nor.vivit-tours.com Open in urlscan Pro
104.21.59.48 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://nor.vivit-tours.com/
Effective URL:
https://nor.vivit-tours.com/
Submission: On April 01 via manual (April 1st 2022, 6:29:37 am UTC) from NO — Scanned from DE

Summary HTTP 127 Redirects Links 42 Behaviour Indicators

Summary

This website contacted 33 IPs in 7 countries across 29 domains to perform 127 HTTP transactions. The main IP is 104.21.59.48, located in and belongs to CLOUDFLARENET, US. The main domain is nor.vivit-tours.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 14th 2021. Valid for: a year.

This is the only time nor.vivit-tours.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 35	104.21.59.48 104.21.59.48	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:9000:206... 2600:9000:206f:6800:11:a4de:2580:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
7	151.101.1.195 151.101.1.195	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1 2	88.212.201.198 88.212.201.198	39134 (UNITEDNET) (UNITEDNET)
3 7	2a02:6b8::1:119 2a02:6b8::1:119	13238 (YANDEX) (YANDEX)
1	2620:0:890::100 2620:0:890::100	54113 (FASTLY) (FASTLY)
4	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:5714	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:20:... 2606:4700:20::681a:9a9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	184.31.84.150 184.31.84.150	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:401... 2a00:1450:4014:80f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
5	37.157.4.28 37.157.4.28	198622 (ADFORM) (ADFORM)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2 5	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
3 12	23.35.236.247 23.35.236.247	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	37.252.172.250 37.252.172.250	29990 (ASN-APPNEX) (ASN-APPNEX)
4	37.157.6.234 37.157.6.234	198622 (ADFORM) (ADFORM)
1	109.232.197.33 109.232.197.33	50234 (EULERIAN-AS) (EULERIAN-AS)
1 1	37.157.6.252 37.157.6.252	198622 (ADFORM) (ADFORM)
11	2606:4700::68... 2606:4700::6810:c40	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
1 2	209.54.180.144 209.54.180.144	16509 (AMAZON-02) (AMAZON-02)
1	37.252.172.36 37.252.172.36	29990 (ASN-APPNEX) (ASN-APPNEX)
1 1	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
1 1	64.74.236.63 64.74.236.63	19024 (INTERNAP-...) (INTERNAP-BLK5)
1 1	54.234.215.67 54.234.215.67	14618 (AMAZON-AES) (AMAZON-AES)
1 2	18.233.196.70 18.233.196.70	14618 (AMAZON-AES) (AMAZON-AES)
127	33

35 104.21.59.48 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

nor.vivit-tours.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vivit-tours.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i.vivit-tours.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:206f:6800:11:a4de:2580:93a1 (United States)

ASN16509 (AMAZON-02, US)

get.optad360.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 151.101.1.195 (United States)

ASN54113 (FASTLY, US)

cdn.zx-adnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.212.201.198 (Russian Federation) 1 redirects

ASN39134 (UNITEDNET, RU)
PTR: host198.rax.ru

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:6b8::1:119 (Moscow, Russian Federation) 3 redirects

ASN13238 (YANDEX, RU)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:0:890::100 (United States)

ASN54113 (FASTLY, US)

site2text-2021.web.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:9a9 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.31.84.150 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-31-84-150.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4014:80f::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.157.4.28 (Denmark)

ASN198622 (ADFORM, DK)

a1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.186.34 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 23.35.236.247 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-247.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.172.250 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.6.234 (Denmark)

ASN198622 (ADFORM, DK)

s1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 109.232.197.33 (France)

ASN50234 (EULERIAN-AS, FR)
PTR: ml.eulerian.net

mm.melia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.6.252 (Denmark) 1 redirects

ASN198622 (ADFORM, DK)
PTR: s1.adform.net

track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700::6810:c40 (United States)

ASN13335 (CLOUDFLARENET, US)

c.bannerflow.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::13 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.33.220.150 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.54.180.144 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.172.36 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.129 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.74.236.63 (United States) 1 redirects

ASN19024 (INTERNAP-BLK5, US)
PTR: chi.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.234.215.67 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-234-215-67.compute-1.amazonaws.com

beacon.lynx.cognitivlabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.233.196.70 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-233-196-70.compute-1.amazonaws.com

um2.eqads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
35	vivit-tours.com 1 redirects nor.vivit-tours.com vivit-tours.com — Cisco Umbrella Rank: 840483 i.vivit-tours.com	1 MB
19	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 98 d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 125	96 KB
11	bannerflow.net c.bannerflow.net — Cisco Umbrella Rank: 11990	177 KB
11	casalemedia.com 3 redirects htlb.casalemedia.com — Cisco Umbrella Rank: 470 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 568 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 536	13 KB
11	doubleclick.net 2 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 193 googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 cm.g.doubleclick.net — Cisco Umbrella Rank: 206	182 KB
10	adform.net 1 redirects a1.adform.net — Cisco Umbrella Rank: 12527 s1.adform.net — Cisco Umbrella Rank: 8738 track.adform.net — Cisco Umbrella Rank: 3843	77 KB
7	zx-adnet.com cdn.zx-adnet.com — Cisco Umbrella Rank: 142116	133 KB
5	yandex.com 2 redirects mc.yandex.com — Cisco Umbrella Rank: 9053	2 KB
4	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 389 mug.criteo.com — Cisco Umbrella Rank: 2685	1 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 245 secure.adnxs.com — Cisco Umbrella Rank: 436	2 KB
2	eqads.com 1 redirects um2.eqads.com — Cisco Umbrella Rank: 3774	563 B
2	amazon-adsystem.com 1 redirects s.amazon-adsystem.com — Cisco Umbrella Rank: 278	1 KB
2	indexww.com js-sec.indexww.com — Cisco Umbrella Rank: 709	2 KB
2	google.com adservice.google.com — Cisco Umbrella Rank: 76 www.google.com — Cisco Umbrella Rank: 7	2 KB
2	4dex.io script.4dex.io — Cisco Umbrella Rank: 1906	24 KB
2	yandex.ru 1 redirects mc.yandex.ru — Cisco Umbrella Rank: 2894	69 KB
2	yadro.ru 1 redirects counter.yadro.ru — Cisco Umbrella Rank: 7548	1 KB
2	gstatic.com fonts.gstatic.com	52 KB
2	optad360.io get.optad360.io — Cisco Umbrella Rank: 26661	549 KB
1	cognitivlabs.com 1 redirects beacon.lynx.cognitivlabs.com — Cisco Umbrella Rank: 1367	376 B
1	zemanta.com 1 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 558	317 B
1	rfihub.com 1 redirects p.rfihub.com — Cisco Umbrella Rank: 725	779 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 326	265 B
1	melia.com mm.melia.com — Cisco Umbrella Rank: 27099	1 KB
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 169	37 KB
1	google.de adservice.google.de — Cisco Umbrella Rank: 8069	792 B
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 431	1 KB
1	web.app site2text-2021.web.app — Cisco Umbrella Rank: 267746	396 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 45	1 KB
127	29

	Domain	Requested by
27	i.vivit-tours.com	nor.vivit-tours.com
11	c.bannerflow.net	d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com c.bannerflow.net
10	pagead2.googlesyndication.com	nor.vivit-tours.com securepubads.g.doubleclick.net tpc.googlesyndication.com d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
9	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net ssum-sec.casalemedia.com um2.eqads.com
7	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com googleads.g.doubleclick.net
7	cdn.zx-adnet.com	nor.vivit-tours.com cdn.zx-adnet.com
6	vivit-tours.com	nor.vivit-tours.com
5	cm.g.doubleclick.net	2 redirects googleads.g.doubleclick.net ssum-sec.casalemedia.com
5	a1.adform.net	d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com s1.adform.net
5	mc.yandex.com	2 redirects nor.vivit-tours.com
4	s1.adform.net	a1.adform.net s1.adform.net nor.vivit-tours.com d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com
4	securepubads.g.doubleclick.net	get.optad360.io securepubads.g.doubleclick.net
2	um2.eqads.com	1 redirects ssum-sec.casalemedia.com
2	s.amazon-adsystem.com	1 redirects ssum-sec.casalemedia.com
2	js-sec.indexww.com	get.optad360.io ssum-sec.casalemedia.com
2	mug.criteo.com
2	gum.criteo.com	1 redirects
2	ib.adnxs.com	2 redirects
2	googleads.g.doubleclick.net	d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com nor.vivit-tours.com
2	d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	script.4dex.io	get.optad360.io script.4dex.io
2	mc.yandex.ru	1 redirects nor.vivit-tours.com
2	counter.yadro.ru	1 redirects nor.vivit-tours.com
2	fonts.gstatic.com	fonts.googleapis.com
2	get.optad360.io	nor.vivit-tours.com get.optad360.io
2	nor.vivit-tours.com	1 redirects
1	beacon.lynx.cognitivlabs.com	1 redirects
1	b1sync.zemanta.com	1 redirects
1	p.rfihub.com	1 redirects
1	secure.adnxs.com	ssum-sec.casalemedia.com
1	match.adsrvr.org	ssum-sec.casalemedia.com
1	ssum-sec.casalemedia.com	js-sec.indexww.com
1	track.adform.net	1 redirects
1	mm.melia.com	d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com
1	www.googletagservices.com	d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com
1	www.google.com	tpc.googlesyndication.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	htlb.casalemedia.com	get.optad360.io
1	cdn.jsdelivr.net	get.optad360.io
1	site2text-2021.web.app	nor.vivit-tours.com
1	fonts.googleapis.com	nor.vivit-tours.com
127	42

This site contains links to these domains. Also see Links.

Domain
faq.vivit-tours.com
vivit-tours.com
ara.vivit-tours.com
bul.vivit-tours.com
ben.vivit-tours.com
lang-cat.vivit-tours.com
cze.vivit-tours.com
ger.vivit-tours.com
gre.vivit-tours.com
spa.vivit-tours.com
est.vivit-tours.com
fin.vivit-tours.com
fre.vivit-tours.com
hin.vivit-tours.com
hrv.vivit-tours.com
hun.vivit-tours.com
ind.vivit-tours.com
ita.vivit-tours.com
lang-heb.vivit-tours.com
jpn.vivit-tours.com
lang-kor.vivit-tours.com
lang-lit.vivit-tours.com
lav.vivit-tours.com
may.vivit-tours.com
dut.vivit-tours.com
pol.vivit-tours.com
por.vivit-tours.com
rum.vivit-tours.com
rus.vivit-tours.com
slo.vivit-tours.com
slv.vivit-tours.com
srp.vivit-tours.com
swe.vivit-tours.com
tam.vivit-tours.com
tel.vivit-tours.com
lang-tha.vivit-tours.com
tgl.vivit-tours.com
tur.vivit-tours.com
ukr.vivit-tours.com
urd.vivit-tours.com
lang-vie.vivit-tours.com
chi.vivit-tours.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-05-14` - `2022-05-13`	a year	crt.sh
*.optad360.io Amazon	`2021-11-17` - `2022-12-15`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
micuenta.kioscodeseguros.com GTS CA 1D4	`2022-03-08` - `2022-06-06`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
mc.yandex.ru Yandex CA	`2021-12-22` - `2022-06-03`	5 months	crt.sh
web.app GTS CA 1D4	`2022-01-31` - `2022-05-01`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-12-12` - `2022-12-13`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
mm.melia.com R3	`2022-02-17` - `2022-05-18`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-04` - `2022-05-03`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
um3.eqads.com Amazon	`2021-06-26` - `2022-07-25`	a year	crt.sh

This page contains 13 frames:

Primary Page: https://nor.vivit-tours.com/
Frame ID: B6C51F4D2C41333940DB588F4FFA1F93
Requests: 68 HTTP requests in this frame

Frame: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: EDCF9C7449AB8DF30BD208EF854E49EF
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 50459811EAA79F4E8E7179B75000841E
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: AFC8BABA8D4E7DCB442DD688B621E4C1
Requests: 2 HTTP requests in this frame

Frame: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 3570966EF3E8EE30A7A53DCFD1BA7C15
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJD8NRDO0zYYgPCExgEwAQ&v=APEucNUbLNc7rPp0Fr2yl8qg7h4gDXwPXieeC_50a9iRR74WI3Qb-odVRxo_QKO4NaWDI69_Q5rzRJ_5TdlbNxxjpqa4BVm9xUbsW5LLb38W1YX-j2MaUdlWCZ2hXw1YPS2IR4-MyCA-4vZzXUiBavHj5zIsy2J9Sfe8Ox4I_Fg7JVGDC0YpsoyTyk4tPrZ1PZRTlfRLJ7xjmf1ubGSQTiIZT6pAOcAQ9rp2KuaxKBGlX7hJkgIjOfCrTr0n5cagHYXFbBdFiSJ8T5kYxYfRHw1lVfWhQETcOlQR3s63qW8VHxqFuBT-s7SmfvNd8iv-6svH6Akyw7ou58V1N9MwUXtFvtGnb8PjqCOQnYuS3sD9La6izlREBngPG9OghRGbYWnR0VD9zPB4MMoo6vWrCRJH8g80zyFfvjkpRmgoL4chh8Cu1gig5ez2zvh7bMctK5FNxs0nsiQ-uoHdKZW3i1xM5CgVh-dKRSzO4W-XfkNCNSH6Jr_mYUcqxEDy7Dlk1pZa7s2oQWRDEChP-l939qN0X3tOTsYp3RnSMAb-uBoueQlB9SpWkydF_JJ7VFmPVkrUXFXngBijk4uPWkNDK7zgagxwy1nCzAizjQXs4diwQCCWcIEVbCpmvU4qQvqgJqniOTSh-z69y9V2Sb_x2Dd8XXHSxS2Ww_27y_EQLgHEgIwC5YbHzF5C_GcEVaolS8tBYB_I_YhV6aJekPhp7-zY3p-M_7FEna_EY_g7w5wJ438_3mLvmeV7JUTb8Ew5CoN_dJZlbpto0_n9EqCtYB3HzxEliQLOG54RVLNrTGAFzgbo2uuYqyRdDSgsOBlxPFZoB-pVBHIyExcJPg4biqwSkMUFAMBYUyI15oM9ljtUyo3l8_DbJu3ZoLZRcnxSB-CmcR5E3rzz3kMsWLcJmWyHGtPpt24yZIQvLHDc1JI4hjpicatNhkFZo4aXr7DCpzprOoQ_6LVAoKijKWQyF7kE-cXLqS31mp_16NV8TP14D-lbvtFgkFPc8IN4zZFyNlxMtNhd1UQEhJYlJe42TRKnJszzRbB71g
Frame ID: 68037B8FC47C9B86E32D6146651C1CCC
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: A4C11ED7FBA004A3B5B79B96D4F40734
Requests: 3 HTTP requests in this frame

Frame: https://s1.adform.net/Banners/Elements/Files/63577/11023675/11023675.js?ADFassetID=11023675&bv=257
Frame ID: 63459E2DF9D41E85F9D12D48F26CC1F3
Requests: 11 HTTP requests in this frame

Frame: blob://https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/39c3d332-5725-4792-a081-eb7ba0660602
Frame ID: 71F0EBBEA85BFD27A7F887E06642FB49
Requests: 1 HTTP requests in this frame

Frame: https://c.bannerflow.net/io/api/image/optimize?u=https%3A%2F%2Fc.bannerflow.net%2Faccounts%2Fmelia-hotels-international%2F59c9120b31ae8f128419d688%2Fimages%2Fa326ed08-c4ea-44d9-8af8-9453fe674daa.jpg&w=818&h=460&q=85&f=webp&rt=contain
Frame ID: D4A04760CB03D016E53D93D9CDCB8A34
Requests: 3 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: EBC312CD2231BBAFB6F64BDE20F9A609
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fnor.vivit-tours.com%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: 3C72350769BCD0797BE8B056B8B0B174
Requests: 9 HTTP requests in this frame

Frame: https://um2.eqads.com/um/cs&eq_cc=1
Frame ID: 983462DEC23D8CEB857D431782087E25
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Artikler Om Turisme Og Reiseliv, Anmeldelser Reise Magasiner, Aviser, Publikasjoner, Anmeldelser | 2022 April

Page URL History Show full URLs

http://nor.vivit-tours.com/ HTTP 301
https://nor.vivit-tours.com/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

mc\.yandex\.ru/metrika/(?:tag|watch)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

127
Requests

89 %
HTTPS

46 %
IPv6

29
Domains

42
Subdomains

33
IPs

7
Countries

2937 kB
Transfer

5051 kB
Size

37
Cookies

42 Outgoing links

These are links going to different origins than the main page.

URL: https://faq.vivit-tours.com/
Title: FAQ

Search URL Search Domain Scan URL

URL: https://vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://ara.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://bul.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://ben.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://lang-cat.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://cze.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://ger.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://gre.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://spa.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://est.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://fin.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://fre.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://hin.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://hrv.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://hun.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://ind.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://ita.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://lang-heb.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://jpn.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://lang-kor.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://lang-lit.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://lav.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://may.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://dut.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://pol.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://por.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://rum.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://rus.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://slo.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://slv.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://srp.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://swe.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://tam.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://tel.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://lang-tha.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://tgl.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://tur.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://ukr.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://urd.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://lang-vie.vivit-tours.com/

Search URL Search Domain Scan URL

URL: https://chi.vivit-tours.com/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://nor.vivit-tours.com/ HTTP 301
https://nor.vivit-tours.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 40

https://counter.yadro.ru/hit?r;s1600*1200*24;uhttps%3A//nor.vivit-tours.com/;0.5019991464311815 HTTP 302
https://counter.yadro.ru/hit?q;r;s1600*1200*24;uhttps%3A//nor.vivit-tours.com/;0.5019991464311815

Request Chain 50

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9595.33nUVoUKSprDFwleL0L2jLyx-WaiPFcNxJGSDdtkJClMX4z0O6wurBvm7BIUfXu0.vz7mIiRVHdM19TfSJMZLptOrWrc%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=9595.fd3jPXpe43NP2TYyxE6BJRo7sh3SXkLI9UTmWw8AB9veZEfnqKTAekFr40u4L2HunuzzoPBJ4h7Mjc0CWwLikw%2C%2C.OrWmwuTmLifb4pntlflajpsjGYo%2C

Request Chain 58

https://mc.yandex.com/watch/54607900?wmode=7&page-url=https%3A%2F%2Fnor.vivit-tours.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Auq3ipefhyn5rb8pyhvi%3Afp%3A1053%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A771%3Acn%3A1%3Adp%3A0%3Als%3A1471987952067%3Ahid%3A607905151%3Az%3A0%3Ai%3A20220401062929%3Aet%3A1648794569%3Ac%3A1%3Arn%3A848655455%3Arqn%3A1%3Au%3A16487945691054002384%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1648794567677%3Ads%3A0%2C34%2C924%2C1%2C61%2C0%2C%2C186%2C1%2C%2C%2C%2C1207%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1648794569%3At%3AArtikler%20Om%20Turisme%20Og%20Reiseliv%2C%20Anmeldelser%20Reise%20Magasiner%2C%20Aviser%2C%20Publikasjoner%2C%20Anmeldelser%20%7C%202022%20April&t=gdpr(14)aw(1)ti(2) HTTP 302
https://mc.yandex.com/watch/54607900/1?wmode=7&page-url=https%3A%2F%2Fnor.vivit-tours.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Auq3ipefhyn5rb8pyhvi%3Afp%3A1053%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A771%3Acn%3A1%3Adp%3A0%3Als%3A1471987952067%3Ahid%3A607905151%3Az%3A0%3Ai%3A20220401062929%3Aet%3A1648794569%3Ac%3A1%3Arn%3A848655455%3Arqn%3A1%3Au%3A16487945691054002384%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1648794567677%3Ads%3A0%2C34%2C924%2C1%2C61%2C0%2C%2C186%2C1%2C%2C%2C%2C1207%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1648794569%3At%3AArtikler%20Om%20Turisme%20Og%20Reiseliv%2C%20Anmeldelser%20Reise%20Magasiner%2C%20Aviser%2C%20Publikasjoner%2C%20Anmeldelser%20%7C%202022%20April&t=gdpr%2814%29aw%281%29ti%282%29

Request Chain 79

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=1&gdpr_consent=CPWwhXdPWwhXdAHABBENBACgAP_AAH_AAAAAHFNf_X_fb3_j-_59_9t0eY1f9_7_v20zjgeds-8Nyd_X_L8X4mM7vB36pq4KuR4Eu3LBAQdlHOHcTUmw6IkVqTPsbk2Mr7NKJ7PEinMbe2dYGH9_n9XTuZKY79_s___z__-__v__7_f_r-3_3_vp9V---wOJAJMNS-AizEscCSaNKoUQIQriQ6AEAFFCMLRNYQErgp2VwEfoIGACA1ARgRAgxBRiyCAAAAAJKIgJADwQCIAiAQAAgBUgIQAEaAILACQMAgAFANCwAigCECQgyOCo5TAgIkWignkrAEou9jDCEMooAaBAAAAA.f_gAD_gAAAAA&addtl_consent=1~2316.1097.1712.2575.1230.1651.486.540.2571.317.867.1205.1449.338.1870.2373.162.144.482.241.1201.1564.108.259.440.1889.839.1810.2299.415.1558.167.149.494.1878.2572.1364.1716.817.587.1842.2072.1033.1051.864.2985.3154.1365.2253.1570.1419.1721.495.2109.272.574.326.1577.311.196.70.1415.1929.1127.2357.2526.2677.491.2202.2177.1591.1276.93.449.733.323.981.1186.1765.122.780.1301.1215.2628.3052.938.1031.1290.89.1092.1725.1211 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL8lNz0JQfhJTpPGstHDzow&google_cver=1&gdpr=1&gdpr_consent=CPWwhXdPWwhXdAHABBENBACgAP_AAH_AAAAAHFNf_X_fb3_j-_59_9t0eY1f9_7_v20zjgeds-8Nyd_X_L8X4mM7vB36pq4KuR4Eu3LBAQdlHOHcTUmw6IkVqTPsbk2Mr7NKJ7PEinMbe2dYGH9_n9XTuZKY79_s___z__-__v__7_f_r-3_3_vp9V---wOJAJMNS-AizEscCSaNKoUQIQriQ6AEAFFCMLRNYQErgp2VwEfoIGACA1ARgRAgxBRiyCAAAAAJKIgJADwQCIAiAQAAgBUgIQAEaAILACQMAgAFANCwAigCECQgyOCo5TAgIkWignkrAEou9jDCEMooAaBAAAAA.f_gAD_gAAAAA&addtl_consent=1~2316.1097.1712.2575.1230.1651.486.540.2571.317.867.1205.1449.338.1870.2373.162.144.482.241.1201.1564.108.259.440.1889.839.1810.2299.415.1558.167.149.494.1878.2572.1364.1716.817.587.1842.2072.1033.1051.864.2985.3154.1365.2253.1570.1419.1721.495.2109.272.574.326.1577.311.196.70.1415.1929.1127.2357.2526.2677.491.2202.2177.1591.1276.93.449.733.323.981.1186.1765.122.780.1301.1215.2628.3052.938.1031.1290.89.1092.1725.1211 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL8lNz0JQfhJTpPGstHDzow&google_cver=1&gdpr=1&gdpr_consent=CPWwhXdPWwhXdAHABBENBACgAP_AAH_AAAAAHFNf_X_fb3_j-_59_9t0eY1f9_7_v20zjgeds-8Nyd_X_L8X4mM7vB36pq4KuR4Eu3LBAQdlHOHcTUmw6IkVqTPsbk2Mr7NKJ7PEinMbe2dYGH9_n9XTuZKY79_s___z__-__v__7_f_r-3_3_vp9V---wOJAJMNS-AizEscCSaNKoUQIQriQ6AEAFFCMLRNYQErgp2VwEfoIGACA1ARgRAgxBRiyCAAAAAJKIgJADwQCIAiAQAAgBUgIQAEaAILACQMAgAFANCwAigCECQgyOCo5TAgIkWignkrAEou9jDCEMooAaBAAAAA.f_gAD_gAAAAA&addtl_consent=1~2316.1097.1712.2575.1230.1651.486.540.2571.317.867.1205.1449.338.1870.2373.162.144.482.241.1201.1564.108.259.440.1889.839.1810.2299.415.1558.167.149.494.1878.2572.1364.1716.817.587.1842.2072.1033.1051.864.2985.3154.1365.2253.1570.1419.1721.495.2109.272.574.326.1577.311.196.70.1415.1929.1127.2357.2526.2677.491.2202.2177.1591.1276.93.449.733.323.981.1186.1765.122.780.1301.1215.2628.3052.938.1031.1290.89.1092.1725.1211&C=1

Request Chain 80

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=1&gdpr_consent=CPWwhXdPWwhXdAHABBENBACgAP_AAH_AAAAAHFNf_X_fb3_j-_59_9t0eY1f9_7_v20zjgeds-8Nyd_X_L8X4mM7vB36pq4KuR4Eu3LBAQdlHOHcTUmw6IkVqTPsbk2Mr7NKJ7PEinMbe2dYGH9_n9XTuZKY79_s___z__-__v__7_f_r-3_3_vp9V---wOJAJMNS-AizEscCSaNKoUQIQriQ6AEAFFCMLRNYQErgp2VwEfoIGACA1ARgRAgxBRiyCAAAAAJKIgJADwQCIAiAQAAgBUgIQAEaAILACQMAgAFANCwAigCECQgyOCo5TAgIkWignkrAEou9jDCEMooAaBAAAAA.f_gAD_gAAAAA&addtl_consent=1~2316.1097.1712.2575.1230.1651.486.540.2571.317.867.1205.1449.338.1870.2373.162.144.482.241.1201.1564.108.259.440.1889.839.1810.2299.415.1558.167.149.494.1878.2572.1364.1716.817.587.1842.2072.1033.1051.864.2985.3154.1365.2253.1570.1419.1721.495.2109.272.574.326.1577.311.196.70.1415.1929.1127.2357.2526.2677.491.2202.2177.1591.1276.93.449.733.323.981.1186.1765.122.780.1301.1215.2628.3052.938.1031.1290.89.1092.1725.1211&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?addtl_consent=1~2316.1097.1712.2575.1230.1651.486.540.2571.317.867.1205.1449.338.1870.2373.162.144.482.241.1201.1564.108.259.440.1889.839.1810.2299.415.1558.167.149.494.1878.2572.1364.1716.817.587.1842.2072.1033.1051.864.2985.3154.1365.2253.1570.1419.1721.495.2109.272.574.326.1577.311.196.70.1415.1929.1127.2357.2526.2677.491.2202.2177.1591.1276.93.449.733.323.981.1186.1765.122.780.1301.1215.2628.3052.938.1031.1290.89.1092.1725.1211&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgdpr%3D1%26gdpr_consent%3DCPWwhXdPWwhXdAHABBENBACgAP_AAH_AAAAAHFNf_X_fb3_j-_59_9t0eY1f9_7_v20zjgeds-8Nyd_X_L8X4mM7vB36pq4KuR4Eu3LBAQdlHOHcTUmw6IkVqTPsbk2Mr7NKJ7PEinMbe2dYGH9_n9XTuZKY79_s___z__-__v__7_f_r-3_3_vp9V---wOJAJMNS-AizEscCSaNKoUQIQriQ6AEAFFCMLRNYQErgp2VwEfoIGACA1ARgRAgxBRiyCAAAAAJKIgJADwQCIAiAQAAgBUgIQAEaAILACQMAgAFANCwAigCECQgyOCo5TAgIkWignkrAEou9jDCEMooAaBAAAAA.f_gAD_gAAAAA%26google_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&gdpr=1&gdpr_consent=CPWwhXdPWwhXdAHABBENBACgAP_AAH_AAAAAHFNf_X_fb3_j-_59_9t0eY1f9_7_v20zjgeds-8Nyd_X_L8X4mM7vB36pq4KuR4Eu3LBAQdlHOHcTUmw6IkVqTPsbk2Mr7NKJ7PEinMbe2dYGH9_n9XTuZKY79_s___z__-__v__7_f_r-3_3_vp9V---wOJAJMNS-AizEscCSaNKoUQIQriQ6AEAFFCMLRNYQErgp2VwEfoIGACA1ARgRAgxBRiyCAAAAAJKIgJADwQCIAiAQAAgBUgIQAEaAILACQMAgAFANCwAigCECQgyOCo5TAgIkWignkrAEou9jDCEMooAaBAAAAA.f_gAD_gAAAAA&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&gdpr_consent=CPWwhXdPWwhXdAHABBENBACgAP_AAH_AAAAAHFNf_X_fb3_j-_59_9t0eY1f9_7_v20zjgeds-8Nyd_X_L8X4mM7vB36pq4KuR4Eu3LBAQdlHOHcTUmw6IkVqTPsbk2Mr7NKJ7PEinMbe2dYGH9_n9XTuZKY79_s___z__-__v__7_f_r-3_3_vp9V---wOJAJMNS-AizEscCSaNKoUQIQriQ6AEAFFCMLRNYQErgp2VwEfoIGACA1ARgRAgxBRiyCAAAAAJKIgJADwQCIAiAQAAgBUgIQAEaAILACQMAgAFANCwAigCECQgyOCo5TAgIkWignkrAEou9jDCEMooAaBAAAAA.f_gAD_gAAAAA&google_nid=casale_media2_dsp_secure&google_cm&google_hm=YkabycA7oqZywSede5VeMwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECB12wi8_O3rZ4VMDduQp4w&google_cver=1&gdpr=1&gdpr_consent=CPWwhXdPWwhXdAHABBENBACgAP_AAH_AAAAAHFNf_X_fb3_j-_59_9t0eY1f9_7_v20zjgeds-8Nyd_X_L8X4mM7vB36pq4KuR4Eu3LBAQdlHOHcTUmw6IkVqTPsbk2Mr7NKJ7PEinMbe2dYGH9_n9XTuZKY79_s___z__-__v__7_f_r-3_3_vp9V---wOJAJMNS-AizEscCSaNKoUQIQriQ6AEAFFCMLRNYQErgp2VwEfoIGACA1ARgRAgxBRiyCAAAAAJKIgJADwQCIAiAQAAgBUgIQAEaAILACQMAgAFANCwAigCECQgyOCo5TAgIkWignkrAEou9jDCEMooAaBAAAAA.f_gAD_gAAAAA

Request Chain 82

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTg2NzAzMDQ5NTAxODYwMDU2MA%3D%3D

Request Chain 95

https://track.adform.net/banners/scripts/rmb/Adform.DHTML.js HTTP 301
https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js

Request Chain 112

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fnor.vivit-tours.com%2F&domain=nor.vivit-tours.com&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=jVS0wXx5dXgyaXpUZUJwcWdvTTRDOGJJRzZnRHFKVnNkNkl3T1JsZHczbi8wUlJiT0VqNUloYnNQNjZpZ1U5YWlIT1EwRTRWNzF0bE1hcjR5N2paMkFrTmtscy9XakJiTlpnSVk1V2pJREsvbTVNZGVmTkxiMjgvUU56VjhoemtOU3g0Z0xUQlZhdG9hUzN6bmN5Z3lRNHBwdmVnb0pPc1V2NUtEV1c5VDIrcTRzSmxpT1RIc1ZNajViLzFnT05nc0NlL3p6QUVkYU5IQTRjdVVQd3ZGMHFjTjVqWld2N3pHYzlCK1BEeE5uV01NVEdnUmRKeDlPSlVHLzNqNFJjZitZNWFhfA&cppv=2

Request Chain 119

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YkabybH4TzmlTVMvvnKkBAAABGMAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YkabybH4TzmlTVMvvnKkBAAABGMAAAAB&dcc=t

Request Chain 121

https://p.rfihub.com/cm?in=1&pub=2079&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5107433823026997411

Request Chain 122

https://b1sync.zemanta.com/usersync/index/?us_privacy=&gdpr=1&gdpr_consent= HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=&gdpr=1

Request Chain 123

https://beacon.lynx.cognitivlabs.com/ix.gif HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=20809184-8f71-409e-9322-64e42cee6320&expiration=1680330572

Request Chain 125

https://um2.eqads.com/um/cs HTTP 302
https://um2.eqads.com/um/cs&eq_cc=1

127 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
nor.vivit-tours.com/
Redirect Chain

http://nor.vivit-tours.com/
https://nor.vivit-tours.com/

37 KB
7 KB

958ms
923ms

Document
text/html

104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 01079fcd8c2d32fe8393bd60cdcce3ec3bac3ef5681256127120764953b9b44d

Request headers

Accept-Language: de-DE,de;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=86400
cf-cache-status: DYNAMIC
cf-ray: 6f4f4540a9d34bf4-AMS
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 01 Apr 2022 06:29:28 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Sat, 02 Apr 2022 06:29:27 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xnbcRlI3wobFLDNu1k2trD1MpcaY0tOe7cDkKsYjqMYSd4Q74CsWJ7AkZpmGZURJBa%2F82fkENPUX93%2BgTxVSm3DrOQlsK0FVhsxOVkB1vAyfIdkVgLZmfMAkJ8zlJjXqp%2BRYGFpM"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

CF-RAY: 6f4f45403f0c6b3e-AMS
Cache-Control: max-age=3600
Connection: keep-alive
Date: Fri, 01 Apr 2022 06:29:27 GMT
Expires: Fri, 01 Apr 2022 07:29:27 GMT
Location: https://nor.vivit-tours.com/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uhvcy4JTYwYxGeiVd1wVyALgvb6L6Yl71IMO%2BWgSx2ua4n%2FgTxO12u%2BDSlYRCRmILSi00zn3heqvhIQarJO8XSAS70umspSrig9Cgh5Rx6fOVrmHSMSmgOBHY4GCBAKF7ekrIYQu"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 plugin.min.js Show response
get.optad360.io/sf/29c44d7c-8171-46d6-a484-9d3087559448/ 373 KB
88 KB 56ms
8ms Script
application/javascript 2600:9000:206f:6800:11:a4de:2580:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.optad360.io/sf/29c44d7c-8171-46d6-a484-9d3087559448/plugin.min.js
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:6800:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 920bf5e0981c083ac0cc65869559295260817baa40cdd79fd293fa7d7acf5456

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 05:51:00 GMT
content-encoding: gzip
last-modified: Thu, 10 Mar 2022 12:36:00 GMT
server: AmazonS3
age: 2309
etag: W/"588fa2466d71b4d118fdf3af043b05a4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: UUFvQKC5W9bk382bJUcTBuJ9E7YaiCVW0PsiJyTTZspnC_ubdF6qMQ==

GET
H2 200 logo.png
vivit-tours.com/template/images/ 16 KB
16 KB 40ms
28ms Image
image/png 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vivit-tours.com/template/images/logo.png
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1cc776b4b87243862afabc5cb1107699c4bc2c3a89e7da2972f1e8d042233282

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:28 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3876840
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 16418
last-modified: Mon, 27 Jan 2020 19:15:41 GMT
server: cloudflare
etag: "4022-59d23eeec0e1c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GQ53FtsdqQd30z6S2kyt0P%2FGQ8uTw6DOC6Xr%2F%2Bsrx5waW4xUstgxsPrtiG6I%2BP8pqXB9STyAIj47M%2FGMN6MJMDJ9Ed1aQ6Z%2FeGcC6ZT3ntcnDvHlehsdDfAn1DAFaDydzWk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6f4f454698ce4bf4-AMS
expires: Wed, 15 Feb 2023 09:35:28 GMT

GET
H2 200 css
fonts.googleapis.com/ 5 KB
1 KB 40ms
18ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Nunito+Sans:700%7CNunito:300,600&display=swap

Requested by

Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dd780659b4c459487eb75a8ae8dfd106c50113470803d3eb20e03d89e1e1d9a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 06:29:28 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 01 Apr 2022 06:29:28 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 01 Apr 2022 06:29:28 GMT

GET
H2 200 bootstrap.min.css
vivit-tours.com/template/css/ 121 KB
20 KB 52ms
41ms Stylesheet
text/css 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vivit-tours.com/template/css/bootstrap.min.css
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e7454bd4a3bc5f489cf0cbe07e5d96387b06488b8bb0f10fecb621a125279a33

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 247769
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 27 Feb 2021 05:18:37 GMT
server: cloudflare
etag: W/"1e3d7-5bc4a8450ca77-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rWMIWrSG0d6pOBHZS%2Bolw3wa34rQskgwMnC4XhbyMqcK4J8IM%2FEx4imgFimN7Pa7LdfhK5DiVRmyCykn0mMSshrQWL6h1kAXur7Rff8qXmGTOls4AvOZ9CYFMgtemoICjV8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=1209600
cf-ray: 6f4f454698d14bf4-AMS
expires: Tue, 12 Apr 2022 09:39:59 GMT

GET
H2 200 style.css
vivit-tours.com/template/css/ 50 KB
24 KB 41ms
30ms Stylesheet
text/css 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vivit-tours.com/template/css/style.css
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e259154d565486c485d02cfa5e7907f03c355f0875d7df202d3ad4f4b312cdc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1186388
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 27 Feb 2021 05:18:37 GMT
server: cloudflare
etag: W/"c7e6-5bc4a8457cf57-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xZzZI9Wj0zJsnAjPUKFzS1vNIoTkAbpptp4pDjPN8IOxcYWDUjIby%2F15pNbvYthBh5nF%2F%2B9Tuo3KEoJVO%2FbRVzhO%2Bkpx5JlrxpdZHm59VPNRoxm0yR%2FqqsnEWfjJmwCi3OI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=1209600
cf-ray: 6f4f454698d24bf4-AMS
expires: Fri, 01 Apr 2022 12:56:20 GMT

GET
H2 200 jquery.min.js Show response
vivit-tours.com/template/js/ 84 KB
31 KB 54ms
43ms Script
application/javascript 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vivit-tours.com/template/js/jquery.min.js
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b409c14a10b4caad6b54844aa63a5faf748b83eecc2dd0d4fb1d913f8de55365

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 261251
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 18 Jul 2019 01:51:00 GMT
server: cloudflare
etag: W/"14e4e-58dead7722900-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MoUYipAwPNal6tuT5C7eOr5m%2F2GhANdMLv1TtyN96AkJCjxPiouxH%2F84FphJmBqvfys6PypsegVqEWB6nRm54clim8BWWwlwViG%2Bhx8fkeLDZkV%2FjLzfx%2B1mYTzps4upp7A%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1209600
cf-ray: 6f4f454698d54bf4-AMS
expires: Tue, 12 Apr 2022 05:55:17 GMT

GET
H2 200 bootstrap.min.js Show response
vivit-tours.com/template/js/ 36 KB
10 KB 45ms
34ms Script
application/javascript 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vivit-tours.com/template/js/bootstrap.min.js
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 247769
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 18 Jul 2019 01:51:00 GMT
server: cloudflare
etag: W/"90b5-58dead7722900-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g9z7GMw818Cmbm3T6Uq6i%2FVpuErqOysBHad3u5SI%2BQy1qC44%2FiHoMfbA54wgzktZm9UAPT65%2FCHxxwhjfh9rrcYDxEhPtQbuXRR97CJ7idyZ3WPl%2B7D298eFXuQkISq%2FAQ4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1209600
cf-ray: 6f4f454698d44bf4-AMS
expires: Tue, 12 Apr 2022 09:39:59 GMT

GET
H2 200 main.js Show response
vivit-tours.com/template/js/ 3 KB
1 KB 54ms
43ms Script
application/javascript 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vivit-tours.com/template/js/main.js
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f504ccb6c20e2bd16e5d8f01f673b3d454bbfc8f9767c029967c293f4ee723a8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1186388
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 18 Jul 2019 01:51:00 GMT
server: cloudflare
etag: W/"aa5-58dead7722900-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LPxv4k3S0vIZx8hoemgW7a1ZqGuSRIKZoJQedSRYUaxoCTvOy3mAHkwgK1GCz%2FOvi61igQ%2FuGdstmWOu6xgAaRFry7j95sXFk0IJBQjREudxsDXJzcHjr9ZRX%2F7p5VvFw%2BI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1209600
cf-ray: 6f4f454698d64bf4-AMS
expires: Fri, 01 Apr 2022 12:56:20 GMT

GET
H2 200 optr21_19091901.js Show response
cdn.zx-adnet.com/adx/ 146 KB
20 KB 77ms
6ms Script
text/javascript 151.101.1.195
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.zx-adnet.com/adx/optr21_19091901.js

Requested by

Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.195 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

19047638d6399cbadb04d69bd35e36ca6a031939e827353609143b4b876fe19a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31556926
content-encoding: br
etag: "0b27ba3a05911453f828f9719cddcbed520da0ab1aead05536fe1e3d46a78622-br"
fastly-original-body-size: 19911
x-cache: HIT
content-length: 19911
x-served-by: cache-hhn4025-HHN
last-modified: Thu, 31 Mar 2022 10:01:07 GMT
x-timer: S1648794569.794697,VS0,VE0
date: Fri, 01 Apr 2022 06:29:28 GMT
vary: accept-language, x-country-code, x-fh-requested-host, accept-encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600,public
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noarchive
x-cache-hits: 2

GET
H2 200 cookies_gdpr.js Show response
cdn.zx-adnet.com/consent/ 34 KB
9 KB 104ms
34ms Script
text/javascript 151.101.1.195
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.zx-adnet.com/consent/cookies_gdpr.js?0.7178681141655341

Requested by

Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.195 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6723ea2989d5cf57335b26d5bd0bcc52feffab866915b917c4cdcae672c99a2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31556926
content-encoding: br
last-modified: Thu, 31 Mar 2022 10:01:07 GMT
fastly-original-body-size: 0
x-timer: S1648794569.794797,VS0,VE28
etag: "e816600dd00bd96b1fef78362730b72e57d5bac88839b4da007d48db85d79519-br"
x-served-by: cache-hhn4025-HHN
vary: accept-language, x-country-code, x-fh-requested-host, accept-encoding
x-cache: MISS
content-type: text/javascript; charset=utf-8
cache-control: no-cache
date: Fri, 01 Apr 2022 06:29:28 GMT
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 pretoria-wildlife-7-best-places-go-where-you-can-indulge-into-wildlife-sightseeing.jpg
i.vivit-tours.com/img/other/25/ 44 KB
44 KB 111ms
98ms Image
image/jpeg 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vivit-tours.com/img/other/25/pretoria-wildlife-7-best-places-go-where-you-can-indulge-into-wildlife-sightseeing.jpg
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b669daf4312c726c94dfccd6effab2639c1c992f05969004a276a21d6c60773c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:28 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45186
last-modified: Thu, 05 Dec 2019 18:13:42 GMT
server: cloudflare
etag: "b082-598f8e3a850ad"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FUEQQ5fCTSSnMXCf1GlGj6PvfYbeMKwuE8M%2FkxCEygvXwgXqHvw0RtR5fiTBwtDYB%2Br2xf6BC5ICs3tOgOPHvkhqccbVEMa%2BNl1HHIrFpqYpg02IZePPHwMOTHNRZPTdr62t7w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6f4f4546b8e54bf4-AMS
expires: Sat, 01 Apr 2023 06:29:28 GMT

GET
H2 200 glamping-ubud-3-exotic-resorts-experience-blissful-stay-under-stars.jpg
i.vivit-tours.com/img/other/81/ 78 KB
79 KB 102ms
99ms Image
image/jpeg 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vivit-tours.com/img/other/81/glamping-ubud-3-exotic-resorts-experience-blissful-stay-under-stars.jpg
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cb9ab321177706979c6f7a8d11d02fc184238225ba8fe3b17231d9fec17701b0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:28 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 80033
last-modified: Thu, 05 Dec 2019 18:59:25 GMT
server: cloudflare
etag: "138a1-598f987254e30"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GcxjYVCKTC5hevCaq3PyJkJXXf27MzGkv%2BuNX0HLL5ESlhZ8orNAR4XFBkIX84IqIphbQnY2%2BaT72ogs8EMB2e2E3ZA%2BPUwM%2BzWmvsuM1gwYlFjzSVqWqzznAX72bOHXjLpr8g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6f4f4546b8e94bf4-AMS
expires: Sat, 01 Apr 2023 06:29:28 GMT

GET
H2 200 san-antonio.jpg
i.vivit-tours.com/img/destinations/err/ 47 KB
47 KB 114ms
111ms Image
image/jpeg 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vivit-tours.com/img/destinations/err/san-antonio.jpg
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 48be8ba8799f1de9ec8a2e3264f37705ab71fbcb0704bca44aa8dc22b980d01a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:28 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 48154
last-modified: Thu, 05 Dec 2019 17:35:14 GMT
server: cloudflare
etag: "bc1a-598f85a12db4b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fwzb2MEGsbPhxzFIOZSskSCnkMRoA3p6%2BqHdG2rDQQgb18kY6mqyrWsHT%2FCJEAbnjTAKG%2BJeInfWSn8A0dDsxJOHvOw6zfg7%2Ba%2B6bqT0pYxCO2GIKiPcIfyi4%2FfB5vvnn8%2BVwA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6f4f4546b8ea4bf4-AMS
expires: Sat, 01 Apr 2023 06:29:28 GMT

GET
H2 200 singapore.jpg
i.vivit-tours.com/img/destinations/12/ 34 KB
34 KB 84ms
82ms Image
image/jpeg 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vivit-tours.com/img/destinations/12/singapore.jpg
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ed132c4475e0800a48916b5906218edbd68e5757a32179538f354ce886898e4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:28 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 34662
last-modified: Thu, 05 Dec 2019 17:30:26 GMT
server: cloudflare
etag: "8766-598f848f3ec97"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GfZ3rnZF5Rpi7goRUx8q6ijAqzCKnuOKxhAMUE652vDldR9IVNtUfqJGRok2fGFqsgO2xDfvrv3KGMmy%2BowneAW3zEYSYrwdyFJwZhuTC84svc2n3eWsx9teEdg5YGuZzzcmHw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6f4f4546b8e64bf4-AMS
expires: Sat, 01 Apr 2023 06:29:28 GMT

GET
H2 200 louisiana.jpg
i.vivit-tours.com/img/destinations/32/ 54 KB
55 KB 94ms
92ms Image
image/jpeg 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vivit-tours.com/img/destinations/32/louisiana.jpg
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d72384b80bcc64349beb1690104b6f061243bb53112fad113195c8b3d83ab61

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:28 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 55492
last-modified: Thu, 05 Dec 2019 17:31:29 GMT
server: cloudflare
etag: "d8c4-598f84cabc457"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ovEYcR4of3qNfeOp%2F3ZMce1LkDbAbsnvc624cEXzE4%2Fjvm5CrZxOj1c%2Fs7Hut7G6t%2FDNzrz52LPxZeXHsHur9dMDroF0fePkRDhpNqr5lPTw3bW3My6TKrySBNsQkEN3VVFWjA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6f4f4546b8eb4bf4-AMS
expires: Sat, 01 Apr 2023 06:29:28 GMT

GET
H2 200 austin.jpg
i.vivit-tours.com/img/destinations/err/ 39 KB
40 KB 81ms
78ms Image
image/jpeg 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vivit-tours.com/img/destinations/err/austin.jpg
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 76a913aac5245b31baa5edc9dc198170aa54988f899b2f89833c1018d5ddf15c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:28 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 40291
last-modified: Thu, 05 Dec 2019 17:34:37 GMT
server: cloudflare
etag: "9d63-598f857e7603c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b3kaMSXBp%2Fq6ISyX%2FmasDiHK7QZrasB3y81GbDnU8tzemmsmBzJRNZcn9VhRGKM1BM4LTOpb3ALQZEG0FrjLuxy8OUZKLsyrNGC5S5sVlfZDREBEg%2ByAFy6E0HPV6LESPl8adA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6f4f4546b8e74bf4-AMS
expires: Sat, 01 Apr 2023 06:29:28 GMT

GET
H2 200 chattanooga.jpg
i.vivit-tours.com/img/destinations/49/ 45 KB
46 KB 112ms
109ms Image
image/jpeg 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vivit-tours.com/img/destinations/49/chattanooga.jpg
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ecfcec8f497f15339beda9a5deab51f516a4a7df850ddafa2978aa4fa5fbcd28

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:28 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 46199
last-modified: Thu, 05 Dec 2019 17:32:13 GMT
server: cloudflare
etag: "b477-598f84f4923a1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RvkOFvsvFzZ7lRLue5Af%2Ba78wHoGueMviv6WGxdWQ47FSmVFrAJKcFiEofwQ6v9tWWnr2dVG%2FM3mIMOB6OzFNO3A8LpY5hNwSPgA83I8IAl4oXGp87P24SdpaBUfViY6z258oA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6f4f4546b8e34bf4-AMS
expires: Sat, 01 Apr 2023 06:29:28 GMT

GET
H2 200 istanbul.jpg
i.vivit-tours.com/img/destinations/54/ 75 KB
75 KB 107ms
104ms Image
image/jpeg 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vivit-tours.com/img/destinations/54/istanbul.jpg
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5dac30411944d1b0728c6667785175023c61dd1f710d4dde9dc7fa14f021f032

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:28 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 76488
last-modified: Thu, 05 Dec 2019 17:32:27 GMT
server: cloudflare
etag: "12ac8-598f85026b25a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QHkOXRJE3ZBAyACa0wFUQaYA%2BLXcqTZDAwanwQwiVOZ0IjdCXyrBeIFb0WMT6yk7TDHs8uDy9hvCC25UdkT1p3DvIEkNpiG2itjFRcmE4sguohB5s%2FISZeRIEKEPu0aDuUdjgw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6f4f4546b8e84bf4-AMS
expires: Sat, 01 Apr 2023 06:29:28 GMT

GET
H2 200 cutest-summer-cocktails-america.jpg
i.vivit-tours.com/img/interests/75/ 40 KB
41 KB 75ms
72ms Image
image/jpeg 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vivit-tours.com/img/interests/75/cutest-summer-cocktails-america.jpg
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 50fba71f6085452f0773305c033211c004603fbbab36572a938cf88ca71792c3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:28 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 41449
last-modified: Thu, 05 Dec 2019 17:45:33 GMT
server: cloudflare
etag: "a1e9-598f87efe73ad"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NM81lRI8VzrDjuPAJu0wKEMTjn6VSZ90d8hgUuOxtRZ8GfJ8Dvgj3x8obnhq2CAruO0%2BS2RQCGpbAVOitzmL6iMSrJtVo514%2F02G71tVhoBcDnpHN3O1IR3PJOBpGFJJHLZApg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6f4f4547396a4bf4-AMS
expires: Sat, 01 Apr 2023 06:29:28 GMT

GET
H2 200 15-must-have-items-family-road-trip-with-kids.jpg
i.vivit-tours.com/img/interests/95/ 34 KB
34 KB 582ms
579ms Image
image/jpeg 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vivit-tours.com/img/interests/95/15-must-have-items-family-road-trip-with-kids.jpg
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e9dc49716340952b66c65afb68647aed921613866f870d848a7ca9d614950d61

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:29 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 34895
last-modified: Thu, 05 Dec 2019 17:47:40 GMT
server: cloudflare
etag: "884f-598f8868ce63c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F9Iua%2BTDA7TyuUmYDl5GNipbp6cVjRRSB9%2B6FRCUCzzZHOZK5YfvSj%2Bgg1YMzkW9NDGQ79a7PnR9njqkwJKVXZWcES9vJU3bV0M4NsWZUaYO95ixB0wGwTcgKZA0loHKogd3rQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6f4f4547396b4bf4-AMS
expires: Sat, 01 Apr 2023 06:29:29 GMT

GET
H2 200 surf-australia.jpg
i.vivit-tours.com/img/interests/23/ 40 KB
41 KB 1341ms
1338ms Image
image/jpeg 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vivit-tours.com/img/interests/23/surf-australia.jpg
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31571d811b75166f0addeb6afc6d23310fdb2472764025da64b210ab4b5d3945

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:30 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 41287
last-modified: Thu, 05 Dec 2019 17:39:28 GMT
server: cloudflare
etag: "a147-598f86941b21d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X4A0Z%2FtLcqH7adoQZ1lxJhRTVi6d0RaYUoF%2BNG5CsCUJROTmLFfqt1DBt8uSHgMn%2BjPgc25CZRCAp5fQlH6%2F%2FfrNXmWgZ7%2FN6afAlD9hT%2BmgR50xFT8VACI55sD7v0NuffOZAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6f4f4547396d4bf4-AMS
expires: Sat, 01 Apr 2023 06:29:30 GMT

GET
H2 200 10-offbeat-trekking-spots-himalayas.jpg
i.vivit-tours.com/img/other/65/ 41 KB
41 KB 76ms
73ms Image
image/jpeg 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vivit-tours.com/img/other/65/10-offbeat-trekking-spots-himalayas.jpg
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 552a91228d301c2349ac090bf85eee7431e0a716f9c804575b7b86ffcad1781e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:28 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 41634
last-modified: Thu, 05 Dec 2019 18:45:51 GMT
server: cloudflare
etag: "a2a2-598f9569ea55e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yGIoOrMyeb3vwaWGPgE4EJbLFRVsSOWscZkWqID%2FN8MuBhvjHbjfhy4OTyYAuPdm%2FS67tO5e7VpNMvGLNcxVyfAjhT5j7kO0ugrV586DKUU6m7TONL0hBYy1%2BWqUXEjhXpNcPg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6f4f4547396e4bf4-AMS
expires: Sat, 01 Apr 2023 06:29:28 GMT

GET
H2 200 somewhere-weekend-essaouira.jpg
i.vivit-tours.com/img/other/22/ 42 KB
43 KB 76ms
72ms Image
image/jpeg 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vivit-tours.com/img/other/22/somewhere-weekend-essaouira.jpg
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2065a180f787f46eca50717ca6a31774073d73ca1644e12cee672e42469078c1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:28 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43394
last-modified: Thu, 05 Dec 2019 18:11:07 GMT
server: cloudflare
etag: "a982-598f8da74d856"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2m2A9gJzRNz9ydIDY9wSm8fZb1iyB0Xyu27vlAe%2B3WCqOPKskL1on9P%2B%2Bxw4CMzVAYjbAlwEFkaGvnUmFx%2FtudbWiKLPOsqi7%2B014%2BuTyYVP5O53k3kHVQBsrIK0tGzfhUKPAg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6f4f454739704bf4-AMS
expires: Sat, 01 Apr 2023 06:29:28 GMT

GET
H2 200 15-awesome-things-do-georgetown.jpg
i.vivit-tours.com/img/other/63/ 52 KB
53 KB 1703ms
1700ms Image
image/jpeg 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vivit-tours.com/img/other/63/15-awesome-things-do-georgetown.jpg
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ee5c1034df1290e6ca78decd5c36f1800e2e66e0ea1f5eca72bc03829d2f837

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:30 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 53490
last-modified: Thu, 05 Dec 2019 18:44:19 GMT
server: cloudflare
etag: "d0f2-598f9513082b7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CsBEkok59qxEfetHGLyk9EZ84baIXzFgo24gImFVgfwuGuZQ20jC0eka3wo%2F7lEhXdr8CxdJe%2Bu8mbGO%2Bpw1vwtVpPblZB0%2BL2kkeHAjS5KNohiKQerisJcvbi3bLfpxrDbv1A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6f4f454739734bf4-AMS
expires: Sat, 01 Apr 2023 06:29:30 GMT

GET
H2 200 where-go-holiday-august-20-top-destinations.jpg
i.vivit-tours.com/img/other/63/ 54 KB
54 KB 2160ms
2157ms Image
image/jpeg 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vivit-tours.com/img/other/63/where-go-holiday-august-20-top-destinations.jpg
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca473c2d63bce6d640d76af690a54078d2a39ec61828cca5bde93f0113081bf8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:30 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 54981
last-modified: Thu, 05 Dec 2019 18:44:55 GMT
server: cloudflare
etag: "d6c5-598f953561213"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tdk9LImvMOu0PnM6Umh97XeLLCMA8I5qog163A%2FBf9VqG0DLV7XHLzzpt686QA9TAYKO5%2FUNTKzdKTazEO5%2B0Io7cxEmQCNhy4fmMb7%2FS22VtoXmnyeJ50zEhNGJz7%2B7eoJenw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6f4f454749744bf4-AMS
expires: Sat, 01 Apr 2023 06:29:30 GMT

GET
H2 200 paragliding-darjeeling-guide-help-you-have-an-experience-lifetime.jpg
i.vivit-tours.com/img/other/51/ 55 KB
55 KB 2403ms
2400ms Image
image/jpeg 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vivit-tours.com/img/other/51/paragliding-darjeeling-guide-help-you-have-an-experience-lifetime.jpg
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ff92f194ca3c545d4ad51f8b6342afbcd3d15936a4e677d9f6f334e29db0902

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:31 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 56264
last-modified: Thu, 05 Dec 2019 18:34:59 GMT
server: cloudflare
etag: "dbc8-598f92fcc6d56"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2LUMyICqc8hYufbon3fz9%2Fa8SlM7eREe%2F35pGnSpT1fdPj5aocxTjJTIF8KcnSaitz5Se75fQcYIZvtU%2Be3U4qbDb9pjDcXdP0qSEu9n9ri1nei3Gvi%2B7wALaqPsi1wRyCLukA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6f4f454749754bf4-AMS
expires: Sat, 01 Apr 2023 06:29:31 GMT

GET
H2 200 9-best-homestays-berlin-sit-relax.jpg
i.vivit-tours.com/img/other/93/ 49 KB
49 KB 1985ms
1982ms Image
image/jpeg 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vivit-tours.com/img/other/93/9-best-homestays-berlin-sit-relax.jpg
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f4d14d600375619f98e54b465a36070610414054467e94c789ea28a19c2dd234

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:30 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 50153
last-modified: Thu, 05 Dec 2019 19:08:41 GMT
server: cloudflare
etag: "c3e9-598f9a84ab98a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xRf%2FAF5q6cdii%2B%2BRtX97bUkQs%2BDB3%2FehfWBOilSkUIxnSl750r%2BvWhARmSChi005GlkeblkuggQSgRTBOr3XkgLDT%2FjFCzOIqMPKY31UNkCPBpYrC9Rt6zikiwJ%2FOC7R%2BCbbiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6f4f454749764bf4-AMS
expires: Sat, 01 Apr 2023 06:29:30 GMT

GET
H2 200 8-best-indian-restaurants-australia-satiate-those-desi-food-cravings.jpg
i.vivit-tours.com/img/other/77/ 45 KB
46 KB 1057ms
1054ms Image
image/jpeg 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vivit-tours.com/img/other/77/8-best-indian-restaurants-australia-satiate-those-desi-food-cravings.jpg
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0a9077e0e273598bb801035365f055c5ba48991c8463af243a69fdbae72c43c1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:29 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 46549
last-modified: Thu, 05 Dec 2019 18:55:42 GMT
server: cloudflare
etag: "b5d5-598f979e69f1a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KP2xuUJncLWlIPxrt%2BWp2VFZNs4K0rRJDW6q6f2uijwX%2BtUxk6EHR3MuvXMIykry7ND5TawryMpTva1powGJmoKSI4c%2BZ%2FPNuaouyOKvdoXSK0hVDhLqzD%2BzdrjM6hNzbkYzQw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6f4f454749774bf4-AMS
expires: Sat, 01 Apr 2023 06:29:29 GMT

GET
H2 200 lima-culinary-capital-south-america.jpg
i.vivit-tours.com/img/eating-drinking/72/ 56 KB
56 KB 2211ms
2208ms Image
image/jpeg 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vivit-tours.com/img/eating-drinking/72/lima-culinary-capital-south-america.jpg
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 68c8634d999cb48fb4d22a917ab77afd3b92730b7002efacd43aafa68a97ad65

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:31 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 56932
last-modified: Thu, 05 Dec 2019 17:35:37 GMT
server: cloudflare
etag: "de64-598f85b797fc1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O9LTs%2FBPlm9Px0CWnmMYcInAEwUFtGNdRHsMgfhT5ThEg95yRjdA3t5IJEMoRSN4H9ThDr2F0vvCq%2FnOBz%2FRc1TBvi%2FGoENc3dZeNorp6uKAhYLvdM10qQoHztvSCwNp1YAiJw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6f4f454749784bf4-AMS
expires: Sat, 01 Apr 2023 06:29:30 GMT

GET
H2 200 this-new-amusement-park-ohio-will-be-bigger-better.jpg
i.vivit-tours.com/img/other/16/ 81 KB
81 KB 704ms
701ms Image
image/jpeg 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vivit-tours.com/img/other/16/this-new-amusement-park-ohio-will-be-bigger-better.jpg
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf2edba70bc10fc1d0cfbb99388a7d29442a09dec8eb1baf093a58f2d5d88eb4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:29 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 82977
last-modified: Thu, 05 Dec 2019 18:05:54 GMT
server: cloudflare
etag: "14421-598f8c7c98b54"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Udw9U9eJ8qP8ond9ak5ywFg%2FidJHw%2BWIqpkhuxm9VzKRfqWclqWYEi6ulPun%2BwvKXfMokm8m5cJuFcm9%2Be0jCcxv9dKnr6kqMNrxAmPmeh2H7JwOiRUY75PiWCPYlSPGfWkuWw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6f4f454749794bf4-AMS
expires: Sat, 01 Apr 2023 06:29:29 GMT

GET
H2 200 haunted-destination-amargosa-opera-house.jpg
i.vivit-tours.com/img/interests/43/ 46 KB
46 KB 675ms
673ms Image
image/jpeg 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vivit-tours.com/img/interests/43/haunted-destination-amargosa-opera-house.jpg
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d65a80f4694f786a9b99f42cde5a3a95e4082fd0a65fdbcb4641030a1caae58f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:29 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 46906
last-modified: Thu, 05 Dec 2019 17:41:36 GMT
server: cloudflare
etag: "b73a-598f870e0dde9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4wkFIinfapaPkHEB7zYB6P9Z5S5sNgQWXU9a88uWrFRxuYvWohWQOGoDzteTO0q7YI6Q7DrNV55W6UocO0Q8tR2ZWTCGy2YkLlLp0C2q2t%2Fj6kvrKCSD9GCKedJ25zknbRBBNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6f4f4547497a4bf4-AMS
expires: Sat, 01 Apr 2023 06:29:29 GMT

GET
H2 200 bharatpur-bird-sanctuary-your-perfect-date-with-nature.jpg
i.vivit-tours.com/img/other/63/ 61 KB
61 KB 1688ms
1685ms Image
image/jpeg 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vivit-tours.com/img/other/63/bharatpur-bird-sanctuary-your-perfect-date-with-nature.jpg
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d46fb49bab044b72f45e26312101e253955a9184be0bafe16c4b44d9449bcaf9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:30 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 62248
last-modified: Thu, 05 Dec 2019 18:44:36 GMT
server: cloudflare
etag: "f328-598f952330e26"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l03vcaVpO3TFxCZemauadhCh2%2BRugZQqFPaZkEKCI%2BcFg9FvlKyIY2kaFgYspW1z4eVoB3uHdbqtFArQFPfFt2%2F%2FCiTRowjP76CTZ6ZdWqK2vkDgw83v%2FAQo6yRiGxFgHYoz0w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6f4f4547497b4bf4-AMS
expires: Sat, 01 Apr 2023 06:29:30 GMT

GET
H2 200 3-best-restaurants-near-rochor-canal-road-singapore-one-must-definitely-visit-atleast-once.jpg
i.vivit-tours.com/img/other/56/ 70 KB
71 KB 555ms
552ms Image
image/jpeg 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vivit-tours.com/img/other/56/3-best-restaurants-near-rochor-canal-road-singapore-one-must-definitely-visit-atleast-once.jpg
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 76cec69a835990a09a8fb5f5798ad63d604a8697667160159f65d1bb08ee88de

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:29 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 72146
last-modified: Thu, 05 Dec 2019 18:38:51 GMT
server: cloudflare
etag: "119d2-598f93da3a247"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C%2B7PDz%2FRAK1uhNiaLhSwl21IrBlzyt8%2FvfxtJuGpL3ypRATh12YSZ1ygZEc4v7ZI7oVZI8eDEyCYottQeLlHzu8oE55hXOd1edjS%2Bno0eJN1PRERPG0i6kQuNmWrPg%2BsY9eiiw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6f4f4547497c4bf4-AMS
expires: Sat, 01 Apr 2023 06:29:29 GMT

GET
H2 200 dubai-continues-its-affair-with-heights-opening-worlds-largest-picture-frame.jpg
i.vivit-tours.com/img/other/03/ 59 KB
59 KB 2108ms
2105ms Image
image/jpeg 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vivit-tours.com/img/other/03/dubai-continues-its-affair-with-heights-opening-worlds-largest-picture-frame.jpg
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1db85b6c2c0383a57632cc42977d2ebad75cdbbecd1e9ade8b43c3a5be46cca9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:30 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 59987
last-modified: Thu, 05 Dec 2019 17:54:27 GMT
server: cloudflare
etag: "ea53-598f89ed17c38"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5y%2FY79SYLL5IIKnYy0c2LJS9Bbst8U0CVBhca%2FfM2%2FQB2RE0TB8cbTv7dDTJSF4%2BW9oEkszRTELwFRlW0PwaeUb3g20QY6Qc7adKsz%2B9Gx8IqsIaZdo7K%2BkM7BDuGLIkWkkP8A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6f4f4547497d4bf4-AMS
expires: Sat, 01 Apr 2023 06:29:30 GMT

GET
H2 200 nikoi-island-an-ultimate-pocket-guide-thatll-help-you-plan-perfect-island-getaway.jpg
i.vivit-tours.com/img/other/07/ 48 KB
49 KB 2469ms
2467ms Image
image/jpeg 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vivit-tours.com/img/other/07/nikoi-island-an-ultimate-pocket-guide-thatll-help-you-plan-perfect-island-getaway.jpg
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d88499e163ae0dc1dec102b84e54b092a907c7f2dee2270002ec03eec938b591

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:31 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 49449
last-modified: Thu, 05 Dec 2019 17:58:23 GMT
server: cloudflare
etag: "c129-598f8ace70699"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kGAOp%2FhATE4vmizoWNmkJ3%2BgTBa6AwE5krG%2Fr2NHj4feZ1hUFC%2F5lEzpkPJA2whcrACzCx4AiRA8vKwwWYWWK7NQt0B6wV7bbTAiMUA6ZWEVDO8NR9pXw5dqEbwn0BJ7Wu53NA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6f4f454759914bf4-AMS
expires: Sat, 01 Apr 2023 06:29:31 GMT

GET
H2 200 complete-karsog-valley-guide-2019-know-all-about-this-hidden-gem-himalayas.jpg
i.vivit-tours.com/img/other/51/ 51 KB
51 KB 2692ms
2690ms Image
image/jpeg 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vivit-tours.com/img/other/51/complete-karsog-valley-guide-2019-know-all-about-this-hidden-gem-himalayas.jpg
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8b22fc1c761c011a02b17305957a03a8182281db08faaf9fa2eadcb1126b601d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:31 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 51988
last-modified: Thu, 05 Dec 2019 18:34:49 GMT
server: cloudflare
etag: "cb14-598f92f2e684b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k78QFRfLc%2F264RgnSMKpfe5%2B56o%2FG4vEaWtqbdypmEwMBmWVz%2FZRZooD0TiNnsP3b%2FlZTuxJ%2FgpgFusXr%2BK4ak%2BngS5d0RKdw6XweJUFfG2zbNK%2Fgai%2B%2FG7aA0joYAtQ1YTPBA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6f4f454759934bf4-AMS
expires: Sat, 01 Apr 2023 06:29:31 GMT

GET
H2 200 ajman-nightlife-8-best-places-town-arabs-enjoy-shisha-drinks.jpg
i.vivit-tours.com/img/other/43/ 62 KB
62 KB 2707ms
2705ms Image
image/jpeg 104.21.59.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vivit-tours.com/img/other/43/ajman-nightlife-8-best-places-town-arabs-enjoy-shisha-drinks.jpg
Requested by: Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.59.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ceef21cbb51899993bc566567aa685aa27950ba362b8cfa4f9829cf9013e71d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:31 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 62981
last-modified: Thu, 05 Dec 2019 18:28:17 GMT
server: cloudflare
etag: "f605-598f917cd31db"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LvVy1mdQyVUiaBFs3dB2B670xPcEDozd0%2FrEg%2FXFVnu0Be%2FCfHvVR9HZAdUFx%2BrW1y1xmjXD59CFxt08uoeYjRORxBsPMu7E%2FyQ%2Bw2TeqMq9RU59M4CJVE3oj1Mog4ngt4DIiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 6f4f454759954bf4-AMS
expires: Sat, 01 Apr 2023 06:29:31 GMT

GET
H2 200 pe03MImSLYBIv1o4X1M8cc8GBs5tU1E.woff2
fonts.gstatic.com/s/nunitosans/v11/ 17 KB
17 KB 29ms
8ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunitosans/v11/pe03MImSLYBIv1o4X1M8cc8GBs5tU1E.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Nunito+Sans:700%7CNunito:300,600&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

abf55d853f3bbe3a244ea8f3b8ed9b4127f028a096fefc942020a3605433d99a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://nor.vivit-tours.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 19:37:59 GMT
x-content-type-options: nosniff
age: 125489
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17108
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:15:13 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 30 Mar 2023 19:37:59 GMT

GET
H2 200 XRXV3I6Li01BKofINeaB.woff2
fonts.gstatic.com/s/nunito/v23/ 35 KB
35 KB 29ms
9ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunito/v23/XRXV3I6Li01BKofINeaB.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Nunito+Sans:700%7CNunito:300,600&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a5785b77392afc9cd2912fe805759dd4bec52a4ec5dd8c6981eefb08af7690f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://nor.vivit-tours.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 10:29:01 GMT
x-content-type-options: nosniff
age: 72027
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35772
x-xss-protection: 0
last-modified: Thu, 31 Mar 2022 06:25:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 31 Mar 2023 10:29:01 GMT

GET
DATA 200
OK truncated
/ 19 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ae2b3292ce4d22938259dd7e2d411ef3e498276837fbcc0475af40237b608f1f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

hit
counter.yadro.ru/
Redirect Chain

https://counter.yadro.ru/hit?r;s1600*1200*24;uhttps%3A//nor.vivit-tours.com/;0.5019991464311815
https://counter.yadro.ru/hit?q;r;s1600*1200*24;uhttps%3A//nor.vivit-tours.com/;0.5019991464311815

43 B
528 B

56ms
56ms

Image
image/gif

88.212.201.198
UNITEDNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://counter.yadro.ru/hit?q;r;s1600*1200*24;uhttps%3A//nor.vivit-tours.com/;0.5019991464311815

Requested by

Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/

Protocol

HTTP/1.1

Server

88.212.201.198 , Russian Federation, ASN39134 (UNITEDNET, RU),

Reverse DNS

host198.rax.ru

Software

nginx/1.17.9 /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 01 Apr 2022 06:29:43 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Access-Control-Allow-Origin: *
Cache-control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 31 Mar 2021 21:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 01 Apr 2022 06:29:43 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Location: https://counter.yadro.ru/hit?q;r;s1600*1200*24;uhttps%3A//nor.vivit-tours.com/;0.5019991464311815
Cache-control: no-cache
Connection: keep-alive
Content-Type: text/html
Content-Length: 32
Expires: Wed, 31 Mar 2021 21:00:00 GMT

GET
H2 200 tag.js Show response
mc.yandex.ru/metrika/ 200 KB
69 KB 175ms
81ms Script
application/javascript 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

9eb7f6271088b0cca8df60382ad3db6bbc55143451782958f6842b1c50ef45d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:28 GMT
content-encoding: br
last-modified: Tue, 29 Mar 2022 10:12:55 GMT
etag: "6242b177-11134"
strict-transport-security: max-age=31536000
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
content-length: 69940
expires: Fri, 01 Apr 2022 07:29:28 GMT

GET
H2 404 px_optr.js
cdn.zx-adnet.com/s2r/ 0
0 7ms
6ms Script
text/html 151.101.1.195
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.zx-adnet.com/s2r/px_optr.js
Requested by: Host: cdn.zx-adnet.com
URL: https://cdn.zx-adnet.com/adx/optr21_19091901.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.195 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H2 200 abs.js Show response
cdn.zx-adnet.com/adx/ 220 B
226 B 39ms
38ms Script
text/javascript 151.101.1.195
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.zx-adnet.com/adx/abs.js?0.40633311099658154

Requested by

Host: cdn.zx-adnet.com
URL: https://cdn.zx-adnet.com/adx/optr21_19091901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.195 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a2862c9e532e9e51ea7ca8d7c96bb602a74e31396f9c5be127dbea7c5adfc227

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31556926
content-encoding: br
etag: "5fef2687ef3b38d2357073d43abb64a2f46b34fce9295b7d515ee95b7d79cfdb-br"
fastly-original-body-size: 107
x-cache: MISS
content-length: 107
x-served-by: cache-hhn4025-HHN
last-modified: Thu, 31 Mar 2022 10:01:07 GMT
x-timer: S1648794569.918068,VS0,VE31
date: Fri, 01 Apr 2022 06:29:28 GMT
vary: accept-language, x-country-code, x-fh-requested-host, accept-encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600,public
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noarchive
x-cache-hits: 0

GET
H2 200 tic
site2text-2021.web.app/ 0
396 B 309ms
275ms Image
text/html 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://site2text-2021.web.app/tic?startqa=1&r=0.5658686439705527

Requested by

Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
fastly-original-body-size: 0
x-cache: MISS
content-length: 0
x-served-by: cache-mxp6973-MXP
server: Google Frontend
x-timer: S1648794569.955980,VS0,VE259
date: Fri, 01 Apr 2022 06:29:29 GMT
x-robots-tag: noindex
vary: cookie,need-authorization, x-fh-requested-host, accept-encoding
content-type: text/html
x-cloud-trace-context: 235d2fdfdb9b5751e524bdce1030af5b
cache-control: private
function-execution-id: owtz6jr5vwht
accept-ranges: bytes
x-orig-accept-language: de-DE,de;q=0.9
x-country-code: DE
x-cache-hits: 0

GET
H2 200 sdk.feda0fd8c5f2191f5c4b299585520859048f3705.js Show response
cdn.zx-adnet.com/consent/ 341 KB
66 KB 6ms
6ms Script
text/javascript 151.101.1.195
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.zx-adnet.com/consent/sdk.feda0fd8c5f2191f5c4b299585520859048f3705.js

Requested by

Host: cdn.zx-adnet.com
URL: https://cdn.zx-adnet.com/consent/cookies_gdpr.js?0.7178681141655341

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.195 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

04149c43558d59b2f0f2cc3f679979b915401ca5c94e833479ca9ea754db0b89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31556926
content-encoding: br
last-modified: Thu, 31 Mar 2022 10:01:07 GMT
x-timer: S1648794569.919443,VS0,VE0
etag: "903d4e9708a69e8cc899413e10c8bd8c12ff0e8553c05df46fc83d843518567b-br"
x-served-by: cache-hhn4025-HHN
vary: accept-language, x-country-code, x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=315000
date: Fri, 01 Apr 2022 06:29:28 GMT
accept-ranges: bytes
content-length: 67057
x-cache-hits: 54

GET
H2 200 ui-gdpr-en.feda0fd8c5f2191f5c4b299585520859048f3705.js Show response
cdn.zx-adnet.com/consent/ 230 KB
37 KB 176ms
175ms Script
text/javascript 151.101.1.195
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.zx-adnet.com/consent/ui-gdpr-en.feda0fd8c5f2191f5c4b299585520859048f3705.js

Requested by

Host: cdn.zx-adnet.com
URL: https://cdn.zx-adnet.com/consent/sdk.feda0fd8c5f2191f5c4b299585520859048f3705.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.195 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ff4b703a37dc11dbca28199ebaa29bfd85fb3793138fdc9bb2b952954d098b68

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31556926
content-encoding: br
last-modified: Thu, 31 Mar 2022 10:01:07 GMT
x-timer: S1648794569.029096,VS0,VE169
etag: "dad5947af947c84745a29032a526f3e68afd9ce38af7f41ee281defb94b29c84-br"
x-served-by: cache-hhn4025-HHN
vary: accept-language, x-country-code, x-fh-requested-host, accept-encoding
x-cache: MISS
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=315000
date: Fri, 01 Apr 2022 06:29:29 GMT
accept-ranges: bytes
content-length: 37832
x-cache-hits: 0

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 83 KB
28 KB 56ms
20ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/29c44d7c-8171-46d6-a484-9d3087559448/plugin.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

1bebe07e837fb33f10c63429c52aba83e53af281cdebd8687b3ca740d0703829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28182
x-xss-protection: 0
server: sffe
etag: "1174 / 803 of 1000 / last-modified: 1648764434"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 01 Apr 2022 06:29:29 GMT

GET
H2 200 prebid5.14.0.js Show response
get.optad360.io/sf/ 460 KB
461 KB 6ms
6ms Script
application/javascript 2600:9000:206f:6800:11:a4de:2580:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.optad360.io/sf/prebid5.14.0.js
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/29c44d7c-8171-46d6-a484-9d3087559448/plugin.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:6800:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7109518959a6958168f639860050324f4f063fd1697f32677cf9d0180ab02453

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 17:03:32 GMT
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
last-modified: Thu, 23 Sep 2021 07:59:54 GMT
server: AmazonS3
age: 5750758
etag: "6dd0a13bde35d2daa452bba998871016"
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=360000000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-length: 471445
x-amz-cf-id: D8WuSCby-XTxHoZQ563bQKO13HXNUYqe_TvZnrN7PdyHY408n8W1oA==

GET
H2 200 checkabuse Show response
cdn.zx-adnet.com/ 56 B
389 B 236ms
236ms Script
text/html 151.101.1.195
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.zx-adnet.com/checkabuse?surl=https%3A%2F%2Fnor.vivit-tours.com%2F

Requested by

Host: cdn.zx-adnet.com
URL: https://cdn.zx-adnet.com/adx/abs.js?0.40633311099658154

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.195 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

8601386271d3ba06c1135a092613135c5da90b3732a8196e4761faf4b1afdc69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31556926
content-encoding: gzip
etag: W/"38-qno2VtKrKGrEkeWyGeNb55UMVvo"
x-cache: MISS
content-length: 65
x-served-by: cache-hhn4025-HHN
server: Google Frontend
x-timer: S1648794569.059478,VS0,VE230
date: Fri, 01 Apr 2022 06:29:29 GMT
vary: cookie,need-authorization, x-fh-requested-host, accept-encoding
content-type: text/html; charset=utf-8
x-cloud-trace-context: d0ecfce94e2e2a054fa06a914615b6e6;o=1
cache-control: max-age=3600,public
function-execution-id: 3t589givczg1
accept-ranges: bytes
x-orig-accept-language: de-DE,de;q=0.9
x-country-code: DE
x-cache-hits: 0

GET
H2

400

sync_cookie_image_decide
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9595.33nUVoUKSprDFwleL0L2jLyx-WaiPFcNxJGSDdtkJClMX4z0O6wurBvm7BIUfXu0.vz7mIiRVHdM19TfSJMZLptOrWrc%2C
https://mc.yandex.com/sync_cookie_image_decide?token=9595.fd3jPXpe43NP2TYyxE6BJRo7sh3SXkLI9UTmWw8AB9veZEfnqKTAekFr40u4L2HunuzzoPBJ4h7Mjc0CWwLikw%2C%2C.OrWmwuTmLifb4pntlflajpsjGYo%2C

75 B
75 B

42ms
42ms

Image
text/html

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide?token=9595.fd3jPXpe43NP2TYyxE6BJRo7sh3SXkLI9UTmWw8AB9veZEfnqKTAekFr40u4L2HunuzzoPBJ4h7Mjc0CWwLikw%2C%2C.OrWmwuTmLifb4pntlflajpsjGYo%2C

Requested by

Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:29 GMT
strict-transport-security: max-age=31536000
content-length: 75
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide?token=9595.fd3jPXpe43NP2TYyxE6BJRo7sh3SXkLI9UTmWw8AB9veZEfnqKTAekFr40u4L2HunuzzoPBJ4h7Mjc0CWwLikw%2C%2C.OrWmwuTmLifb4pntlflajpsjGYo%2C
date: Fri, 01 Apr 2022 06:29:29 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
160 B 41ms
41ms Image
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:29 GMT
last-modified: Wed, 23 Mar 2022 13:19:15 GMT
etag: "623af423-2b"
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 43
expires: Fri, 01 Apr 2022 07:29:29 GMT

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
1 KB 47ms
20ms XHR
application/json 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20220401

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f849c0d64329cb3d49cef3edddfbbd7df84d9b958d9e68b83ec9afe1caf9b38c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://nor.vivit-tours.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 01 Apr 2022 06:29:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 12493
x-jsd-version: 1.0.1297
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19158-FRA, cache-iad-kiad7000146-IAD
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"66d-sLfJVGkh4A2XfwS0LcWIR5xyM28"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 6f4f45493def0225-ZRH
access-control-expose-headers: *

GET
H2 200 localstore.js Show response
script.4dex.io/ 483 B
945 B 71ms
24ms Script
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:29 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 854014
x-amz-request-id: tx19d8ce819bcb496485a59-00623993cb
x-amz-id-2: tx19d8ce819bcb496485a59-00623993cb
last-modified: Tue, 22 Mar 2022 09:15:21 GMT
server: cloudflare
etag: W/"922cffdd75f7192f75231d92684885aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2biYfVkUgVyt55wOCR3LfVBshjpRhC05L9CknUKqL0jQlQoiUTUgTctrKNMwSy0MRyOusenfrHT814%2FBTmALKOTRww%2F5TRNYcySHsCG5%2FZwjqDsiUhq1bMGVCOVf%2BrZaxvRBgddb5UDQ7FlZ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=1800
x-amz-version-id: 1647940521027959
cf-ray: 6f4f45495ad90f72-MXP

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 36 B
332 B 51ms
26ms XHR
application/json 184.31.84.150
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=420039&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%22109efabe4915cd%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fnor.vivit-tours.com%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A2%2C%22msi%22%3A2%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%225.14.0%22%2C%22userIds%22%3A%5B%5D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2225181475e82c31%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22420039%22%2C%22sid%22%3A%22970x90%22%7D%7D%2C%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22420039%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A750%2C%22h%22%3A100%2C%22ext%22%3A%7B%22siteID%22%3A%22420039%22%2C%22sid%22%3A%22750x100%22%7D%7D%5D%7D%7D%5D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22optad360.com%22%2C%22sid%22%3A%224863746%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-31-84-150.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 6ee0bfda04e6823ffb728b82c8596884a82b9c48e5ba271ea2dfecce76dcbc9d

Request headers

Referer: https://nor.vivit-tours.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 06:29:29 GMT
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[217.64.151.9], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://nor.vivit-tours.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 36
x-ak-client-geo: 12
expires: Fri, 01 Apr 2022 06:29:29 GMT

GET
H3 200 pubads_impl_2022032106.js Show response
securepubads.g.doubleclick.net/gpt/ 364 KB
124 KB 22ms
7ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

8da979458600536726a4bfca5e105c96a405e0740c16e55a7d6cc59108706417

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 05:19:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4228
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126678
x-xss-protection: 0
last-modified: Thu, 24 Mar 2022 20:13:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 01 Apr 2023 05:19:01 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 79 B
102 B 30ms
16ms XHR
application/json 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=nor.vivit-tours.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

6a2562acb4f7f7865ccf874eba89d6194b4c6c2fdf2155bc61b000b118edae65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 01 Apr 2022 06:29:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 77
x-xss-protection: 0
expires: Fri, 01 Apr 2022 06:29:29 GMT

GET
H2 200 adagio.js Show response
script.4dex.io/ 72 KB
23 KB 87ms
52ms Fetch
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3373dca69883fd4d5298c955d822359a23e9c3658b63e06b483e251c10024f21

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:29 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: txfc7c6b8d2cdb48a3a207a-0062399558
cf-ray: 6f4f4549ee9359b3-MXP
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-id-2: txfc7c6b8d2cdb48a3a207a-0062399558
last-modified: Tue, 22 Mar 2022 09:15:19 GMT
server: cloudflare
etag: W/"f6062b9ed3c12dab430d5d33afafadb4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KK6Flki8tvriJgeC3ETlCuQsMLhMS%2BHiLLnrcgHvnbZLjiUENaNHZ%2BAlKBoaBIxLH9O9Wx37H0L1mLgGbzo%2F8VxkI%2FVdABg8WfofAF0XjImNS%2BTdZXXIWPVtqTCGi4p3KIprslYrW3mcRgZz"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 1647940519211847
access-control-allow-origin: *
cache-control: public, max-age=1800
access-control-allow-credentials: true
content-type: application/javascript
access-control-allow-headers: Authorization

GET
H2

200

1 Show response
mc.yandex.com/watch/54607900/
Redirect Chain

https://mc.yandex.com/watch/54607900?wmode=7&page-url=https%3A%2F%2Fnor.vivit-tours.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Auq3ipefhyn5rb8pyhvi%3Afp%3A1053%3Afu%3A0%3Aen%3Autf-8...
https://mc.yandex.com/watch/54607900/1?wmode=7&page-url=https%3A%2F%2Fnor.vivit-tours.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Auq3ipefhyn5rb8pyhvi%3Afp%3A1053%3Afu%3A0%3Aen%3Autf...

357 B
439 B

42ms
41ms

XHR
application/json

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/54607900/1?wmode=7&page-url=https%3A%2F%2Fnor.vivit-tours.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Auq3ipefhyn5rb8pyhvi%3Afp%3A1053%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A771%3Acn%3A1%3Adp%3A0%3Als%3A1471987952067%3Ahid%3A607905151%3Az%3A0%3Ai%3A20220401062929%3Aet%3A1648794569%3Ac%3A1%3Arn%3A848655455%3Arqn%3A1%3Au%3A16487945691054002384%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1648794567677%3Ads%3A0%2C34%2C924%2C1%2C61%2C0%2C%2C186%2C1%2C%2C%2C%2C1207%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1648794569%3At%3AArtikler%20Om%20Turisme%20Og%20Reiseliv%2C%20Anmeldelser%20Reise%20Magasiner%2C%20Aviser%2C%20Publikasjoner%2C%20Anmeldelser%20%7C%202022%20April&t=gdpr%2814%29aw%281%29ti%282%29

Requested by

Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

52708a3bfb7549674bbf71cf9fb0fa3f8622ba8ccd095a47f51dbb9fb83f120a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 06:29:29 GMT
x-content-type-options: nosniff
last-modified: Fri, 01-Apr-2022 06:29:29 GMT
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nor.vivit-tours.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 357
x-xss-protection: 1; mode=block
expires: Fri, 01-Apr-2022 06:29:29 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Apr 2022 06:29:29 GMT
last-modified: Fri, 01-Apr-2022 06:29:29 GMT
location: /watch/54607900/1?wmode=7&page-url=https%3A%2F%2Fnor.vivit-tours.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Auq3ipefhyn5rb8pyhvi%3Afp%3A1053%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A771%3Acn%3A1%3Adp%3A0%3Als%3A1471987952067%3Ahid%3A607905151%3Az%3A0%3Ai%3A20220401062929%3Aet%3A1648794569%3Ac%3A1%3Arn%3A848655455%3Arqn%3A1%3Au%3A16487945691054002384%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1648794567677%3Ads%3A0%2C34%2C924%2C1%2C61%2C0%2C%2C186%2C1%2C%2C%2C%2C1207%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1648794569%3At%3AArtikler%20Om%20Turisme%20Og%20Reiseliv%2C%20Anmeldelser%20Reise%20Magasiner%2C%20Aviser%2C%20Publikasjoner%2C%20Anmeldelser%20%7C%202022%20April&t=gdpr%2814%29aw%281%29ti%282%29
strict-transport-security: max-age=31536000
access-control-allow-origin: https://nor.vivit-tours.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Fri, 01-Apr-2022 06:29:29 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 82ms
32ms Script
application/javascript 2a00:1450:4014:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nor.vivit-tours.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4014:80f::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 01 Apr 2022 06:29:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 41ms
15ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nor.vivit-tours.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 01 Apr 2022 06:29:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
442 B 71ms
44ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_paw&pvsid=2742049786096701&vrg=2022032106&nw_id=121764058%5C%2C22613287251&nslots=1&eid=44752586%2C31066000&pub_url=https%3A%2F%2Fnor.vivit-tours.com%2F&sig=1&req=0&req_cnt=1&dm=8

Requested by

Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 06:29:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 20 KB
11 KB 392ms
391ms XHR
text/plain 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2742049786096701&correlator=1686204556195166&eid=44752586%2C31066000&output=ldjh&gdfp_req=1&vrg=2022032106&ptt=17&impl=fif&gdpr_consent=CPWwhXdPWwhXdAHABBENBACgAP_AAH_AAAAAHFNf_X_fb3_j-_59_9t0eY1f9_7_v20zjgeds-8Nyd_X_L8X4mM7vB36pq4KuR4Eu3LBAQdlHOHcTUmw6IkVqTPsbk2Mr7NKJ7PEinMbe2dYGH9_n9XTuZKY79_s___z__-__v__7_f_r-3_3_vp9V---wOJAJMNS-AizEscCSaNKoUQIQriQ6AEAFFCMLRNYQErgp2VwEfoIGACA1ARgRAgxBRiyCAAAAAJKIgJADwQCIAiAQAAgBUgIQAEaAILACQMAgAFANCwAigCECQgyOCo5TAgIkWignkrAEou9jDCEMooAaBAAAAA.f_gAD_gAAAAA&gdpr=1&addtl_consent=1~7.12.35.62.66.70.89.93.108.122.144.149.153.162.167.184.196.221.241.253.259.272.311.317.323.326.338.348.350.415.440.448.449.482.486.491.494.495.540.571.574.585.587.588.590.725.733.780.817.839.864.867.932.938.981.986.1031.1033.1051.1092.1097.1126.1127.1170.1171.1186.1201.1204.1205.1211.1215.1230.1232.1236.1248.1276.1290.1301.1313.1344.1364.1365.1415.1419.1428.1449.1451.1509.1558.1564.1570.1577.1591.1651.1669.1712.1716.1720.1721.1725.1733.1753.1765.1799.1810.1834.1842.1870.1878.1889.1896.1911.1922.1929.2012.2072.2078.2079.2109.2177.2202.2253.2290.2299.2316.2357.2373.2526.2531.2571.2572.2575.2628.2663.2677.2776.2778.2779.2985.3033.3052.3154&iu_parts=121764058%3A22613287251%2Cwomans-magazine%2Cwomans-magazine_SF&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C750x100%7C970x90&ifi=1&adks=4131343724&sfv=1-0-38&ecs=20220401&fsapi=false&didk=2136585547&sc=1&cookie_enabled=1&abxe=1&dt=1648794569322&lmt=1648794569&dlt=1648794568700&idt=499&biw=1600&bih=1200&adxs=436&adys=1200&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fnor.vivit-tours.com%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=0x-1&msz=728x-1&fws=644&ohw=1600&ga_vid=250406508.1648794569&ga_sid=1648794569&ga_hid=1105700150&ga_fc=false&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

7f1a13586c971a240a1605e4e26fe196c7d65d8d068a22c8c2b16a87a6e18de9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10769
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nor.vivit-tours.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame EDCF 6 KB
4 KB 84ms
15ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Apr 2022 06:29:29 GMT
expires: Sat, 01 Apr 2023 06:29:29 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
10 KB 35ms
20ms XHR
application/json 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022032106&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ebfea51aab04d9ae4016336b9d275b5b44a131f4d0f1d4cd88b14e3207e77170

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 01 Apr 2022 06:29:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10659
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 56ms
21ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 01 Apr 2022 06:29:29 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 5045 13 KB
5 KB 23ms
7ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 1632
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Apr 2022 06:02:17 GMT
expires: Sat, 01 Apr 2023 06:02:17 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame AFC8 783 B
1 KB 38ms
17ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b9cc4e6545e11c8744c0bcf2bb607032327744078ebbf13a96ab2671bcee2e94

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-MkGI7OtBbpBJwaSQcoMCJA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-MkGI7OtBbpBJwaSQcoMCJA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 01 Apr 2022 06:29:29 GMT
expires: Fri, 01 Apr 2022 06:29:29 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 FyXTnIqgf3MR1shnyKQtc5k9nN1KItMFAbgv4xYT2II.js Show response
pagead2.googlesyndication.com/bg/ Frame 5045 35 KB
13 KB 23ms
8ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/FyXTnIqgf3MR1shnyKQtc5k9nN1KItMFAbgv4xYT2II.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1725d39c8aa07f7311d6c867c8a42d73993d9cdd4a22d30501b82fe31613d882

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 22:49:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27581
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13680
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 31 Mar 2023 22:49:48 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame AFC8 0
0 50ms
48ms Image
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022032106&jk=2742049786096701&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 5045 0
9 B 6ms
6ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?_FwHXA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 container.html Show response
d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3570 6 KB
3 KB 21ms
7ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Apr 2022 06:29:29 GMT
expires: Sat, 01 Apr 2023 06:29:29 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6803 3 KB
2 KB 42ms
19ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJD8NRDO0zYYgPCExgEwAQ&v=APEucNUbLNc7rPp0Fr2yl8qg7h4gDXwPXieeC_50a9iRR74WI3Qb-odVRxo_QKO4NaWDI69_Q5rzRJ_5TdlbNxxjpqa4BVm9xUbsW5LLb38W1YX-j2MaUdlWCZ2hXw1YPS2IR4-MyCA-4vZzXUiBavHj5zIsy2J9Sfe8Ox4I_Fg7JVGDC0YpsoyTyk4tPrZ1PZRTlfRLJ7xjmf1ubGSQTiIZT6pAOcAQ9rp2KuaxKBGlX7hJkgIjOfCrTr0n5cagHYXFbBdFiSJ8T5kYxYfRHw1lVfWhQETcOlQR3s63qW8VHxqFuBT-s7SmfvNd8iv-6svH6Akyw7ou58V1N9MwUXtFvtGnb8PjqCOQnYuS3sD9La6izlREBngPG9OghRGbYWnR0VD9zPB4MMoo6vWrCRJH8g80zyFfvjkpRmgoL4chh8Cu1gig5ez2zvh7bMctK5FNxs0nsiQ-uoHdKZW3i1xM5CgVh-dKRSzO4W-XfkNCNSH6Jr_mYUcqxEDy7Dlk1pZa7s2oQWRDEChP-l939qN0X3tOTsYp3RnSMAb-uBoueQlB9SpWkydF_JJ7VFmPVkrUXFXngBijk4uPWkNDK7zgagxwy1nCzAizjQXs4diwQCCWcIEVbCpmvU4qQvqgJqniOTSh-z69y9V2Sb_x2Dd8XXHSxS2Ww_27y_EQLgHEgIwC5YbHzF5C_GcEVaolS8tBYB_I_YhV6aJekPhp7-zY3p-M_7FEna_EY_g7w5wJ438_3mLvmeV7JUTb8Ew5CoN_dJZlbpto0_n9EqCtYB3HzxEliQLOG54RVLNrTGAFzgbo2uuYqyRdDSgsOBlxPFZoB-pVBHIyExcJPg4biqwSkMUFAMBYUyI15oM9ljtUyo3l8_DbJu3ZoLZRcnxSB-CmcR5E3rzz3kMsWLcJmWyHGtPpt24yZIQvLHDc1JI4hjpicatNhkFZo4aXr7DCpzprOoQ_6LVAoKijKWQyF7kE-cXLqS31mp_16NV8TP14D-lbvtFgkFPc8IN4zZFyNlxMtNhd1UQEhJYlJe42TRKnJszzRbB71g

Requested by

Host: d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com
URL: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ec0b56aab6c20b0764fdcc1b9220a915bb416063aaef8c9425fd06afc3cc2f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 874
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Apr 2022 06:29:29 GMT
expires: Fri, 01 Apr 2022 06:29:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 3570 27 KB
16 KB 72ms
51ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DXse-h_omFNcdkWa2V4ITxG5FFsywhACH01LHLgEffvyvwwyDtQneMOncoQNjRl4mXdeWo5pRUeirGosjy1LWxwzEORQMoNVG3TAQgyCOc4tVb6CkGqjbJUaBYwiMakFoah6wepRKwgM96fXnd2LN-2XzquQ&cry=1&dbm_d=AKAmf-AZ1ygKT6ZPAWUSIfZc61Tw4VBzIWsz7YrCn-LyEW_WaUO7p3xeK0xSN3LiFvtms9Y5rsJvUj8LqIZIXOSMHkdWxEO0dT9ky1qkkY4azeYLsZdpuEHJZgxhdY9AOdUSoFuTcdT3ZQ1BFrSTyS_qGL0w4pLamDvoptcg72gh2EWTXZFM4ft7vj8bVvu1jIawUxSrzigZi9UvWILAUDd4c7qIOMX8UaOJQuEupM1GG22KCGa2gDWUyW09PI1BslG_Lctc77NxbOewZeVb5bSGrQPDyNgMjGRh_tRjtYuccF4OU8zRsnGzXwEVBBEUqEGeUwaoILOLy4-IEcgCr_Xc0sWZhQ0Ufk3sSu55ujEW9U_VwijVmNxmtZsw8hBxbhfxrNjHo_VwTA2bqO9UF_L6mSX7ZsVm1K1xcHeTQA0EAsc4OJxwRXdqkNLJaAknbQQfpnnDaGmejB7UqaLqqbKL_iuwmFGhbNCIdqfBmQBtWliKVTb0QLFH-7vm8BFGF_VFs2G86WkiU_wR2KTKo3LNUT9IeNoVo4SLdBoGD9r1DFQSrhr4dGMJ6q1fMo6haOPiRJzBq7vXsGviaxZzyVE5WX3obkfQf6E0V1O2KhmxgdzDu5k7VJy4OOx_Araj1krdN6OuXYmZ2M0wjX7nkiogcedd_3Q_KdEBAzddoxSOYGJ5qDQHx_S-F1PqofqzWXw_g0wZVAuP0_C5QYTgJxOaXINKGIgFWncw2LK8lVjiWjIycKe82w1_GaXRLXlDTzvDwOD2xSBrOc07fGMnalJWZUPKdQSdmoGxMzE6wloTCQC4oAfMFVbJzaH7tYjVNjMAUgIjFJjVuOK42HwOA6NOhu9tMVF4m5AHqSJzvOE1VHyX_3o3Xqk3m4vxaobJypbhNMpTvyGDTAw9GrTSB-VK7uZUH6Zc76End_GO99RUgRj4kdZsIk7F1O-s3Rg7LIS90QrYEa8ulvPbW2rrC0UHbqrJRfW8LVdgqM2umc2ye-GDWK6e__fPuonvqP1b9ioVjj9XJWnfBjLZpEkiOE_0PGm8LO-822HwyL4oi6c2t2i4cduVvNp6O815bWW5JyK8M_BZBB5H6zdp07Nw_4NPRmQL87H5eLi8ob88QzvQXuwuqJIEtJ7JgV9tQDR7BxijkxukwiJPsorQlvoFTDKWjmeiHerb3Gr1987IdCVpe5n0soNTjmOmEFqTCvg3kpcJtnvoiluD-8SkvWUVsy2TTwnDtlsnUhohG0YLM13pk-LZ0asKCxqvjiFoViPCdRkPYIJQIEoeWrq45v768yL9GQx74qStWqrx0n_GbIXLIFUK6P4c7Z-CasR7ZXacECGZAhxGThNll_Nk3wzXJWC3WVh9Sc0JySvc-uJrWdjRrPQEqBDH3RNHmwERo0Vcud2VmelaXsmB4FEmPGkOhyvdXAWImu_kOK6hcZKT5TAu6FaO2YB92-11wcRjpVNSK5agn2eteP19XfroD379tnZCIhP7YKWkc6p02fLzRbcZ9EBTw0itP102enTv4n6rkWMtuAqb19hMJGJCJC31nsFk-FYQ3UM6-bQaaqTnGVH93got9X_vKqOetv32iYVtYBJp7AaDLvjQYSKCzIzSQbn1MgqM56pDfHxEMB5EeMW-hspmOuMhzcTfeLjRYDm0O8dr3e4adN-u6_ODtdSFxT5lFeDU7KDXgO5Cw5kcU5ZdLYk4dU24z3niwkUl7TmFfuR3q_HKrudCkzGCeewCF7pwEyP1oemS6sgEQj9qXoH37Reo5A77rLpa-oeL4HC50gtyCp8ElcJ6qGfJSl0Rdn_QCy2AWMzxgzZdPoaugZFyvmOvcBhtyHcpHcLyKRRSNyLyM4my9DFFehbmx2RncR8VIpRvcPadkQKRqWzAIei9kX5ttTCt4EfWiq6VXqqezxCp3Q2qYqzhcNyQ-OKlwcgOxt9e7anxWHvjqf_dSP_EBgFNZ1ArP_iA7zRkrAPV7TPVXE9i5oZiojs4oqa3a94EnFQSpCGUSOOhrWJac_FlXrw31hka-XPxp06I-LJPgeU87qt_fE2dkutiwRhnI2lW-8H0OtdUm6Hu8LVqTmcqPxOV7qIubZco7xbxg0NeTADmQAzsZXjXQMvcQMpsWv4Qqaq8HQZ1Pyst6HxJGxq2GifT7ANMrp8f4T3pCIOF_UvIyvIDWDWFtS_pMmuZB7Q7Sxlr0cpZ3fvo2w7KSDYO8m0yTS16nMtIjEJOlvwCtgigme8UsKXojSsYhYGNIlBV8s_QMuOuGrli9RjV5i7LFzYsvL1U7f0MV-QE0MHxToB0puNMw3jS7wrwNcF7CKy7jSj2BBMrD0uCLMWLcTyvMQN4IUMLnxCtPGP7Lu61O3P7m4QqGxiq-Bb5FZc-hXg59W3HtEGl2vmgwtbT_9C_rMi6PO-9fCGXUA2WikJCxeTYwHySvW1NLbCh6zzqqVIhmd3PSLljFgMPq7chPwCTLg1TNaSZrT42aysKaOlc2CYMPn2FlRqpR4e-qP0CtZiE4qefSL7tBHn1y9xYQ0Adu_bKjOresb4WigMtXCJ2nJxm7bqvobadKO5ragfOiP0GQ7NPXI9lQmbk59U7gPIBNTFOCPJVMTOp6k8A0TGU_r9x1dA8mN_SUedohfV2xjtujsKrxQXmp4yHTqQeV1brkDNaDgeRhOETS8g_A73nw5K4vs5eU4emIjtcDYYv38ZxpOg0Yc9AFGREx1LJGikb63AF9soJsX_CBSaH3pg7vPRX_G6ESrleX0tZzcV31ysDU1azUmpvc4S7C8_K5vYypx-sTNR3ux7uS2WWMatd2wdZZOuOT1SHWEjpozh9zGtazt2MiY389oVgA6b64j84-Ok-zWKtIhbPzF9HUwXSCCBgeL9IuK-Ytif9DCcQJHDkzTBqNTT1TsJkrJIQrm9Oa3Y38FgE9N6j5dSLxQWh9BGIYTPCtLdhJBACAM0vZrc17o94BgOLh95GvdInbt3rFVt15TL0I1LpJAELKhAW6poABX4PP40wrP8CToVWN8YX5IdwEkfxJmZBDVHWjn5hSgX4PchsIhZkw-iEVZ02MYoflYAEAgRfh7BGf0-B5PmNxrvDP4_gljIWlcCN_GzT8rzmb3ufShH_cFIqrUXnSIkGF4PuNVXBgtJfNF57FU_Z65XAsEa7wl16VY77-N33kt1oVI0JbQoV8T8aoI7r2fFFVnB-kZhag_ynxwRYhWZANPIiiz9_A4C4M7UfcLNJj6qfoDfe5nRylbWiN00eTmLgyvjkmue0EiSMKMgR7vkk1sA0QCEqO8OWxR4iaKbuRkTZaZDzYs6_kh9FEiQ4Hf6cyW1ZhVuTWNNj1BqicCKEm2XeF4fI03p5YzqzWlVeFH3YfgIsRmJYlhCz9Je7VVnEqohG4dwwtXaegJ2A920ufGF_-NDMi6BDKXW0QPdt6nox8D58qjYYCdtT8GGNUvtU1DAzxJOpDM_0Su35m7LTpHTKlCpUJfsQ7Ow2Ts6-O_MhCbevQCQiXKIIR7VL4QGDEB_IzZcs29jNvvNQWPw0UdfjaP9j5PsUcSQIOw3waZrvtF9miNpZACjna0Q59e2UkkzuCytRfiolbKXgDYxwfNZv0Ivp-KYBfnu4Cl7O_P_2knF0RJI1FPFKkR19pWIvkwf1PhSw_bBojC7I2yWxevFgPbf9jneGmP91tkLd3nxeWL3NnP7oCBF8iOGjEmr8ojNjtG9OIC-ysOxOYzf3PPav3R24NnFIwYmg3NTqP_rzHANKReRYdAokuc5hfogJJy3Xq3WGA5DXK_1MbJA90yjndTE43ECGxT8umeBGF0hUi_-RxUQynI8ehhLkITMeISGGTHcXmn7XHFXmDKE9N2Ym6MfXTTKeWH0XERSQc4vqWwbNMce04r_noT6q5VqvBCZDVQQKZ5NwaR3L_81eaWHTI5PFfmPjy2kYl9iIBjd5-i0HO1nw1cPyq_YR39cnID5JfFwJmR86Lk1vB8wAjmw48QwQjN52uY8xw3no71o2d3y_jM79pqgTn64QEgUDvI9anSsFOTS_-8N8cAOi05Blv17RVIv9SdQr38GEUfXKD-S6pE1b7ByHqM1md5qQbK-CWM71hbZ9D4ZEObuTX7EVAxbWq-3m_HiLKajIbUWFvB_ewrsP6sUIUSL2rN6XDckC4yGBE_Kp3GaCUnLqr3zof9TFNxj5P8WLjVH-g_0RUSNK8HBB8rUi2a8kYvp0keIglEzkywGUU1bCdDKmdx80MFsq8Ve4djQ6sbNOvPJGSh_TYLjG-2bguzdVo0OqYnp4QOKmnAK_0G9616bVVUShGros7RPOzLld0Ckfp6FgGjsH9q3SaTBOqpP79uA6WQ4MsA5XzsJAa6i1_Nd7BMkDdy8vWMIOGI2IRzjqjXtg7HxBzcG2DfuMwnX5jR4f_HoM8vLeVQIHiCT2LXmICOEThbKmT7gxVyGwhh9rvsnSNsyCetoAVNogy7djOFPdjBxnK4xp2DkmpmD3bPmPlknC3QT-HdPmGkAiaEdt94xU00-yyOcWQ6-zj76Y61_0budwJ0o_CC4vRCczIF7Egim9gLgfp-qntid6NFMZK-PkzNF_qNLF8j7au_IpLUIyK4sJSs-8_NOhYT-i92r1uDHOnQFFynhMJw_0ApaUTALxilRHF4T3DAUmn0xF_dAaBvzuizXfFUaFDclRH0tuadRerSIONxes_BIK3q0sHzyq-z4rebP0IqXalfj4KsfVxRaUoFaLrdrTkouHSXAqRVn62RV14BvyaEXum-aYQyb1jGleF6ErKV23_nTwSfg90qlIji5hn4vvdzed25VRwrBvUOPfgpV_8ZHJJrNP4_EApn67UZrU8Aa4uhqSfRhUeAQfH3PdSz9v9QVPgE3eOatNJ3uFD7FcNMt96K8MpcHfdkxTI88cqD74MfA3_iqffHVHGKlZKG2dlmVjDUn3M5Rn7TwQFqOZcZQsv2U8bYztlWUjfEzEW60gdO7CjGic4txeQ7e6lOJQonHIX7Jqlnrgl2LeCzjF654bG65mpl985FHNdAI&cid=CAASKORo8Ui9ONjfYyHL9OUnKy9ob11diDXgTiF1VwSAhWFcQF3-a-_goqg&rfl=1%2Chttps%253A%252F%252Fnor.vivit-tours.com%252F%240

Requested by

Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c16d965083b855b4af8456b4ce7c07900b4b60caeaf38450772e2d901a2e022e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 06:29:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16357
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3570 42 B
63 B 40ms
40ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CAHRjbBmMcYtQ21lQDNmA5Ay3Ks0723R4hq41H8eEm3Hb36mhfEyotRtqrWTfeWZ03VtKSz1SdBLkMLuMH0APHkpn_wJkPlZgF9Lb7ThshJ2cvZIw

Requested by

Host: d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com
URL: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 06:29:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
a1.adform.net/adfscript/ Frame 3570 2 KB
2 KB 101ms
18ms Script
text/javascript 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://a1.adform.net/adfscript/?bn=53999488;click=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CBF7XyZtGYvKMF6OZrAT42LWoCKi4z-Bo6sTlvvkPm_PHhMkvEAEgqoDDImD7gYCAlAqgAZOmj74DyAEJqQKwIkgWfZKyPqgDAaoE8AFP0PxloDABbBLpYF4AjnBRoP5M5u7lQCjH61grS-FL0WRqsJMiZamCyZDX_ZvBpvDATGQn__jNyADAX51JmPTgTQkXO7nsoLLEEYuFmliyvLpYuy0r7dar5uEl5hq1oYU1R08YY0HUHF8LC_1HdrnC9hKASborP2j3-bpHeIGqeqTJUaAHaYrnH0NmqhF1Bv8WtSVklQUHDo0m5GsbfUlj467RyGURm74S5ge3uMpdHUijAEAw_L9IxjYgPPSvUgWwyRMK8yaFUt1VIFdglmwqPlFhHAVYjyWN26GKxbaT4f1fRAYtAvaZSpBpXHlbVv_ABJ2N1IfzA-AEA5AGAaAGTYAH1dnwQagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tMzY0MTIwMzE4ODU2ODI4OIAKA5gLAcgLAYAMAbATorbfDtgTDdgUAdAVAfgWAYAXAQ&ae=1&num=1&cid=CAASKORo8Ui9ONjfYyHL9OUnKy9ob11diDXgTiF1VwSAhWFcQF3-a-_goqg&sig=AOD64_3B1beX_sPfKJdQYvTb9S3q1qRC7g&client=ca-pub-5512390705137507&dbm_c=AKAmf-DX3c8b5Yy8rO8UDeld1rDC5qvEg9jlJg47xmz03TPKFmRu-hCk1nPB1x9ghUIUeCuJtqiiw4F5qBOI3s_12Aof2au7golTl-krMKx2U6AQpf8DNRIphqxNp4YhFWCSMmEv6do8qu5qLDbtU3jOi2fwwKlBqQ&cry=1&dbm_d=AKAmf-C6CzIWdH3vD0R8ecaVhRxJUrMoU09ZsfcSzjXZS0Ts5agB8HcajNe6T-MecBk2CRLHpmbBlvlFE5qXXhUzlqmg2aL4i_F_u5sYx6P_2eJc_poYdmk2tHM5D8tLJeZhylugphZ1bpgphZnjjSELi8hsn0CnYLcYlBwkQ5QKaa-aPuxOk9zbd7nC6CbvJ04QwHfb-SSD6ieaidVfrqoXiGOA6DnDeaITpxftSWIHsF8SblfpTbGDmS4jrfY_33wICs_8NcLVQjXP4aKJmwDaRfHbMr2Bh_KUpvj3ei2Rh0bHGZJ4KTPPEIRk4DDFrSMAr_kmXH_kFLhlcCJO5yBdhJL40xbKX3BPyILNXy9-1acBHsXfHANgt0_8TK1fdvTX8cx_hMsYO3-AYRE8aSADocDZ_RdOiWYkydxzLRVKeQVvkaje2K2tRxEeeZuqZBz1KHa_TH7ZPILg_9enQXODKCn94eafmQ&adurl=

Requested by

Host: d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com
URL: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

c8a196ead786324a0446ddced514335d5955630415d8a0ba6aa7b131f4e774e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 06:29:29 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 2146
expires: -1

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 3570 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/window_focus_fy2019.js

Requested by

Host: d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com
URL: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 05:42:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2822
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Apr 2022 05:42:27 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3570 119 KB
37 KB 62ms
27ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com
URL: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 01 Apr 2022 06:29:29 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 3570 15 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com
URL: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Apr 2022 06:29:22 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6803
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=1&gdpr_consent=CPWwhXdPWwhXdAHABBENBACgAP_AAH_AAAAAHFNf_X_fb3_j-_59_9t0eY1f9_7_v20zjgeds-8Nyd_X_L8X4...
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL8lNz0JQfhJTpPGstHDzow&google_cver=1&gdpr=1&gdpr_consent=CPWwhXdPWwhXdAHABBENBACgAP_AAH_AAAAAHFNf_X_fb3_j-_59_9t0eY1f9_7_v20z...
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL8lNz0JQfhJTpPGstHDzow&google_cver=1&gdpr=1&gdpr_consent=CPWwhXdPWwhXdAHABBENBACgAP_AAH_AAAAAHFNf_X_fb3_j-_59_9t0eY1f9_7_v20z...

43 B
1014 B

21ms
21ms

Image
image/gif

23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL8lNz0JQfhJTpPGstHDzow&google_cver=1&gdpr=1&gdpr_consent=CPWwhXdPWwhXdAHABBENBACgAP_AAH_AAAAAHFNf_X_fb3_j-_59_9t0eY1f9_7_v20zjgeds-8Nyd_X_L8X4mM7vB36pq4KuR4Eu3LBAQdlHOHcTUmw6IkVqTPsbk2Mr7NKJ7PEinMbe2dYGH9_n9XTuZKY79_s___z__-__v__7_f_r-3_3_vp9V---wOJAJMNS-AizEscCSaNKoUQIQriQ6AEAFFCMLRNYQErgp2VwEfoIGACA1ARgRAgxBRiyCAAAAAJKIgJADwQCIAiAQAAgBUgIQAEaAILACQMAgAFANCwAigCECQgyOCo5TAgIkWignkrAEou9jDCEMooAaBAAAAA.f_gAD_gAAAAA&addtl_consent=1~2316.1097.1712.2575.1230.1651.486.540.2571.317.867.1205.1449.338.1870.2373.162.144.482.241.1201.1564.108.259.440.1889.839.1810.2299.415.1558.167.149.494.1878.2572.1364.1716.817.587.1842.2072.1033.1051.864.2985.3154.1365.2253.1570.1419.1721.495.2109.272.574.326.1577.311.196.70.1415.1929.1127.2357.2526.2677.491.2202.2177.1591.1276.93.449.733.323.981.1186.1765.122.780.1301.1215.2628.3052.938.1031.1290.89.1092.1725.1211&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJD8NRDO0zYYgPCExgEwAQ&v=APEucNUbLNc7rPp0Fr2yl8qg7h4gDXwPXieeC_50a9iRR74WI3Qb-odVRxo_QKO4NaWDI69_Q5rzRJ_5TdlbNxxjpqa4BVm9xUbsW5LLb38W1YX-j2MaUdlWCZ2hXw1YPS2IR4-MyCA-4vZzXUiBavHj5zIsy2J9Sfe8Ox4I_Fg7JVGDC0YpsoyTyk4tPrZ1PZRTlfRLJ7xjmf1ubGSQTiIZT6pAOcAQ9rp2KuaxKBGlX7hJkgIjOfCrTr0n5cagHYXFbBdFiSJ8T5kYxYfRHw1lVfWhQETcOlQR3s63qW8VHxqFuBT-s7SmfvNd8iv-6svH6Akyw7ou58V1N9MwUXtFvtGnb8PjqCOQnYuS3sD9La6izlREBngPG9OghRGbYWnR0VD9zPB4MMoo6vWrCRJH8g80zyFfvjkpRmgoL4chh8Cu1gig5ez2zvh7bMctK5FNxs0nsiQ-uoHdKZW3i1xM5CgVh-dKRSzO4W-XfkNCNSH6Jr_mYUcqxEDy7Dlk1pZa7s2oQWRDEChP-l939qN0X3tOTsYp3RnSMAb-uBoueQlB9SpWkydF_JJ7VFmPVkrUXFXngBijk4uPWkNDK7zgagxwy1nCzAizjQXs4diwQCCWcIEVbCpmvU4qQvqgJqniOTSh-z69y9V2Sb_x2Dd8XXHSxS2Ww_27y_EQLgHEgIwC5YbHzF5C_GcEVaolS8tBYB_I_YhV6aJekPhp7-zY3p-M_7FEna_EY_g7w5wJ438_3mLvmeV7JUTb8Ew5CoN_dJZlbpto0_n9EqCtYB3HzxEliQLOG54RVLNrTGAFzgbo2uuYqyRdDSgsOBlxPFZoB-pVBHIyExcJPg4biqwSkMUFAMBYUyI15oM9ljtUyo3l8_DbJu3ZoLZRcnxSB-CmcR5E3rzz3kMsWLcJmWyHGtPpt24yZIQvLHDc1JI4hjpicatNhkFZo4aXr7DCpzprOoQ_6LVAoKijKWQyF7kE-cXLqS31mp_16NV8TP14D-lbvtFgkFPc8IN4zZFyNlxMtNhd1UQEhJYlJe42TRKnJszzRbB71g
Protocol: HTTP/1.1
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 01 Apr 2022 06:29:29 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 01 Apr 2022 06:29:29 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 01 Apr 2022 06:29:29 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEL8lNz0JQfhJTpPGstHDzow&google_cver=1&gdpr=1&gdpr_consent=CPWwhXdPWwhXdAHABBENBACgAP_AAH_AAAAAHFNf_X_fb3_j-_59_9t0eY1f9_7_v20zjgeds-8Nyd_X_L8X4mM7vB36pq4KuR4Eu3LBAQdlHOHcTUmw6IkVqTPsbk2Mr7NKJ7PEinMbe2dYGH9_n9XTuZKY79_s___z__-__v__7_f_r-3_3_vp9V---wOJAJMNS-AizEscCSaNKoUQIQriQ6AEAFFCMLRNYQErgp2VwEfoIGACA1ARgRAgxBRiyCAAAAAJKIgJADwQCIAiAQAAgBUgIQAEaAILACQMAgAFANCwAigCECQgyOCo5TAgIkWignkrAEou9jDCEMooAaBAAAAA.f_gAD_gAAAAA&addtl_consent=1~2316.1097.1712.2575.1230.1651.486.540.2571.317.867.1205.1449.338.1870.2373.162.144.482.241.1201.1564.108.259.440.1889.839.1810.2299.415.1558.167.149.494.1878.2572.1364.1716.817.587.1842.2072.1033.1051.864.2985.3154.1365.2253.1570.1419.1721.495.2109.272.574.326.1577.311.196.70.1415.1929.1127.2357.2526.2677.491.2202.2177.1591.1276.93.449.733.323.981.1186.1765.122.780.1301.1215.2628.3052.938.1031.1290.89.1092.1725.1211&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 1138
Expires: Fri, 01 Apr 2022 06:29:29 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6803
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=1&gdpr_consent=CPWwhXdPWwhXdAHABBENBACgAP_AAH_AAAAAHFNf_X_fb3_j-_59_9t0eY1f9_7_v20zjgeds-8Nyd_X_L8X4mM7vB36pq4KuR4Eu3LBAQdlHOHcTUmw6IkV...
https://dsum-sec.casalemedia.com/rrum?addtl_consent=1~2316.1097.1712.2575.1230.1651.486.540.2571.317.867.1205.1449.338.1870.2373.162.144.482.241.1201.1564.108.259.440.1889.839.1810.2299.415.1558.16...
https://cm.g.doubleclick.net/pixel?gdpr=1&gdpr_consent=CPWwhXdPWwhXdAHABBENBACgAP_AAH_AAAAAHFNf_X_fb3_j-_59_9t0eY1f9_7_v20zjgeds-8Nyd_X_L8X4mM7vB36pq4KuR4Eu3LBAQdlHOHcTUmw6IkVqTPsbk2Mr7NKJ7PEinMbe2...
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECB12wi8_O3rZ4VMDduQp4w&google_cver=1&gdpr=1&gdpr_consent=CPWwhXdPWwhXdAHABBENBACgAP_AAH_AAAAAHFNf_X_fb3_j-_59_9t0eY1f9_7_v20z...

43 B
894 B

22ms
21ms

Image
image/gif

23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECB12wi8_O3rZ4VMDduQp4w&google_cver=1&gdpr=1&gdpr_consent=CPWwhXdPWwhXdAHABBENBACgAP_AAH_AAAAAHFNf_X_fb3_j-_59_9t0eY1f9_7_v20zjgeds-8Nyd_X_L8X4mM7vB36pq4KuR4Eu3LBAQdlHOHcTUmw6IkVqTPsbk2Mr7NKJ7PEinMbe2dYGH9_n9XTuZKY79_s___z__-__v__7_f_r-3_3_vp9V---wOJAJMNS-AizEscCSaNKoUQIQriQ6AEAFFCMLRNYQErgp2VwEfoIGACA1ARgRAgxBRiyCAAAAAJKIgJADwQCIAiAQAAgBUgIQAEaAILACQMAgAFANCwAigCECQgyOCo5TAgIkWignkrAEou9jDCEMooAaBAAAAA.f_gAD_gAAAAA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJD8NRDO0zYYgPCExgEwAQ&v=APEucNUbLNc7rPp0Fr2yl8qg7h4gDXwPXieeC_50a9iRR74WI3Qb-odVRxo_QKO4NaWDI69_Q5rzRJ_5TdlbNxxjpqa4BVm9xUbsW5LLb38W1YX-j2MaUdlWCZ2hXw1YPS2IR4-MyCA-4vZzXUiBavHj5zIsy2J9Sfe8Ox4I_Fg7JVGDC0YpsoyTyk4tPrZ1PZRTlfRLJ7xjmf1ubGSQTiIZT6pAOcAQ9rp2KuaxKBGlX7hJkgIjOfCrTr0n5cagHYXFbBdFiSJ8T5kYxYfRHw1lVfWhQETcOlQR3s63qW8VHxqFuBT-s7SmfvNd8iv-6svH6Akyw7ou58V1N9MwUXtFvtGnb8PjqCOQnYuS3sD9La6izlREBngPG9OghRGbYWnR0VD9zPB4MMoo6vWrCRJH8g80zyFfvjkpRmgoL4chh8Cu1gig5ez2zvh7bMctK5FNxs0nsiQ-uoHdKZW3i1xM5CgVh-dKRSzO4W-XfkNCNSH6Jr_mYUcqxEDy7Dlk1pZa7s2oQWRDEChP-l939qN0X3tOTsYp3RnSMAb-uBoueQlB9SpWkydF_JJ7VFmPVkrUXFXngBijk4uPWkNDK7zgagxwy1nCzAizjQXs4diwQCCWcIEVbCpmvU4qQvqgJqniOTSh-z69y9V2Sb_x2Dd8XXHSxS2Ww_27y_EQLgHEgIwC5YbHzF5C_GcEVaolS8tBYB_I_YhV6aJekPhp7-zY3p-M_7FEna_EY_g7w5wJ438_3mLvmeV7JUTb8Ew5CoN_dJZlbpto0_n9EqCtYB3HzxEliQLOG54RVLNrTGAFzgbo2uuYqyRdDSgsOBlxPFZoB-pVBHIyExcJPg4biqwSkMUFAMBYUyI15oM9ljtUyo3l8_DbJu3ZoLZRcnxSB-CmcR5E3rzz3kMsWLcJmWyHGtPpt24yZIQvLHDc1JI4hjpicatNhkFZo4aXr7DCpzprOoQ_6LVAoKijKWQyF7kE-cXLqS31mp_16NV8TP14D-lbvtFgkFPc8IN4zZFyNlxMtNhd1UQEhJYlJe42TRKnJszzRbB71g
Protocol: HTTP/1.1
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 01 Apr 2022 06:29:29 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 01 Apr 2022 06:29:29 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Apr 2022 06:29:29 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECB12wi8_O3rZ4VMDduQp4w&google_cver=1&gdpr=1&gdpr_consent=CPWwhXdPWwhXdAHABBENBACgAP_AAH_AAAAAHFNf_X_fb3_j-_59_9t0eY1f9_7_v20zjgeds-8Nyd_X_L8X4mM7vB36pq4KuR4Eu3LBAQdlHOHcTUmw6IkVqTPsbk2Mr7NKJ7PEinMbe2dYGH9_n9XTuZKY79_s___z__-__v__7_f_r-3_3_vp9V---wOJAJMNS-AizEscCSaNKoUQIQriQ6AEAFFCMLRNYQErgp2VwEfoIGACA1ARgRAgxBRiyCAAAAAJKIgJADwQCIAiAQAAgBUgIQAEaAILACQMAgAFANCwAigCECQgyOCo5TAgIkWignkrAEou9jDCEMooAaBAAAAA.f_gAD_gAAAAA
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 703
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 6803 170 B
502 B 41ms
20ms Image
image/png 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm&gdpr=1&gdpr_consent=CPWwhXdPWwhXdAHABBENBACgAP_AAH_AAAAAHFNf_X_fb3_j-_59_9t0eY1f9_7_v20zjgeds-8Nyd_X_L8X4mM7vB36pq4KuR4Eu3LBAQdlHOHcTUmw6IkVqTPsbk2Mr7NKJ7PEinMbe2dYGH9_n9XTuZKY79_s___z__-__v__7_f_r-3_3_vp9V---wOJAJMNS-AizEscCSaNKoUQIQriQ6AEAFFCMLRNYQErgp2VwEfoIGACA1ARgRAgxBRiyCAAAAAJKIgJADwQCIAiAQAAgBUgIQAEaAILACQMAgAFANCwAigCECQgyOCo5TAgIkWignkrAEou9jDCEMooAaBAAAAA.f_gAD_gAAAAA&addtl_consent=1~2316.1097.1712.2575.1230.1651.486.540.2571.317.867.1205.1449.338.1870.2373.162.144.482.241.1201.1564.108.259.440.1889.839.1810.2299.415.1558.167.149.494.1878.2572.1364.1716.817.587.1842.2072.1033.1051.864.2985.3154.1365.2253.1570.1419.1721.495.2109.272.574.326.1577.311.196.70.1415.1929.1127.2357.2526.2677.491.2202.2177.1591.1276.93.449.733.323.981.1186.1765.122.780.1301.1215.2628.3052.938.1031.1290.89.1092.1725.1211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJD8NRDO0zYYgPCExgEwAQ&v=APEucNUbLNc7rPp0Fr2yl8qg7h4gDXwPXieeC_50a9iRR74WI3Qb-odVRxo_QKO4NaWDI69_Q5rzRJ_5TdlbNxxjpqa4BVm9xUbsW5LLb38W1YX-j2MaUdlWCZ2hXw1YPS2IR4-MyCA-4vZzXUiBavHj5zIsy2J9Sfe8Ox4I_Fg7JVGDC0YpsoyTyk4tPrZ1PZRTlfRLJ7xjmf1ubGSQTiIZT6pAOcAQ9rp2KuaxKBGlX7hJkgIjOfCrTr0n5cagHYXFbBdFiSJ8T5kYxYfRHw1lVfWhQETcOlQR3s63qW8VHxqFuBT-s7SmfvNd8iv-6svH6Akyw7ou58V1N9MwUXtFvtGnb8PjqCOQnYuS3sD9La6izlREBngPG9OghRGbYWnR0VD9zPB4MMoo6vWrCRJH8g80zyFfvjkpRmgoL4chh8Cu1gig5ez2zvh7bMctK5FNxs0nsiQ-uoHdKZW3i1xM5CgVh-dKRSzO4W-XfkNCNSH6Jr_mYUcqxEDy7Dlk1pZa7s2oQWRDEChP-l939qN0X3tOTsYp3RnSMAb-uBoueQlB9SpWkydF_JJ7VFmPVkrUXFXngBijk4uPWkNDK7zgagxwy1nCzAizjQXs4diwQCCWcIEVbCpmvU4qQvqgJqniOTSh-z69y9V2Sb_x2Dd8XXHSxS2Ww_27y_EQLgHEgIwC5YbHzF5C_GcEVaolS8tBYB_I_YhV6aJekPhp7-zY3p-M_7FEna_EY_g7w5wJ438_3mLvmeV7JUTb8Ew5CoN_dJZlbpto0_n9EqCtYB3HzxEliQLOG54RVLNrTGAFzgbo2uuYqyRdDSgsOBlxPFZoB-pVBHIyExcJPg4biqwSkMUFAMBYUyI15oM9ljtUyo3l8_DbJu3ZoLZRcnxSB-CmcR5E3rzz3kMsWLcJmWyHGtPpt24yZIQvLHDc1JI4hjpicatNhkFZo4aXr7DCpzprOoQ_6LVAoKijKWQyF7kE-cXLqS31mp_16NV8TP14D-lbvtFgkFPc8IN4zZFyNlxMtNhd1UQEhJYlJe42TRKnJszzRbB71g

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 06:29:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6803
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTg2NzAzMDQ5NTAxODYwMDU2MA%3D%3D

170 B
188 B

31ms
16ms

Image
image/png

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTg2NzAzMDQ5NTAxODYwMDU2MA%3D%3D

Requested by

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 06:29:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 01 Apr 2022 06:29:29 GMT
X-Proxy-Origin: 217.64.151.9; 217.64.151.9; 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 8afd6fc8-9b38-4c30-9e1c-c0ab52e84f5f
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTg2NzAzMDQ5NTAxODYwMDU2MA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/ Frame 3570 25 KB
9 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DXse-h_omFNcdkWa2V4ITxG5FFsywhACH01LHLgEffvyvwwyDtQneMOncoQNjRl4mXdeWo5pRUeirGosjy1LWxwzEORQMoNVG3TAQgyCOc4tVb6CkGqjbJUaBYwiMakFoah6wepRKwgM96fXnd2LN-2XzquQ&cry=1&dbm_d=AKAmf-AZ1ygKT6ZPAWUSIfZc61Tw4VBzIWsz7YrCn-LyEW_WaUO7p3xeK0xSN3LiFvtms9Y5rsJvUj8LqIZIXOSMHkdWxEO0dT9ky1qkkY4azeYLsZdpuEHJZgxhdY9AOdUSoFuTcdT3ZQ1BFrSTyS_qGL0w4pLamDvoptcg72gh2EWTXZFM4ft7vj8bVvu1jIawUxSrzigZi9UvWILAUDd4c7qIOMX8UaOJQuEupM1GG22KCGa2gDWUyW09PI1BslG_Lctc77NxbOewZeVb5bSGrQPDyNgMjGRh_tRjtYuccF4OU8zRsnGzXwEVBBEUqEGeUwaoILOLy4-IEcgCr_Xc0sWZhQ0Ufk3sSu55ujEW9U_VwijVmNxmtZsw8hBxbhfxrNjHo_VwTA2bqO9UF_L6mSX7ZsVm1K1xcHeTQA0EAsc4OJxwRXdqkNLJaAknbQQfpnnDaGmejB7UqaLqqbKL_iuwmFGhbNCIdqfBmQBtWliKVTb0QLFH-7vm8BFGF_VFs2G86WkiU_wR2KTKo3LNUT9IeNoVo4SLdBoGD9r1DFQSrhr4dGMJ6q1fMo6haOPiRJzBq7vXsGviaxZzyVE5WX3obkfQf6E0V1O2KhmxgdzDu5k7VJy4OOx_Araj1krdN6OuXYmZ2M0wjX7nkiogcedd_3Q_KdEBAzddoxSOYGJ5qDQHx_S-F1PqofqzWXw_g0wZVAuP0_C5QYTgJxOaXINKGIgFWncw2LK8lVjiWjIycKe82w1_GaXRLXlDTzvDwOD2xSBrOc07fGMnalJWZUPKdQSdmoGxMzE6wloTCQC4oAfMFVbJzaH7tYjVNjMAUgIjFJjVuOK42HwOA6NOhu9tMVF4m5AHqSJzvOE1VHyX_3o3Xqk3m4vxaobJypbhNMpTvyGDTAw9GrTSB-VK7uZUH6Zc76End_GO99RUgRj4kdZsIk7F1O-s3Rg7LIS90QrYEa8ulvPbW2rrC0UHbqrJRfW8LVdgqM2umc2ye-GDWK6e__fPuonvqP1b9ioVjj9XJWnfBjLZpEkiOE_0PGm8LO-822HwyL4oi6c2t2i4cduVvNp6O815bWW5JyK8M_BZBB5H6zdp07Nw_4NPRmQL87H5eLi8ob88QzvQXuwuqJIEtJ7JgV9tQDR7BxijkxukwiJPsorQlvoFTDKWjmeiHerb3Gr1987IdCVpe5n0soNTjmOmEFqTCvg3kpcJtnvoiluD-8SkvWUVsy2TTwnDtlsnUhohG0YLM13pk-LZ0asKCxqvjiFoViPCdRkPYIJQIEoeWrq45v768yL9GQx74qStWqrx0n_GbIXLIFUK6P4c7Z-CasR7ZXacECGZAhxGThNll_Nk3wzXJWC3WVh9Sc0JySvc-uJrWdjRrPQEqBDH3RNHmwERo0Vcud2VmelaXsmB4FEmPGkOhyvdXAWImu_kOK6hcZKT5TAu6FaO2YB92-11wcRjpVNSK5agn2eteP19XfroD379tnZCIhP7YKWkc6p02fLzRbcZ9EBTw0itP102enTv4n6rkWMtuAqb19hMJGJCJC31nsFk-FYQ3UM6-bQaaqTnGVH93got9X_vKqOetv32iYVtYBJp7AaDLvjQYSKCzIzSQbn1MgqM56pDfHxEMB5EeMW-hspmOuMhzcTfeLjRYDm0O8dr3e4adN-u6_ODtdSFxT5lFeDU7KDXgO5Cw5kcU5ZdLYk4dU24z3niwkUl7TmFfuR3q_HKrudCkzGCeewCF7pwEyP1oemS6sgEQj9qXoH37Reo5A77rLpa-oeL4HC50gtyCp8ElcJ6qGfJSl0Rdn_QCy2AWMzxgzZdPoaugZFyvmOvcBhtyHcpHcLyKRRSNyLyM4my9DFFehbmx2RncR8VIpRvcPadkQKRqWzAIei9kX5ttTCt4EfWiq6VXqqezxCp3Q2qYqzhcNyQ-OKlwcgOxt9e7anxWHvjqf_dSP_EBgFNZ1ArP_iA7zRkrAPV7TPVXE9i5oZiojs4oqa3a94EnFQSpCGUSOOhrWJac_FlXrw31hka-XPxp06I-LJPgeU87qt_fE2dkutiwRhnI2lW-8H0OtdUm6Hu8LVqTmcqPxOV7qIubZco7xbxg0NeTADmQAzsZXjXQMvcQMpsWv4Qqaq8HQZ1Pyst6HxJGxq2GifT7ANMrp8f4T3pCIOF_UvIyvIDWDWFtS_pMmuZB7Q7Sxlr0cpZ3fvo2w7KSDYO8m0yTS16nMtIjEJOlvwCtgigme8UsKXojSsYhYGNIlBV8s_QMuOuGrli9RjV5i7LFzYsvL1U7f0MV-QE0MHxToB0puNMw3jS7wrwNcF7CKy7jSj2BBMrD0uCLMWLcTyvMQN4IUMLnxCtPGP7Lu61O3P7m4QqGxiq-Bb5FZc-hXg59W3HtEGl2vmgwtbT_9C_rMi6PO-9fCGXUA2WikJCxeTYwHySvW1NLbCh6zzqqVIhmd3PSLljFgMPq7chPwCTLg1TNaSZrT42aysKaOlc2CYMPn2FlRqpR4e-qP0CtZiE4qefSL7tBHn1y9xYQ0Adu_bKjOresb4WigMtXCJ2nJxm7bqvobadKO5ragfOiP0GQ7NPXI9lQmbk59U7gPIBNTFOCPJVMTOp6k8A0TGU_r9x1dA8mN_SUedohfV2xjtujsKrxQXmp4yHTqQeV1brkDNaDgeRhOETS8g_A73nw5K4vs5eU4emIjtcDYYv38ZxpOg0Yc9AFGREx1LJGikb63AF9soJsX_CBSaH3pg7vPRX_G6ESrleX0tZzcV31ysDU1azUmpvc4S7C8_K5vYypx-sTNR3ux7uS2WWMatd2wdZZOuOT1SHWEjpozh9zGtazt2MiY389oVgA6b64j84-Ok-zWKtIhbPzF9HUwXSCCBgeL9IuK-Ytif9DCcQJHDkzTBqNTT1TsJkrJIQrm9Oa3Y38FgE9N6j5dSLxQWh9BGIYTPCtLdhJBACAM0vZrc17o94BgOLh95GvdInbt3rFVt15TL0I1LpJAELKhAW6poABX4PP40wrP8CToVWN8YX5IdwEkfxJmZBDVHWjn5hSgX4PchsIhZkw-iEVZ02MYoflYAEAgRfh7BGf0-B5PmNxrvDP4_gljIWlcCN_GzT8rzmb3ufShH_cFIqrUXnSIkGF4PuNVXBgtJfNF57FU_Z65XAsEa7wl16VY77-N33kt1oVI0JbQoV8T8aoI7r2fFFVnB-kZhag_ynxwRYhWZANPIiiz9_A4C4M7UfcLNJj6qfoDfe5nRylbWiN00eTmLgyvjkmue0EiSMKMgR7vkk1sA0QCEqO8OWxR4iaKbuRkTZaZDzYs6_kh9FEiQ4Hf6cyW1ZhVuTWNNj1BqicCKEm2XeF4fI03p5YzqzWlVeFH3YfgIsRmJYlhCz9Je7VVnEqohG4dwwtXaegJ2A920ufGF_-NDMi6BDKXW0QPdt6nox8D58qjYYCdtT8GGNUvtU1DAzxJOpDM_0Su35m7LTpHTKlCpUJfsQ7Ow2Ts6-O_MhCbevQCQiXKIIR7VL4QGDEB_IzZcs29jNvvNQWPw0UdfjaP9j5PsUcSQIOw3waZrvtF9miNpZACjna0Q59e2UkkzuCytRfiolbKXgDYxwfNZv0Ivp-KYBfnu4Cl7O_P_2knF0RJI1FPFKkR19pWIvkwf1PhSw_bBojC7I2yWxevFgPbf9jneGmP91tkLd3nxeWL3NnP7oCBF8iOGjEmr8ojNjtG9OIC-ysOxOYzf3PPav3R24NnFIwYmg3NTqP_rzHANKReRYdAokuc5hfogJJy3Xq3WGA5DXK_1MbJA90yjndTE43ECGxT8umeBGF0hUi_-RxUQynI8ehhLkITMeISGGTHcXmn7XHFXmDKE9N2Ym6MfXTTKeWH0XERSQc4vqWwbNMce04r_noT6q5VqvBCZDVQQKZ5NwaR3L_81eaWHTI5PFfmPjy2kYl9iIBjd5-i0HO1nw1cPyq_YR39cnID5JfFwJmR86Lk1vB8wAjmw48QwQjN52uY8xw3no71o2d3y_jM79pqgTn64QEgUDvI9anSsFOTS_-8N8cAOi05Blv17RVIv9SdQr38GEUfXKD-S6pE1b7ByHqM1md5qQbK-CWM71hbZ9D4ZEObuTX7EVAxbWq-3m_HiLKajIbUWFvB_ewrsP6sUIUSL2rN6XDckC4yGBE_Kp3GaCUnLqr3zof9TFNxj5P8WLjVH-g_0RUSNK8HBB8rUi2a8kYvp0keIglEzkywGUU1bCdDKmdx80MFsq8Ve4djQ6sbNOvPJGSh_TYLjG-2bguzdVo0OqYnp4QOKmnAK_0G9616bVVUShGros7RPOzLld0Ckfp6FgGjsH9q3SaTBOqpP79uA6WQ4MsA5XzsJAa6i1_Nd7BMkDdy8vWMIOGI2IRzjqjXtg7HxBzcG2DfuMwnX5jR4f_HoM8vLeVQIHiCT2LXmICOEThbKmT7gxVyGwhh9rvsnSNsyCetoAVNogy7djOFPdjBxnK4xp2DkmpmD3bPmPlknC3QT-HdPmGkAiaEdt94xU00-yyOcWQ6-zj76Y61_0budwJ0o_CC4vRCczIF7Egim9gLgfp-qntid6NFMZK-PkzNF_qNLF8j7au_IpLUIyK4sJSs-8_NOhYT-i92r1uDHOnQFFynhMJw_0ApaUTALxilRHF4T3DAUmn0xF_dAaBvzuizXfFUaFDclRH0tuadRerSIONxes_BIK3q0sHzyq-z4rebP0IqXalfj4KsfVxRaUoFaLrdrTkouHSXAqRVn62RV14BvyaEXum-aYQyb1jGleF6ErKV23_nTwSfg90qlIji5hn4vvdzed25VRwrBvUOPfgpV_8ZHJJrNP4_EApn67UZrU8Aa4uhqSfRhUeAQfH3PdSz9v9QVPgE3eOatNJ3uFD7FcNMt96K8MpcHfdkxTI88cqD74MfA3_iqffHVHGKlZKG2dlmVjDUn3M5Rn7TwQFqOZcZQsv2U8bYztlWUjfEzEW60gdO7CjGic4txeQ7e6lOJQonHIX7Jqlnrgl2LeCzjF654bG65mpl985FHNdAI&cid=CAASKORo8Ui9ONjfYyHL9OUnKy9ob11diDXgTiF1VwSAhWFcQF3-a-_goqg&rfl=1%2Chttps%253A%252F%252Fnor.vivit-tours.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4a18b0faf6a447454e134730303202f8416b72f1d4f744b1d3b4646636240eb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:27:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 117
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9657
x-xss-protection: 0
server: cafe
etag: 16576748017229546422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Apr 2022 06:27:32 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 3570 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 13:41:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 146906
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Mar 2023 13:41:03 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame A4C1 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 85001
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 31 Mar 2022 06:52:48 GMT
expires: Fri, 31 Mar 2023 06:52:48 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 3570 33 KB
16 KB 75ms
24ms Script
text/javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: a1.adform.net
URL: https://a1.adform.net/adfscript/?bn=53999488;click=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CBF7XyZtGYvKMF6OZrAT42LWoCKi4z-Bo6sTlvvkPm_PHhMkvEAEgqoDDImD7gYCAlAqgAZOmj74DyAEJqQKwIkgWfZKyPqgDAaoE8AFP0PxloDABbBLpYF4AjnBRoP5M5u7lQCjH61grS-FL0WRqsJMiZamCyZDX_ZvBpvDATGQn__jNyADAX51JmPTgTQkXO7nsoLLEEYuFmliyvLpYuy0r7dar5uEl5hq1oYU1R08YY0HUHF8LC_1HdrnC9hKASborP2j3-bpHeIGqeqTJUaAHaYrnH0NmqhF1Bv8WtSVklQUHDo0m5GsbfUlj467RyGURm74S5ge3uMpdHUijAEAw_L9IxjYgPPSvUgWwyRMK8yaFUt1VIFdglmwqPlFhHAVYjyWN26GKxbaT4f1fRAYtAvaZSpBpXHlbVv_ABJ2N1IfzA-AEA5AGAaAGTYAH1dnwQagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tMzY0MTIwMzE4ODU2ODI4OIAKA5gLAcgLAYAMAbATorbfDtgTDdgUAdAVAfgWAYAXAQ&ae=1&num=1&cid=CAASKORo8Ui9ONjfYyHL9OUnKy9ob11diDXgTiF1VwSAhWFcQF3-a-_goqg&sig=AOD64_3B1beX_sPfKJdQYvTb9S3q1qRC7g&client=ca-pub-5512390705137507&dbm_c=AKAmf-DX3c8b5Yy8rO8UDeld1rDC5qvEg9jlJg47xmz03TPKFmRu-hCk1nPB1x9ghUIUeCuJtqiiw4F5qBOI3s_12Aof2au7golTl-krMKx2U6AQpf8DNRIphqxNp4YhFWCSMmEv6do8qu5qLDbtU3jOi2fwwKlBqQ&cry=1&dbm_d=AKAmf-C6CzIWdH3vD0R8ecaVhRxJUrMoU09ZsfcSzjXZS0Ts5agB8HcajNe6T-MecBk2CRLHpmbBlvlFE5qXXhUzlqmg2aL4i_F_u5sYx6P_2eJc_poYdmk2tHM5D8tLJeZhylugphZ1bpgphZnjjSELi8hsn0CnYLcYlBwkQ5QKaa-aPuxOk9zbd7nC6CbvJ04QwHfb-SSD6ieaidVfrqoXiGOA6DnDeaITpxftSWIHsF8SblfpTbGDmS4jrfY_33wICs_8NcLVQjXP4aKJmwDaRfHbMr2Bh_KUpvj3ei2Rh0bHGZJ4KTPPEIRk4DDFrSMAr_kmXH_kFLhlcCJO5yBdhJL40xbKX3BPyILNXy9-1acBHsXfHANgt0_8TK1fdvTX8cx_hMsYO3-AYRE8aSADocDZ_RdOiWYkydxzLRVKeQVvkaje2K2tRxEeeZuqZBz1KHa_TH7ZPILg_9enQXODKCn94eafmQ&adurl=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 3d0bf782b47dcd079eedf6bb34ecb0742c114a4e4b90e37a58a412482101b475

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:29 GMT
content-encoding: gzip
last-modified: Thu, 10 Feb 2022 15:16:56 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Sat, 02 Apr 2022 10:02:24 GMT

GET
H3 200 FyXTnIqgf3MR1shnyKQtc5k9nN1KItMFAbgv4xYT2II.js Show response
pagead2.googlesyndication.com/bg/ Frame A4C1 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/FyXTnIqgf3MR1shnyKQtc5k9nN1KItMFAbgv4xYT2II.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1725d39c8aa07f7311d6c867c8a42d73993d9cdd4a22d30501b82fe31613d882

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 22:49:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27581
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13680
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 31 Mar 2023 22:49:48 GMT

GET
H2 200 / Show response
a1.adform.net/adfserve/ Frame 3570 8 KB
4 KB 19ms
19ms Script
text/javascript 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://a1.adform.net/adfserve/?CC=1&bn=53999488;click=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CBF7XyZtGYvKMF6OZrAT42LWoCKi4z-Bo6sTlvvkPm_PHhMkvEAEgqoDDImD7gYCAlAqgAZOmj74DyAEJqQKwIkgWfZKyPqgDAaoE8AFP0PxloDABbBLpYF4AjnBRoP5M5u7lQCjH61grS-FL0WRqsJMiZamCyZDX_ZvBpvDATGQn__jNyADAX51JmPTgTQkXO7nsoLLEEYuFmliyvLpYuy0r7dar5uEl5hq1oYU1R08YY0HUHF8LC_1HdrnC9hKASborP2j3-bpHeIGqeqTJUaAHaYrnH0NmqhF1Bv8WtSVklQUHDo0m5GsbfUlj467RyGURm74S5ge3uMpdHUijAEAw_L9IxjYgPPSvUgWwyRMK8yaFUt1VIFdglmwqPlFhHAVYjyWN26GKxbaT4f1fRAYtAvaZSpBpXHlbVv_ABJ2N1IfzA-AEA5AGAaAGTYAH1dnwQagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tMzY0MTIwMzE4ODU2ODI4OIAKA5gLAcgLAYAMAbATorbfDtgTDdgUAdAVAfgWAYAXAQ&ae=1&num=1&cid=CAASKORo8Ui9ONjfYyHL9OUnKy9ob11diDXgTiF1VwSAhWFcQF3-a-_goqg&sig=AOD64_3B1beX_sPfKJdQYvTb9S3q1qRC7g&client=ca-pub-5512390705137507&dbm_c=AKAmf-DX3c8b5Yy8rO8UDeld1rDC5qvEg9jlJg47xmz03TPKFmRu-hCk1nPB1x9ghUIUeCuJtqiiw4F5qBOI3s_12Aof2au7golTl-krMKx2U6AQpf8DNRIphqxNp4YhFWCSMmEv6do8qu5qLDbtU3jOi2fwwKlBqQ&cry=1&dbm_d=AKAmf-C6CzIWdH3vD0R8ecaVhRxJUrMoU09ZsfcSzjXZS0Ts5agB8HcajNe6T-MecBk2CRLHpmbBlvlFE5qXXhUzlqmg2aL4i_F_u5sYx6P_2eJc_poYdmk2tHM5D8tLJeZhylugphZ1bpgphZnjjSELi8hsn0CnYLcYlBwkQ5QKaa-aPuxOk9zbd7nC6CbvJ04QwHfb-SSD6ieaidVfrqoXiGOA6DnDeaITpxftSWIHsF8SblfpTbGDmS4jrfY_33wICs_8NcLVQjXP4aKJmwDaRfHbMr2Bh_KUpvj3ei2Rh0bHGZJ4KTPPEIRk4DDFrSMAr_kmXH_kFLhlcCJO5yBdhJL40xbKX3BPyILNXy9-1acBHsXfHANgt0_8TK1fdvTX8cx_hMsYO3-AYRE8aSADocDZ_RdOiWYkydxzLRVKeQVvkaje2K2tRxEeeZuqZBz1KHa_TH7ZPILg_9enQXODKCn94eafmQ&adurl=;js=1;adfxid=1x;2643;set=en-US|en-US|1600X1200|0|750|100|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;fd=0|0&CREFURL=https%3A%2F%2Fnor.vivit-tours.com

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

12c5152458ab4931e6687eae234390977300066e5dde02abc74824dca57f83de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 06:29:29 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 3833
expires: -1

GET
H/1.1 200
OK 1x1.b
mm.melia.com/dynview/melia-com/ Frame 3570 111 B
1 KB 145ms
21ms Image
image/png 109.232.197.33
EULERIAN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mm.melia.com/dynview/melia-com/1x1.b?ead-publisher=mhi_dbm&ead-name=3_EMEA_PT_C_OthersEMEA_p-mhi_dbm&ead-location=display_Prospecting_OthersEMEA-728x90_en&ead-creative=OthersEMEA-mhi_dbm-c_presummer-728x90_en&ead-creativetype=728x90_en&eseg-name=campaign&eseg-item=presummer&ead-mediaplan=OthersEMEA-Prospecting&ea-rnd=35&adfrmid=3652418812305908119

Requested by

Host: d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com
URL: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

109.232.197.33 , France, ASN50234 (EULERIAN-AS, FR),

Reverse DNS

ml.eulerian.net

Software

EWS /

Resource Hash

0609b70c35eab974a2c2d99d6da5d84d95b97f9fe3d28828710d04835153cb20

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Date: Fri, 01 Apr 2022 06:29:30 GMT
X-Content-Type-Options: nosniff
Server: EWS
Strict-Transport-Security: max-age=604800
Content-Type: image/png
Cache-Control: max-age=0, private
Connection: Close
Accept-Ranges: none
X-Robots-Tag: noindex
Content-Length: 111
X-XSS-Protection: 0

GET
DATA 200
OK truncated
/ Frame 3570 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6c268e5e323869dfca81463df191ec0873aeba26740ceb499c9ff5eca34b7524

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A4C1 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BPppsyZtGYvDsMc-IrAS1x4zICAAAAAA4AeAEAg&bg=!MDOlM3fNAAZku-1yRLs7ACkAdvg8WghXNMLJtlg__1F7N6NuyeiVtNaOamryJMiO_6dnXGhUPCEUygIAAABNUgAAAAJoAQeZAzm0CNzdQ9wJhF8PXHwh18cXTySwgKlPM6-0eK1415NhDEC4d4VzRtWejhJgX6kBzMQXu7xYt7v0XcOxAxzhTe1jCDbY08rO3DLGnX4EOo2nPoqWahdixRdGZflt4oID-qUB0MEoWeNUG-GoystHqPxLoN3lJ8B1WWiLw2JwuKagVECjWjmyk8sqvy7kHxu_vYcsDxEqc2VltIERJXMx_GGjPpRJsi2MHpaE_tkuRTeTMTe2Bj5edSCHg5ta2RCSqcnrU6h0QjsVZ8eiA-s1GCK-eyLDHhJVYQyFD1LqPCSbNjpAoYbo6MIpTraaHLLhNRX2LetwBJ9oIaMGH5c0lv_pusBS6Xmq6KVFlstzSM0bwLinEhClHu3VBVihfMcDYmtPyx09mdoUugYywVSKMNhSEd7VNv_zb-rSq9FZUci4ZSpIhEYaCnl0-5hudNzHiAoyvRjWRW-DkQ7dU-ZCJaXWD4M_odz3ci_S4kHXoUjfFbAotlIgMMytT6-bkpLm5guTyUMdvGuEZUsZNpcki96vCy3prTD4VGFb3WqxT_IUa8TpIb6rOC_HElomY6u7JRQMH5BNyTAPVI3ix9umR7nvzaWCt21_g20dtoH4qsCP8OsA90NjtFPeeAqC0Z3pVxIftPjvUa6XI-mn0QFj536SyQlTTbPUeICRzbV7IlTPXunPyN_gdS9YhuVtWuvZPgID3R7QvIVCgwbv-Z0WgU2-EalW8BZtt964Xtv6O-JQmy9SlXvaZ176udeGA6rABbjJvixtj6oid9CWYEGpzVl95yAwZszcBHEVrimxbyhkOiJRpMqfiAEvdzanvR_GXIdlrqgoKOqnWGuOss4jGcjkPh4kvkcuf7pA_6s8XeciAajNz-xiGQCQC-fmHXF8A8tILG-6bOSrHW1XCBDlfc42REbZAnzsvSZr9-sot5Qxvq-u_C3tKdMhxGXpD6eOYOO3cMgiX0p_-04NorIAaqqhaXk61mtn9y358YVvmlUulWXoX5pUrR77fC4Z4NA-oVs-huseQno0mV8I6t_h1GqhbvYfHXNDHWtr7mLU0NtyaMT3oRsiSfTX2uPobWLQLq6BaXJ8R3Ntlk0

Requested by

Host: d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com
URL: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 06:29:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/ Frame 3570 90 KB
39 KB 28ms
28ms Script
text/javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: f7e06ae449bdd4ebece6e26cdb36840f7cb19f28b57bbb6b8647a54535557d3f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:30 GMT
content-encoding: gzip
last-modified: Thu, 10 Feb 2022 15:16:56 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Sat, 02 Apr 2022 10:02:55 GMT

POST
H2 200 /
a1.adform.net/csimpr/ Frame 3570 35 B
503 B 18ms
18ms Ping
image/gif 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://a1.adform.net/csimpr/?bn=53999488&csi=2zxUzeKuTNgFZaGMnwe70aQxa2k9TiKc7f0WXCMpKTHrygPkIxxfk1zjaXoPwzkPzcqYCNim9SNf6hBBvvarat6vWmW1dlSa0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 06:29:30 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 11023675.js Show response
s1.adform.net/Banners/Elements/Files/63577/11023675/ Frame 6345 2 KB
1 KB 18ms
17ms Script
application/x-javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://s1.adform.net/Banners/Elements/Files/63577/11023675/11023675.js?ADFassetID=11023675&bv=257

Requested by

Host: nor.vivit-tours.com
URL: https://nor.vivit-tours.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e5ecf5aa4cff16eb0c86fefbe8ad991f9c12d4389f80ba05b395a181662c7bcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:30 GMT
content-encoding: gzip
last-modified: Thu, 17 Mar 2022 11:35:17 GMT
server: nginx
etag: W/"62331cf5-7b0"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2

200

Adform.DHTML.js Show response
s1.adform.net/banners/scripts/rmb/ Frame 6345
Redirect Chain

https://track.adform.net/banners/scripts/rmb/Adform.DHTML.js
https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js

30 KB
13 KB

19ms
19ms

Script
application/x-javascript

37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js
Requested by: Host: d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com
URL: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Server: 37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:30 GMT
content-encoding: gzip
last-modified: Fri, 14 May 2021 12:35:29 GMT
server: nginx
etag: W/"609e6e91-76d9"
x-cache-status: HIT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

Redirect headers

location: https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js
date: Fri, 01 Apr 2022 06:29:30 GMT
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/html

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022032106&jk=2742049786096701&bg=!tLelt_PNAAZku-1yRLs7ACkAdvg8WhpdmC87JHaenMSmlzBC6SsEuXPlBjgIoalzLcVJWPdmRejpJQIAAABNUgAAAANoAQeZAtUjQkBtHgeniwa-NZjeURo-OYsapONVzuSlQhRAW9P9ksk5BTr5bK0zYRBmWqBMFgg2CebrijFk26TAGO8Qb_FKFY9XAmFYJvNLfsb7brBcrHwxjBY3WH2B1UoE2Hugx9y2cCc6KsuB4fpONgqE0sqMHz_SRsOva3Nr5ZVM38-uH8Cx5xfl2YzZLYn_0Xhh3sri2tQ72G_47xcHNIe-PrWx4naJHwsIxM9bSUR4utoPGYE5FvDHDUnWa2qNclBJS4LLXgQBeptvLi4ofWHgvw01hd2_FXXZg8e6Z0s3Xg-Jb_FANQTcBC9vDwCJy50Bnm-yMeCd3MUz6jdriPJbrNJ60x8w9pEjh5WnZ_QGkNRNfZfuTA35KKF7AsL2Y4ubp__eZ5VNy3dZ3JwEDDEeryi5AegiABVoaATOeDOFlFLAE9Fcw--oGwNZb-Ej6MXAybn10wEwXNteDR5rDIsCGxvRowhVoX3MvKMVTvOEaCHYFxuv8vDNbVt85VrJAn2NbV1jkh_n5PL1sgXcoL7eP9t30qMhJOGAjNNWxY1A2lP9IegYjD536KMctrc8TfGsMukRjbRA3urj3YXc_Zd-nQWvSSVZVF_0JFHxFdR_dZndrqWnGr0BDl9TToYgNPK3D7jKz_5mNH8I946nLuudLaMgI1weh2Kj3TNJkJnDK_IGiIcM0TFUfKvKbD_z3F2o_73G7OXVfhvBC6qi-OIMtEK_SqjoQPWqQIsQkYWOVIFymzFbbwJ97LqSzHtevWOpPECp-OTHDqZqYnTYaklYxzxcm41x4g6COlDOL8HmyYQy1L-4CWj6E_GR5ggMk0_zav9G6NLIHyIXIATJfFSHCtzdrKUzqL7C8ELmRHIX5AUKzRkLbJTNjPPawisfI_lKBcfkzXZ1tUVBa0KeUHgBYyiBuxpgfKLfTlVxW3zYzv5I-QTl-LssDx2HAl6e7v72JBCOnhZM7Q

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 06:29:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 623044418c32679bc3732cfd Show response
c.bannerflow.net/a/ Frame 6345 89 KB
31 KB 79ms
44ms Script
application/javascript 2606:4700::6810:c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/a/623044418c32679bc3732cfd?did=5ced02fe0fd60d000186f5ac&redirecturl=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCBF7XyZtGYvKMF6OZrAT42LWoCKi4z-Bo6sTlvvkPm_PHhMkvEAEgqoDDImD7gYCAlAqgAZOmj74DyAEJqQKwIkgWfZKyPqgDAaoE8AFP0PxloDABbBLpYF4AjnBRoP5M5u7lQCjH61grS-FL0WRqsJMiZamCyZDX_ZvBpvDATGQn__jNyADAX51JmPTgTQkXO7nsoLLEEYuFmliyvLpYuy0r7dar5uEl5hq1oYU1R08YY0HUHF8LC_1HdrnC9hKASborP2j3-bpHeIGqeqTJUaAHaYrnH0NmqhF1Bv8WtSVklQUHDo0m5GsbfUlj467RyGURm74S5ge3uMpdHUijAEAw_L9IxjYgPPSvUgWwyRMK8yaFUt1VIFdglmwqPlFhHAVYjyWN26GKxbaT4f1fRAYtAvaZSpBpXHlbVv_ABJ2N1IfzA-AEA5AGAaAGTYAH1dnwQagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tMzY0MTIwMzE4ODU2ODI4OIAKA5gLAcgLAYAMAbATorbfDtgTDdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASKORo8Ui9ONjfYyHL9OUnKy9ob11diDXgTiF1VwSAhWFcQF3-a-_goqg%26sig%3DAOD64_3B1beX_sPfKJdQYvTb9S3q1qRC7g%26client%3Dca-pub-5512390705137507%26dbm_c%3DAKAmf-DX3c8b5Yy8rO8UDeld1rDC5qvEg9jlJg47xmz03TPKFmRu-hCk1nPB1x9ghUIUeCuJtqiiw4F5qBOI3s_12Aof2au7golTl-krMKx2U6AQpf8DNRIphqxNp4YhFWCSMmEv6do8qu5qLDbtU3jOi2fwwKlBqQ%26cry%3D1%26dbm_d%3DAKAmf-C6CzIWdH3vD0R8ecaVhRxJUrMoU09ZsfcSzjXZS0Ts5agB8HcajNe6T-MecBk2CRLHpmbBlvlFE5qXXhUzlqmg2aL4i_F_u5sYx6P_2eJc_poYdmk2tHM5D8tLJeZhylugphZ1bpgphZnjjSELi8hsn0CnYLcYlBwkQ5QKaa-aPuxOk9zbd7nC6CbvJ04QwHfb-SSD6ieaidVfrqoXiGOA6DnDeaITpxftSWIHsF8SblfpTbGDmS4jrfY_33wICs_8NcLVQjXP4aKJmwDaRfHbMr2Bh_KUpvj3ei2Rh0bHGZJ4KTPPEIRk4DDFrSMAr_kmXH_kFLhlcCJO5yBdhJL40xbKX3BPyILNXy9-1acBHsXfHANgt0_8TK1fdvTX8cx_hMsYO3-AYRE8aSADocDZ_RdOiWYkydxzLRVKeQVvkaje2K2tRxEeeZuqZBz1KHa_TH7ZPILg_9enQXODKCn94eafmQ%26adurl%3Dhttps%3A%2F%2Fa1.adform.net%2FC%2F%3Fbn%3D53999488%3Badfibeg%3D0%3Bcdata%3D4YT_bZKDXkTlvwfpzX36Bx7qDG_K8-XackZIfzXNib7ejaRpv4sDLy7hl8Jk7uqhhyoo4DBjAFpBHkwasZwuO688KtKy_n8vcstvXTPCJCpO-GBM7zzfVOuadMI-v8nHFoF0As75CiSZIXUfPIB1NxTpEtI_iNeiw3iI60gHGBc1%3B%3BCREFURL%3Dhttps%253a%252f%252fnor.vivit-tours.com%3BC%3D1&domain=https%3a%2f%2fd1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com%2f&targetwindow=_blank
Requested by: Host: d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com
URL: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e66efb22ccd5399e270c6bbd831fc61b551061ddcaa379f411c0ab0af98e5480

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:30 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: application/javascript
cf-ray: 6f4f455098bb01f8-ZRH
link: <https://c.bannerflow.net/accounts/melia-hotels-international/59c9120b31ae8f128419d688/published/1920993/2205057/preload.jpg>; rel=preload; as=image
request-context: appId=cid-v1:8ccc0d93-c9cf-4965-a9de-1823f9df557e

GET
H2 200 preload.jpg
c.bannerflow.net/accounts/melia-hotels-international/59c9120b31ae8f128419d688/published/1920993/2205057/ Frame 6345 11 KB
11 KB 19ms
18ms Image
image/jpeg 2606:4700::6810:c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bannerflow.net/accounts/melia-hotels-international/59c9120b31ae8f128419d688/published/1920993/2205057/preload.jpg
Requested by: Host: d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com
URL: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b4c7aa239aa654a54beaf577b44bda39069e9bcaab3d9b42954a9129cc3b8e6b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 01 Apr 2022 06:29:30 GMT
cf-cache-status: HIT
age: 740824
content-length: 11345
x-ms-lease-status: unlocked
last-modified: Tue, 15 Mar 2022 07:48:03 GMT
server: cloudflare
etag: 0x8DA065822DE6075
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
x-ms-request-id: e96ed14e-701e-0057-49d4-3e4315000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public,max-age=31536000,immutable
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6f4f4550e96101f8-ZRH
cf-bgj: h2pri

GET
H2 200 document.b96189959c.js Show response
c.bannerflow.net/accounts/melia-hotels-international/59c9120b31ae8f128419d688/published/1920993/2205057/ Frame 6345 20 KB
4 KB 26ms
25ms Script
application/javascript 2606:4700::6810:c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/accounts/melia-hotels-international/59c9120b31ae8f128419d688/published/1920993/2205057/document.b96189959c.js
Requested by: Host: c.bannerflow.net
URL: https://c.bannerflow.net/a/623044418c32679bc3732cfd?did=5ced02fe0fd60d000186f5ac&redirecturl=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCBF7XyZtGYvKMF6OZrAT42LWoCKi4z-Bo6sTlvvkPm_PHhMkvEAEgqoDDImD7gYCAlAqgAZOmj74DyAEJqQKwIkgWfZKyPqgDAaoE8AFP0PxloDABbBLpYF4AjnBRoP5M5u7lQCjH61grS-FL0WRqsJMiZamCyZDX_ZvBpvDATGQn__jNyADAX51JmPTgTQkXO7nsoLLEEYuFmliyvLpYuy0r7dar5uEl5hq1oYU1R08YY0HUHF8LC_1HdrnC9hKASborP2j3-bpHeIGqeqTJUaAHaYrnH0NmqhF1Bv8WtSVklQUHDo0m5GsbfUlj467RyGURm74S5ge3uMpdHUijAEAw_L9IxjYgPPSvUgWwyRMK8yaFUt1VIFdglmwqPlFhHAVYjyWN26GKxbaT4f1fRAYtAvaZSpBpXHlbVv_ABJ2N1IfzA-AEA5AGAaAGTYAH1dnwQagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tMzY0MTIwMzE4ODU2ODI4OIAKA5gLAcgLAYAMAbATorbfDtgTDdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASKORo8Ui9ONjfYyHL9OUnKy9ob11diDXgTiF1VwSAhWFcQF3-a-_goqg%26sig%3DAOD64_3B1beX_sPfKJdQYvTb9S3q1qRC7g%26client%3Dca-pub-5512390705137507%26dbm_c%3DAKAmf-DX3c8b5Yy8rO8UDeld1rDC5qvEg9jlJg47xmz03TPKFmRu-hCk1nPB1x9ghUIUeCuJtqiiw4F5qBOI3s_12Aof2au7golTl-krMKx2U6AQpf8DNRIphqxNp4YhFWCSMmEv6do8qu5qLDbtU3jOi2fwwKlBqQ%26cry%3D1%26dbm_d%3DAKAmf-C6CzIWdH3vD0R8ecaVhRxJUrMoU09ZsfcSzjXZS0Ts5agB8HcajNe6T-MecBk2CRLHpmbBlvlFE5qXXhUzlqmg2aL4i_F_u5sYx6P_2eJc_poYdmk2tHM5D8tLJeZhylugphZ1bpgphZnjjSELi8hsn0CnYLcYlBwkQ5QKaa-aPuxOk9zbd7nC6CbvJ04QwHfb-SSD6ieaidVfrqoXiGOA6DnDeaITpxftSWIHsF8SblfpTbGDmS4jrfY_33wICs_8NcLVQjXP4aKJmwDaRfHbMr2Bh_KUpvj3ei2Rh0bHGZJ4KTPPEIRk4DDFrSMAr_kmXH_kFLhlcCJO5yBdhJL40xbKX3BPyILNXy9-1acBHsXfHANgt0_8TK1fdvTX8cx_hMsYO3-AYRE8aSADocDZ_RdOiWYkydxzLRVKeQVvkaje2K2tRxEeeZuqZBz1KHa_TH7ZPILg_9enQXODKCn94eafmQ%26adurl%3Dhttps%3A%2F%2Fa1.adform.net%2FC%2F%3Fbn%3D53999488%3Badfibeg%3D0%3Bcdata%3D4YT_bZKDXkTlvwfpzX36Bx7qDG_K8-XackZIfzXNib7ejaRpv4sDLy7hl8Jk7uqhhyoo4DBjAFpBHkwasZwuO688KtKy_n8vcstvXTPCJCpO-GBM7zzfVOuadMI-v8nHFoF0As75CiSZIXUfPIB1NxTpEtI_iNeiw3iI60gHGBc1%3B%3BCREFURL%3Dhttps%253a%252f%252fnor.vivit-tours.com%3BC%3D1&domain=https%3a%2f%2fd1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com%2f&targetwindow=_blank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e716e73d868fdea1f2ab08e88eb857d618bc37e665c69475ad719a3432bd2e12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 01 Apr 2022 06:29:30 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: uWGJlZzCzJUO1JUvgN76JA==
age: 740823
cf-polished: origSize=23000
x-ms-lease-status: unlocked
last-modified: Tue, 15 Mar 2022 07:48:12 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: d2ea4596-401e-0097-4cd4-3ebb2b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public,max-age=31536000,immutable
x-ms-version: 2009-09-19
cf-ray: 6f4f4550f96f01f8-ZRH
cf-bgj: minify

GET
H2 200 animated-creative.113bb23e864a7f983e9d.js Show response
c.bannerflow.net/scripts/ Frame 6345 142 KB
48 KB 26ms
26ms Script
application/javascript 2606:4700::6810:c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/scripts/animated-creative.113bb23e864a7f983e9d.js
Requested by: Host: c.bannerflow.net
URL: https://c.bannerflow.net/a/623044418c32679bc3732cfd?did=5ced02fe0fd60d000186f5ac&redirecturl=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCBF7XyZtGYvKMF6OZrAT42LWoCKi4z-Bo6sTlvvkPm_PHhMkvEAEgqoDDImD7gYCAlAqgAZOmj74DyAEJqQKwIkgWfZKyPqgDAaoE8AFP0PxloDABbBLpYF4AjnBRoP5M5u7lQCjH61grS-FL0WRqsJMiZamCyZDX_ZvBpvDATGQn__jNyADAX51JmPTgTQkXO7nsoLLEEYuFmliyvLpYuy0r7dar5uEl5hq1oYU1R08YY0HUHF8LC_1HdrnC9hKASborP2j3-bpHeIGqeqTJUaAHaYrnH0NmqhF1Bv8WtSVklQUHDo0m5GsbfUlj467RyGURm74S5ge3uMpdHUijAEAw_L9IxjYgPPSvUgWwyRMK8yaFUt1VIFdglmwqPlFhHAVYjyWN26GKxbaT4f1fRAYtAvaZSpBpXHlbVv_ABJ2N1IfzA-AEA5AGAaAGTYAH1dnwQagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tMzY0MTIwMzE4ODU2ODI4OIAKA5gLAcgLAYAMAbATorbfDtgTDdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASKORo8Ui9ONjfYyHL9OUnKy9ob11diDXgTiF1VwSAhWFcQF3-a-_goqg%26sig%3DAOD64_3B1beX_sPfKJdQYvTb9S3q1qRC7g%26client%3Dca-pub-5512390705137507%26dbm_c%3DAKAmf-DX3c8b5Yy8rO8UDeld1rDC5qvEg9jlJg47xmz03TPKFmRu-hCk1nPB1x9ghUIUeCuJtqiiw4F5qBOI3s_12Aof2au7golTl-krMKx2U6AQpf8DNRIphqxNp4YhFWCSMmEv6do8qu5qLDbtU3jOi2fwwKlBqQ%26cry%3D1%26dbm_d%3DAKAmf-C6CzIWdH3vD0R8ecaVhRxJUrMoU09ZsfcSzjXZS0Ts5agB8HcajNe6T-MecBk2CRLHpmbBlvlFE5qXXhUzlqmg2aL4i_F_u5sYx6P_2eJc_poYdmk2tHM5D8tLJeZhylugphZ1bpgphZnjjSELi8hsn0CnYLcYlBwkQ5QKaa-aPuxOk9zbd7nC6CbvJ04QwHfb-SSD6ieaidVfrqoXiGOA6DnDeaITpxftSWIHsF8SblfpTbGDmS4jrfY_33wICs_8NcLVQjXP4aKJmwDaRfHbMr2Bh_KUpvj3ei2Rh0bHGZJ4KTPPEIRk4DDFrSMAr_kmXH_kFLhlcCJO5yBdhJL40xbKX3BPyILNXy9-1acBHsXfHANgt0_8TK1fdvTX8cx_hMsYO3-AYRE8aSADocDZ_RdOiWYkydxzLRVKeQVvkaje2K2tRxEeeZuqZBz1KHa_TH7ZPILg_9enQXODKCn94eafmQ%26adurl%3Dhttps%3A%2F%2Fa1.adform.net%2FC%2F%3Fbn%3D53999488%3Badfibeg%3D0%3Bcdata%3D4YT_bZKDXkTlvwfpzX36Bx7qDG_K8-XackZIfzXNib7ejaRpv4sDLy7hl8Jk7uqhhyoo4DBjAFpBHkwasZwuO688KtKy_n8vcstvXTPCJCpO-GBM7zzfVOuadMI-v8nHFoF0As75CiSZIXUfPIB1NxTpEtI_iNeiw3iI60gHGBc1%3B%3BCREFURL%3Dhttps%253a%252f%252fnor.vivit-tours.com%3BC%3D1&domain=https%3a%2f%2fd1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com%2f&targetwindow=_blank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d545b0de5199928169a9eb70e4ea94a856936a826b1bc868619a7ff0a2f85bc6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 01 Apr 2022 06:29:30 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: n7+0gUkvpEd8QT4r3GPRkg==
age: 1869583
cf-polished: origSize=145314
x-ms-lease-status: unlocked
last-modified: Mon, 07 Mar 2022 14:49:31 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 4eab124d-901e-002d-1390-345e55000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public,max-age=31536000,immutable
x-ms-version: 2009-09-19
cf-ray: 6f4f4550f97001f8-ZRH
cf-bgj: minify

GET
DATA 200
OK truncated
/ Frame 6345 66 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/webp

GET
BLOB 200
OK 39c3d332-5725-4792-a081-eb7ba0660602 Show response
https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/ Frame 71F0 668 B
0 Script
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/39c3d332-5725-4792-a081-eb7ba0660602
Requested by: Host: c.bannerflow.net
URL: https://c.bannerflow.net/scripts/animated-creative.113bb23e864a7f983e9d.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cda3c421b62828768ee2741a35bef36bcfdb1199ee3eb987269f7d1ce2dd8876

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Length: 668

GET
H2 200 font
c.bannerflow.net/fs/api/v2/ Frame 6345 25 KB
26 KB 44ms
18ms Font
font/woff 2606:4700::6810:c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/fs/api/v2/font?u=https%3A%2F%2Ffontmanagerstorage.blob.core.windows.net%2Ffontmanagerfonts%2F59c910d931ae9c0318638256%2F58439817-62c3-4146-b079-bf26ee5c4e96.woff&t=%20Eadefhjmnorstuy
Requested by: Host: d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com
URL: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 08e479b1a9d9aa5e2f0f5ce54269aca78666ae8d3901b0231b0def941c67c592

Request headers

Referer: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/
Origin: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:30 GMT
cf-cache-status: HIT
last-modified: Wed, 23 Mar 2022 16:41:31 GMT
server: cloudflare
age: 740879
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=31536000, stale-if-error=86400, stale-while-revalidate=86400
content-disposition: attachment; filename=58439817-62c3-4146-b079-bf26ee5c4e96-subset.woff
cf-ray: 6f4f45523e2a01df-ZRH
expires: Thu, 23 Mar 2023 16:41:31 GMT

GET
H2 200 font
c.bannerflow.net/fs/api/v2/ Frame 6345 18 KB
18 KB 19ms
19ms Font
font/woff 2606:4700::6810:c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/fs/api/v2/font?u=https%3A%2F%2Ffontmanagerstorage.blob.core.windows.net%2Ffontmanagerfonts%2F59c910d931ae9c0318638256%2F63565b7a-3d57-473d-8aa5-528f9c57fb18.woff&t=%20%21ABCEHKLNOSTUWfopt
Requested by: Host: d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com
URL: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5e3d6c85e0b836bfb59397aed7ddcd9f94f4825ca6cbb70b5f1995dceb917518

Request headers

Referer: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/
Origin: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:30 GMT
cf-cache-status: HIT
last-modified: Wed, 23 Mar 2022 16:41:31 GMT
server: cloudflare
age: 740879
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=31536000, stale-if-error=86400, stale-while-revalidate=86400
content-disposition: attachment; filename=63565b7a-3d57-473d-8aa5-528f9c57fb18-subset.woff
cf-ray: 6f4f45527e7901df-ZRH
expires: Thu, 23 Mar 2023 16:41:31 GMT

GET
H2 200 font
c.bannerflow.net/fs/api/v2/ Frame 6345 18 KB
19 KB 16ms
16ms Font
font/woff 2606:4700::6810:c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/fs/api/v2/font?u=https%3A%2F%2Ffontmanagerstorage.blob.core.windows.net%2Ffontmanagerfonts%2F59c910d931ae9c0318638256%2Fb8d39551-68ea-4ae7-9f0e-5ab5c1261bdd.woff&t=%2535
Requested by: Host: d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com
URL: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aad31ed98f49231067e90a220467c2b8956677d379447224750454cb082b78cc

Request headers

Referer: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/
Origin: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:30 GMT
cf-cache-status: HIT
last-modified: Wed, 23 Mar 2022 16:42:27 GMT
server: cloudflare
age: 740823
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=31536000, stale-if-error=86400, stale-while-revalidate=86400
content-disposition: attachment; filename=b8d39551-68ea-4ae7-9f0e-5ab5c1261bdd-subset.woff
cf-ray: 6f4f45529eb001df-ZRH
expires: Thu, 23 Mar 2023 16:42:27 GMT

GET
H2 200 optimize
c.bannerflow.net/io/api/image/ Frame D4A0 9 KB
9 KB 19ms
19ms Image
image/webp 2606:4700::6810:c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bannerflow.net/io/api/image/optimize?u=https%3A%2F%2Fc.bannerflow.net%2Faccounts%2Fmelia-hotels-international%2F59c9120b31ae8f128419d688%2Fimages%2Fa326ed08-c4ea-44d9-8af8-9453fe674daa.jpg&w=818&h=460&q=85&f=webp&rt=contain
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c5642bd36978334c426996071a059ca2a5d24e6696fca3351358d24872e9602a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:30 GMT
cf-cache-status: HIT
last-modified: Thu, 31 Mar 2022 08:16:53 GMT
api-supported-versions: 2.0
age: 79957
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=86400,stale-if-error=86400,stale-while-revalidate=86400
accept-ranges: bytes
cf-ray: 6f4f4552cbbe01f8-ZRH
content-length: 9308
server: cloudflare
request-context: appId=cid-v1:aa2d0cc3-fd7d-4ac0-80ca-1db03d937ce1

GET
H2 200 optimize
c.bannerflow.net/io/api/image/ Frame D4A0 7 KB
7 KB 19ms
18ms Image
image/webp 2606:4700::6810:c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bannerflow.net/io/api/image/optimize?u=https%3A%2F%2Fc.bannerflow.net%2Faccounts%2Fmelia-hotels-international%2F59c9120b31ae8f128419d688%2Fimages%2Fc3596054-39d5-4764-b982-1b0cfdae2dd7.png&w=201&h=226&q=85&f=webp&rt=contain
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 28028a55088f5a8f8bfddf3d2a735a6c08ff1493d68976e18eb1cb5c4cd08883

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 06:29:30 GMT
cf-cache-status: HIT
last-modified: Thu, 31 Mar 2022 08:16:53 GMT
api-supported-versions: 2.0
age: 79957
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=86400,stale-if-error=86400,stale-while-revalidate=86400
accept-ranges: bytes
cf-ray: 6f4f4552cbc001f8-ZRH
content-length: 7248
server: cloudflare
request-context: appId=cid-v1:aa2d0cc3-fd7d-4ac0-80ca-1db03d937ce1

GET
H2 200 27624350-8080-45f5-8ac5-4bcbf8478d7e.svg
c.bannerflow.net/accounts/melia-hotels-international/59c9120b31ae8f128419d688/images/ Frame D4A0 7 KB
3 KB 19ms
19ms Image
image/svg+xml 2606:4700::6810:c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bannerflow.net/accounts/melia-hotels-international/59c9120b31ae8f128419d688/images/27624350-8080-45f5-8ac5-4bcbf8478d7e.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2c3109a82c3a2c23e65bf887a0c7d13be0a8c7a3d1468103051144cb9e84ad77

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 01 Apr 2022 06:29:30 GMT
content-encoding: br
cf-cache-status: HIT
content-md5: 5Xuj2A+y0C5AFucBYDjFgA==
age: 6329
x-ms-lease-status: unlocked
last-modified: Fri, 18 Jun 2021 07:47:06 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: cba44f8b-801e-0031-2a48-3c0c35000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
cf-ray: 6f4f4552cbc701f8-ZRH

POST
H2 200 59c9120b31ae8f128419d688
c.bannerflow.net/tr/v2/pixel/ Frame 6345 0
97 B 43ms
42ms Ping
text/plain 2606:4700::6810:c40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.bannerflow.net/tr/v2/pixel/59c9120b31ae8f128419d688
Requested by: Host: c.bannerflow.net
URL: https://c.bannerflow.net/a/623044418c32679bc3732cfd?did=5ced02fe0fd60d000186f5ac&redirecturl=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCBF7XyZtGYvKMF6OZrAT42LWoCKi4z-Bo6sTlvvkPm_PHhMkvEAEgqoDDImD7gYCAlAqgAZOmj74DyAEJqQKwIkgWfZKyPqgDAaoE8AFP0PxloDABbBLpYF4AjnBRoP5M5u7lQCjH61grS-FL0WRqsJMiZamCyZDX_ZvBpvDATGQn__jNyADAX51JmPTgTQkXO7nsoLLEEYuFmliyvLpYuy0r7dar5uEl5hq1oYU1R08YY0HUHF8LC_1HdrnC9hKASborP2j3-bpHeIGqeqTJUaAHaYrnH0NmqhF1Bv8WtSVklQUHDo0m5GsbfUlj467RyGURm74S5ge3uMpdHUijAEAw_L9IxjYgPPSvUgWwyRMK8yaFUt1VIFdglmwqPlFhHAVYjyWN26GKxbaT4f1fRAYtAvaZSpBpXHlbVv_ABJ2N1IfzA-AEA5AGAaAGTYAH1dnwQagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiI4YAQEAEYHfIIG2FkeC1zdWJzeW4tMzY0MTIwMzE4ODU2ODI4OIAKA5gLAcgLAYAMAbATorbfDtgTDdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASKORo8Ui9ONjfYyHL9OUnKy9ob11diDXgTiF1VwSAhWFcQF3-a-_goqg%26sig%3DAOD64_3B1beX_sPfKJdQYvTb9S3q1qRC7g%26client%3Dca-pub-5512390705137507%26dbm_c%3DAKAmf-DX3c8b5Yy8rO8UDeld1rDC5qvEg9jlJg47xmz03TPKFmRu-hCk1nPB1x9ghUIUeCuJtqiiw4F5qBOI3s_12Aof2au7golTl-krMKx2U6AQpf8DNRIphqxNp4YhFWCSMmEv6do8qu5qLDbtU3jOi2fwwKlBqQ%26cry%3D1%26dbm_d%3DAKAmf-C6CzIWdH3vD0R8ecaVhRxJUrMoU09ZsfcSzjXZS0Ts5agB8HcajNe6T-MecBk2CRLHpmbBlvlFE5qXXhUzlqmg2aL4i_F_u5sYx6P_2eJc_poYdmk2tHM5D8tLJeZhylugphZ1bpgphZnjjSELi8hsn0CnYLcYlBwkQ5QKaa-aPuxOk9zbd7nC6CbvJ04QwHfb-SSD6ieaidVfrqoXiGOA6DnDeaITpxftSWIHsF8SblfpTbGDmS4jrfY_33wICs_8NcLVQjXP4aKJmwDaRfHbMr2Bh_KUpvj3ei2Rh0bHGZJ4KTPPEIRk4DDFrSMAr_kmXH_kFLhlcCJO5yBdhJL40xbKX3BPyILNXy9-1acBHsXfHANgt0_8TK1fdvTX8cx_hMsYO3-AYRE8aSADocDZ_RdOiWYkydxzLRVKeQVvkaje2K2tRxEeeZuqZBz1KHa_TH7ZPILg_9enQXODKCn94eafmQ%26adurl%3Dhttps%3A%2F%2Fa1.adform.net%2FC%2F%3Fbn%3D53999488%3Badfibeg%3D0%3Bcdata%3D4YT_bZKDXkTlvwfpzX36Bx7qDG_K8-XackZIfzXNib7ejaRpv4sDLy7hl8Jk7uqhhyoo4DBjAFpBHkwasZwuO688KtKy_n8vcstvXTPCJCpO-GBM7zzfVOuadMI-v8nHFoF0As75CiSZIXUfPIB1NxTpEtI_iNeiw3iI60gHGBc1%3B%3BCREFURL%3Dhttps%253a%252f%252fnor.vivit-tours.com%3BC%3D1&domain=https%3a%2f%2fd1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com%2f&targetwindow=_blank
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 01 Apr 2022 06:29:30 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 6f4f4552fc0401f8-ZRH
content-length: 0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
request-context: appId=cid-v1:1d9bcaa3-5ddc-4e5d-973c-949d7ceab63e

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3570 42 B
64 B 44ms
43ms Fetch
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuoBsba0rtxI8d5xhyVSJ04IrxEioii1mqwfpyRBP2lnKRNZOjadVoTIUWhzmoADslwzjM8VPqHvbmyiIdl5NOU2pZcCzNZneBU4aj0YXLrDme3Xp3MBw&sai=AMfl-YTAiTbB24aM3ACNB5AotqvdZq75CJISOrPEOKUnide_aGiScSE1ShrypiOaMryIPX3Pyonr1rkw1S5ArrsmJjdPbxAB3OmiuLOw5ZRoLpTDEB9Zr2Qp2Rrlxi2n_EFb&sig=Cg0ArKJSzLi2exPj0T9oEAE&cid=CAASKORo8Ui9ONjfYyHL9OUnKy9ob11diDXgTiF1VwSAhWFcQF3-a-_goqg&id=lidar2&mcvt=1000&p=1110,436,1204,1164&mtos=104,1000,1000,1000,1000&tos=104,896,0,0,0&v=20220330&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=4131343724&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1648794569734&rpt=286&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 06:29:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 /
a1.adform.net/serving/unload/ Frame 3570 35 B
503 B 18ms
18ms Ping
image/gif 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://a1.adform.net/serving/unload/?version=15&unload=3652418812305908119@@53999488,1034784859280220022,100|1135|0|0|0|0|0|0|0||39|1|||||1|0|0|JScszmuc6KRcPlakbYq96d0AtMEIPUWNhPL661TnX0W1fHoiENz9VPL_QlhaeLlf0|||11||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 06:29:31 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fnor.vivit-tours.com%2F&domain=nor.vivit-tours.com&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=jVS0wXx5dXgyaXpUZUJwcWdvTTRDOGJJRzZnRHFKVnNkNkl3T1JsZHczbi8wUlJiT0VqNUloYnNQNjZpZ1U5YWlIT1EwRTRWNzF0bE1hcjR5N2paMkFrTmtscy9XakJiTlpnSVk1V2pJREsvbTVNZGVmTkxiMjgvUU56Vj...

345 B
615 B

40ms
14ms

XHR
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=jVS0wXx5dXgyaXpUZUJwcWdvTTRDOGJJRzZnRHFKVnNkNkl3T1JsZHczbi8wUlJiT0VqNUloYnNQNjZpZ1U5YWlIT1EwRTRWNzF0bE1hcjR5N2paMkFrTmtscy9XakJiTlpnSVk1V2pJREsvbTVNZGVmTkxiMjgvUU56VjhoemtOU3g0Z0xUQlZhdG9hUzN6bmN5Z3lRNHBwdmVnb0pPc1V2NUtEV1c5VDIrcTRzSmxpT1RIc1ZNajViLzFnT05nc0NlL3p6QUVkYU5IQTRjdVVQd3ZGMHFjTjVqWld2N3pHYzlCK1BEeE5uV01NVEdnUmRKeDlPSlVHLzNqNFJjZitZNWFhfA&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

aaa2eb41c25bde1d4fefbb94319354686f7560cdeeeedc3b022088c2daeae5ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 06:29:31 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2397
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 01 Apr 2022 06:29:31 GMT
location: https://mug.criteo.com/sid?cpp=jVS0wXx5dXgyaXpUZUJwcWdvTTRDOGJJRzZnRHFKVnNkNkl3T1JsZHczbi8wUlJiT0VqNUloYnNQNjZpZ1U5YWlIT1EwRTRWNzF0bE1hcjR5N2paMkFrTmtscy9XakJiTlpnSVk1V2pJREsvbTVNZGVmTkxiMjgvUU56VjhoemtOU3g0Z0xUQlZhdG9hUzN6bmN5Z3lRNHBwdmVnb0pPc1V2NUtEV1c5VDIrcTRzSmxpT1RIc1ZNajViLzFnT05nc0NlL3p6QUVkYU5IQTRjdVVQd3ZGMHFjTjVqWld2N3pHYzlCK1BEeE5uV01NVEdnUmRKeDlPSlVHLzNqNFJjZitZNWFhfA&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://nor.vivit-tours.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1740
content-length: 509
expires: 0

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 62ms
20ms Preflight
application/json 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fnor.vivit-tours.com%2F&domain=nor.vivit-tours.com&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://nor.vivit-tours.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://nor.vivit-tours.com
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Fri, 01 Apr 2022 06:29:32 GMT
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 1464
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame EBC3 3 KB
2 KB 52ms
13ms Document
text/html 23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nor.vivit-tours.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1388
Content-Type: text/html; charset=UTF-8
Date: Fri, 01 Apr 2022 06:29:32 GMT
ETag: "e20015-b6b-5d84d0db0c30a"
Last-Modified: Fri, 18 Feb 2022 16:05:37 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK usermatch Show response
ssum-sec.casalemedia.com/ Frame 3C72 1 KB
3 KB 68ms
28ms Document
text/html 23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fnor.vivit-tours.com%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e94d710dc6e3602affe243968a9c5d423ecd129e03945c1c9874ebdc4276c6a2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://js-sec.indexww.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 1481
Content-Type: text/html
Date: Fri, 01 Apr 2022 06:29:32 GMT
Dropped-Udsids: 230|39|241|46|57|17|8|40
Expires: Fri, 01 Apr 2022 06:29:32 GMT
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Server: Apache
Vary: Is-Traffic-Usersync

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 70ms
14ms Preflight
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Fri, 01 Apr 2022 06:29:32 GMT
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 1087
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 3C72 170 B
188 B 18ms
17ms Image
image/png 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YkabybH4TzmlTVMvvnKkBAAABGMAAAAB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fnor.vivit-tours.com%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 06:29:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 3C72 70 B
265 B 90ms
29ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fnor.vivit-tours.com%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 06:29:32 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 3C72
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YkabybH4TzmlTVMvvnKkBAAABGMAAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YkabybH4TzmlTVMvvnKkBAAABGMAAAAB&dcc=t

43 B
645 B

99ms
99ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YkabybH4TzmlTVMvvnKkBAAABGMAAAAB&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fnor.vivit-tours.com%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 01 Apr 2022 06:29:32 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: V7822RXCE6SRFY1RYET5
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 01 Apr 2022 06:29:32 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: CTJQVZZQ29Y8B684F2FE
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YkabybH4TzmlTVMvvnKkBAAABGMAAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 400
Request failed due to privacy signals getuid
secure.adnxs.com/ Frame 3C72 0
0 40ms
24ms Image
text/html 37.252.172.36
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fnor.vivit-tours.com%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 37.252.172.36 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 3C72
Redirect Chain

https://p.rfihub.com/cm?in=1&pub=2079&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5107433823026997411

43 B
1 KB

20ms
20ms

Image
image/gif

23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5107433823026997411
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fnor.vivit-tours.com%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 01 Apr 2022 06:29:32 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 01 Apr 2022 06:29:32 GMT

Redirect headers

Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5107433823026997411
Date: Fri, 01 Apr 2022 06:29:32 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 3C72
Redirect Chain

https://b1sync.zemanta.com/usersync/index/?us_privacy=&gdpr=1&gdpr_consent=
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=&gdpr=1

43 B
315 B

17ms
17ms

Image
image/gif

23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fnor.vivit-tours.com%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 01 Apr 2022 06:29:32 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Fri, 01 Apr 2022 06:29:32 GMT

Redirect headers

Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=&gdpr=1
Pragma: no-cache
Date: Fri, 01 Apr 2022 06:29:32 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 106
Content-Type: text/html; charset=utf-8

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 3C72
Redirect Chain

https://beacon.lynx.cognitivlabs.com/ix.gif
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=20809184-8f71-409e-9322-64e42cee6320&expiration=1680330572

43 B
1 KB

21ms
21ms

Image
image/gif

23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=20809184-8f71-409e-9322-64e42cee6320&expiration=1680330572
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fnor.vivit-tours.com%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 01 Apr 2022 06:29:32 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 01 Apr 2022 06:29:32 GMT

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=20809184-8f71-409e-9322-64e42cee6320&expiration=1680330572
date: Fri, 01 Apr 2022 06:29:32 GMT
server: Kestrel
content-length: 0

GET
H/1.1 200
OK htw-pixel.gif
js-sec.indexww.com/ht/ Frame 3C72 43 B
425 B 14ms
13ms Image
image/gif 23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://js-sec.indexww.com/ht/htw-pixel.gif?YkabybH4TzmlTVMvvnKkBAAA%261123
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fnor.vivit-tours.com%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Fri, 01 Apr 2022 06:29:32 GMT
Last-Modified: Tue, 24 Jan 2017 19:36:04 GMT
Server: Apache
ETag: "902a3d-2b-546dc3a097100"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=2518
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 01 Apr 2022 07:11:30 GMT

GET
H2

200

cs&eq_cc=1 Show response
um2.eqads.com/um/ Frame 9834
Redirect Chain

https://um2.eqads.com/um/cs
https://um2.eqads.com/um/cs&eq_cc=1

186 B
370 B

97ms
97ms

Document
text/html

18.233.196.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://um2.eqads.com/um/cs&eq_cc=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fnor.vivit-tours.com%2F&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.233.196.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-233-196-70.compute-1.amazonaws.com
Software: /
Resource Hash: a90e58ef214855df27cb9a40a65359c9038cc7fab5da0ab1b90c6ad44c21f299

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

cache-control: no-cache, must-revalidate
content-length: 186
content-type: text/html; charset=utf-8
date: Fri, 01 Apr 2022 06:29:32 GMT
expires: Sat, 6 May 1995 12:00:00 GMT
last-modified: Fri, 01 Apr 2022 06:29:32 GMT
pragma: no-cache

Redirect headers

content-length: 41
content-type: text/html; charset=utf-8
date: Fri, 01 Apr 2022 06:29:32 GMT
location: /um/cs&eq_cc=1

GET
H/1.1 200
OK crum
dsum-sec.casalemedia.com/ Frame 9834 43 B
1 KB 20ms
19ms Image
image/gif 23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=40&external_user_id=1e17d440-61aa-478f-b66b-84bd542246be&expiration=1656656972
Requested by: Host: um2.eqads.com
URL: https://um2.eqads.com/um/cs&eq_cc=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://um2.eqads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 01 Apr 2022 06:29:32 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 01 Apr 2022 06:29:32 GMT

POST
H2 200 /
a1.adform.net/serving/unload/ Frame 3570 35 B
503 B 18ms
18ms Ping
image/gif 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://a1.adform.net/serving/unload/?version=15&unload=3652418812305908119@@53999488,1034784859280220022,100|4635|0|0|0|0|0|0|0||158|1|||||1|0|0|JScszmuc6KRcPlakbYq96d0AtMEIPUWNhPL661TnX0W1fHoiENz9VPL_QlhaeLlf0|||01||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 06:29:35 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

Verdicts & Comments Add Verdict or Comment

89 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

37 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.yadro.ru/	1970-01-20 10:44:56	Name: FTID Value: 1YHflN2_wB8I1YHflN001QCt
.vivit-tours.com/	1970-01-20 10:45:30	Name: _ym_uid Value: 16487945691054002384
.vivit-tours.com/	1970-01-20 10:45:30	Name: _ym_d Value: 1648794569
.yadro.ru/	1970-01-20 10:44:56	Name: VID Value: 3kQFEy1lhHOI1YHflN0016cg
nor.vivit-tours.com/	1970-01-20 02:43:06	Name: _pbjs_userid_consent_data Value: 6683316680106290
.mc.yandex.com/	1970-01-20 01:59:55	Name: sync_cookie_csrf Value: 694057878fake
.vivit-tours.com/	1970-01-20 02:01:06	Name: _ym_isad Value: 2
.mc.yandex.ru/	1970-01-20 01:59:55	Name: sync_cookie_csrf Value: 4202799114fake
.yandex.com/	1970-01-20 10:45:30	Name: yandexuid Value: 9547766191648794569
.yandex.com/	1970-01-20 10:45:30	Name: yuidss Value: 9547766191648794569
mc.yandex.com/	1969-12-31 23:59:59	Name: yabs-sid Value: 1140134401648794569
.yandex.com/	1970-01-23 17:35:54	Name: i Value: AM7iMnEeVDM6pVuQP2/skrpmf0fChPMG7jMZK0ETyHRW/+AgLlKzEGazyO5N1N/SiINW4QvVWIiXEsTDawxJPzNVZf0=
.yandex.com/	1970-01-20 10:45:30	Name: ymex Value: 1680330569.yrts.1648794569#1680330569.yrtsi.1648794569
.vivit-tours.com/	1970-01-20 10:45:30	Name: didomi_token Value: eyJ1c2VyX2lkIjoiMTdmZTNkMDgtOGY3NS02NzE5LWEzNjAtM2EyNzEyN2ExZGIyIiwiY3JlYXRlZCI6IjIwMjItMDQtMDFUMDY6Mjk6MjkuMjU0WiIsInVwZGF0ZWQiOiIyMDIyLTA0LTAxVDA2OjI5OjI5LjI1NFoiLCJ2ZW5kb3JzIjp7ImVuYWJsZWQiOlsiZ29vZ2xlIl19LCJ2ZW5kb3JzX2xpIjp7ImVuYWJsZWQiOlsiZ29vZ2xlIl19LCJ2ZXJzaW9uIjoyfQ==
.vivit-tours.com/	1970-01-20 10:45:30	Name: euconsent-v2 Value: CPWwhXdPWwhXdAHABBENBACgAP_AAH_AAAAAHFNf_X_fb3_j-_59_9t0eY1f9_7_v20zjgeds-8Nyd_X_L8X4mM7vB36pq4KuR4Eu3LBAQdlHOHcTUmw6IkVqTPsbk2Mr7NKJ7PEinMbe2dYGH9_n9XTuZKY79_s___z__-__v__7_f_r-3_3_vp9V---wOJAJMNS-AizEscCSaNKoUQIQriQ6AEAFFCMLRNYQErgp2VwEfoIGACA1ARgRAgxBRiyCAAAAAJKIgJADwQCIAiAQAAgBUgIQAEaAILACQMAgAFANCwAigCECQgyOCo5TAgIkWignkrAEou9jDCEMooAaBAAAAA.f_gAD_gAAAAA
.vivit-tours.com/	1970-01-20 11:21:30	Name: __gads Value: ID=8a0475d0432c76ef-220f1d7e6ccd000d:T=1648794569:S=ALNI_MZCjrhgqZSPTr3DnJlCA2-9TZEdwg
.doubleclick.net/	1970-01-20 11:21:30	Name: IDE Value: AHWqTUn_jUowuEtF-shQyQZBU8CZI_huJXG5H3NmJ1DO-FLl80SUwEDdZsmG0SBk-Y0
.adnxs.com/	1970-01-20 04:09:30	Name: uuid2 Value: 1867030495018600560
.adform.net/	1970-01-20 02:43:06	Name: C Value: 1
.casalemedia.com/	1970-01-20 04:09:30	Name: CMPS Value: 5203
.casalemedia.com/	1970-01-20 10:45:30	Name: CMID Value: YkabybH4TzmlTVMvvnKkBAAA
.casalemedia.com/	1970-01-20 04:09:30	Name: CMPRO Value: 1123
.adform.net/	1970-01-20 03:26:18	Name: uid Value: 3652418812305908119
.adform.net/	1970-01-20 02:09:59	Name: TPC Value: 1648794569969
.melia.com/	1970-01-20 11:25:49	Name: etuix Value: 5u.lAiLkACFOFguZhET0OrBhUFjMQggl3KvnIUZ1qDdPMTE2OGjjFg--
.melia.com/	1970-01-20 11:25:49	Name: et0 Value: YB4Ip19OW8CZUdGeOeEiwmDOj146c8abClQdE6V03ZFKAmA_t8k.meCq_YDB8GiPPAWWKvly00mXIfEkf7tLuAm7C5dXJYV_XZKONWX3Vift.u7mlVEad103tH5zoZ.Vi8sttV_2qsDdikN4sXFMKHujo396R628GLOs_Z7n3M715ngbQek8tHmm2iJT05zfwec-
.melia.com/	1970-01-20 11:25:49	Name: et Value: 1
.casalemedia.com/	1970-01-20 02:01:20	Name: CMST Value: YkabyWJGm8wA
.rfihub.com/	1970-01-20 11:21:30	Name: eud Value: H4sIAAAAAAAAAPvFyGtoZmJhbmliam5kYmAMADzlYIUQAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNjU0MDcxNrYwMjYwMrO0NDcxNBTiM9S1zAlP8k4JyEz1y_cDAPs_YB4lAAAA
.rfihub.com/	1970-01-20 11:21:30	Name: rud Value: H4sIAAAAAAAAAOMSNjU0MDcxNrYwMjYwMrO0NDcxNBTiM9S1zAlP8k4JyEz1y_eT4jU0M7EwtzQxNTcyMTAGAOnoAdM0AAAA
nor.vivit-tours.com/	1970-01-20 11:21:30	Name: cto_bundle Value: tgiBC19pcVk1UWtpUnlGUjdHNnpOdjBXJTJCYXFlQyUyQjVqblpQSVJYaDdHVUNOWmwzSHZtRHluejglMkJpUU1sd2VIWnBIZ3FUbG5pejlsNnNvNVRyR3Rnb2U5TDdOMnAzSWJDZlloc28yVXpmaTQ5anBHeUtsem5DWGFHN3Q3UGJKUGJQOXhIcQ
nor.vivit-tours.com/	1970-01-20 11:21:30	Name: cto_bidid Value: aZJHe192Zjhhdm1hMHFrUWN4Y3RGSXBMNHdlVU5pUDYyajJNdmdtWTNMJTJGOHloRzNzYjBzcjFwVk8waHRtSUFzZUg2NjFKMThsRjZVdCUyRnlmejQ0MGxrSnJxdnclM0QlM0Q
.eqads.com/	1970-01-20 04:10:56	Name: EQUser Value: UID=1e17d440-61aa-478f-b66b-84bd542246be
beacon.lynx.cognitivlabs.com/	1970-01-20 10:45:30	Name: UID Value: 20809184-8f71-409e-9322-64e42cee6320
beacon.lynx.cognitivlabs.com/	1970-01-20 10:45:30	Name: ss Value: 4bREQYLE36%2BA0ef98BzqowOLl6tKy8uMv3YNa93JDjtbTNzEQpOzW8cSBbnJk43WSQDZPPrJvotZjDhRgnoi2g%3D%3D
.casalemedia.com/	1970-01-20 10:45:30	Name: CMRUM3 Value: 2862469bcc27601e17d440-61aa-478f-b66b-84bd542246be&e662469bcc2760&2e62469bcc05a0&0862469bcc276020809184-8f71-409e-9322-64e42cee6320&2d62469bc92760CAESECB12wi8_O3rZ4VMDduQp4w&1162469bcc05a0&3962469bcc27605107433823026997411&f162469bcc05a0&2762469bcc0b40

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cdn.zx-adnet.com/s2r/px_optr.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://mc.yandex.com/sync_cookie_image_decide?token=9595.fd3jPXpe43NP2TYyxE6BJRo7sh3SXkLI9UTmWw8AB9veZEfnqKTAekFr40u4L2HunuzzoPBJ4h7Mjc0CWwLikw%2C%2C.OrWmwuTmLifb4pntlflajpsjGYo%2C Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1 Message: Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
javascript	warning	URL: https://d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Message: The resource https://c.bannerflow.net/accounts/melia-hotels-international/59c9120b31ae8f128419d688/published/1920993/2205057/preload.jpg was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a1.adform.net
adservice.google.com
adservice.google.de
b1sync.zemanta.com
beacon.lynx.cognitivlabs.com
c.bannerflow.net
cdn.jsdelivr.net
cdn.zx-adnet.com
cm.g.doubleclick.net
counter.yadro.ru
d1df8b4de5a6964191a6b6550c030763.safeframe.googlesyndication.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
get.optad360.io
googleads.g.doubleclick.net
gum.criteo.com
htlb.casalemedia.com
i.vivit-tours.com
ib.adnxs.com
js-sec.indexww.com
match.adsrvr.org
mc.yandex.com
mc.yandex.ru
mm.melia.com
mug.criteo.com
nor.vivit-tours.com
p.rfihub.com
pagead2.googlesyndication.com
s.amazon-adsystem.com
s1.adform.net
script.4dex.io
secure.adnxs.com
securepubads.g.doubleclick.net
site2text-2021.web.app
ssum-sec.casalemedia.com
tpc.googlesyndication.com
track.adform.net
um2.eqads.com
vivit-tours.com
www.google.com
www.googletagservices.com
104.21.59.48
109.232.197.33
142.250.184.194
142.250.186.34
151.101.1.195
178.250.2.146
18.233.196.70
184.31.84.150
193.0.160.129
209.54.180.144
23.35.236.247
2600:9000:206f:6800:11:a4de:2580:93a1
2606:4700:20::681a:9a9
2606:4700::6810:5714
2606:4700::6810:c40
2620:0:890::100
2a00:1450:4001:802::2002
2a00:1450:4001:810::2003
2a00:1450:4001:828::2002
2a00:1450:4001:829::2001
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2001
2a00:1450:4001:82b::2004
2a00:1450:4001:82f::2002
2a00:1450:4001:830::200a
2a00:1450:4014:80f::2002
2a02:2638:1::13
2a02:6b8::1:119
3.33.220.150
37.157.4.28
37.157.6.234
37.157.6.252
37.252.172.250
37.252.172.36
54.234.215.67
64.74.236.63
88.212.201.198
01079fcd8c2d32fe8393bd60cdcce3ec3bac3ef5681256127120764953b9b44d
04149c43558d59b2f0f2cc3f679979b915401ca5c94e833479ca9ea754db0b89
0609b70c35eab974a2c2d99d6da5d84d95b97f9fe3d28828710d04835153cb20
08e479b1a9d9aa5e2f0f5ce54269aca78666ae8d3901b0231b0def941c67c592
0a9077e0e273598bb801035365f055c5ba48991c8463af243a69fdbae72c43c1
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12c5152458ab4931e6687eae234390977300066e5dde02abc74824dca57f83de
1725d39c8aa07f7311d6c867c8a42d73993d9cdd4a22d30501b82fe31613d882
19047638d6399cbadb04d69bd35e36ca6a031939e827353609143b4b876fe19a
1bebe07e837fb33f10c63429c52aba83e53af281cdebd8687b3ca740d0703829
1cc776b4b87243862afabc5cb1107699c4bc2c3a89e7da2972f1e8d042233282
1db85b6c2c0383a57632cc42977d2ebad75cdbbecd1e9ade8b43c3a5be46cca9
1ff92f194ca3c545d4ad51f8b6342afbcd3d15936a4e677d9f6f334e29db0902
2065a180f787f46eca50717ca6a31774073d73ca1644e12cee672e42469078c1
28028a55088f5a8f8bfddf3d2a735a6c08ff1493d68976e18eb1cb5c4cd08883
2a5785b77392afc9cd2912fe805759dd4bec52a4ec5dd8c6981eefb08af7690f
2c3109a82c3a2c23e65bf887a0c7d13be0a8c7a3d1468103051144cb9e84ad77
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
31571d811b75166f0addeb6afc6d23310fdb2472764025da64b210ab4b5d3945
3373dca69883fd4d5298c955d822359a23e9c3658b63e06b483e251c10024f21
3d0bf782b47dcd079eedf6bb34ecb0742c114a4e4b90e37a58a412482101b475
3ed132c4475e0800a48916b5906218edbd68e5757a32179538f354ce886898e4
48be8ba8799f1de9ec8a2e3264f37705ab71fbcb0704bca44aa8dc22b980d01a
4a18b0faf6a447454e134730303202f8416b72f1d4f744b1d3b4646636240eb7
4d72384b80bcc64349beb1690104b6f061243bb53112fad113195c8b3d83ab61
4e259154d565486c485d02cfa5e7907f03c355f0875d7df202d3ad4f4b312cdc
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50fba71f6085452f0773305c033211c004603fbbab36572a938cf88ca71792c3
52708a3bfb7549674bbf71cf9fb0fa3f8622ba8ccd095a47f51dbb9fb83f120a
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
552a91228d301c2349ac090bf85eee7431e0a716f9c804575b7b86ffcad1781e
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5dac30411944d1b0728c6667785175023c61dd1f710d4dde9dc7fa14f021f032
5e3d6c85e0b836bfb59397aed7ddcd9f94f4825ca6cbb70b5f1995dceb917518
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6723ea2989d5cf57335b26d5bd0bcc52feffab866915b917c4cdcae672c99a2a
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
68c8634d999cb48fb4d22a917ab77afd3b92730b7002efacd43aafa68a97ad65
6a2562acb4f7f7865ccf874eba89d6194b4c6c2fdf2155bc61b000b118edae65
6c268e5e323869dfca81463df191ec0873aeba26740ceb499c9ff5eca34b7524
6ee0bfda04e6823ffb728b82c8596884a82b9c48e5ba271ea2dfecce76dcbc9d
7109518959a6958168f639860050324f4f063fd1697f32677cf9d0180ab02453
76a913aac5245b31baa5edc9dc198170aa54988f899b2f89833c1018d5ddf15c
76cec69a835990a09a8fb5f5798ad63d604a8697667160159f65d1bb08ee88de
7c3b96f238042f73d0bedf5877fa02eb834e89649bbd122e2f10cc35238173cf
7ee5c1034df1290e6ca78decd5c36f1800e2e66e0ea1f5eca72bc03829d2f837
7f1a13586c971a240a1605e4e26fe196c7d65d8d068a22c8c2b16a87a6e18de9
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434
8601386271d3ba06c1135a092613135c5da90b3732a8196e4761faf4b1afdc69
8b22fc1c761c011a02b17305957a03a8182281db08faaf9fa2eadcb1126b601d
8ceef21cbb51899993bc566567aa685aa27950ba362b8cfa4f9829cf9013e71d
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8da979458600536726a4bfca5e105c96a405e0740c16e55a7d6cc59108706417
920bf5e0981c083ac0cc65869559295260817baa40cdd79fd293fa7d7acf5456
9eb7f6271088b0cca8df60382ad3db6bbc55143451782958f6842b1c50ef45d3
a2862c9e532e9e51ea7ca8d7c96bb602a74e31396f9c5be127dbea7c5adfc227
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a90e58ef214855df27cb9a40a65359c9038cc7fab5da0ab1b90c6ad44c21f299
aaa2eb41c25bde1d4fefbb94319354686f7560cdeeeedc3b022088c2daeae5ee
aad31ed98f49231067e90a220467c2b8956677d379447224750454cb082b78cc
abf55d853f3bbe3a244ea8f3b8ed9b4127f028a096fefc942020a3605433d99a
ae2b3292ce4d22938259dd7e2d411ef3e498276837fbcc0475af40237b608f1f
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b409c14a10b4caad6b54844aa63a5faf748b83eecc2dd0d4fb1d913f8de55365
b4c7aa239aa654a54beaf577b44bda39069e9bcaab3d9b42954a9129cc3b8e6b
b669daf4312c726c94dfccd6effab2639c1c992f05969004a276a21d6c60773c
b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79
b9cc4e6545e11c8744c0bcf2bb607032327744078ebbf13a96ab2671bcee2e94
bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a
c16d965083b855b4af8456b4ce7c07900b4b60caeaf38450772e2d901a2e022e
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c5642bd36978334c426996071a059ca2a5d24e6696fca3351358d24872e9602a
c8a196ead786324a0446ddced514335d5955630415d8a0ba6aa7b131f4e774e0
ca473c2d63bce6d640d76af690a54078d2a39ec61828cca5bde93f0113081bf8
cb9ab321177706979c6f7a8d11d02fc184238225ba8fe3b17231d9fec17701b0
cda3c421b62828768ee2741a35bef36bcfdb1199ee3eb987269f7d1ce2dd8876
cf2edba70bc10fc1d0cfbb99388a7d29442a09dec8eb1baf093a58f2d5d88eb4
d46fb49bab044b72f45e26312101e253955a9184be0bafe16c4b44d9449bcaf9
d545b0de5199928169a9eb70e4ea94a856936a826b1bc868619a7ff0a2f85bc6
d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57
d65a80f4694f786a9b99f42cde5a3a95e4082fd0a65fdbcb4641030a1caae58f
d88499e163ae0dc1dec102b84e54b092a907c7f2dee2270002ec03eec938b591
dd780659b4c459487eb75a8ae8dfd106c50113470803d3eb20e03d89e1e1d9a8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5ecf5aa4cff16eb0c86fefbe8ad991f9c12d4389f80ba05b395a181662c7bcb
e66efb22ccd5399e270c6bbd831fc61b551061ddcaa379f411c0ab0af98e5480
e716e73d868fdea1f2ab08e88eb857d618bc37e665c69475ad719a3432bd2e12
e7454bd4a3bc5f489cf0cbe07e5d96387b06488b8bb0f10fecb621a125279a33
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
e94d710dc6e3602affe243968a9c5d423ecd129e03945c1c9874ebdc4276c6a2
e9dc49716340952b66c65afb68647aed921613866f870d848a7ca9d614950d61
ebfea51aab04d9ae4016336b9d275b5b44a131f4d0f1d4cd88b14e3207e77170
ec0b56aab6c20b0764fdcc1b9220a915bb416063aaef8c9425fd06afc3cc2f7b
ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436
ecfcec8f497f15339beda9a5deab51f516a4a7df850ddafa2978aa4fa5fbcd28
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4d14d600375619f98e54b465a36070610414054467e94c789ea28a19c2dd234
f504ccb6c20e2bd16e5d8f01f673b3d454bbfc8f9767c029967c293f4ee723a8
f7e06ae449bdd4ebece6e26cdb36840f7cb19f28b57bbb6b8647a54535557d3f
f849c0d64329cb3d49cef3edddfbbd7df84d9b958d9e68b83ec9afe1caf9b38c
ff4b703a37dc11dbca28199ebaa29bfd85fb3793138fdc9bb2b952954d098b68

nor.vivit-tours.com Open in urlscan Pro 104.21.59.48 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

127 Requests

89 %HTTPS

46 %IPv6

29 Domains

42 Subdomains

33 IPs

7 Countries

2937 kBTransfer

5051 kBSize

37 Cookies

42 Outgoing links

Page URL History

Redirected requests

127 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

nor.vivit-tours.com Open in urlscan Pro
104.21.59.48 Public Scan

Screenshot
Live screenshot

Full Image

127
Requests

89 %
HTTPS

46 %
IPv6

29
Domains

42
Subdomains

33
IPs

7
Countries

2937 kB
Transfer

5051 kB
Size

37
Cookies

127 HTTP transactions
2 data transactions