v8BuIB5334SXTTBtKZt8CXAJ4DhxVVb0GvpCSQKmDHbZ7Iw8SEjq...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AehlK4AzYUhQ1qVR8ymHfH2RsA0hpQs-cJ7dEry2pz0v8BuIB5334SXTTBtKZt8CXAJ4DhxVVb0GvpCSQKmDHbZ7Iw8SEjqTkHM0&google_hm=NTk1OTIzNTU5Mjk2ODA4Mz...

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AehlK4AzYUhQ1qVR8ymHfH2RsA0hpQs-cJ7dEry2pz0v8BuIB5334SXTTBtKZt8CXAJ4DhxVVb0GvpCSQKmDHbZ7Iw8SEjqTkHM0&google_hm=NTk1OTIzNTU5Mjk2ODA4MzkxOQ%3D%3D

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 21 Jul 2022 01:35:18 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AehlK4AzYUhQ1qVR8ymHfH2RsA0hpQs-cJ7dEry2pz0v8BuIB5334SXTTBtKZt8CXAJ4DhxVVb0GvpCSQKmDHbZ7Iw8SEjqTkHM0&google_hm=NTk1OTIzNTU5Mjk2ODA4MzkxOQ%3D%3D
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BDBA
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELsEiBt7qR3cdZCwneYUfnc&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESELsEiBt7qR3cdZCwneYUfnc&google_hm=YtitVtO1gfmBxJ3p1uXQgAAABFkAAAIB&google_nid=index&google_push=AehlK4B6b-NZCgpq9GDyV92_XMyGWDEdSypj_...

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESELsEiBt7qR3cdZCwneYUfnc&google_hm=YtitVtO1gfmBxJ3p1uXQgAAABFkAAAIB&google_nid=index&google_push=AehlK4B6b-NZCgpq9GDyV92_XMyGWDEdSypj_mgUUk_XLcTa-1WqX6mjxCudP5KF4PaoNat97FsmvAU3YxD8djdDy7DjFGQFP2g5

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ghst95BO%2BMM1U%2F4p7pEyNjnr6FGC74TJ9d2vhJ7Uu6O8JsBqfb22eUbNnh%2Be6cn2JXDX1nuJ8qOuDD8b0Q9K4e5dhPU2PhGJNA0qX0Dl5bZ6MLw%2B9CdD75iY4CEtNy1Qztsji8ENLnYdrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESELsEiBt7qR3cdZCwneYUfnc&google_hm=YtitVtO1gfmBxJ3p1uXQgAAABFkAAAIB&google_nid=index&google_push=AehlK4B6b-NZCgpq9GDyV92_XMyGWDEdSypj_mgUUk_XLcTa-1WqX6mjxCudP5KF4PaoNat97FsmvAU3YxD8djdDy7DjFGQFP2g5
cache-control: no-cache
cf-ray: 72e032fe9ae2690d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BDBA
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEO...
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AehlK4A-BvDpAupdST9ZtoUs78cxolrT-Zpo3YqniJvzQmbh9BIeuvYRM6F45AhEQiYOh9ZsX88g0AvA8r9y1oPlS1ELx7Sf-dZd&redir=https%3A%2F%2Fcm.g.doubl...
https://sync.targeting.unrulymedia.com/csync/RX-011e4435-c231-4be7-ba4d-8e77d15584eb-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAehlK4A-BvDpAupdST9ZtoUs7...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AehlK4A-BvDpAupdST9ZtoUs78cxolrT-Zpo3YqniJvzQmbh9BIeuvYRM6F45AhEQiYOh9ZsX88g0AvA8r9y1oPlS1ELx7Sf-dZd&google_hm=AwEeRDXCMUvnuk2Od9FVhOs

170 B
188 B

18ms
17ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AehlK4A-BvDpAupdST9ZtoUs78cxolrT-Zpo3YqniJvzQmbh9BIeuvYRM6F45AhEQiYOh9ZsX88g0AvA8r9y1oPlS1ELx7Sf-dZd&google_hm=AwEeRDXCMUvnuk2Od9FVhOs

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AehlK4A-BvDpAupdST9ZtoUs78cxolrT-Zpo3YqniJvzQmbh9BIeuvYRM6F45AhEQiYOh9ZsX88g0AvA8r9y1oPlS1ELx7Sf-dZd&google_hm=AwEeRDXCMUvnuk2Od9FVhOs
date: Thu, 21 Jul 2022 01:35:19 GMT
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX011e4435c2314be7ba4d8e77d15584eb003
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BDBA
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEJVLTc3pEGtUlfjvE3UKTIU&google_cver=1&google_push=AehlK4AL-lO29Gi32X_cLEv_Hvisa6ARz_0WSamnbr2HN7eliEZRQIYStNZhLBMw--zzruJNInTG5IzjjNwDuzCGvwZUdD4TIVF1
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=Mzk1NDA2MzQ0MzM0Mjk5NjQ2Nzk5Nw%3D%3D&google_push=AehlK4AL-lO29Gi32X_cLEv_Hvisa6ARz_0WSamnbr2HN7eliEZRQIYS...

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=Mzk1NDA2MzQ0MzM0Mjk5NjQ2Nzk5Nw%3D%3D&google_push=AehlK4AL-lO29Gi32X_cLEv_Hvisa6ARz_0WSamnbr2HN7eliEZRQIYStNZhLBMw--zzruJNInTG5IzjjNwDuzCGvwZUdD4TIVF1

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=Mzk1NDA2MzQ0MzM0Mjk5NjQ2Nzk5Nw%3D%3D&google_push=AehlK4AL-lO29Gi32X_cLEv_Hvisa6ARz_0WSamnbr2HN7eliEZRQIYStNZhLBMw--zzruJNInTG5IzjjNwDuzCGvwZUdD4TIVF1
date: Thu, 21 Jul 2022 01:35:18 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3 200 dot.gif
s0.2mdn.net/ Frame BDBA 43 B
65 B 22ms
21ms Image
image/gif 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEAYRmfFGB9mABkDVvBRY3ec&google_cver=1&google_push=AehlK4DFTPeyM1OIE8ebwHfrNinevwEBAGD5nrsIzAPlPuKkYDZ2dKLyiOLhMjrVTOyy4KdrvHrVNjRcxZlsMIE5Jo5hSyeMEr9F

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:18 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 22 Jul 2022 01:35:18 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame BDBA 0
12 B 20ms
19ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Ki0K2nw6IT8PnbEvjM3XTkiQghVNVHjT1iv-1KAQ8ESyCNCcml-QhwLyp7Dg9nAGjsevGPjA

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:18 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2F65 43 B
215 B 315ms
93ms Image
image/gif 52.54.226.35
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925113&asId=4da91060-8d37-959c-8cd9-bf568b5a1c3e&tv=%7Bc:iXFDGV,pingTime:-3,time:341,type:v,clog:%5B%7Bpiv:-1,vs:n,r:,w:728,h:90,t:255%7D,%7Bpiv:0,vs:o,r:l,t:340%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:341,n:340,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:255,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B101~1,0~0%5D,as:%5B101~728.90%5D%7D%7D,%7Bsl:o,t:340,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B1~0%5D,as:%5B1~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:tcbigny+11%7C121%7C13%7C14%7C15%7C16%7C17%7C18%7C191%7C192%7C193%7C194%7C1a*.925113%7C1a1%7C1a2%7C1a3%7C1a4%7C1b1%7C1b2%7C1b3%7C1b4%7C1c1%7C1c2%7C1c3%7C1c4,idMap:1a*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by: Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.54.226.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-54-226-35.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
x-server-name: dt12.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2F65 43 B
216 B 311ms
92ms Image
image/gif 52.54.226.35
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925113&asId=4da91060-8d37-959c-8cd9-bf568b5a1c3e&tv=%7Bc:iXFDGW,pingTime:-6,time:342,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:342,n:340,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:255,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B101~1,0~0%5D,as:%5B101~728.90%5D%7D%7D,%7Bsl:o,t:340,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B2~0%5D,as:%5B2~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:tcbigny+11%7C121%7C13%7C14%7C15%7C16%7C17%7C18%7C191%7C192%7C193%7C194%7C1a*.925113%7C1a1%7C1a2%7C1a3%7C1a4%7C1b1%7C1b2%7C1b3%7C1b4%7C1c1%7C1c2%7C1c3%7C1c4,idMap:1a*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&tpiLookup=ao:www.posthaus.com.br*&br=c
Requested by: Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.54.226.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-54-226-35.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
x-server-name: dt13.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame 7172 80 KB
21 KB 12ms
12ms Script
application/javascript 2600:9000:223f:5400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:5400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Mon, 16 May 2022 08:34:34 GMT
content-encoding: gzip
age: 5677245
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA56-P5
content-type: application/javascript
x-amz-cf-id: o8T543EaZ4LqPO3114KOtMtkLWxiKEphCmeZV2X2im42-Qwr4hNvBw==

GET
H2 200 mon
pixel.adsafeprotected.com/ Frame FD66 43 B
216 B 37ms
37ms Image
image/gif 34.241.76.101
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=925113&advId=818595827&campId=15484256308&pubId=1&placementId=396820527&adsafe_par&bundleId=&dealId=&bidurl=https://www.posthaus.com.br/&adsafe_url=https%3A%2F%2Fwww.posthaus.com.br%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:a5fb936a-1c2e-4057-56a9-7006a15ce43f,c:iXFDH9,sl:na,em:true,fr:false,thd:1,mn:jsserver-primary-69659766b-r4nrg,rg:ie,pt:1-5-15,mu:10000,br:c,an:n,oam:0,scm:publ1.grpm1,nbld:0,mtim:262,mot:0,app:0,maw:0,fm:tcbigoU+11%7C121%7C13%7C14%7C15%7C16%7C17%7C18%7C191%7C192%7C193%7C194%7C1a1%7C1a21%7C1a3%7C1a4%7C1a5%7C1b1%7C1b2%7C1b3%7C1b4%7C1b5%7C1c*.925113%7C1c1%7C1c2%7C1c3%7C1c4,idMap:1c*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:1,renddet:DIV.qs.sn,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,et:271,oid:60bafe3b-0895-11ed-9e5e-c2fd0e4936ed,v:19.8.327,sp:1,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Requested by: Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.241.76.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-241-76-101.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
x-server-name: app05.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0F0F 43 B
215 B 379ms
183ms Image
image/gif 52.54.226.35
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925113&asId=493be14a-dc74-9990-87d8-18c360216320&tv=%7Bc:iXFDHl,pingTime:-3,time:364,type:v,clog:%5B%7Bpiv:-1,vs:n,r:,w:300,h:250,t:274%7D,%7Bpiv:0,vs:o,r:l,t:364%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:364,n:363,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:274,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B97~1,0~0%5D,as:%5B97~300.250%5D%7D%7D,%7Bsl:o,t:363,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B0~0%5D,as:%5B0~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:tcbigny+11%7C121%7C13%7C14%7C15%7C16%7C17%7C18%7C191%7C192%7C193%7C194%7C1a.925113%7C1a1%7C1a2%7C1a3%7C1a4%7C1a5%7C1b*.925113%7C1b1%7C1b2%7C1b3%7C1b4%7C1c1%7C1c2%7C1c3%7C1c4,idMap:1b*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by: Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.54.226.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-54-226-35.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
x-server-name: dt12.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0F0F 43 B
215 B 377ms
183ms Image
image/gif 52.54.226.35
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925113&asId=493be14a-dc74-9990-87d8-18c360216320&tv=%7Bc:iXFDHm,pingTime:-6,time:365,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:365,n:363,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:274,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B97~1,0~0%5D,as:%5B97~300.250%5D%7D%7D,%7Bsl:o,t:363,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B1~0%5D,as:%5B1~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:tcbigny+11%7C121%7C13%7C14%7C15%7C16%7C17%7C18%7C191%7C192%7C193%7C194%7C1a.925113%7C1a1%7C1a2%7C1a3%7C1a4%7C1a5%7C1b*.925113%7C1b1%7C1b2%7C1b3%7C1b4%7C1c1%7C1c2%7C1c3%7C1c4,idMap:1b*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&tpiLookup=ao:www.posthaus.com.br*&br=c
Requested by: Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.54.226.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-54-226-35.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
x-server-name: dt13.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET /
google2waycm.netmng.com/cm/ Frame 3886 0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3886
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEGp6oln8f1QRnTAbYo4qbPs&google_cver=1&google_push=AehlK4BJ7TiYhKAmqh9LebgOWPB9iQKGupDBaT5cccA6i5sY1R19mJREtyFbWhpoAW_6kDYg8-9vquAc55_O33zX59LgHTxBaNU
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=CD4C7C6761A54250B371F5F7ED77847F&google_push=AehlK4BJ7TiYhKAmqh9LebgOWPB9iQKGupDBaT5cccA6i5sY1R19mJREtyFbWhpoAW_6kDYg8-9vquAc55_O33z...

170 B
188 B

16ms
16ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=CD4C7C6761A54250B371F5F7ED77847F&google_push=AehlK4BJ7TiYhKAmqh9LebgOWPB9iQKGupDBaT5cccA6i5sY1R19mJREtyFbWhpoAW_6kDYg8-9vquAc55_O33zX59LgHTxBaNU

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 21 Jul 2022 01:35:18 GMT
x-content-type-options: nosniff
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=CD4C7C6761A54250B371F5F7ED77847F&google_push=AehlK4BJ7TiYhKAmqh9LebgOWPB9iQKGupDBaT5cccA6i5sY1R19mJREtyFbWhpoAW_6kDYg8-9vquAc55_O33zX59LgHTxBaNU
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 138
expires: Wed, 20 Jul 2022 01:35:18 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3886
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEBf953UiRyWKZ9fID8RGR7Y&google_cver=1&google_push=AehlK4C3QoHtEXxxaL8Mvgb7znKg0pSw586s0SOUAV9c8VOCR8pgk7pCNu1WVC4n6_lPlXecoH8RKte...
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=8&google_gid=CAESEBf953UiRyWKZ9fID8RGR7Y&google_cver=1&google_push=AehlK4C3QoHtEXxxaL8Mvgb7znKg0pSw586s0SOUAV9c8VOCR8pgk7pCNu1WVC4n6_lPl...
https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=pjWk4S2oQYeZeedN22LzkGLYrVY

170 B
188 B

19ms
18ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=pjWk4S2oQYeZeedN22LzkGLYrVY

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=pjWk4S2oQYeZeedN22LzkGLYrVY
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3886
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEELQD5F-lq_Ax0Xnl1jFvio&google_cver=1&google_push=AehlK4AkDNVnDY0Xej8Sn7rWbyvZ1VWvTv4aQiZmZS2pb172tSo696L53gZWyLh8HEygkQBh63wLXZpxJd1WsUkJFekb...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEELQD5F-lq_Ax0Xnl1jFvio&google_cver=1&google_push=AehlK4AkDNVnDY0Xej8Sn7rWbyvZ1VWvTv4aQiZmZS2pb172tSo696L53gZWyLh8HEygkQBh63wLXZpxJd1WsU...
https://r.scoota.co/sync?ssp=bidswitch&bidswitch_ssp_id=google
https://r.scoota.co/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=google
https://x.bidswitch.net/sync?dsp_id=29&expires=30&user_id=efcb6630-2320-4ede-9060-715e1561a926&ssp=google
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AehlK4AkDNVnDY0Xej8Sn7rWbyvZ1VWvTv4aQiZmZS2pb172tSo696L53gZWyLh8HEygkQBh63wLXZpxJd1WsUkJFekbgU16Jd0Q&google_hm=meAluqjbSGall42PHpTzsw==

170 B
188 B

19ms
18ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AehlK4AkDNVnDY0Xej8Sn7rWbyvZ1VWvTv4aQiZmZS2pb172tSo696L53gZWyLh8HEygkQBh63wLXZpxJd1WsUkJFekbgU16Jd0Q&google_hm=meAluqjbSGall42PHpTzsw==

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AehlK4AkDNVnDY0Xej8Sn7rWbyvZ1VWvTv4aQiZmZS2pb172tSo696L53gZWyLh8HEygkQBh63wLXZpxJd1WsUkJFekbgU16Jd0Q&google_hm=meAluqjbSGall42PHpTzsw==
Date: Thu, 21 Jul 2022 01:35:19 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H3 200 dot.gif
s0.2mdn.net/ Frame 3886 43 B
65 B 16ms
15ms Image
image/gif 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEEQ9DC8ogF2DW8qn3mNR59s&google_cver=1&google_push=AehlK4CAcFSNjnqfC-ZwnGlt_QijT5Hx5XK62FhLsUKr1p7lIHccQ6qmVHNNyB012OPId0XuxM7rEj9_5GgNj9ATymV8QNOYiAHv

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:18 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 22 Jul 2022 01:35:18 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3886
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEDXTeXnogvpbf_B41ZWIIQU&google_cver=1&google_push=AehlK4D6X91us8ZHFPY2YvtwoCkwvZs2pV-SX0ORlQJHs-Vmnnq8OI74rsxHLebrG5z8bfBLRNpUJ0nNMlb4...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4D6X91us8ZHFPY2YvtwoCkwvZs2pV-SX0ORlQJHs-Vmnnq8OI74rsxHLebrG5z8bfBLRNpUJ0nNMlb4SYvFzKMZqE0rpvK3

170 B
188 B

16ms
16ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4D6X91us8ZHFPY2YvtwoCkwvZs2pV-SX0ORlQJHs-Vmnnq8OI74rsxHLebrG5z8bfBLRNpUJ0nNMlb4SYvFzKMZqE0rpvK3

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4D6X91us8ZHFPY2YvtwoCkwvZs2pV-SX0ORlQJHs-Vmnnq8OI74rsxHLebrG5z8bfBLRNpUJ0nNMlb4SYvFzKMZqE0rpvK3
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3886
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEOboEjiOzDomB53zHSp3_XM&google_cver=1&google_push=AehlK4Aog2GNiFYipmD-Ubd9y4spTg916ukSCMI7tp5zOykoEiI8Ck6HehhVbMnGm9gLrdPwLf...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEOboEjiOzDomB53zHSp3_XM&google_cver=1&google_push=AehlK4Aog2GNiFYipmD-Ubd9y4spTg916ukSCMI7tp5zOykoEiI8Ck6HehhVbMnGm9gLrdPwLf...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1EZ3B4VTNsRTJ1RVZuejh3QmU5d0FocWlyN09SN3dqQ35B&google_push=AehlK4Aog2GNiFYipmD-Ubd9y4spTg916ukSCMI7tp5zOykoEiI8Ck6He...

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1EZ3B4VTNsRTJ1RVZuejh3QmU5d0FocWlyN09SN3dqQ35B&google_push=AehlK4Aog2GNiFYipmD-Ubd9y4spTg916ukSCMI7tp5zOykoEiI8Ck6HehhVbMnGm9gLrdPwLfDBiMQIznHipaxmFgintrAqMmgxBQ

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1EZ3B4VTNsRTJ1RVZuejh3QmU5d0FocWlyN09SN3dqQ35B&google_push=AehlK4Aog2GNiFYipmD-Ubd9y4spTg916ukSCMI7tp5zOykoEiI8Ck6HehhVbMnGm9gLrdPwLfDBiMQIznHipaxmFgintrAqMmgxBQ
date: Thu, 21 Jul 2022 01:35:19 GMT
server: ATS/9.1.0.46
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 3886 0
12 B 15ms
14ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I2qBdn8MzperJ3fBHGp-U659hsmgrhKuy4c4ZSwkrWqvNcTrVM4lvu06TFPdu0bVTHn8tSDg

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:18 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H2 204 collect Show response
n.clarity.ms/ 0
48 B 205ms
205ms XHR
text/plain 52.184.204.244
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://n.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus2-f/s/0.6.36/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.184.204.244 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.posthaus.com.br/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

access-control-allow-origin: https://www.posthaus.com.br
date: Thu, 21 Jul 2022 01:35:18 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2F65 43 B
215 B 334ms
184ms Image
image/gif 52.54.226.35
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925113&asId=4da91060-8d37-959c-8cd9-bf568b5a1c3e&tv=%7Bc:iXFDI5,pingTime:-2,time:413,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:225,beZ:227,mfA:461,cmA:463,inA:463,inZ:467,prA:467,prZ:475,si:481,poA:482,poZ:494,cmZ:494,mfZ:494,loA:567,loZ:570,ltA:638,ltZ:638,idA:494,idZ:535%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:-1,vs:n,r:,w:728,h:90,t:255%7D,%7Bpiv:0,vs:o,r:l,t:340%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:413,n:340,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:255,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B101~1,0~0%5D,as:%5B101~728.90%5D%7D%7D,%7Bsl:o,t:340,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B73~0%5D,as:%5B73~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:tcbigny+11%7C121%7C13%7C14%7C15%7C16%7C17%7C18%7C191%7C192%7C193%7C194%7C1a*.925113%7C1a1%7C1a2%7C1a3%7C1a4%7C1b.925113%7C1b1%7C1b2%7C1b3%7C1b4%7C1c.925113%7C1c1%7C1c2%7C1c3%7C1c4,idMap:1a*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:1,renddet:DIV.qs.sn,sinceFw:156,readyFired:true%7D&br=c
Requested by: Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.54.226.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-54-226-35.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
x-server-name: dt17.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame FD66 43 B
215 B 333ms
184ms Image
image/gif 52.54.226.35
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925113&asId=a5fb936a-1c2e-4057-56a9-7006a15ce43f&tv=%7Bc:iXFDI7,pingTime:-3,time:331,type:v,im:%7BpBlk:279%7D,clog:%5B%7Bpiv:-1,vs:n,r:,w:300,h:250,t:271%7D,%7Bpiv:0,vs:o,r:l,t:330%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:331,n:330,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:271,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B67~1,0~0%5D,as:%5B67~300.250%5D%7D%7D,%7Bsl:o,t:330,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B1~0%5D,as:%5B1~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:tcbignB+11%7C121%7C13%7C14%7C15%7C16%7C17%7C18%7C191%7C192%7C193%7C194%7C1a1%7C1a21%7C1a3%7C1a4%7C1a5%7C1b.925113%7C1b1%7C1b2%7C1b3%7C1b4%7C1b5%7C1c*.925113%7C1c1%7C1c2%7C1c3%7C1c4,idMap:1c*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by: Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.54.226.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-54-226-35.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
x-server-name: dt14.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame FD66 43 B
215 B 329ms
182ms Image
image/gif 52.54.226.35
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925113&asId=a5fb936a-1c2e-4057-56a9-7006a15ce43f&tv=%7Bc:iXFDI7,pingTime:-6,time:331,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:331,n:330,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:271,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B67~1,0~0%5D,as:%5B67~300.250%5D%7D%7D,%7Bsl:o,t:330,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B2~0%5D,as:%5B2~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:tcbignB+11%7C121%7C13%7C14%7C15%7C16%7C17%7C18%7C191%7C192%7C193%7C194%7C1a1%7C1a21%7C1a3%7C1a4%7C1a5%7C1b.925113%7C1b1%7C1b2%7C1b3%7C1b4%7C1b5%7C1c*.925113%7C1c1%7C1c2%7C1c3%7C1c4,idMap:1c*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&tpiLookup=ao:www.posthaus.com.br*&br=c
Requested by: Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.54.226.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-54-226-35.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
x-server-name: dt08.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 Jb5du1wVqba4or3nurh6HQr9svaNG92rNWcoGauPISE.js Show response
pagead2.googlesyndication.com/bg/ Frame E4DF 36 KB
14 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jb5du1wVqba4or3nurh6HQr9svaNG92rNWcoGauPISE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25be5dbb5c15a9b6b8a2bde7bab87a1d0afdb2f68d1bddab35672819ab8f2121

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 17 Jul 2022 03:20:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 339274
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13868
x-xss-protection: 0
last-modified: Thu, 07 Jul 2022 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 17 Jul 2023 03:20:44 GMT

GET
H3 200 Jb5du1wVqba4or3nurh6HQr9svaNG92rNWcoGauPISE.js Show response
pagead2.googlesyndication.com/bg/ Frame ED24 36 KB
14 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jb5du1wVqba4or3nurh6HQr9svaNG92rNWcoGauPISE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25be5dbb5c15a9b6b8a2bde7bab87a1d0afdb2f68d1bddab35672819ab8f2121

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 17 Jul 2022 03:20:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 339274
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13868
x-xss-protection: 0
last-modified: Thu, 07 Jul 2022 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 17 Jul 2023 03:20:44 GMT

GET
H3 200 Jb5du1wVqba4or3nurh6HQr9svaNG92rNWcoGauPISE.js Show response
pagead2.googlesyndication.com/bg/ Frame 5054 36 KB
14 KB 11ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jb5du1wVqba4or3nurh6HQr9svaNG92rNWcoGauPISE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25be5dbb5c15a9b6b8a2bde7bab87a1d0afdb2f68d1bddab35672819ab8f2121

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 17 Jul 2022 03:20:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 339274
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13868
x-xss-protection: 0
last-modified: Thu, 07 Jul 2022 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 17 Jul 2023 03:20:44 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 0F0F 43 B
215 B 230ms
93ms Image
image/gif 52.54.226.35
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925113&asId=493be14a-dc74-9990-87d8-18c360216320&tv=%7Bc:iXFDIh,pingTime:-2,time:422,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:218,beZ:220,mfA:485,cmA:485,inA:485,inZ:486,prA:486,prZ:490,si:493,poA:493,poZ:518,cmZ:518,mfZ:518,loA:583,loZ:584,ltA:640,ltZ:640,idA:518,idZ:558%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:300.250,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:-1,vs:n,r:,w:300,h:250,t:274%7D,%7Bpiv:0,vs:o,r:l,t:364%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:422,n:363,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:274,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B97~1,0~0%5D,as:%5B97~300.250%5D%7D%7D,%7Bsl:o,t:363,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B58~0%5D,as:%5B58~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:tcbigny+11%7C121%7C13%7C14%7C15%7C16%7C17%7C18%7C191%7C192%7C193%7C194%7C1a.925113%7C1a1%7C1a2%7C1a3%7C1a4%7C1a5%7C1b*.925113%7C1b1%7C1b2%7C1b3%7C1b4%7C1c.925113%7C1c1%7C1c2%7C1c3%7C1c4,idMap:1b*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:1,renddet:DIV.qs.sn,sinceFw:146,readyFired:true%7D&br=c
Requested by: Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.54.226.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-54-226-35.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
x-server-name: dt05.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame 93A8 80 KB
21 KB 7ms
7ms Script
application/javascript 2600:9000:223f:5400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:5400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Mon, 16 May 2022 08:34:34 GMT
content-encoding: gzip
age: 5677245
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 f952757fdddf3c9caa357164f2d464d8.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA56-P5
content-type: application/javascript
x-amz-cf-id: O95j_-2vD0VKYNOEahtLzbqcYw_E2ftk1KK4BSA4TAanjJegh-_vGg==

GET
H2 200 mon
pixel.adsafeprotected.com/ Frame BEE5 43 B
215 B 38ms
38ms Image
image/gif 34.241.76.101
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=925113&advId=818595827&campId=15484256308&pubId=1&placementId=396820527&adsafe_par&bundleId=&dealId=&bidurl=https://www.posthaus.com.br/&adsafe_url=https%3A%2F%2Fwww.posthaus.com.br%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:76b71509-8442-6fa1-348f-c9c2b424c779,c:iXFDIt,sl:na,em:true,fr:false,thd:1,mn:jsserver-primary-69659766b-f6h7j,rg:ie,pt:1-5-15,mu:10000,br:c,an:n,oam:0,scm:publ1.grpm1,nbld:0,mtim:265,mot:0,app:0,maw:0,fm:tcbigq9+11%7C121%7C13%7C14%7C15%7C16%7C17%7C18%7C19*.925113%7C191%7C192%7C193%7C194%7C1a1%7C1a21%7C1a3%7C1a4%7C1a5%7C1b1%7C1b2%7C1b3%7C1b4%7C1b5%7C1c1%7C1c2%7C1c3%7C1c4%7C1c5,idMap:19*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:1,renddet:DIV.qs.sn,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,et:276,oid:60bafd79-0895-11ed-b503-1e44b4510734,v:19.8.327,sp:1,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Requested by: Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.241.76.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-241-76-101.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
x-server-name: app02.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET /
google2waycm.netmng.com/cm/ Frame 57B0 0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 57B0
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEHzwqsmdNHj0AfBW4JnB97A&google_cver=1&google_push=AehlK4BPe4hTi5q8CVm6yBBwR0XM08PBRLIyo_M030p2CVzjlmrZVUI-BE7rPdPBEJZnTizqynxF66J9QdscwI...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzEyMjYzMzM5OTg2MDkxODQyNw%3D%3D&google_push=AehlK4BPe4hTi5q8CVm6yBBwR0XM08PBRLIyo_M030p2CVzjlmrZVUI-BE7rPdPBEJZnTizqynxF66J9QdscwI-wSW...

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzEyMjYzMzM5OTg2MDkxODQyNw%3D%3D&google_push=AehlK4BPe4hTi5q8CVm6yBBwR0XM08PBRLIyo_M030p2CVzjlmrZVUI-BE7rPdPBEJZnTizqynxF66J9QdscwI-wSW3pjifzlao_

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzEyMjYzMzM5OTg2MDkxODQyNw%3D%3D&google_push=AehlK4BPe4hTi5q8CVm6yBBwR0XM08PBRLIyo_M030p2CVzjlmrZVUI-BE7rPdPBEJZnTizqynxF66J9QdscwI-wSW3pjifzlao_
Date: Thu, 21 Jul 2022 01:35:19 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 57B0
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEKX6q3zJFfXqwKSLpeiMU1Y&google_cver=1&google_push=AehlK4CSk821DyGg7EAOuPf4vavypHlkKYKB-Mpk0CAZHuiHrUUuajVr16TAZFusJInhoJQHTvjje9tlnv2rh454WtrpBSH...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AehlK4CSk821DyGg7EAOuPf4vavypHlkKYKB-Mpk0CAZHuiHrUUuajVr16TAZFusJInhoJQHTvjje9tlnv2rh454WtrpBSHfdlXD&google_hm=NTk1OTIzNTU5Mjk2ODA4Mz...

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AehlK4CSk821DyGg7EAOuPf4vavypHlkKYKB-Mpk0CAZHuiHrUUuajVr16TAZFusJInhoJQHTvjje9tlnv2rh454WtrpBSHfdlXD&google_hm=NTk1OTIzNTU5Mjk2ODA4MzkxOQ%3D%3D

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 21 Jul 2022 01:35:19 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AehlK4CSk821DyGg7EAOuPf4vavypHlkKYKB-Mpk0CAZHuiHrUUuajVr16TAZFusJInhoJQHTvjje9tlnv2rh454WtrpBSHfdlXD&google_hm=NTk1OTIzNTU5Mjk2ODA4MzkxOQ%3D%3D
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 57B0
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEDXTeXnogvpbf_B41ZWIIQU&google_cver=1&google_push=AehlK4BT-hIJ2g_CsaioBp83jeWewpXMGmpy1jEqc57J3VxASQUqR79Amh45rVOU7wkP8p8eTMQiUwEXtn0t...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4BT-hIJ2g_CsaioBp83jeWewpXMGmpy1jEqc57J3VxASQUqR79Amh45rVOU7wkP8p8eTMQiUwEXtn0tDAAxRwV7jIYwMyju

170 B
188 B

18ms
17ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4BT-hIJ2g_CsaioBp83jeWewpXMGmpy1jEqc57J3VxASQUqR79Amh45rVOU7wkP8p8eTMQiUwEXtn0tDAAxRwV7jIYwMyju

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4BT-hIJ2g_CsaioBp83jeWewpXMGmpy1jEqc57J3VxASQUqR79Amh45rVOU7wkP8p8eTMQiUwEXtn0tDAAxRwV7jIYwMyju
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 57B0
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEO...
https://sync.targeting.unrulymedia.com/csync/RX-011e4435-c231-4be7-ba4d-8e77d15584eb-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAehlK4BMczuw6zWzsMqRHTvK6...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AehlK4BMczuw6zWzsMqRHTvK6PcuBo_GattB3ydUt7kuscNfPUAhwDPQ6B6lnrkAdQOnVJ4cKQj7S_U9dj6_P-xx6X5AcMRct2qs&google_hm=AwEeRDXCMUvnuk2Od9FVhOs

170 B
188 B

19ms
18ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AehlK4BMczuw6zWzsMqRHTvK6PcuBo_GattB3ydUt7kuscNfPUAhwDPQ6B6lnrkAdQOnVJ4cKQj7S_U9dj6_P-xx6X5AcMRct2qs&google_hm=AwEeRDXCMUvnuk2Od9FVhOs

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AehlK4BMczuw6zWzsMqRHTvK6PcuBo_GattB3ydUt7kuscNfPUAhwDPQ6B6lnrkAdQOnVJ4cKQj7S_U9dj6_P-xx6X5AcMRct2qs&google_hm=AwEeRDXCMUvnuk2Od9FVhOs
date: Thu, 21 Jul 2022 01:35:19 GMT
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX011e4435c2314be7ba4d8e77d15584eb003
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 57B0
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEOboEjiOzDomB53zHSp3_XM&google_cver=1&google_push=AehlK4BQohAsYYgS-xKkjnAXt2PI7kaWMA6Ylk5WKwVP-RyNkLonSSywthfs0zT5wS13YeeEIU...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1EZ3B4VTNsRTJ1RVZuejh3QmU5d0FocWlyN09SN3dqQ35B&google_push=AehlK4BQohAsYYgS-xKkjnAXt2PI7kaWMA6Ylk5WKwVP-RyNkLonSSywt...

170 B
188 B

18ms
17ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1EZ3B4VTNsRTJ1RVZuejh3QmU5d0FocWlyN09SN3dqQ35B&google_push=AehlK4BQohAsYYgS-xKkjnAXt2PI7kaWMA6Ylk5WKwVP-RyNkLonSSywthfs0zT5wS13YeeEIUGKXTbkvAMSID-jZPnc2OVGRkBMwQ

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1EZ3B4VTNsRTJ1RVZuejh3QmU5d0FocWlyN09SN3dqQ35B&google_push=AehlK4BQohAsYYgS-xKkjnAXt2PI7kaWMA6Ylk5WKwVP-RyNkLonSSywthfs0zT5wS13YeeEIUGKXTbkvAMSID-jZPnc2OVGRkBMwQ
date: Thu, 21 Jul 2022 01:35:19 GMT
server: ATS/9.1.0.46
age: 1
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

/
onetag-sys.com/match/ Frame 57B0
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEDXTeXnogvpbf_B41ZWIIQU&google_cver=1&google_push=AehlK4DZIzSewiwZNlb2GTnv1HrP7KhNB_kV0BSYI0ykReak8Ryyx3_0SQ4OVtscK3nbfNr0lpgmOvY2wzA...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AehlK4DZIzSewiwZNlb2GTnv1HrP7KhNB_kV0BSYI0ykReak8Ryyx3_0SQ4OVtscK3nbfNr0lpgmOvY2wzAsNC8aC2ZmNAdf9LM
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

8ms
8ms

Image
text/plain

51.38.120.206
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

51.38.120.206 , France, ASN16276 (OVH, FR),

Reverse DNS

ip206.ip-51-38-120.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 57B0 0
12 B 15ms
14ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IP5g775HPbDlCx_XQ7suYhITjqwQeYvxu88z4_4GOp80WVfAL4v8bke9NrcBdL7OFNtJJJG20

Requested by

Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:19 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 dt
dt.adsafeprotected.com/ Frame FD66 43 B
215 B 147ms
94ms Image
image/gif 52.54.226.35
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925113&asId=a5fb936a-1c2e-4057-56a9-7006a15ce43f&tv=%7Bc:iXFDJE,pingTime:-2,time:426,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:292,beZ:294,mfA:555,cmA:555,inA:555,inZ:556,prA:556,prZ:561,si:564,poA:564,bl:571,poZ:571,cmZ:571,mfZ:571,loA:624,loZ:626,ltA:718,ltZ:718,idA:572,idZ:609%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:300.250,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:-1,vs:n,r:,w:300,h:250,t:271%7D,%7Bpiv:0,vs:o,r:l,t:330%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:426,n:330,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:271,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B67~1,0~0%5D,as:%5B67~300.250%5D%7D%7D,%7Bsl:o,t:330,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B96~0%5D,as:%5B96~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:tcbigny+11%7C121%7C13%7C14%7C15%7C16%7C17%7C18%7C191%7C192%7C193%7C194%7C1a.925113%7C1a1%7C1a21%7C1a3%7C1a4%7C1a5%7C1b.925113%7C1b1%7C1b2%7C1b3%7C1b4%7C1b5%7C1c*.925113%7C1c1%7C1c2%7C1c3%7C1c4,idMap:1c*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:1,renddet:DIV.qs.sn,sinceFw:153,readyFired:true%7D&br=c
Requested by: Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.54.226.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-54-226-35.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
x-server-name: dt07.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame BEE5 43 B
215 B 220ms
182ms Image
image/gif 52.54.226.35
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925113&asId=76b71509-8442-6fa1-348f-c9c2b424c779&tv=%7Bc:iXFDJT,pingTime:-3,time:364,type:v,clog:%5B%7Bpiv:-1,vs:n,r:,w:300,h:250,t:275%7D,%7Bpiv:0,vs:o,r:l,t:363%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:364,n:363,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:275,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B98~1,0~0%5D,as:%5B98~300.250%5D%7D%7D,%7Bsl:o,t:363,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B0~0%5D,as:%5B0~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:tcbigq9+11%7C121%7C13%7C14%7C15%7C16%7C17%7C18%7C19*.925113%7C191%7C192%7C193%7C194%7C1a1%7C1a21%7C1a3%7C1a4%7C1a5%7C1b1%7C1b2%7C1b3%7C1b4%7C1b5%7C1c1%7C1c2%7C1c3%7C1c4%7C1c5,idMap:19*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by: Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.54.226.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-54-226-35.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
x-server-name: dt17.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame BEE5 43 B
215 B 217ms
181ms Image
image/gif 52.54.226.35
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925113&asId=76b71509-8442-6fa1-348f-c9c2b424c779&tv=%7Bc:iXFDJU,pingTime:-6,time:365,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:365,n:363,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:275,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B98~1,0~0%5D,as:%5B98~300.250%5D%7D%7D,%7Bsl:o,t:363,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B1~0%5D,as:%5B1~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:tcbigq9+11%7C121%7C13%7C14%7C15%7C16%7C17%7C18%7C19*.925113%7C191%7C192%7C193%7C194%7C1a1%7C1a21%7C1a3%7C1a4%7C1a5%7C1b1%7C1b2%7C1b3%7C1b4%7C1b5%7C1c1%7C1c2%7C1c3%7C1c4%7C1c5,idMap:19*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&tpiLookup=ao:www.posthaus.com.br*&br=c
Requested by: Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.54.226.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-54-226-35.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
x-server-name: dt18.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2F65 0
26 B 84ms
45ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst5ebw2DS3ZeSM1EKDWRXaUDg4Keh5RTAz_w675EDRlt9SjRc0mOU00n30aucuEs1BiV_XopCIIuiwQetvNPcSe2P8GUgoHlGa76jD6mMpZgzMLud365lxY7WBKOter8g9DLhwFTz1yoyeT-N2Ih1sEJcPj0TnnDgMhqSfe1Z3Hvmd8xqEzHvH_wMHNDl44wRbdfyPgCFET02VnF5vVmzxlaQo7c28NGi5tBF8vYrru9kRWVZWfvWPjzeI5kXfluPOrLscIVr7dx5XQUA7Xqa5kdKaFE3G3oMxLvIvmpWlRQCW08WsT7JqPKovhyoTfIgZb5XIbtxywo2uoSs3kvMGqLYICh_3QPQxWnfAkbv2nsMmEap7z7iClwL71eQ_HDMHe4PjWAOI1tj8VVetmJYQ30_vl85A2zIWy3nNU71H6ljz-MjwG0QZbbGbKGVGPAcvYvZXKC2kcnDfe0ZnQwVIRNLy4OqOK5nbSwKuzttzvKccJvb1YHTPzljQ3A1O8s-bLSXPSOLE4_W5POZsUDTb136SrRumQCwvFLXLYsGVNmASjpvL-wjPfbcLi4bij87I0z8dJvwj9g3CZrVM7quZm4NP4xdAvKSoHajU6x2k416SlCy-EzutIQzGb-f9bA5XsFZTkvlYwWpjrPqIj0aAmNzh8OiLYO24fnlMWTU0v6YTqb0X77WTUnRiRBiipe2EZ8AJWxV0Nwpf21c1SLk4Q2pOojZqInXJlZBjCMn2HU6Akus67GRnKdK4N9NBhBNb65wxFTCP4C9A42rPm8DF-Dv0PMp0-ygohtgcrc-HhW4Aet1tHwvtEs2eIxInwxRdE6xs3FvRt4P6Or1ZKsCEAvcGjtljEOnS9I18_yOOv1SWdX-EX5qbPL3EDUPvCGs5gmC_uc5Z0bSEGccpv1STlW6aoItJ_JfsY9101NlSi8uijIw-SJdiLotHRwxvMvT86sD34qKYhrhynWaPW3r0SVcm96DlKLMVlBK1Q8uJBW0xfFdwMSaen4cOxc9w1m5OCpOiTuJ1Gsd9JD355x6qVSLkRJYWoOcOiKK_6O_7NdMrI7Q9mOh_TgnRx2umyT2hHscX_ZU0HHonLk2wFa4zDezNubuJ5vG7HHdzokNWXsuNZhI24_HcRpEaL1_Px0H-2kV0wAVLldvVKMyqK_bPNdHac_dDvTPKFZUJF_FWUNHfqBt2dT7mbzoNBr9kp-O4wuiVJF5f5EQHQJ813Aa4DD5jOeZH5AhB_tl-hlWqzNbfvEIeE&sai=AMfl-YTjmciA4x3oV6q5Y2fgsv-fHW3Tu9cxSSiqkzt-uu4-NWLk_rsSwnrLBNLhcXPlSBJ26sdey9lc7PMWpVhGGh17NyfKY9xvVCrNBEni1TLjRC98GQtBf-Sv5I6h8sBg23UPncjQ0y3cWznA-4CS0qXIqScQGONGakqJz7kMqIyg8R9ZyjR50iG6m8CL-H3n0tNrkq68oi6B2MfEugkS1g&sig=Cg0ArKJSzEQQnW6tJ7znEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=641&vt=11&dtpt=472&dett=3&cstd=164&cisv=r20220719.72125&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: llinks.io
URL: https://llinks.io/?fmFhB1k

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 21 Jul 2022 01:35:19 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0F0F 0
26 B 83ms
46ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvp8rltGLQLBu0aJ7hhoCgJ9sAwFH0Q9VMozKFwgA0I3y8hvD5o4MNWdWTkqGruGhdAQw29H98DAgX2h-c343e5jfmfn_VgPAfS5VFj7e_bxMW2i1ZDWTTCsGPuJlgdoZ2pJWW3EmsSaZ5t9gnuZyfw9gIsDzpqRmD9tK1BsnZq38HWOMNemGWrVLeRG0cYh05VGhykdTqdC7grdSk7jYJZYE6FOuAtZ2g3AHb9IA8gtHUrEXdx16au4QRk_Orrjl2RDKkPCK2Uyh9I50PvkjNTxe9JkmEgm7_5rdPyMDN4bnoEH7mqAGwCKxm7ydDsrbhD6hnuzHLvanim24b9plpqxIcr4lwPYvzEVDfaK4oz_HuWLMoJf_GnoYQliUYOgqWzRzKuGcEhr9MbZBQ6NaTvABA3svCZnCwRlK84MmOCqg4UOivIFHPHkwCZTmGCozh6ZbqXwoFsAXNbbZcZyrsa-kGd61f_pYOBMniYmE-EThyGE6sd63cEKhexRr1Rzo4EDTIpgTi-0p_rnfG1_wrNsiL_C3gAYRSzSf11Z8GZ_bledMRQth8rd20KlgvFUxsDT4LA3bX0V0Y0CYUJI-QxMEtkUxylKcUOqJd0S85RhoH5icSirOt1fG5Lp-B2uQwkAKhIxtwnpwWX80VUPF0Bt_RsaPlSlrWy9QKMNd1QP-f_zhsNuzDTNUmvr3UGFDl2EV0JWTRZtp5tOcFKArHlAj-EqJR74OAmudBEzqWPA6JpqwRDs_0cUsr1glWx4Xy-Hrg-0nfA7F-vDksJqPOYAKTkl1jtO6PElWfWMRW-AQ1Yy3wrD5Y5JYJzlrWISTtkEgskmii5y_Rqy_8_SFVHJwbVIQs8WhM6mMlQsm385yZcXJ8nLxeZO25RqpuR9siOf-OB8liqcDKggeaFARBqXA4-Fo4OhHY6LF9bVNN-i4FuR3gkYnMmv1X3wDdV43J1pHu1G_TlfN949HnQDKPSxjDQ7q_1IVZZw8_-m10ynUDueDbrcTeIOUw--tds7IsG7MjyD59BMMilF5TfzC34_hBS8rNl52suXgY20efXWG1IZpVNylmYpsTUD3_xtMFQKjJB0Om20-WJkfEGjJIkV8PbBAsnN74EriAbtZZiOH_m1_oKTk_kc_xPh1OGYjpYU8diU2mEtljTDLTH9TBneVhLyFOfX8Vhm8EJDtSIfryfFiOJqJo8Ik3lNWlWrk2YoqRcRdc3Ka1Gi5LSnZCiMKq6f5-ozp6eZ6tITT2pDpaCvEB1fSjQTGM3-yrq&sai=AMfl-YTtoNGFnhLAyOTMVbIunowj58xueHoPFcQ3r-qrQQQL2npUREH0KR0R_xQXQ-B0fK1b0GKQcQbY6_GeaTv17lAmPtnc-tOPCAWMEhArulYEYUuA_HrCB64C16myS1RXCE7gWge_46MP8hc0UCvWJshKPkgWBYHVD19ECs8Yu9hnyR01jT3hdQWLLmV9NH83MLnnZhmCZ-Y0leInHRzXtg&sig=Cg0ArKJSzNWK9U6f1cFyEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=587&vt=11&dtpt=442&dett=3&cstd=142&cisv=r20220719.72686&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: llinks.io
URL: https://llinks.io/?fmFhB1k

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 21 Jul 2022 01:35:19 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame FD66 0
26 B 80ms
46ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuE_-H47CW-y4b8FNZWvozv30n1BcgZSNgx2q-1reBsbNjlTeiZsw8Rqa5eLgYtx8jrHSeDmMkIXeUiUpY6ZnphLUebOaxsvhY63kLXap_cX4bN51AQjZEKzBCiAI_TnO62U7lTsBcaOR1UIWV0iKv3zuCb_ovRI3AHgztKpYZwifP5CIEI1ZH4gpZW1A7U5K3VKLrKqZLAHHBloxjb-SF9Lo7QqPqnHaNsz4HCtZpV2ZyQrNbjzr9mmmSDpcRlm3Zj4E7WFiRQc9guphLbNV7v6fO59nwZHOow4VaArqFlSfFMdkLo4QV2881LwSzvQhONzggwuqLa17YMi0uoT9zvA_mMnQ7f_FOtE8uW3VEQQWcyFBpcCmFJbgPLIMTufnGvZKRj-ulRzLNd4VIXlmqP_Yf78fhVNFIzI96y7_pI0nAPHdrfidjxEk2M4cKiNH3IBqRxbm343snR0_fDNSPzMHCmE_UMsIQj4r6_EaDbfPnlfb0tLlfXz9XNAdV9oPaHIKrAXreFuuzsyQV6SFx-bypzt9z2mFols95BajPuMKsQcgzIYjkVhJXOBpc7izLXopK4JrqGMSmcwzCwzAKHuETAeVHWGxpiWZESApmcjQ4moWlf19qWfYPJ4RPWcFa7RkX0A1ah--MWtKXhdN47nfJFLg8pfmvtw1CaICvUA9SI7Y3eLhhSiKt_vBewwHfHupr9VV5KkzYms9csow-TexLqiZaFu4b_SPtsrnqic26grk0BdMDnbLqhjNYZDkL2iTMv7jdXC_bMV1ABUdI9CBtEKO5RcPN7HAJvNTGImAlVMRSGHDsHgU1q_Lgcgk-9WzqWQ-6bDoZMa02wFqO6why7BagA7MtSDFvS2YrFth33ZvsY3EI8l26MpagS84IwP_BbgUephVZRPd8MGG2j6B-O6vLpcRHhEiJnGXSa6xf9XK3V8vE9y-42PaCHmLkMzJxqhY7KeLRnhhrz4QgH1KwAYdc2q8ABhRGluXgZpTHcEfp5TKGF363CnhysWNnGZK5FXWABJD57zUj5xaf_AEt7deUEUUttStjDHy5Sppv7psu_Lo7w5OlYIgtmcpFoMBBNT88LY9JVg5uoSZ6aeoSRDwLc77hpbbmyqbbc8gIJU0ng4VsSZBXKwwN7lgSNb1be5pghe8D976b_wapvKB2ziBCQ7N3cXn9pIm8pLTVgWKwAsmlXk6veTCfcsYGgJJsKXlqz-y2u-befwB8q4hfkDBrIHVM1vV7NMIXbR-eAhDHpXnMtd3Z3I-A0&sai=AMfl-YTlMAWIy_PO0wVm7jiBu9fS18Xw0sXjs4Nn6gAX2wzQKr_gEx5zNH0Lb12Ezcy5M0I9qQB1xWtpA-LKrEzcKV8CPgcbVVMjCh1eF72E1lJ6h5tpjaea8vDqvi2LAvu9RUt-tH5yEEqLboTzThFvDqOVdK9yrfcl5Kx2TBviDS6_eZK9gd7YrkchYIWM4fE4pL9CCsXppu2OUOtHfLz3pA&sig=Cg0ArKJSzABaWreyvTr3EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=598&vt=11&dtpt=439&dett=3&cstd=156&cisv=r20220719.44922&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: llinks.io
URL: https://llinks.io/?fmFhB1k

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 21 Jul 2022 01:35:19 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 dt
dt.adsafeprotected.com/ Frame BEE5 43 B
215 B 193ms
182ms Image
image/gif 52.54.226.35
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925113&asId=76b71509-8442-6fa1-348f-c9c2b424c779&tv=%7Bc:iXFDKk,pingTime:-2,time:391,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:393,beZ:394,mfA:658,cmA:659,inA:659,inZ:660,prA:660,prZ:666,si:669,poA:669,poZ:680,cmZ:680,mfZ:680,loA:758,loZ:760,ltA:784,ltZ:784,idA:680,idZ:719%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:300.250,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:-1,vs:n,r:,w:300,h:250,t:275%7D,%7Bpiv:0,vs:o,r:l,t:363%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:391,n:363,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:275,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B98~1,0~0%5D,as:%5B98~300.250%5D%7D%7D,%7Bsl:o,t:363,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B27~0%5D,as:%5B27~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:tcbigny+11%7C121%7C13%7C14%7C15%7C16%7C17%7C18%7C19*.925113%7C191%7C192%7C193%7C194%7C1a.925113%7C1a1%7C1a21%7C1a3%7C1a4%7C1a5%7C1b.925113%7C1b1%7C1b2%7C1b3%7C1b4%7C1b5%7C1c.925113%7C1c1%7C1c2%7C1c3%7C1c4%7C1c5,idMap:19*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:1,renddet:DIV.qs.sn,sinceFw:115,readyFired:true%7D&br=c
Requested by: Host: 8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com
URL: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.54.226.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-54-226-35.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
x-server-name: dt14.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame BEE5 0
26 B 75ms
47ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuoVZfoWt_NMIuK8_vyH-0lC6y-CFhic3PEDm1izQPa-brS16RPlyycZa_PsAItQ7XXJpBhqCNQf97uMjBhnstJC8vhBlTNbmoXeZewVfq4U5zXKPCmyZFDAQxzmSnRRHkOnr1LUh4qyvGmCUEdMna_hL27q0NI1VxptSvGoVHdXrOmU6soCGR1rKj5CUD8LwFTeoNMkjvsUrpCFGwIbfadPBrR1npqRAHfo09hI-WwHlPsYfNnvdTZlLFKERpePFyjfmtC_-1tSAIq2stWaeDx8O0b9a-iR7EY3Qm0P_bIoSsYu8SQNNrBM0AG2JFt07xU0v_bJKv6KQR3-PM6j2coowdQ4R-4Bu08WMt2fNQMFDOP0K2tAkyI-4VEpmGY1zSEe05qgf1f883Buo8JhyhCzn-rhJlHJSi1Es8WRoCdUcXavaqNkS5LAMSzbR7OMmPCb4PsQgXB1hFt_k_10q5P7n_MkjiWNNxrngR18yREa0Y7p2_7aAAjqmE15DfkBiAXDtbrnJHfj8F_VsLHe7ECJPUKrX6jfZkxCJpWWfIz3WR2l6J6gHf6J0heytvGIErMHvdcDwluCcZ6DfGix-v_Ay0qcgkxTW0YA7BgippxpkDCejnCBO5fQyQvJd1wOzg95FFeY27Xya1zGJ5l3SunlOFP_RtBdk88sw80bJHrGMcrp5uJqyl8J4LmP55tyP_a7_zRNKM4RYaF6DRYcwuHGlB8pNnUqoRhfjOTmygPReD8Ab813dDTXXtladtDn23P-hsCK00esaKHYNt1yUQDpyWA_nluVu5caE3c1TaeFCYHIkGW49G0P5D7elwJOvU8sxgPfSnNz3ECv94exwEL4ac8fPy1ZuIvwnBMNFLYkuTDqBSynxaLAnKTV_Gxa5dwZKJXs24lLSgIVTCIGAswB9ANFDAAPWdH807kkd6BygQ_k-VC6KfZ19rEwqWmxcsd1c4rlzqxakW7k4yFmv9qi0xg3PyL2E87LiAr55N8P_mzgE4u3wj9xRfjYotMDeSTgb2mLpEH5MqJmozXcM5OCo-5mLVwV55FJtBfSD37rbA-nFj1Vp40B8DqwyQFx-QerXmYugEVWGSPiR80AKGYLMXOXKzJNvSCS2sgOUhcM1mN8U60JBYSGv4VNBSq-PA-p540BvPt509s_XGLcvd8xFD1IaMGr31CSKGXiPMZlBcF46MhC-c5zuLEl-Cqd5srOuZD3M2TDaLPYOSHyQfTXHWf9Wo5OI2KgxExyIEPEULysISL52DnqFIfH9n7&sai=AMfl-YROEdtB69FySpZgqLpr9CdqJMQ-RpaAicHFwjpfarEO-N2D9IXRfA1FuNxVQjiZLIaWv9wTGmpqAts1xmglvUZdQNHE_qC1Rs2fwBKyVL_rARbxO3hlkqxNXSpCUAEco8JdaNwthsJY_KRMcARyEALv5VFAUeb7cbkahNuxIbeM2Jz6tS3WpilnVmoqdqqPLwEHak-vZ4kyBg5CN4kKwg&sig=Cg0ArKJSzMP7yeyle6MjEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=616&vt=11&dtpt=434&dett=3&cstd=178&cisv=r20220719.06335&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: llinks.io
URL: https://llinks.io/?fmFhB1k

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

a104-79-88-129.deploy.static.akamaitechnologies.com

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 21 Jul 2022 01:35:19 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 5B65 8 KB
6 KB 35ms
19ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4c4df4d493d696c0757605ea4c04fae2b591be9fe480145f7f36fdc5ab1b53cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 21 Jul 2022 01:35:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5901
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 38B7 7 KB
6 KB 31ms
20ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9525d9d5074b16f2d9b32b8830ca3030534e536828882a785865aaa10c90f46d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 21 Jul 2022 01:35:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5738
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1AE6 7 KB
6 KB 31ms
22ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ea4963a2dd6df3161f92c3a3013eda9abc15eb954ff81c27638169f02327cc95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 21 Jul 2022 01:35:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5684
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame CD59 7 KB
6 KB 28ms
21ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

99421b5a6c9cdcfbe9eefc3a5b0ef3a4d049d622d1a335754932c4c1fd6420f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 21 Jul 2022 01:35:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5806
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 5B65 17 KB
6 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 21 Jul 2022 01:35:19 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 38B7 17 KB
6 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 21 Jul 2022 01:35:19 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame CD59 17 KB
6 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 21 Jul 2022 01:35:19 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1AE6 17 KB
6 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 21 Jul 2022 01:35:19 GMT

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=AABC1130FF664D4B8EFCD0DBEBC99B85&RedC=c.clarity.ms&MXFR=19A6A3D55E6B631900CFB23D5A6B6D10
https://c.clarity.ms/c.gif?CtsSyncId=AABC1130FF664D4B8EFCD0DBEBC99B85&MUID=0B3342234B7462BD042653CB4AFF6396

42 B
369 B

31ms
30ms

Image
image/gif

20.234.93.27
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=AABC1130FF664D4B8EFCD0DBEBC99B85&MUID=0B3342234B7462BD042653CB4AFF6396
Protocol: H2
Server: 20.234.93.27 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
last-modified: Wed, 13 Jul 2022 17:48:59 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "96611cd5e096d81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3BE6CB52237044BFAF703628CEEA45B3 Ref B: FRA31EDGE0210 Ref C: 2022-07-21T01:35:19Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=AABC1130FF664D4B8EFCD0DBEBC99B85&MUID=0B3342234B7462BD042653CB4AFF6396
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 29ms
29ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022071401&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071401.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78d1b4b92684487900a070e92ebbb45ee3257878f6578af1ffcc963de27dfdbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 21 Jul 2022 01:35:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11164
x-xss-protection: 0

GET
H3 200 Jb5du1wVqba4or3nurh6HQr9svaNG92rNWcoGauPISE.js Show response
pagead2.googlesyndication.com/bg/ Frame C944 36 KB
14 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jb5du1wVqba4or3nurh6HQr9svaNG92rNWcoGauPISE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25be5dbb5c15a9b6b8a2bde7bab87a1d0afdb2f68d1bddab35672819ab8f2121

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 17 Jul 2022 03:20:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 339275
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13868
x-xss-protection: 0
last-modified: Thu, 07 Jul 2022 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 17 Jul 2023 03:20:44 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2F65 43 B
215 B 93ms
93ms Image
image/gif 52.54.226.35
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925113&asId=4da91060-8d37-959c-8cd9-bf568b5a1c3e&tv=%7Bc:iXFDPw,pingTime:-10,time:874,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8V2luMzJ8fEdlY2tvfHwyMDAzMDEwN3x8MHx8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwMy4wLjUwNjAuMTM0IFNhZmFyaS81MzcuMzZ8fDF8fDF8fEdvb2dsZSBJbmMufHxu,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1658367319358%7C%7C7e676777c5fab2427bf0bdfe3428cf51%7C%7Cdf92c9cff360bda3eafa3e94d6152ec7%7C%7C0eca526974576af2671cc78ddaa23c42%7C%7Cb7266c29e0cb8ccdd84cf701ea7bf1f1%7C%7C7456fe92e22d9008cdaa776af295685e%7C%7Cf81beff795aec21cc34760764103963a%7C%7C6ce50aa0e0e3295f5b0a9f437ab0d866%7C%7C1629390669%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.54.226.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-54-226-35.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
x-server-name: dt10.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 Jb5du1wVqba4or3nurh6HQr9svaNG92rNWcoGauPISE.js Show response
pagead2.googlesyndication.com/bg/ Frame A2A8 36 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jb5du1wVqba4or3nurh6HQr9svaNG92rNWcoGauPISE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25be5dbb5c15a9b6b8a2bde7bab87a1d0afdb2f68d1bddab35672819ab8f2121

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 17 Jul 2022 03:20:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 339275
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13868
x-xss-protection: 0
last-modified: Thu, 07 Jul 2022 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 17 Jul 2023 03:20:44 GMT

GET
H3 200 Jb5du1wVqba4or3nurh6HQr9svaNG92rNWcoGauPISE.js Show response
pagead2.googlesyndication.com/bg/ Frame A302 36 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jb5du1wVqba4or3nurh6HQr9svaNG92rNWcoGauPISE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25be5dbb5c15a9b6b8a2bde7bab87a1d0afdb2f68d1bddab35672819ab8f2121

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 17 Jul 2022 03:20:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 339275
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13868
x-xss-protection: 0
last-modified: Thu, 07 Jul 2022 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 17 Jul 2023 03:20:44 GMT

GET
H3 200 300x250_NH_D_WD_Affinity-Fashion-Mannequin.jpg Show response
s0.2mdn.net/creatives/assets/2373736/ Frame CD59 15 KB
15 KB 8ms
8ms XHR
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/2373736/300x250_NH_D_WD_Affinity-Fashion-Mannequin.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5ffefcc420172f973787f482949e2b8b45b30d6b0af590c4737f1ee270b57e96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=P1rqriH6Jf&t=1&renderingType=2&ev=01_247
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:31:31 GMT
x-content-type-options: nosniff
age: 228
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15369
x-xss-protection: 0
last-modified: Fri, 22 Apr 2022 09:22:01 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 01:46:31 GMT

GET
H3 200 300x250_NH_D_WD_Affinity-Fashion-Mannequin.jpg Show response
s0.2mdn.net/creatives/assets/2373736/ Frame 38B7 15 KB
15 KB 9ms
9ms XHR
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/2373736/300x250_NH_D_WD_Affinity-Fashion-Mannequin.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5ffefcc420172f973787f482949e2b8b45b30d6b0af590c4737f1ee270b57e96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=DRMWKuu0uM&t=1&renderingType=2&ev=01_247
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:31:31 GMT
x-content-type-options: nosniff
age: 228
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15369
x-xss-protection: 0
last-modified: Fri, 22 Apr 2022 09:22:01 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 01:46:31 GMT

GET
H3 200 300x250_NH_D_WD_Affinity-Fashion-Mannequin.jpg Show response
s0.2mdn.net/creatives/assets/2373736/ Frame 1AE6 15 KB
15 KB 8ms
8ms XHR
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/2373736/300x250_NH_D_WD_Affinity-Fashion-Mannequin.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5ffefcc420172f973787f482949e2b8b45b30d6b0af590c4737f1ee270b57e96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=9ECAsUbPOU&t=1&renderingType=2&ev=01_247
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:31:31 GMT
x-content-type-options: nosniff
age: 228
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15369
x-xss-protection: 0
last-modified: Fri, 22 Apr 2022 09:22:01 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 01:46:31 GMT

GET
H3 200 728x90_NH_D_WD_Affinity-Fashion-Mannequin.jpg Show response
s0.2mdn.net/creatives/assets/2373736/ Frame 5B65 14 KB
14 KB 8ms
8ms XHR
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/2373736/728x90_NH_D_WD_Affinity-Fashion-Mannequin.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f69038abd5797c7c4ccc72eb03c7c4b99e38265251b73378fe9b14245973a68a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17214852891647431513/index.html?e=69&leftOffset=0&topOffset=0&c=VyjKyA1j6L&t=1&renderingType=2&ev=01_247
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:31:12 GMT
x-content-type-options: nosniff
age: 247
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14313
x-xss-protection: 0
last-modified: Fri, 22 Apr 2022 08:23:33 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 01:46:12 GMT

GET
H/1.1 200
OK sync
x.bidswitch.net/ Frame EFB3 43 B
220 B 9ms
8ms Image
image/gif 52.58.189.178
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=46&user_id=k-cv1lCnUSS0Q0WPzBJhtcI9Gff5k9dk3Kzcua2Q&expires=30
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.189.178 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-189-178.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Thu, 21 Jul 2022 01:35:19 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/google/ Frame EFB3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-L-tLyHUSS0Q0WPzBJhtcI9Gff5mtuE_jVY0jbg&google_cm&google_hm=ay1MLXRMeUhVU1MwUTBXUHpCSmh0Y0k5R2ZmNW10dUVfa...
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-L-tLyHUSS0Q0WPzBJhtcI9Gff5mtuE_jVY0jbg&google_gid=CAESEHoefX1_0RZJ8tg11z-_QCI&google_cver=1&google_ula=913071,0

43 B
371 B

54ms
17ms

Image
image/gif

178.250.0.163
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-L-tLyHUSS0Q0WPzBJhtcI9Gff5mtuE_jVY0jbg&google_gid=CAESEHoefX1_0RZJ8tg11z-_QCI&google_cver=1&google_ula=913071,0

Protocol

Server

178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:18 GMT
content-type: image/gif
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1243745
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-L-tLyHUSS0Q0WPzBJhtcI9Gff5mtuE_jVY0jbg&google_gid=CAESEHoefX1_0RZJ8tg11z-_QCI&google_cver=1&google_ula=913071,0
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 398
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/appnexus/ Frame EFB3
Redirect Chain

https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7210014654759958532

43 B
370 B

64ms
17ms

Image
image/gif

178.250.0.163
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7210014654759958532

Protocol

Server

178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
content-type: image/gif
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1951000
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 21 Jul 2022 01:35:19 GMT
X-Proxy-Origin: 138.199.38.132; 138.199.38.132; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 9cb45d32-af8b-44ab-b848-d9f4488ae342
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7210014654759958532
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

1by1.png
cotads.adscale.de/ads/pixel/ Frame EFB3
Redirect Chain

https://ih.adscale.de/adscale-ih/tpui?tpid=40&tpuid=k-Ev3POnUSS0Q0WPzBJhtcI9Gff5mYrYFWspgQqQ&cburl=https%3A%2F%2Fcotads.adscale.de%2Fads%2Fpixel%2F1by1.png%3Fuid%3D__ADSCALE_USER_ID__
https://ih.adscale.de/adscale-ih/tpui?tpid=40&tpuid=k-Ev3POnUSS0Q0WPzBJhtcI9Gff5mYrYFWspgQqQ&cburl=https%3A%2F%2Fcotads.adscale.de%2Fads%2Fpixel%2F1by1.png%3Fuid%3D__ADSCALE_USER_ID__&nut&uu=f42103...
https://cotads.adscale.de/ads/pixel/1by1.png?uid=f47ae3aa00617e57cfc7fab3e17333f6172b8bd76c67538452c1a51b77260427

321 B
700 B

35ms
7ms

Image
image/png

2600:9000:223d:b800:1b:832b:ac00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cotads.adscale.de/ads/pixel/1by1.png?uid=f47ae3aa00617e57cfc7fab3e17333f6172b8bd76c67538452c1a51b77260427
Protocol: H2
Server: 2600:9000:223d:b800:1b:832b:ac00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 678743e83d255d34a3476fa3eed80d55d212874f0fe98285a54fbf293f8b73ee

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Mon, 18 Jul 2022 16:20:39 GMT
via: 1.1 5626bf35345f32d3e58fb8d33ec4d966.cloudfront.net (CloudFront)
last-modified: Tue, 08 Sep 2020 23:05:25 GMT
server: AmazonS3
age: 206081
etag: "c1ab48a971e5c1a7eae346346487762d"
x-cache: Hit from cloudfront
x-amz-version-id: L15pFHSGGE_bHbLCyc84fBPpy1DC4jsd
cache-control: max-age=604800
x-amz-cf-pop: FRA56-P3
accept-ranges: bytes
content-type: image/png
content-length: 321
x-amz-cf-id: 7lp0M60fR5PyGW1NUMRy4nyRKfMaRF1egFPr34a77P19_r3XFAhiEA==

Redirect headers

location: https://cotads.adscale.de/ads/pixel/1by1.png?uid=f47ae3aa00617e57cfc7fab3e17333f6172b8bd76c67538452c1a51b77260427
date: Thu, 21 Jul 2022 01:35:19 GMT
content-length: 0
p3p: CP=NOI PSA OUR

GET
H2 200 sync
visitor.omnitagjs.com/visitor/ Frame EFB3 49 B
235 B 61ms
17ms Image
image/gif 185.255.84.153
IGUANE-

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://visitor.omnitagjs.com/visitor/sync?uid=732efe97317e6352de4c1caf24b5064b&name=CRITEO&visitor=k-87tAAnUSS0Q0WPzBJhtcI9Gff5nTaBcJkkwKbQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.255.84.153 Ivry-sur-Seine, France, ASN200271 (IGUANE-, FR),

Reverse DNS

Software

ayl-lb-fra02 /

Resource Hash

d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
x-content-type-options: nosniff
server: ayl-lb-fra02
vary: Accept-Encoding
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 0
content-length: 49
expires: 0

GET
H2 200 rum
r.casalemedia.com/ Frame EFB3 43 B
941 B 63ms
26ms Image
image/gif 104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-g_KwDnUSS0Q0WPzBJhtcI9Gff5mmlhgczHWS_w
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

cf-ray: 72e033027fba5b86-FRA
pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lqhF7QNZqO4uZb5%2FY1Z9qdV1%2Fhqi1hXO66YftsP2fVrQnmx1lokv7zt157HCmMx%2BzQQo5xVdLW9FAVXDxjxpa7Y%2B2zKVhiz2m8IFVq3UAit5UWwTLun9eDxTP6iTfJ6eVskt"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

GET
H2 200 match
ad.360yield.com/ Frame EFB3 43 B
447 B 43ms
31ms Image
image/gif 99.81.70.153
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-utmR9XUSS0Q0WPzBJhtcI9Gff5kg1NXWAtYL6w
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.81.70.153 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-81-70-153.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 21 Jul 2022 01:35:19 GMT
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

451

397596.gif
idsync.rlcdn.com/ Frame EFB3
Redirect Chain

https://gum.criteo.com/sync?c=6&r=1&k=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397596.gif%3Fpartner_uid%3D%40USERID%40
https://idsync.rlcdn.com/397596.gif?partner_uid=qYtA1T_YuF3t1n6vn8AxqXE2leMz1I1i

0
98 B

40ms
16ms

Image
text/plain

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/397596.gif?partner_uid=qYtA1T_YuF3t1n6vn8AxqXE2leMz1I1i
Protocol: H2
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:19 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

Redirect headers

location: https://idsync.rlcdn.com/397596.gif?partner_uid=qYtA1T_YuF3t1n6vn8AxqXE2leMz1I1i
date: Thu, 21 Jul 2022 01:35:19 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 2936
content-length: 197
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8

GET
H2 200 cksync.php
contextual.media.net/ Frame EFB3 45 B
785 B 109ms
34ms Image
image/gif 104.79.88.129
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=3&type=crt&ovsid=k-cfOOe3USS0Q0WPzBJhtcI9Gff5ndv0GcoYYV3w

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.79.88.129 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
server: Apache
date: Thu, 21 Jul 2022 01:35:19 GMT
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 45
x-mnet-hl2: E
expires: Thu, 21 Jul 2022 01:35:19 GMT

GET
H2 200 push
exchange.mediavine.com/usersync/ Frame EFB3 40 B
40 B 35ms
10ms Image
text/html 18.159.184.12
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://exchange.mediavine.com/usersync/push?partner=criteo&partnerId=k-kqxONHUSS0Q0WPzBJhtcI9Gff5kZEPIW4rlbYg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.159.184.12 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-184-12.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:19 GMT
cache-control: private, no-cache
access-control-allow-credentials: true
content-encoding: gzip
vary: Origin, Accept-Encoding
content-type: text/html; charset=utf-8

GET
H/1.1 200
OK cookie-sync
sync.outbrain.com/ Frame EFB3 0
476 B 370ms
86ms Image
text/plain 70.42.32.31
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=criteo&uid=k-E9fy7XUSS0Q0WPzBJhtcI9Gff5noYob5p37hsQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 70.42.32.31 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Thu, 21 Jul 2022 01:35:19 GMT
Cache-Control: no-cache
X-TraceId: aaf008d9d75a3519da7fa9549760b466
Content-Length: 0

GET
H2 200 Pug
simage2.pubmatic.com/AdServer/ Frame EFB3 0
225 B 345ms
15ms Image
text/html 185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k-c5_x4nUSS0Q0WPzBJhtcI9Gff5nWebj1BE1xmA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Wed, 20 Jul 2022 16:14:52 GMT
content-encoding: gzip
server: nginx
cache-control: no-store, no-cache, private
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-type: text/html; charset=utf-8

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame EFB3 0
239 B 160ms
8ms Image
image/gif 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-MMTvpnUSS0Q0WPzBJhtcI9Gff5kuIQ6WMpUeCw&expires=30
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type: image/gif

GET
H2 204 v1
match.sharethrough.com/sync/ Frame EFB3 0
35 B 57ms
8ms Image
text/plain 35.158.27.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=7658cb1d77a660882b48db06&source_user_id=k-oPU7qHUSS0Q0WPzBJhtcI9Gff5mYf2wyO5eLxw
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.27.81 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-27-81.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:19 GMT

GET
H/1.1 200
OK /
rtb-csync.smartadserver.com/redir/ Frame EFB3 43 B
163 B 83ms
17ms Image
image/gif 185.86.137.110
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=79&partneruserid=k-wEMBG3USS0Q0WPzBJhtcI9Gff5nfbvbKPShmQw
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.110 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:18 GMT
transfer-encoding: chunked
content-type: image/gif

GET
H2 200 /
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame EFB3 0
99 B 62ms
14ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=k-TheFe3USS0Q0WPzBJhtcI9Gff5k1N0ndrdsVsg
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:19 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 12412

GET
H2 200 um
criteo-sync.teads.tv/ Frame EFB3 23 B
172 B 71ms
29ms Image
image/gif 104.75.89.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://criteo-sync.teads.tv/um?eid=80&uid=k-O1F0XnUSS0Q0WPzBJhtcI9Gff5njJ5p9tq71Zg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-89-75.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
cache-control: max-age=0, no-cache, no-store
expires: Thu, 21 Jul 2022 01:35:19 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

GET
H2 200 xuid
eb2.3lift.com/ Frame EFB3 37 B
139 B 12ms
8ms Image
image/gif 13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2711&xuid=k-ndiJ4XUSS0Q0WPzBJhtcI9Gff5nGoGpsNL4Zyw&dongle=013b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:19 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58301/ Frame EFB3 0
132 B 16ms
12ms Image
text/plain 18.156.0.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-RAd5HnUSS0Q0WPzBJhtcI9Gff5mX7nWZbKnTHA

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.0.46 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:19 GMT
server: ATS/9.1.0.46
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1 204
No Content m
ad.yieldlab.net/ Frame EFB3 0
522 B 43ms
16ms Image
text/plain 96.16.132.239
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.yieldlab.net/m?dm_id=8666&ext_id=k-W2mCfHUSS0Q0WPzBJhtcI9Gff5m7KFK2bTkmqQ

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

96.16.132.239 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a96-16-132-239.deploy.static.akamaitechnologies.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 21 Jul 2022 01:35:19 GMT
x-content-type-options: nosniff
x-frame-options: DENY
Cache-Control: no-store,no-cache,max-age=-3600,must-revalidate,post-check=0,pre-check=0
Connection: keep-alive
x-xss-protection: 1; mode=block
x-application-context: application
Expires: Wed, 20 Jul 2022 01:35:19 GMT

GET
H2 200 sync
sync-criteo.ads.yieldmo.com/ Frame EFB3 43 B
220 B 142ms
30ms Image
image/gif 52.208.11.117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-criteo.ads.yieldmo.com/sync?id=k-OldG1HUSS0Q0WPzBJhtcI9Gff5l0tSHk_DjKEw&pn_id=criteo&ext=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.208.11.117 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-208-11-117.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
content-type: image/gif
content-length: 43
access-control-allow-methods: GET, OPTIONS
access-control-request-headers: Cache-Control, Pragma

GET
H/1.1

200
OK

28292
i6.liadm.com/s/ Frame EFB3
Redirect Chain

https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-iORXl3USS0Q0WPzBJhtcI9Gff5kmxXMas6Rm9g
https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-iORXl3USS0Q0WPzBJhtcI9Gff5kmxXMas6Rm9g&_li_chk=true&previous_uuid=d102883645e14ee9b8ab650733fcfa5f
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-iORXl3USS0Q0WPzBJhtcI9Gff5kmxXMas6Rm9g

43 B
419 B

337ms
96ms

Image
image/gif

2600:1f18:444a:4602:dc9:5139:b20d:8eb0
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-iORXl3USS0Q0WPzBJhtcI9Gff5kmxXMas6Rm9g

Protocol

HTTP/1.1

Server

2600:1f18:444a:4602:dc9:5139:b20d:8eb0 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date: Thu, 21 Jul 2022 01:35:20 GMT
Cache-Control: no-store
Connection: keep-alive
Content-Length: 43
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-iORXl3USS0Q0WPzBJhtcI9Gff5kmxXMas6Rm9g
Date: Thu, 21 Jul 2022 01:35:19 GMT
Connection: keep-alive
Content-Length: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains

GET
H2 204 /
s.ad.smaato.net/c/ Frame EFB3 0
239 B 10ms
7ms Image
text/plain 2600:9000:223f:9a00:1b:5138:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ad.smaato.net/c/?dspInit=1001851&dspCookie=k-l0ZATXUSS0Q0WPzBJhtcI9Gff5ngdRCK8_XUow
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:9a00:1b:5138:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:19 GMT
via: 1.1 3a21078459f955a33f79dacf082781c4.cloudfront.net (CloudFront)
server: CloudFront
cache-control: no-cache, must-revalidate
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: qc3Q7ypq2PCThSKcs_126ZcK9osYYoutTJ1Y8F7S3DJRp3wo38rqbg==
x-cache: FunctionGeneratedResponse from cloudfront

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame EFB3
Redirect Chain

https://sync.aralego.com/idSync/?ucf_nid=dsp-833DD22BEB97673FB4E8B8DBB882B99&ucf_user_id=k-aOB98XUSS0Q0WPzBJhtcI9Gff5lWH7KOEFfiOQ
https://match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=

70 B
265 B

96ms
31ms

Image
image/gif

52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
Protocol: H2
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:20 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=nwuslum&ttd_tpi=1&gdpr=0&gdpr_consent=
date: Thu, 21 Jul 2022 01:35:19 GMT
connection: close
content-length: 111
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8

GET
H3 200 Jb5du1wVqba4or3nurh6HQr9svaNG92rNWcoGauPISE.js Show response
pagead2.googlesyndication.com/bg/ Frame DD94 36 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jb5du1wVqba4or3nurh6HQr9svaNG92rNWcoGauPISE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25be5dbb5c15a9b6b8a2bde7bab87a1d0afdb2f68d1bddab35672819ab8f2121

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 17 Jul 2022 03:20:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 339275
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13868
x-xss-protection: 0
last-modified: Thu, 07 Jul 2022 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 17 Jul 2023 03:20:44 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022071401.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 21 Jul 2022 01:35:19 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 87C5 0
20 B 44ms
43ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BUL3dVq3YYrGQFLbJ7_UPhqST0AoAAAAAOAHgBAI&bg=!Li2lLWnNAAZlvz3gRb87ACkAdvg8WjiKMTO6wuMmRfjqSplXd5b5aaPzWajCqxsfrJula5hwqJXCDQIAAAHRUgAAAANoAQeZAvFYHto2cNBTrcCiUUl5Le-kTKUjbLKYCOwZsI6tWpO19PPLJN7U7vWfTahzINsoW8duQzAVkekoJncRQ7iV3gQ5sBH-53uqVDszF9rRx9RszZPQkPJKSvbcDlbCWb3sNd76TrggTRFsqczvQb1sj681gQBbf-SknqfxuWxTHfzKnarX1oCkRqOXQwC2k4pEKQqHhlXVjTSCQdiJEh80qxj3XSv9yJ6tSgVO8PnmZzY0d7vpxLLjsXQDFHWmjhST0dNY7Xif-vCUfygAzRJAtzKyOUQbmM8O6wClCFXXlt_vXCZkDSj6qyqJukDHdc9GUizrx44x7DUXLAM1797R7zCW7mGEdfT_uhjxTazLxxGcYYxK8xy8LUkIImDuGUB-JeaCt_bVtWhWvDVxEW5qJTmGSZj6_C5DFZxHRMlEaTb70lBChWqjpQAJxDFVQaUVOaavjm2jdcskudCqpbjGKMRn7f2rt3yzBMddac87ltTAE7ld0HOwYaf-oWsTOLc8CjZ4rh0Zpf-2eVvAzbzlCSlhisGjH-TCy2H_0th83aS_TJjj2y_pxfiH5A7fMGmrfhRGtLQ-i1z6-5mIa0JvLOOC8oqi2_SUbrdm4ZcPM1SWlf36K2FmktwzXGUshxvHIYY4pCuUQ29QqQNjYrtjIob7LhVt5UvaEUVMDh6KUOCbyvOiuEOrEuGXlytOHNebzeV1iMvr0sYgskMeVnRvoxIhGKsDaURBFyMkvEBPgGFsHjFKXu2C_3-86hm8LQlXUj8qSJvNwzS8CTfhqgHhHmIOt5_NLafgQ2Hptj9WOZRek6tacIgFWM-IWZ7zGTy7SXHdHpr1U8vJ5Ar-Aaj1CZfrmJdoKk3Awjbg5ARuPD4V1p4zWq-9XPs4Sv4cGcVjCxhR7AO5_1JClOvrYrIJYUeew3edX8ewfTQjaaG9BA8SSC1wyCH22w_LW-ehN7MxVioXZlUJFvFnmxHhK8lpE-QP678aODm2ypn2Cg-s24hZMtA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
BLOB 200
OK 5c757866-23bd-491b-9a09-978c8695891b
https://s0.2mdn.net/ Frame 1AE6 15 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://s0.2mdn.net/5c757866-23bd-491b-9a09-978c8695891b
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5ffefcc420172f973787f482949e2b8b45b30d6b0af590c4737f1ee270b57e96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Length: 15369
Content-Type: image/jpeg

GET
BLOB 200
OK 51317b3c-58a9-4ef4-bdd1-df4a9ac4270f
https://s0.2mdn.net/ Frame 38B7 15 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://s0.2mdn.net/51317b3c-58a9-4ef4-bdd1-df4a9ac4270f
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5ffefcc420172f973787f482949e2b8b45b30d6b0af590c4737f1ee270b57e96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Length: 15369
Content-Type: image/jpeg

GET
BLOB 200
OK f2b104cc-0921-471c-a10f-e0254c770851
https://s0.2mdn.net/ Frame CD59 15 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://s0.2mdn.net/f2b104cc-0921-471c-a10f-e0254c770851
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5ffefcc420172f973787f482949e2b8b45b30d6b0af590c4737f1ee270b57e96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Length: 15369
Content-Type: image/jpeg

GET
BLOB 200
OK 23486913-051b-4e6d-b01d-71a609fa8001
https://s0.2mdn.net/ Frame 5B65 14 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://s0.2mdn.net/23486913-051b-4e6d-b01d-71a609fa8001
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f69038abd5797c7c4ccc72eb03c7c4b99e38265251b73378fe9b14245973a68a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Length: 14313
Content-Type: image/jpeg

GET
H2 200 dt
dt.adsafeprotected.com/ Frame BEE5 43 B
215 B 93ms
93ms Image
image/gif 52.54.226.35
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925113&asId=76b71509-8442-6fa1-348f-c9c2b424c779&tv=%7Bc:iXFDSU,pingTime:-10,time:923,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8V2luMzJ8fEdlY2tvfHwyMDAzMDEwN3x8MHx8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwMy4wLjUwNjAuMTM0IFNhZmFyaS81MzcuMzZ8fDF8fDF8fEdvb2dsZSBJbmMufHxu,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1658367319358%7C%7C7e676777c5fab2427bf0bdfe3428cf51%7C%7Cdf92c9cff360bda3eafa3e94d6152ec7%7C%7C0eca526974576af2671cc78ddaa23c42%7C%7Cb7266c29e0cb8ccdd84cf701ea7bf1f1%7C%7C7456fe92e22d9008cdaa776af295685e%7C%7Cf81beff795aec21cc34760764103963a%7C%7C6ce50aa0e0e3295f5b0a9f437ab0d866%7C%7C1629390669,sca:%7Bspg:4da91060-8d37-959c-8cd9-bf568b5a1c3e%7D%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.54.226.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-54-226-35.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
x-server-name: dt13.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 5A83 13 KB
5 KB 8ms
7ms Document
text/html 2a00:1450:4001:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.posthaus.com.br/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 22182
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 20 Jul 2022 19:25:37 GMT
expires: Thu, 20 Jul 2023 19:25:37 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 31CA 783 B
534 B 18ms
18ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

fae2f4822b5b14575470ab37a57c522f53a3d34d7c9f4bcfe4df0ba8a880e501

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Tz0ZPR_cxPded7YWSpGcCw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.posthaus.com.br/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-Tz0ZPR_cxPded7YWSpGcCw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 21 Jul 2022 01:35:19 GMT
expires: Thu, 21 Jul 2022 01:35:19 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/ Frame EFB3
Redirect Chain

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=QkS_R4-8f6RfzKJr_Z5j-VeIm2POv68t
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=QkS_R4-8f6RfzKJr_Z5j-VeIm2POv68t

42 B
942 B

161ms
161ms

Image
image/gif

52.19.192.193
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=QkS_R4-8f6RfzKJr_Z5j-VeIm2POv68t

Protocol

HTTP/1.1

Server

52.19.192.193 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-192-193.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v036-021e19b20.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: zf2QIpeKS/U=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v036-09716eac2.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: 4O9qlBrwTbA=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=QkS_R4-8f6RfzKJr_Z5j-VeIm2POv68t
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3 200 de_DE_imageanimation_NH_D_WD_Affinity-Fashion-Mannequin_300x250.js Show response
s0.2mdn.net/creatives/assets/2987685/ Frame 1AE6 41 KB
23 KB 8ms
8ms XHR
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/2987685/de_DE_imageanimation_NH_D_WD_Affinity-Fashion-Mannequin_300x250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e91f11763f9ca5b9907cb8af3fc87796e17ec0dc336b47008b085667a9ad6fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=9ECAsUbPOU&t=1&renderingType=2&ev=01_247
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:26:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 544
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23748
x-xss-protection: 0
last-modified: Mon, 25 Apr 2022 06:41:18 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 01:41:15 GMT

GET
H3 200 de_DE_imageanimation_NH_D_WD_Affinity-Fashion-Mannequin_300x250.js Show response
s0.2mdn.net/creatives/assets/2987685/ Frame 38B7 41 KB
23 KB 9ms
9ms XHR
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/2987685/de_DE_imageanimation_NH_D_WD_Affinity-Fashion-Mannequin_300x250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e91f11763f9ca5b9907cb8af3fc87796e17ec0dc336b47008b085667a9ad6fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=DRMWKuu0uM&t=1&renderingType=2&ev=01_247
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:26:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 544
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23748
x-xss-protection: 0
last-modified: Mon, 25 Apr 2022 06:41:18 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 01:41:15 GMT

GET
H3 200 de_DE_imageanimation_NH_D_WD_Affinity-Fashion-Mannequin_300x250.js Show response
s0.2mdn.net/creatives/assets/2987685/ Frame CD59 41 KB
23 KB 9ms
8ms XHR
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/2987685/de_DE_imageanimation_NH_D_WD_Affinity-Fashion-Mannequin_300x250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e91f11763f9ca5b9907cb8af3fc87796e17ec0dc336b47008b085667a9ad6fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=P1rqriH6Jf&t=1&renderingType=2&ev=01_247
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:26:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 544
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23748
x-xss-protection: 0
last-modified: Mon, 25 Apr 2022 06:41:18 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 01:41:15 GMT

GET
H3 200 de_DE_imageanimation_NH_D_WD_Affinity-Fashion-Mannequin_728x90.js Show response
s0.2mdn.net/creatives/assets/2987685/ Frame 5B65 42 KB
23 KB 10ms
9ms XHR
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/2987685/de_DE_imageanimation_NH_D_WD_Affinity-Fashion-Mannequin_728x90.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

af57c65a0fa6a3f7ab0011ba5ca90020cb15073b8ba5e2d9296e85477edc663b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17214852891647431513/index.html?e=69&leftOffset=0&topOffset=0&c=VyjKyA1j6L&t=1&renderingType=2&ev=01_247
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:31:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 246
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23920
x-xss-protection: 0
last-modified: Mon, 25 Apr 2022 06:41:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 01:46:13 GMT

GET
H/1.1 204
No Content m
ad.yieldlab.net/ Frame EFB3 0
522 B 16ms
16ms Image
text/plain 96.16.132.239
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.yieldlab.net/m?dt_id=8664&ext_id=k-W2mCfHUSS0Q0WPzBJhtcI9Gff5m7KFK2bTkmqQ

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

96.16.132.239 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a96-16-132-239.deploy.static.akamaitechnologies.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 21 Jul 2022 01:35:19 GMT
x-content-type-options: nosniff
x-frame-options: DENY
Cache-Control: no-store,no-cache,max-age=-3600,must-revalidate,post-check=0,pre-check=0
Connection: keep-alive
x-xss-protection: 1; mode=block
x-application-context: application
Expires: Wed, 20 Jul 2022 01:35:19 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E4DF 0
20 B 45ms
45ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bug93Vq3YYvyvFvaM7_UPwNOh2A4AAAAAOAHgBAI&bg=!U1ClUBTNAAZlvz3gRb87ACkAdvg8WlUrv1IjdGQ3BAre8CAtht4wHEt06dFvgipULsfoUcing8x5OAIAAAHbUgAAAAJoAQcKAIp3WEQBt-yh_CmpwPEeSx1xQRLL5SurZTvjL7qWjEe_avjB0k-gEHKJWUIIVbXUgRTNzFT5XigQ8vAwmKaIUbf5nKIn4ox8QAhxxxRiD7CnGQ2CdMR3RsHAr40OxVRfn5bYmpEGdXS8haglipY5noH64LonZ1iQk1jXcTEVYSZE7gbzqWMd2BqMkBKZAuh3BR3iyvZ5B_tESbQcF9I1yoHjlXipGeSoolp7BbKcqiHugKYqtrtL3oLJWqMMsEtDE89R3wYdITOM56ud7D3FhYv8be4xy_C8X1FS7EveWgD59idt-1cCdD0NKjTxbxhqBj6YdkPgF-jNAIVJZfHhjZ0cdTa-cV5VIswTBW9-aFl8ptV1dKPV6uJf01d643AJfrxMLWZCHgz8W-r5SmZUf2eWsKpBHgxbclZ9utTR0EbWpeaaR-MZBlWJfCNw2i2lkok4iEittD3AVxp8XfDCOf4xINUXtNN7Z0__QNgxpAri3DjsR78pGyEGATzuC1lyc0ALForMHI7nplfGtc96sjayqIo3mGrNkmnva3laPCnI0r7PZEDGuGlqAIAByPhtUzeoalBx3EamnRKYMdxaa9vxPY4PGFwOuNFEaZUKSsZAqsJCEoygk40_wb9opmaVVb1GGfzA0g0N266GzjsMjUSfyjV_-f16gygiRGSzvYoIWNIgHWlJpUTYHkpRSoVJZOPqgeKUktIjwmy04gwI6Gpiswzpzp02KEszkkCxAmtweil6yd4_PjbO-QNhTclki10Ic6FJFy7KHSONH5yQFV-V7UhpcCm0ZM2lFxldn1q_w7XvNPErRNQ25mLM45cFYDRqbY_PK-QIbHqVWwnXRTZenw2dBpXl9LmCid4mjmBObemPQa0uNcbNwAaUnJakv7N_10D4Yc5e_WlxkEyP8NI8F7Yl0diyfaYFyuSTZqCsBOIJy8nlT_WbpJKo2Hdp-s-Rl92HjdibfwBgaFnk3WeuNQdA4CYIefMeLRqGNzknUcOijRJjlTn1pCxOquYD9yXv9kwLCmngpXW9ASnScFik7xBtOadY9nj04_-cdl0UEZsaUn7Rau7RUTaRN0reVOYiFNqPeGnXf5LWjm3Qh5D0g85lXoe018Mar1SQfzJ5rbpGELbNjWfIxdX2qMx_j-L0bpSHYvabrt-vgikNVun-TMmUng4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame FD66 43 B
215 B 93ms
93ms Image
image/gif 52.54.226.35
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925113&asId=a5fb936a-1c2e-4057-56a9-7006a15ce43f&tv=%7Bc:iXFDUx,time:1101,type:e,im:%7BpWait:53,pLoad:737%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:1101,n:330,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:271,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B67~1,0~0%5D,as:%5B67~300.250%5D%7D%7D,%7Bsl:o,t:330,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B771~0%5D,as:%5B771~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:406,fm:tcbigny+11%7C121%7C13%7C14%7C15%7C16%7C17%7C18%7C19.925113%7C191%7C192%7C193%7C194%7C1a.925113%7C1a1%7C1a21%7C1a3%7C1a4%7C1a5%7C1b.925113%7C1b1%7C1b2%7C1b3%7C1b4%7C1b5%7C1c*.925113%7C1c1%7C1c2%7C1c3%7C1c4,idMap:1c*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.54.226.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-54-226-35.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
x-server-name: dt02.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 js-animation_de_DE_imageanimation.js Show response
s0.2mdn.net/creatives/assets/3389262/ Frame 1AE6 66 KB
18 KB 8ms
8ms XHR
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/3389262/js-animation_de_DE_imageanimation.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e56d4cfa517f5ea7e3dfe08628a062bee69ff18b96dedeadb0b6c130bf305107

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=9ECAsUbPOU&t=1&renderingType=2&ev=01_247
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:23:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 682
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18063
x-xss-protection: 0
last-modified: Tue, 15 Mar 2022 17:53:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 01:38:57 GMT

GET
H3 200 js-animation_de_DE_imageanimation.js Show response
s0.2mdn.net/creatives/assets/3389262/ Frame CD59 66 KB
18 KB 7ms
7ms XHR
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/3389262/js-animation_de_DE_imageanimation.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e56d4cfa517f5ea7e3dfe08628a062bee69ff18b96dedeadb0b6c130bf305107

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=P1rqriH6Jf&t=1&renderingType=2&ev=01_247
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:23:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 682
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18063
x-xss-protection: 0
last-modified: Tue, 15 Mar 2022 17:53:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 01:38:57 GMT

GET
H3 200 js-animation_de_DE_imageanimation.js Show response
s0.2mdn.net/creatives/assets/3389262/ Frame 38B7 66 KB
18 KB 7ms
7ms XHR
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/3389262/js-animation_de_DE_imageanimation.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e56d4cfa517f5ea7e3dfe08628a062bee69ff18b96dedeadb0b6c130bf305107

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/8756305257970053338/index.html?e=69&leftOffset=0&topOffset=0&c=DRMWKuu0uM&t=1&renderingType=2&ev=01_247
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:23:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 682
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18063
x-xss-protection: 0
last-modified: Tue, 15 Mar 2022 17:53:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 01:38:57 GMT

GET
H3 200 js-animation_de_DE_imageanimation.js Show response
s0.2mdn.net/creatives/assets/3389262/ Frame 5B65 66 KB
18 KB 7ms
7ms XHR
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/3389262/js-animation_de_DE_imageanimation.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e56d4cfa517f5ea7e3dfe08628a062bee69ff18b96dedeadb0b6c130bf305107

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17214852891647431513/index.html?e=69&leftOffset=0&topOffset=0&c=VyjKyA1j6L&t=1&renderingType=2&ev=01_247
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:23:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 682
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18063
x-xss-protection: 0
last-modified: Tue, 15 Mar 2022 17:53:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 21 Jul 2022 01:38:57 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame ED24 0
20 B 45ms
45ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BiacnVq3YYszxFqKu9u8Px4y9kAoAAAAAOAHgBAI&bg=!-Pul-7_NAAZlvz3gRb87ACkAdvg8WgdbZXC8C0-WdhtYoVPquzqtUd3HulY27wiSU38Q8u7j33vlYwIAAAISUgAAAAFoAQeZAureaB4tHUVDDVADzNLTBzAQe75rqgy1p2Sj_bFtGm6Z4IbA3MYC-ewrPAAc0R8mv7AzAVHutsqsSLbRWNW9Edw1KshhyCZRJuo3OBjagWkQkFA3X-hbOpPMHYur0K3n6b01YxhcY1bHG-aALNvJyCr86i-i1F0bw0TF6ymZuR__qY_Ia7pszN9_n1MqIZVlrIBlmvsWiTGgB2mtXa1cL0m1qcqtjm5fZlFCATzalqPnrqA4Sjp2e19EKsRFdsUpO8rZjL_tws_ElmnJJ1eFd5jDT8jQFlSWolUc_Zr44nJ1d7vNKWc5C75haJ4CRunvh7rkxitItrbuHE4QCvGn9_oKfwTNzvyK0H5Yw90GIjT5kB5BPCxzXEmdqiPAtkk1cHYH8m2EORBQqGY7892j4MT12x1Kk_rqpJiUAV9SesXSGAPXdWw_WWF1E1UYG4EgqVJHUgvabDYB_SeA4QDUpE8JiIHhcGVkuJEFbechmKuPIAMBJ5tqqqPusYTj5rVQlJAT2jpZo_L0woBttE27v3-uo21eoTP7bG5szCkhcRJwOQfHnUurgGQXgkK3lImpRUvjhD8zI2UO-XVLtcL2cBdnkq0ObpVip6VMWd6dxEy0CIzl7RX6qiYhZsDOvP5665WOIUMjySomCWNNOqTc8BHztIgRqNY92uKaxE8EhcQGRJNDjkirIpvIHDNfjKmW06JzRi0YFmiVBpFk6FGqPWVBAD3-vNp_IHI_jXYbZvUDyfjRgLFWIQyBVl1h2Hp9l3paBvJUYLE2kBcfdpcHZf0bc-ZloEs3VLioqCojPMHBGP9n9XFnI-QduiAtubd0ulyfH-a5OqSDhRwQoKUSkW0haqvGBY1fx0_gExv8AFnOkN9DmS_k8o9F2kIY7J_mKcMMU741J4l78gJBkEDh38RdSWVRwt9O3l4AM_gHARCmeoZIYwg1jRrttcn_WsLuDG-voPUe9ijadUxNmkLTXsPWaoeCLctZUFrshQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5054 0
20 B 45ms
44ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BNizGVq3YYqfZFvOs9u8Prdy_WAAAAAA4AeAEAg&bg=!eXqlej7NAAZlvz3gRb87ACkAdvg8WgJaRTIDmUAmLdiBQi6NbRkLFQCiFkANhFS3SRB7WaRxoqQUWgIAAAIxUgAAAAJoAQeZAuvOCaiHil_JiDoK2n1qI9KN4gkSQ-eX8lRk0pPtbICK6eWrElLC8AHXQYaGkwMpcCF4BhVSd3PwManIC956XvIFMQiHvzGFREQ8fDO3JEqdfPoMsTudPXxKYKaMg_7XAD0acgnuYx9oc3AXergGrh-ZbxvoPLj4xFQEts_11xTnIzhWBwpRgGtEqIA75VIGMzSsuPvNVei2FdrgIN0QMorYatN6848nyhtXvpvCM76F-Q9NKFreBQrjaARS-z-qsfyBmdQvDjBIIbcV0GststwwCBRvbjAqV1gRkGRo2nGZV9GiTLxE-VOQf5hHX4n4KoyNZqStHbuwAO0lxquyNJ40MALP35GSw2OQhwUwY75d6aqwpGbJpaCltF7fkFIpcCplzmM1H9Tjs2Y_620i0ZSbW0Z2fMpLhXOi2bIIgVLHfRnDlpg_hiMOv-rIGDcxmxL2Hs8LslRlkx3Jig3RWRlNGgUUQ2BGoQZFbJ9aIT3vEYyxb-oGhJowettqRuFTQUGpwWKPU7uOhEImKV-s37e30Drh2GFPIUSmuZZGogkCMKsQafXQHRIgvUFU6npVptgKFXbv6yGpe_x3x-aYSEmlbMbx3_mb8E0FF8JqPUvn_g0jRrvk0aOGR0_Nr0GKkABdCP9A_JCVTbGhxnvTbQcDB7PRw1YU5e-kl668bdHZU1bsjjoPOSbetUpl2OJmSZDLYt7yY8oZWd6tOAVwilniB7Zs-3Hn_DxgANu3zjIXmYK8PpS2XQQlfG_Q6jFCAWpV7gvdiNkjehQlPoA3nsgRh-bvthoIUKv3riXsPVh1q7yUG7B_631jBmezYQ1xAJvKhjceHOc6yzVdd1k8vVGrFKQG9P7XckFDT6y87oMQ4MjSXuzBDng4s6NAHtXBqcPZTJH_HahJApJ8mrO-vU97Bz6uyQxo2thh1HyxbkvniId8s-0zuN8DtLtYlBCUedTlnBTyitGqWf5w67l0XAQNDKRwlU_jxoPMpqI

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 NH_D_WD_Affinity-Fashion-Mannequin;strtype=2
ade.googlesyndication.com/ddm/activity/dc_oe=ChMIzPSs1-uI-QIVIpf9Bx1HRg-iEAAYACCV9NFNQhMIzNmP1-uI-QIVI9kRCB1KxAji;stragg=1;&timestamp=1658367319775;str=LH/NULL/438/amadeusBestPrice/ Frame FD66 42 B
107 B 84ms
44ms Image
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIzPSs1-uI-QIVIpf9Bx1HRg-iEAAYACCV9NFNQhMIzNmP1-uI-QIVI9kRCB1KxAji;stragg=1;&timestamp=1658367319775;str=LH/NULL/438/amadeusBestPrice/NH_D_WD_Affinity-Fashion-Mannequin;strtype=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 NH_D_WD_Affinity-Fashion-Mannequin;strtype=2
ade.googlesyndication.com/ddm/activity/dc_oe=ChMI_LKs1-uI-QIVdsa7CB3AaQjrEAAYACCV9NFNQhMIytmP1-uI-QIVI9kRCB1KxAji;stragg=1;&timestamp=1658367319779;str=LH/NULL/438/amadeusBestPrice/ Frame BEE5 42 B
107 B 80ms
43ms Image
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI_LKs1-uI-QIVdsa7CB3AaQjrEAAYACCV9NFNQhMIytmP1-uI-QIVI9kRCB1KxAji;stragg=1;&timestamp=1658367319779;str=LH/NULL/438/amadeusBestPrice/NH_D_WD_Affinity-Fashion-Mannequin;strtype=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 NH_D_WD_Affinity-Fashion-Mannequin;strtype=2
ade.googlesyndication.com/ddm/activity/dc_oe=ChMIp9ys1-uI-QIVc5b9Bx0t7g8LEAAYACCV9NFNQhMIy9mP1-uI-QIVI9kRCB1KxAji;stragg=1;&timestamp=1658367319780;str=LH/NULL/429/amadeusBestPrice/ Frame 0F0F 42 B
494 B 78ms
43ms Image
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIp9ys1-uI-QIVc5b9Bx0t7g8LEAAYACCV9NFNQhMIy9mP1-uI-QIVI9kRCB1KxAji;stragg=1;&timestamp=1658367319780;str=LH/NULL/429/amadeusBestPrice/NH_D_WD_Affinity-Fashion-Mannequin;strtype=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 NH_D_WD_Affinity-Fashion-Mannequin;strtype=2
ade.googlesyndication.com/ddm/activity/dc_oe=ChMIsZOq1-uI-QIVtuS7CB0G0gSqEAAYACDkzudNQhMIydmP1-uI-QIVI9kRCB1KxAji;stragg=1;&timestamp=1658367319810;str=LH/NULL/429/amadeusBestPrice/ Frame 2F65 42 B
107 B 47ms
43ms Image
image/gif 172.217.18.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIsZOq1-uI-QIVtuS7CB0G0gSqEAAYACDkzudNQhMIydmP1-uI-QIVI9kRCB1KxAji;stragg=1;&timestamp=1658367319810;str=LH/NULL/429/amadeusBestPrice/NH_D_WD_Affinity-Fashion-Mannequin;strtype=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 31CA 0
0 44ms
44ms Image
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022071401&jk=111817273647054&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 1AE6 16 KB
16 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 06e13e753ce02eb311a0491eada8d8671a0c4fa4f85d3b94bb78ed1d0aa76289

Request headers

Referer
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
DATA 200
OK truncated
/ Frame CD59 16 KB
16 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 06e13e753ce02eb311a0491eada8d8671a0c4fa4f85d3b94bb78ed1d0aa76289

Request headers

Referer
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 200 01_64.jpg
ph-cdn3.ecosweb.com.br/Web/posthaus/mobile/menu/ 6 KB
6 KB 9ms
8ms Image
image/jpeg 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/Web/posthaus/mobile/menu/01_64.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

74db8c0d1aa1e8fdb39f023320e70d859c441389669b45829118484ba07e12bf

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:19 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 0
x-cache: MISS
content-length: 5910
vary: Origin, Accept-Encoding
x-amz-request-id: 16EA131A2A005495
x-xss-protection: 1; mode=block
last-modified: Wed, 27 Apr 2022 17:02:27 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
cache-control: max-age=43200
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Thu, 21 Jul 2022 13:35:19 GMT

GET
H2 200 02_64.jpg
ph-cdn3.ecosweb.com.br/Web/posthaus/mobile/menu/ 6 KB
6 KB 10ms
8ms Image
image/jpeg 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/Web/posthaus/mobile/menu/02_64.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

047c54e9030bf3cd32585119629e0f4de62c4f17dcd7fac3b17b9bfc6096593b

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:19 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 0
x-cache: MISS
content-length: 6109
vary: Origin, Accept-Encoding
x-amz-request-id: 16EA131A3426E76D
x-xss-protection: 1; mode=block
last-modified: Wed, 27 Apr 2022 17:02:46 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
cache-control: max-age=43200
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Thu, 21 Jul 2022 13:35:19 GMT

GET
H2 200 06_64.jpg
ph-cdn3.ecosweb.com.br/Web/posthaus/mobile/menu/ 6 KB
6 KB 11ms
8ms Image
image/jpeg 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/Web/posthaus/mobile/menu/06_64.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

9b8f96a570d40eea99afd2491101010aecce857ce5086bf4e9c0f682c76b5f9a

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:19 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 0
x-cache: MISS
content-length: 5927
vary: Origin, Accept-Encoding
x-amz-request-id: 16EA131A2D89A139
x-xss-protection: 1; mode=block
last-modified: Wed, 27 Apr 2022 17:03:33 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
cache-control: max-age=43200
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Thu, 21 Jul 2022 13:35:19 GMT

GET
H2 200 05_64.jpg
ph-cdn3.ecosweb.com.br/Web/posthaus/mobile/menu/ 6 KB
6 KB 11ms
9ms Image
image/jpeg 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/Web/posthaus/mobile/menu/05_64.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

e935450235eb7dd545f8214691fbdc14f43bc8f86520f3ec855a1e60a190fea7

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:19 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 0
x-cache: MISS
content-length: 5989
vary: Origin, Accept-Encoding
x-amz-request-id: 16EA131A31EB2E78
x-xss-protection: 1; mode=block
last-modified: Wed, 27 Apr 2022 17:03:15 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
cache-control: max-age=43200
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Thu, 21 Jul 2022 13:35:19 GMT

GET
H2 200 08_64.jpg
ph-cdn3.ecosweb.com.br/Web/posthaus/mobile/menu/ 5 KB
6 KB 11ms
9ms Image
image/jpeg 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/Web/posthaus/mobile/menu/08_64.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

d33d5e65f15d3b9bb611e31da72b3881e9abec8c7a80beaeff498055388f85d4

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:19 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 0
x-cache: MISS
content-length: 5478
vary: Origin, Accept-Encoding
x-amz-request-id: 16EA131A2BC76F0E
x-xss-protection: 1; mode=block
last-modified: Wed, 27 Apr 2022 17:03:54 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
cache-control: max-age=43200
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Thu, 21 Jul 2022 13:35:19 GMT

GET
H2 200 03_64.jpg
ph-cdn3.ecosweb.com.br/Web/posthaus/mobile/menu/ 6 KB
6 KB 12ms
10ms Image
image/jpeg 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/Web/posthaus/mobile/menu/03_64.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

2867b943296f988df901d4decb79fc4ceeb576c74a7cdb69a1d615e07fd0b080

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:19 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 2970
x-cache: MISS
content-length: 6059
vary: Origin, Accept-Encoding
x-amz-request-id: 16EA0D8775A26710
x-xss-protection: 1; mode=block
last-modified: Wed, 27 Apr 2022 17:03:04 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
cache-control: max-age=43200
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Thu, 21 Jul 2022 13:35:19 GMT

GET
H2 200 11_64.jpg
ph-cdn3.ecosweb.com.br/Web/posthaus/mobile/menu/ 6 KB
6 KB 12ms
10ms Image
image/jpeg 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/Web/posthaus/mobile/menu/11_64.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

913175d947ec49dc11355b4ff3d02bf09572b128cc6c87282c2b32b02434a3d6

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:19 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 0
x-cache: MISS
content-length: 6040
vary: Origin, Accept-Encoding
x-amz-request-id: 16F62DBE25DC37F9
x-xss-protection: 1; mode=block
last-modified: Wed, 27 Apr 2022 17:04:32 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
cache-control: max-age=43200
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Thu, 21 Jul 2022 13:35:19 GMT

GET
H2 200 04_64.jpg
ph-cdn3.ecosweb.com.br/Web/posthaus/mobile/menu/ 6 KB
7 KB 12ms
11ms Image
image/jpeg 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/Web/posthaus/mobile/menu/04_64.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

d203a755b665bbb8b96604363d23225df70fa0d914ba8f8acbd40bb8d042865f

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:19 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 0
x-cache: MISS
content-length: 6283
vary: Origin, Accept-Encoding
x-amz-request-id: 16F62DBE496DD416
x-xss-protection: 1; mode=block
last-modified: Wed, 27 Apr 2022 17:04:43 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
cache-control: max-age=43200
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Thu, 21 Jul 2022 13:35:19 GMT

GET
H2 200 07_64.jpg
ph-cdn3.ecosweb.com.br/Web/posthaus/mobile/menu/ 6 KB
6 KB 13ms
11ms Image
image/jpeg 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/Web/posthaus/mobile/menu/07_64.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

a7481ba2181453069a1cbe5cd682657474000e5bd399173b41f3c5a171f3197f

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:19 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 464
x-cache: MISS
content-length: 6197
vary: Origin, Accept-Encoding
x-amz-request-id: 16F6F6E9071ABA8A
x-xss-protection: 1; mode=block
last-modified: Wed, 27 Apr 2022 17:03:43 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
cache-control: max-age=43200
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Thu, 21 Jul 2022 13:35:19 GMT

GET
H2 200 09_64.jpg
ph-cdn3.ecosweb.com.br/Web/posthaus/mobile/menu/ 6 KB
7 KB 13ms
12ms Image
image/jpeg 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/Web/posthaus/mobile/menu/09_64.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

aa1d70da2b7e56a5db95f3438f91f6426f0f1e8fecab1f8c7b3370544ee01a06

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:19 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 279
x-cache: MISS
content-length: 6382
vary: Origin, Accept-Encoding
x-amz-request-id: 16EA0FFA7163FF85
x-xss-protection: 1; mode=block
last-modified: Wed, 27 Apr 2022 17:04:12 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
cache-control: max-age=43200
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Thu, 21 Jul 2022 13:35:19 GMT

GET
H2 200 10_64.jpg
ph-cdn3.ecosweb.com.br/Web/posthaus/mobile/menu/ 7 KB
8 KB 14ms
12ms Image
image/jpeg 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/Web/posthaus/mobile/menu/10_64.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

ecb7fdc138e3c3e853c422affa3dfd31becf17864a3d249ae843554b3becc11f

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:19 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 464
x-cache: MISS
content-length: 7475
vary: Origin, Accept-Encoding
x-amz-request-id: 16F6F6E9059E7328
x-xss-protection: 1; mode=block
last-modified: Wed, 27 Apr 2022 17:04:22 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
cache-control: max-age=43200
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Thu, 21 Jul 2022 13:35:19 GMT

GET
DATA 200
OK truncated
/ Frame 38B7 16 KB
16 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 06e13e753ce02eb311a0491eada8d8671a0c4fa4f85d3b94bb78ed1d0aa76289

Request headers

Referer
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 5B65 16 KB
16 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 06e13e753ce02eb311a0491eada8d8671a0c4fa4f85d3b94bb78ed1d0aa76289

Request headers

Referer
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H3 200 Jb5du1wVqba4or3nurh6HQr9svaNG92rNWcoGauPISE.js Show response
pagead2.googlesyndication.com/bg/ Frame 5A83 36 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jb5du1wVqba4or3nurh6HQr9svaNG92rNWcoGauPISE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25be5dbb5c15a9b6b8a2bde7bab87a1d0afdb2f68d1bddab35672819ab8f2121

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Sun, 17 Jul 2022 03:20:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 339276
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13868
x-xss-protection: 0
last-modified: Thu, 07 Jul 2022 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 17 Jul 2023 03:20:44 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame FD66 43 B
215 B 93ms
93ms Image
image/gif 52.54.226.35
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925113&asId=a5fb936a-1c2e-4057-56a9-7006a15ce43f&tv=%7Bc:iXFE1j,pingTime:-10,time:1521,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8V2luMzJ8fEdlY2tvfHwyMDAzMDEwN3x8MHx8TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwMy4wLjUwNjAuMTM0IFNhZmFyaS81MzcuMzZ8fDF8fDF8fEdvb2dsZSBJbmMufHxu,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1658367319358%7C%7C7e676777c5fab2427bf0bdfe3428cf51%7C%7Cdf92c9cff360bda3eafa3e94d6152ec7%7C%7C0eca526974576af2671cc78ddaa23c42%7C%7Cb7266c29e0cb8ccdd84cf701ea7bf1f1%7C%7C7456fe92e22d9008cdaa776af295685e%7C%7Cf81beff795aec21cc34760764103963a%7C%7C6ce50aa0e0e3295f5b0a9f437ab0d866%7C%7C1629390669,sca:%7Bspg:4da91060-8d37-959c-8cd9-bf568b5a1c3e%7D%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.54.226.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-54-226-35.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8423c048c83d9cd21eed2d7b67ba9654.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Jul 2022 01:35:20 GMT
x-server-name: dt12.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 0_0_100218679_1_5_880.jpg
ph-cdn3.ecosweb.com.br/Web/posthaus/banner_JS/ 30 KB
30 KB 1576ms
1576ms Image
image/jpeg 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/Web/posthaus/banner_JS/0_0_100218679_1_5_880.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

6266b081e961e1bb5e3e05da4b83eb83253704cbdb27a418f2bb2dbaec04a231

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:21 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 0
x-cache: MISS
content-length: 30449
vary: Origin, Accept-Encoding
x-amz-request-id: 1703B44ABDD7C2B8
x-xss-protection: 1; mode=block
last-modified: Wed, 20 Jul 2022 13:31:17 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
cache-control: max-age=43200
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Thu, 21 Jul 2022 13:35:21 GMT

GET
H2 200 0_0_100218679_1_6_880.jpg
ph-cdn3.ecosweb.com.br/Web/posthaus/banner_JS/ 26 KB
26 KB 1573ms
1573ms Image
image/jpeg 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/Web/posthaus/banner_JS/0_0_100218679_1_6_880.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

Resource Hash

cebdec841130b3221c4c5cdf058c92fd1b92980b07b828b2c7d92202fa19f5ac

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.posthaus.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 01:35:21 GMT
via: AX-CACHE-4.1:113
x-content-type-options: nosniff
age: 113
x-cache: MISS
content-length: 26579
vary: Origin, Accept-Encoding
x-amz-request-id: 1703B430410C7BE0
x-xss-protection: 1; mode=block
last-modified: Wed, 20 Jul 2022 13:31:17 GMT
etag: "00000000000000000000000000000000-1"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/jpeg
cache-control: max-age=43200
content-security-policy: block-all-mixed-content
accept-ranges: bytes
servidor: orq-cdn
expires: Thu, 21 Jul 2022 13:35:21 GMT

GET
H2 200 0_0_100218679_1_7_880.jpg
ph-cdn3.ecosweb.com.br/Web/posthaus/banner_JS/ 29 KB
29 KB 1573ms
1573ms Image
image/jpeg 195.181.174.138
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ph-cdn3.ecosweb.com.br/Web/posthaus/banner_JS/0_0_100218679_1_7_880.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

195.181.174.138 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS