urlscan.io logo urlscan.io
SecurityTrails logo

pt.lizspaperloft.com Open in urlscan Pro
2a06:98c1:3120::7  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://pt.lizspaperloft.com/
Effective URL: https://pt.lizspaperloft.com/
Submission: On April 20 via manual from PT — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 51 IPs in 9 countries across 39 domains to perform 278 HTTP transactions. The main IP is 2a06:98c1:3120::7, located in United States and belongs to CLOUDFLARENET, US. The main domain is pt.lizspaperloft.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 13th 2021. Valid for: a year.
This is the only time pt.lizspaperloft.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 37 2a06:98c1:312... 13335 (CLOUDFLAR...)
2 2600:9000:215... 16509 (AMAZON-02)
2 2606:2800:234... 15133 (EDGECAST)
1 2 2a03:2880:f21... 32934 (FACEBOOK)
3 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
1 104.244.42.72 13414 (TWITTER)
11 142.250.186.98 15169 (GOOGLE)
1 9 37.157.6.246 198622 (ADFORM)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
4 185.184.8.90 204995 (RTB-HOUSE...)
3 22 185.33.220.244 29990 (ASN-APPNEX)
4 147.75.38.124 54825 (PACKET)
1 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
32 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
21 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
1 6 37.157.4.24 198622 (ADFORM)
3 2a00:1450:400... 15169 (GOOGLE)
9 32 142.250.185.226 15169 (GOOGLE)
4 10 69.192.160.245 16625 (AKAMAI-AS)
4 37.157.6.234 198622 (ADFORM)
1 109.232.197.33 50234 (EULERIAN-AS)
2 2a00:1450:400... 15169 (GOOGLE)
4 2001:4860:480... 15169 (GOOGLE)
1 74.125.71.156 15169 (GOOGLE)
11 2606:4700::68... 13335 (CLOUDFLAR...)
1 1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
15 2a00:1450:400... 15169 (GOOGLE)
5 142.250.181.226 15169 (GOOGLE)
1 2a02:fa8:8806... 41041 (VCLK-EU-SE)
1 1 35.186.193.173 15169 (GOOGLE)
1 34.96.105.8 15169 (GOOGLE)
1 35.227.252.103 15169 (GOOGLE)
1 54.77.236.4 16509 (AMAZON-02)
1 1 35.205.207.25 15169 (GOOGLE)
1 1 52.17.82.33 16509 (AMAZON-02)
1 2600:9000:215... 16509 (AMAZON-02)
1 82.113.101.132 6805 (TDDE-ASN1)
3 143.204.98.27 16509 (AMAZON-02)
1 213.202.235.10 24961 (MYLOC-AS ...)
1 2 52.31.67.18 16509 (AMAZON-02)
2 15.197.193.217 16509 (AMAZON-02)
2 2 35.211.178.172 19527 (GOOGLE-2)
2 2 185.64.190.78 62713 (AS-PUBMATIC)
1 174.137.133.49 27257 (WEBAIR-IN...)
1 1 23.35.228.23 16625 (AKAMAI-AS)
1 159.203.145.121 14061 (DIGITALOC...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2 2a02:2638:1::13 44788 (ASN-CRITE...)
2 178.250.2.146 44788 (ASN-CRITE...)
4 151.101.193.108 54113 (FASTLY)
278 51
37    2a06:98c1:3120::7 (United States)

ASN13335 (CLOUDFLARENET, US)
pt.lizspaperloft.com
lizspaperloft.com
2    2600:9000:2156:3800:11:a4de:2580:93a1 (United States)

ASN16509 (AMAZON-02, US)
get.optad360.io
2    2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)
platform.twitter.com
2    2a03:2880:f21c:80e5:face:b00c:0:4420 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.instagram.com
3    2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
4    2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    104.244.42.72 (United States)

ASN13414 (TWITTER, US)
syndication.twitter.com
11    142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net
securepubads.g.doubleclick.net
9    37.157.6.246 (Denmark)

ASN198622 (ADFORM, DK)
adx.adform.net
track.adform.net
1    2606:4700::6810:5914 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
2    2606:4700:20::681a:9a9 (United States)

ASN13335 (CLOUDFLARENET, US)
script.4dex.io
4    185.184.8.90 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net
prebid-eu.creativecdn.com
22    185.33.220.244 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
ib.adnxs.com
4    147.75.38.124 (Amsterdam, Netherlands)

ASN54825 (PACKET, US)
prebid.a-mo.net
1    2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
4    2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
5    2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
32    2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
5    2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
googleads.g.doubleclick.net
21    2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
5    2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
6    37.157.4.24 (Denmark)

ASN198622 (ADFORM, DK)
a1.adform.net
c1.adform.net
3    2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
32    142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net
cm.g.doubleclick.net
googleads.g.doubleclick.net
ade.googlesyndication.com
10    69.192.160.245 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a69-192-160-245.deploy.static.akamaitechnologies.com
dsum-sec.casalemedia.com
4    37.157.6.234 (Denmark)

ASN198622 (ADFORM, DK)
s1.adform.net
1    109.232.197.33 (France)

ASN50234 (EULERIAN-AS, FR)
PTR: ml.eulerian.net
mm.melia.com
2    2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
imasdk.googleapis.com
4    2001:4860:4802:32::3 (United States)

ASN15169 (GOOGLE, US)
csi.gstatic.com
1    74.125.71.156 (United States)

ASN15169 (GOOGLE, US)
PTR: wn-in-f156.1e100.net
bid.g.doubleclick.net
11    2606:4700::6810:d40 (United States)

ASN13335 (CLOUDFLARENET, US)
c.bannerflow.net
1    2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
gcdn.2mdn.net
2    2a00:1450:4001:6d::a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
r5---sn-4g5edns6.c.2mdn.net
15    2a00:1450:4001:813::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
5    142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net
googleads4.g.doubleclick.net
1    2a02:fa8:8806:13::1400 (Singapore)

ASN41041 (VCLK-EU-SE, US)
dclk-match.dotomi.com
1    35.186.193.173 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com
gcm.ctnsnet.com
1    34.96.105.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.105.96.34.bc.googleusercontent.com
tr.blismedia.com
1    35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com
rtb.openx.net
1    54.77.236.4 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-77-236-4.eu-west-1.compute.amazonaws.com
ads.yieldmo.com
1    35.205.207.25 (Brussels, Belgium)

ASN15169 (GOOGLE, US)
PTR: 25.207.205.35.bc.googleusercontent.com
ads.avads.net
1    52.17.82.33 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-82-33.eu-west-1.compute.amazonaws.com
pixel.adsafeprotected.com
1    2600:9000:2156:8a00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
static.adsafeprotected.com
1    82.113.101.132 (Offenbach, Germany)

ASN6805 (TDDE-ASN1, DE)
PTR: portal.o2online.de
portal.o2online.de
3    143.204.98.27 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-27.fra50.r.cloudfront.net
productsup.melia.com
1    213.202.235.10 (Düsseldorf, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
m.exactag.com
2    52.31.67.18 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-67-18.eu-west-1.compute.amazonaws.com
skydeutschland.demdex.net
2    15.197.193.217 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
match.adsrvr.org
2    35.211.178.172 (North Charleston, United States)

ASN19527 (GOOGLE-2, US)
PTR: 172.178.211.35.bc.googleusercontent.com
x.bidswitch.net
2    185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
1    174.137.133.49 (United States)

ASN27257 (WEBAIR-INTERNET, US)
dsp.adkernel.com
1    23.35.228.23 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-228-23.deploy.static.akamaitechnologies.com
cs.media.net
1    159.203.145.121 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
cs.chocolateplatform.com
1    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
2    2a02:2638:1::13 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
2    178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
mug.criteo.com
4    151.101.193.108 (United States)

ASN54113 (FASTLY, US)
acdn.adnxs.com
Apex Domain
Subdomains		 Transfer
62 googlesyndication.com
d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 98
tpc.googlesyndication.com — Cisco Umbrella Rank: 128
ade.googlesyndication.com — Cisco Umbrella Rank: 271
322 KB
47 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 193
googleads.g.doubleclick.net — Cisco Umbrella Rank: 40
cm.g.doubleclick.net — Cisco Umbrella Rank: 211
bid.g.doubleclick.net — Cisco Umbrella Rank: 500
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 293
322 KB
37 lizspaperloft.com
pt.lizspaperloft.com
lizspaperloft.com
5 MB
26 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 248
acdn.adnxs.com — Cisco Umbrella Rank: 597
121 KB
19 adform.net
adx.adform.net — Cisco Umbrella Rank: 3977
a1.adform.net — Cisco Umbrella Rank: 13810
s1.adform.net — Cisco Umbrella Rank: 9664
track.adform.net — Cisco Umbrella Rank: 4449
c1.adform.net — Cisco Umbrella Rank: 577
79 KB
18 2mdn.net
gcdn.2mdn.net — Cisco Umbrella Rank: 1008
r5---sn-4g5edns6.c.2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 262
3 MB
11 bannerflow.net
c.bannerflow.net — Cisco Umbrella Rank: 12334
183 KB
10 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 575
9 KB
9 google.com
adservice.google.com — Cisco Umbrella Rank: 77
www.google.com — Cisco Umbrella Rank: 4
2 KB
8 gstatic.com
fonts.gstatic.com
csi.gstatic.com
102 KB
5 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 46
imasdk.googleapis.com — Cisco Umbrella Rank: 417
125 KB
4 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 383
mug.criteo.com — Cisco Umbrella Rank: 2668
1 KB
4 melia.com
mm.melia.com — Cisco Umbrella Rank: 30513
productsup.melia.com — Cisco Umbrella Rank: 80432
614 KB
4 google.de
adservice.google.de — Cisco Umbrella Rank: 7579
1 KB
4 a-mo.net
prebid.a-mo.net — Cisco Umbrella Rank: 1173
986 B
4 creativecdn.com
prebid-eu.creativecdn.com — Cisco Umbrella Rank: 5993
728 B
3 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 176
109 KB
3 twitter.com
platform.twitter.com — Cisco Umbrella Rank: 624
syndication.twitter.com — Cisco Umbrella Rank: 891
133 KB
2 pubmatic.com
image6.pubmatic.com — Cisco Umbrella Rank: 622
1 KB
2 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 289
2 KB
2 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 355
810 B
2 demdex.net
skydeutschland.demdex.net — Cisco Umbrella Rank: 155380
2 KB
2 adsafeprotected.com
pixel.adsafeprotected.com — Cisco Umbrella Rank: 573
static.adsafeprotected.com — Cisco Umbrella Rank: 565
689 B
2 4dex.io
script.4dex.io — Cisco Umbrella Rank: 1879
24 KB
2 instagram.com
www.instagram.com — Cisco Umbrella Rank: 1119
5 KB
2 optad360.io
get.optad360.io — Cisco Umbrella Rank: 26184
588 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 238
22 KB
1 chocolateplatform.com
cs.chocolateplatform.com — Cisco Umbrella Rank: 2208
68 B
1 media.net
cs.media.net — Cisco Umbrella Rank: 1824
1 KB
1 adkernel.com
dsp.adkernel.com — Cisco Umbrella Rank: 4507
233 B
1 exactag.com
m.exactag.com — Cisco Umbrella Rank: 13218
1 KB
1 o2online.de
portal.o2online.de — Cisco Umbrella Rank: 62017
609 B
1 avads.net
ads.avads.net — Cisco Umbrella Rank: 26982
440 B
1 yieldmo.com
ads.yieldmo.com — Cisco Umbrella Rank: 614
35 B
1 openx.net
rtb.openx.net — Cisco Umbrella Rank: 1537
350 B
1 blismedia.com
tr.blismedia.com — Cisco Umbrella Rank: 3276
172 B
1 ctnsnet.com
gcm.ctnsnet.com — Cisco Umbrella Rank: 44302
512 B
1 dotomi.com
dclk-match.dotomi.com — Cisco Umbrella Rank: 2951
104 B
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 436
2 KB
278 39
Domain Requested by
35 lizspaperloft.com pt.lizspaperloft.com
32 pagead2.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
googleads.g.doubleclick.net
s0.2mdn.net
www.googletagservices.com
22 ib.adnxs.com 3 redirects get.optad360.io
googleads.g.doubleclick.net
acdn.adnxs.com
21 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
googleads.g.doubleclick.net
imasdk.googleapis.com
s0.2mdn.net
20 cm.g.doubleclick.net 9 redirects googleads.g.doubleclick.net
d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
15 s0.2mdn.net pt.lizspaperloft.com
s0.2mdn.net
d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
11 c.bannerflow.net d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
c.bannerflow.net
11 securepubads.g.doubleclick.net get.optad360.io
securepubads.g.doubleclick.net
d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
10 dsum-sec.casalemedia.com 4 redirects googleads.g.doubleclick.net
10 googleads.g.doubleclick.net d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
pt.lizspaperloft.com
8 adx.adform.net get.optad360.io
5 googleads4.g.doubleclick.net pt.lizspaperloft.com
5 a1.adform.net d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
s1.adform.net
5 www.google.com tpc.googlesyndication.com
d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
5 d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com securepubads.g.doubleclick.net
4 acdn.adnxs.com get.optad360.io
4 ade.googlesyndication.com
4 csi.gstatic.com imasdk.googleapis.com
4 s1.adform.net a1.adform.net
s1.adform.net
pt.lizspaperloft.com
d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
4 adservice.google.com securepubads.g.doubleclick.net
4 adservice.google.de securepubads.g.doubleclick.net
4 prebid.a-mo.net get.optad360.io
4 prebid-eu.creativecdn.com get.optad360.io
4 fonts.gstatic.com fonts.googleapis.com
3 productsup.melia.com
3 www.googletagservices.com d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
3 fonts.googleapis.com lizspaperloft.com
d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
2 mug.criteo.com
2 gum.criteo.com 1 redirects
2 image6.pubmatic.com 2 redirects
2 x.bidswitch.net 2 redirects
2 match.adsrvr.org d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
get.optad360.io
2 skydeutschland.demdex.net 1 redirects d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
2 r5---sn-4g5edns6.c.2mdn.net
2 imasdk.googleapis.com d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
2 script.4dex.io get.optad360.io
script.4dex.io
2 www.instagram.com 1 redirects pt.lizspaperloft.com
2 platform.twitter.com pt.lizspaperloft.com
platform.twitter.com
2 get.optad360.io pt.lizspaperloft.com
get.optad360.io
2 pt.lizspaperloft.com 1 redirects
1 cdnjs.cloudflare.com s0.2mdn.net
1 cs.chocolateplatform.com d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
1 cs.media.net 1 redirects
1 dsp.adkernel.com d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
1 m.exactag.com d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
1 portal.o2online.de
1 static.adsafeprotected.com d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
1 pixel.adsafeprotected.com 1 redirects
1 ads.avads.net 1 redirects
1 ads.yieldmo.com d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
1 rtb.openx.net d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
1 c1.adform.net 1 redirects
1 tr.blismedia.com d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
1 gcm.ctnsnet.com 1 redirects
1 dclk-match.dotomi.com d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
1 gcdn.2mdn.net 1 redirects
1 track.adform.net 1 redirects
1 bid.g.doubleclick.net imasdk.googleapis.com
1 mm.melia.com d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
1 cdn.jsdelivr.net get.optad360.io
1 syndication.twitter.com platform.twitter.com
278 61

This site contains links to these domains. Also see Links.

Domain
www.optad360.com
hr.lizspaperloft.com
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-13 -
2022-07-12		 a year crt.sh
*.optad360.io
Amazon		 2021-11-17 -
2022-12-15		 a year crt.sh
*.twimg.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-20 -
2022-10-19		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
syndication.twitter.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-03-07 -
2023-03-06		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-06 -
2022-10-07		 a year crt.sh
*.creativecdn.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1		 2022-03-17 -
2023-04-12		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2022-02-11 -
2023-03-14		 a year crt.sh
*.a-mo.net
R3		 2022-03-08 -
2022-06-06		 3 months crt.sh
*.google.de
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
www.google.com
GTS CA 1C3		 2022-04-11 -
2022-07-04		 3 months crt.sh
mm.melia.com
R3		 2022-04-18 -
2022-07-17		 3 months crt.sh
*.c.docs.google.com
GTS CA 1C3		 2022-04-12 -
2022-06-21		 2 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2021-08-10 -
2022-09-11		 a year crt.sh
tr.blismedia.com
GTS CA 1D4		 2022-02-20 -
2022-05-21		 3 months crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2021-07-08 -
2022-08-08		 a year crt.sh
*.yieldmo.com
Amazon		 2021-05-25 -
2022-06-23		 a year crt.sh
*.o2online.de
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-11 -
2023-03-08		 a year crt.sh
*.melia.com
Go Daddy Secure Certificate Authority - G2		 2021-11-04 -
2022-12-06		 a year crt.sh
*.exactag.com
Sectigo RSA Organization Validation Secure Server CA		 2022-04-01 -
2023-05-02		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2022-03-31 -
2023-05-02		 a year crt.sh
*.adkernel.com
AlphaSSL CA - SHA256 - G2		 2021-12-30 -
2023-01-31		 a year crt.sh
cs.chocolateplatform.com
ZeroSSL RSA Domain Secure Site CA		 2022-03-31 -
2022-06-29		 3 months crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-04-11 -
2022-07-07		 3 months crt.sh
cdn.adnxs.com
GeoTrust TLS RSA CA G1		 2022-03-11 -
2023-04-11		 a year crt.sh

This page contains 30 frames:

Primary Page: https://pt.lizspaperloft.com/
Frame ID: EF38620A4A073D3F2D59D94DFD75903F
Requests: 89 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.bbd13993eb53d3a11ac08f5e8cf9d6a4.html?origin=https%3A%2F%2Fpt.lizspaperloft.com
Frame ID: B44DD55F1F5AA570AF1B8F0AFA6BFB98
Requests: 2 HTTP requests in this frame

Frame: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 01E9D92C7DBB1F83CD150D307E010197
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: BAD31705259F3963CD5949C12F3E569F
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D287CBFDB6DE57404426C81D518F9951
Requests: 2 HTTP requests in this frame

Frame: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 80F1B7CECF005727C9C4B13637595D03
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJD8NRDO0zYYgcPQxwEwAQ&v=APEucNU4-yI2odYzw8ALMVPAlDhp9Rkc1EJ90_qI1MfCVykelF3ZL-nGqFdaQiD07BwbdnckKvsjAW5zncKX3n6N2vjPGhUwkUe6aj0G-FktNoiijEUQzvgNsmwyIPGOW4KbaO0-qPtQ75Gu_7JOzLxNha2WqX4V2-rL-YL3wJUD4TiWUPjUHaCBmEBiI9lqgE0_iHQuiRRkeeaXsmV1ymqslt4od150Rw
Frame ID: E25B5C19CC8F6EBCE393750AF6E87A91
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 768FCB3901605D66B483F68929A4DB54
Requests: 3 HTTP requests in this frame

Frame: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: C02A5973C2674BB91D5FDED03DE97C50
Requests: 33 HTTP requests in this frame

Frame: https://s1.adform.net/Banners/Elements/Files/63577/11022066/11022066.js?ADFassetID=11022066&bv=257
Frame ID: 580C7E201B93B15457995C6AFD4339C7
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: 7234A5886D7C41126C5A1737AB17CBE3
Requests: 3 HTTP requests in this frame

Frame: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 9E8D73D6D7CE36CC17749837C680C42F
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiB_aO-ATAB&v=APEucNV5fYa6eOX2zA9aiMkYtLFAehcyRx_ExvYmMW_3v9w7MBXBoKUpOqqS3DVxWoprshUPVFbK7NaVrDYyDemWsE56VVeI1ARaLi5jk9i0SLhfaWxYtFC2czc1nmMHRg-18CC04DOFfesB9zgkyC2JmISgnCXsDhxTASejAeTWpgEJJpajLPtqVjFvqKtn4F0E_-1wRutuy2znL12OKzpVq-Mdok3x1w
Frame ID: 8E4D5AF5C592CA32836960E504D2F2F5
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/3542255663189065728/300x250.html?e=69&leftOffset=0&topOffset=0&c=V46C1GHIaV&t=1&renderingType=2
Frame ID: 6B022D1A15982DF04DC5A428E1527803
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 09AE9B6520F93007230B179B5C9E81F8
Requests: 9 HTTP requests in this frame

Frame: blob://https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/1152b6d6-6aeb-46a5-9b1f-21f313016244
Frame ID: 51E22C2DB746C6337F49A0EF344CE6D3
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 9D0F625923DEAD89084AA45FBBE8EF22
Requests: 3 HTTP requests in this frame

Frame: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 8CF2D64CB2F112474D53C73B2266DBD7
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGNOd9sUBMAE&v=APEucNXdylNJhUE8RZ6NoJnRAemhHeC6mn_HtOkFqWWjFyo2T3pPX0ndi8eXk8DC8M3UlR4m1DZLodlLKqX0-NElUFsxn3Ez1ytor1BLDhMFHMkzpPA-HC5L1_ETltXqzg6KNlAW-fw81dmTINjXGTsCpeNCjUa5aqXf0hvV-97Y3RXayy2vWoBZ9n8HyKgG0H-IcCSlqaSnZgGDVoXqJbQJsk_Zzph_UA
Frame ID: EAA12D522161D3276E00BBBC850986CD
Requests: 5 HTTP requests in this frame

Frame: https://c.bannerflow.net/io/api/image/optimize?u=https%3A%2F%2Fc.bannerflow.net%2Faccounts%2Fmelia-hotels-international%2F59c9120b31ae8f128419d688%2Fimages%2Fa326ed08-c4ea-44d9-8af8-9453fe674daa.jpg&w=765&h=90&q=85&f=webp&rt=cover&x1=0&y1=591&x2=1600&y2=779
Frame ID: 554E2F9F2C5C2B53DE07D6C97408CF4D
Requests: 2 HTTP requests in this frame

Frame: https://productsup.melia.com/production/pre-summer22_h_low.mp4
Frame ID: 532FAF5F01FB70A98E4DC336D1D72777
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/LJGn0i2Pg8yG-wzimFR5htSsDE5oolsrGkll4HQxngw.js
Frame ID: 0F84B19521DA8560E06ABDF5ADC41076
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 1D014E47F75E32D0D4FB2EEAC0228056
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/6657181183598343709/index.html?e=69&leftOffset=0&topOffset=0&c=rG8LDoX2Hl&t=1&renderingType=2&ev=01_248
Frame ID: A84B9E68FDEE20594896E4CA6AC42483
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 11350D874DE3D3AC0D0B00878114EB98
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/LJGn0i2Pg8yG-wzimFR5htSsDE5oolsrGkll4HQxngw.js
Frame ID: 31685332604903F4522082A0647DCCD7
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 1389237E855EC1670CC6765C3BE07C1A
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: AA379FB036D91398BAE0D7F513A3AA1A
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 14C544F5D47FA5B78A591DDE8E8ED628
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 23B3FA623A0253F7F4309539154C9F1B
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Dicas De Vida, Dicas De Beleza, Bem-Estar, Entretenimento, Abril 2022

Page URL History Show full URLs

  1. http://pt.lizspaperloft.com/ HTTP 301
    https://pt.lizspaperloft.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • //platform\.twitter\.com/widgets\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

278
Requests

91 %
HTTPS

46 %
IPv6

39
Domains

61
Subdomains

51
IPs

9
Countries

11010 kB
Transfer

14597 kB
Size

38
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://pt.lizspaperloft.com/ HTTP 301
    https://pt.lizspaperloft.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 37
  • https://www.instagram.com/embed.js HTTP 302
  • https://www.instagram.com/static/bundles/es6/EmbedSDK.js/ab12745d93c5.js
Request Chain 106
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6HivpohbL-9M1jL3fiwJU&google_cver=1
Request Chain 107
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YmB49UKycvfJ7qLWk3e5DQAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEXHA18JL0ABy9JBgbYVBxI&google_cver=1
Request Chain 108
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEI8SIxyKh_0QHZTg7jvkwE8&google_cver=1
Request Chain 109
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODA5MjkzNDc3MjEzODg2NDM3Mg%3D%3D
Request Chain 137
  • https://track.adform.net/banners/scripts/rmb/Adform.DHTML.js HTTP 301
  • https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js
Request Chain 140
  • https://gcdn.2mdn.net/videoplayback/id/49cfa2139890e885/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1682025589/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signature/13849E40BC715E6AA08E373BAA622535F100BDF6.2E4CB505DC3C347F3821161EA83002EB232AFCBA/key/ck2/file/file.mp4 HTTP 302
  • https://r5---sn-4g5edns6.c.2mdn.net/videoplayback/id/49cfa2139890e885/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1682025589/sparams/acao,ctier,expire,hcs,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,rmhost,source/signature/72A6B7A83B7B2DD0C4FDA4A50D093578BBBEE0EB.0D8D2CBEA1548EB7C358966156EFBD1F70F3FBF0/key/cms1/cms_redirect/yes/hcs/ir/mh/rD/mip/2001:ac8:20:302::202e/mm/42/mn/sn-4g5edns6/ms/onc/mt/1650489130/mv/u/mvi/5/pl/53/rmhost/r1---sn-4g5edns6.c.2mdn.net/file/file.mp4
Request Chain 158
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELxMPSnr3h1IrVV4or0uEH0&google_cver=1
Request Chain 159
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YmB49UKycvfJ7qLWk3e5DQAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELxMPSnr3h1IrVV4or0uEH0&google_cver=1
Request Chain 160
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEPjDCDKiCYgBU2p2JmhrMVo&google_cver=1
Request Chain 161
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODA5MjkzNDc3MjEzODg2NDM3Mg%3D%3D
Request Chain 187
  • https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEDdRJ9tKUTMzSXS4p354hP4&google_cver=1&google_push=AYg5qPJy6lycSuWB8geqwqYX1BSNcXW7LLRhFhuU4gB8fXrzLyUDF5c-7Eodwj48_WDXxYhvmn9v1c9OpqMlarlDTJNRalra0DJV HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPJy6lycSuWB8geqwqYX1BSNcXW7LLRhFhuU4gB8fXrzLyUDF5c-7Eodwj48_WDXxYhvmn9v1c9OpqMlarlDTJNRalra0DJV&google_hm=9yJpKkfjQn6aXLh_Dbnz2Rk
Request Chain 189
  • https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEGgVs3uWlDd51Gts77lSUwQ&google_cver=1&google_push=AYg5qPIjopDMJNKdQ_K8sMmLERELR8P7LfRGcaYuGNPLyhoAul3bLn1D9H3hF_dojpZjL-kGXTEK6ETx0IJWWiz9ZWpgmTbmZ31m HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjcxODE5OTY1ODY5NzUwOTkyNw&google_push=AYg5qPIjopDMJNKdQ_K8sMmLERELR8P7LfRGcaYuGNPLyhoAul3bLn1D9H3hF_dojpZjL-kGXTEK6ETx0IJWWiz9ZWpgmTbmZ31m
Request Chain 192
  • https://ads.avads.net/sync/ggl?google_gid=CAESENjEV3JijkvDLCAzQ0D33tI&google_cver=1&google_push=AYg5qPKYw2mjPzpK3JKDSUZM4twiGAOEvEpe6Po66biDllrWxVjOzepAq2byd7pJKTZIfv5wb9nkNC_p-gn8N2F7MQ9cU0BGLmvD HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=NGRiNmI0YzEtZjc5NS00MDYzLWJmYzItOTY0MmExMDkwYzM4&google_push=AYg5qPKYw2mjPzpK3JKDSUZM4twiGAOEvEpe6Po66biDllrWxVjOzepAq2byd7pJKTZIfv5wb9nkNC_p-gn8N2F7MQ9cU0BGLmvD
Request Chain 200
  • https://pixel.adsafeprotected.com/rfw/st/999585/61793174/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&ias_dspID=3&ias_campId=27619585&ias_pubId=pub-5512390705137507&ias_chanId=1&ias_placementId=16725820018&bidurl=https://pt.lizspaperloft.com/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0gi1T_hBXdQ7NsWDtdZOmig HTTP 302
  • https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=
Request Chain 211
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFg8LpraSfrkmU0LYwWQ3rs&google_cver=1
Request Chain 212
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YmB49UKycvfJ7qLWk3e5DQAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFg8LpraSfrkmU0LYwWQ3rs&google_cver=1
Request Chain 213
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEDbnoyCPFyUR4wr9QL6hScM&google_cver=1
Request Chain 214
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODA5MjkzNDc3MjEzODg2NDM3Mg%3D%3D
Request Chain 229
  • https://skydeutschland.demdex.net/event?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=132133369&d_placement=331926956&d_campaign=27483059&d_bust=36870423&gdpr=&gdpr_consent= HTTP 302
  • https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=132133369&d_placement=331926956&d_campaign=27483059&d_bust=36870423&gdpr=&gdpr_consent=
Request Chain 233
  • https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEIp7HHKVAvbU4aPm3K1e3FE&google_cver=1&google_push=AYg5qPJQlLXqY80ooFkh6m3BwmZVsPlfWmbDq2dw94KTeeo1lWZDzJl5mUwTmvH8legeNlMts3jwCrUnGkhfxPIsB0_6qU-xTopk HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEIp7HHKVAvbU4aPm3K1e3FE&google_cver=1&google_push=AYg5qPJQlLXqY80ooFkh6m3BwmZVsPlfWmbDq2dw94KTeeo1lWZDzJl5mUwTmvH8legeNlMts3jwCrUnGkhfxPIsB0_6qU-xTopk HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJQlLXqY80ooFkh6m3BwmZVsPlfWmbDq2dw94KTeeo1lWZDzJl5mUwTmvH8legeNlMts3jwCrUnGkhfxPIsB0_6qU-xTopk&google_hm=ouw-tisfQcWPyM5jSJTHVA==
Request Chain 234
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEGq6jQOKTr81-KtlsuPeHcA&google_cver=1&google_push=AYg5qPKT4QFISWP3hGebSC2c_jbZBUS5Y3f0Mez3SybvCvDymeT4smk3sBSJnquCewguI8VC0tLmGS8wEG-GUlStNAywk9IhxbvL HTTP 302
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEGq6jQOKTr81-KtlsuPeHcA&google_cver=1&google_push=AYg5qPKT4QFISWP3hGebSC2c_jbZBUS5Y3f0Mez3SybvCvDymeT4smk3sBSJnquCewguI8VC0tLmGS8wEG-GUlStNAywk9IhxbvL&rdf=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=_R_4EmLUSc2yy0u-42WsuQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKT4QFISWP3hGebSC2c_jbZBUS5Y3f0Mez3SybvCvDymeT4smk3sBSJnquCewguI8VC0tLmGS8wEG-GUlStNAywk9IhxbvL
Request Chain 236
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDmnxOd4Y_pgc0lJ6yNcZq0&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok_oise8fWqhk4svYsGRtb8nko HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok_oise8fWqhk4svYsGRtb8nko&google_gid=CAESEDmnxOd4Y_pgc0lJ6yNcZq0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok_oise8fWqhk4svYsGRtb8nko&google_gid=CAESEDmnxOd4Y_pgc0lJ6yNcZq0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok_oise8fWqhk4svYsGRtb8nko&google_gid=CAESEDmnxOd4Y_pgc0lJ6yNcZq0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok_oise8fWqhk4svYsGRtb8nko&google_gid=CAESEDmnxOd4Y_pgc0lJ6yNcZq0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok_oise8fWqhk4svYsGRtb8nko&google_gid=CAESEDmnxOd4Y_pgc0lJ6yNcZq0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok_oise8fWqhk4svYsGRtb8nko&google_gid=CAESEDmnxOd4Y_pgc0lJ6yNcZq0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok_oise8fWqhk4svYsGRtb8nko&google_gid=CAESEDmnxOd4Y_pgc0lJ6yNcZq0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok_oise8fWqhk4svYsGRtb8nko&google_gid=CAESEDmnxOd4Y_pgc0lJ6yNcZq0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok_oise8fWqhk4svYsGRtb8nko&google_gid=CAESEDmnxOd4Y_pgc0lJ6yNcZq0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok_oise8fWqhk4svYsGRtb8nko&google_gid=CAESEDmnxOd4Y_pgc0lJ6yNcZq0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok_oise8fWqhk4svYsGRtb8nko&google_gid=CAESEDmnxOd4Y_pgc0lJ6yNcZq0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok_oise8fWqhk4svYsGRtb8nko&google_gid=CAESEDmnxOd4Y_pgc0lJ6yNcZq0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok_oise8fWqhk4svYsGRtb8nko&google_gid=CAESEDmnxOd4Y_pgc0lJ6yNcZq0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok_oise8fWqhk4svYsGRtb8nko&google_gid=CAESEDmnxOd4Y_pgc0lJ6yNcZq0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok_oise8fWqhk4svYsGRtb8nko&google_gid=CAESEDmnxOd4Y_pgc0lJ6yNcZq0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok_oise8fWqhk4svYsGRtb8nko&google_gid=CAESEDmnxOd4Y_pgc0lJ6yNcZq0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok_oise8fWqhk4svYsGRtb8nko&google_gid=CAESEDmnxOd4Y_pgc0lJ6yNcZq0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok_oise8fWqhk4svYsGRtb8nko&google_gid=CAESEDmnxOd4Y_pgc0lJ6yNcZq0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok_oise8fWqhk4svYsGRtb8nko&google_gid=CAESEDmnxOd4Y_pgc0lJ6yNcZq0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok_oise8fWqhk4svYsGRtb8nko&google_gid=CAESEDmnxOd4Y_pgc0lJ6yNcZq0
Request Chain 237
  • https://cs.media.net/cksync?type=g&google_gid=CAESEHJzYLEOLakqnKiXCMGF-kc&google_cver=1&google_push=AYg5qPJ4lHXklniQR9zfcfBcNfN4hQNvGomRvkBB5TrPLKh4UYlDI8ujAbwY4HlcxAjsqiY-nxk9NlIM6d0HjUCGmUdwMjjtZrTy HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjkzNDkxMTkwNzU3NjkwMTAwMFYxMA%3d%3d&mn_hm=MjkzNDkxMTkwNzU3NjkwMTAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPJ4lHXklniQR9zfcfBcNfN4hQNvGomRvkBB5TrPLKh4UYlDI8ujAbwY4HlcxAjsqiY-nxk9NlIM6d0HjUCGmUdwMjjtZrTy&gdpr=&gdpr_consent=
Request Chain 261
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fpt.lizspaperloft.com%2F&domain=pt.lizspaperloft.com&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=2S0DHnw3b0c4RFlhTjVWVHd1NEp2NEJ0c1VVcXRHTDVKVTVocHFlMk52ZmluT0lsZnVQT2p6TFo5NXd6S1kxRTlPaVFwdGZLd2E5bUlrYjFsaElTbU5iVE1XcVpnekh1TXlSNFQ2YmlXTjJoR1dyeUJXYzR5SitReTFIRmhkVlZzeUxrNTJIalRyNTg2V0Fpc0M0Tm1BaVY3UFp3SWxsb1lXbUF6ckRma0JvalJJR0s3QW1TbGtkeGJrNzB5dWs5ZGkyOGhQbHdOeU43R2VkeXBqQjBoRE15OUNScmVLTUtHSzh2WndtWllpWTdER2M5cHBxaUZpWFJiRG5kWTVXdm5udXZzfA&cppv=2

278 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
pt.lizspaperloft.com/
Redirect Chain
  • http://pt.lizspaperloft.com/
  • https://pt.lizspaperloft.com/
27 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ec8af15c3e1fce30e228908cbfdc1402bfbb0e69c4d84be1efac0b0d918fdfdb

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
6ff0eb9509240125-AMS
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 20 Apr 2022 21:19:48 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6NgrS4WB2dbgpxccUZYSMXTqzUDC6dgA9jWK5qfKtFZMHkZcko8hSfF4MHqGwKW%2BmqiuKSnIMltKqO%2B5EWrI%2BhlKrDSQdcce8mREObRZORfS8riKx8wS2%2FNd8n%2F%2FfIfviZ8e0tZJGgO6uO4QW%2FJJI8gd2w%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

CF-RAY
6ff0eb947daa417e-AMS
Cache-Control
max-age=3600
Connection
keep-alive
Date
Wed, 20 Apr 2022 21:19:47 GMT
Expires
Wed, 20 Apr 2022 22:19:47 GMT
Location
https://pt.lizspaperloft.com/
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W3myaMTosruCgJ3Y57iwZej8TZ3bpXYgDsgXxjMBTL5EGcG1fO9nvs502N7hTJP414Gk%2Fk0915qTU3%2BuRRiPCBdOdQo5cfrF0aotgABhDmOyPAMh5eoDZGJ7rpisTiy%2FJ8iMt7aBcZjyUn5Cp%2BO6fOw5dg%3D%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
bootstrap.min.css
lizspaperloft.com/template/vendors/bootstrap/ 		138 KB
22 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://lizspaperloft.com/template/vendors/bootstrap/bootstrap.min.css
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
463956
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 06 Apr 2021 06:15:35 GMT
server
cloudflare
etag
W/"606bfc87-22688"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2l41D3oR2yTdGTEa6rUa9CfgARx90DPAg3kV%2FxakeQzxLxzLPwQBdqCvN9%2FlO8YAofO60E9Bv1hr8v%2FB088EY4QF8ks25xbDRv%2B4IpUyHDswepHhHhp3AdR5L5g97xIu35hlCUm0gHYbeBxtlx4w5g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=2592000
cf-ray
6ff0eb95a9ef0125-AMS
expires
Sun, 15 May 2022 12:27:12 GMT
themify-icons.css
lizspaperloft.com/template/vendors/themify-icons/ 		16 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://lizspaperloft.com/template/vendors/themify-icons/themify-icons.css
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8a90594cc8c2796c488059c7ee25ce6cc9de27c7ac359ee680b50a2bf438da6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2083943
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 06 Apr 2021 06:15:37 GMT
server
cloudflare
etag
W/"606bfc89-4033"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t4JjG8yjjjcx8u86sRPDtrtibeIJVTfsHiBPvxnLkrJb6m4oI1ld6ioyGGr5f50MVsaQhgzYG6zV%2BgKDfAD1tKczcw4lFE%2FwPjdPR5IVVXYvxS2Lmm5qiJ63jpaA78weqFqPIoqsVji7GmZEtmngeA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=2592000
cf-ray
6ff0eb95a9f00125-AMS
expires
Tue, 26 Apr 2022 18:27:25 GMT
owl.theme.default.min.css
lizspaperloft.com/template/vendors/owl-carousel/ 		1013 B
754 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://lizspaperloft.com/template/vendors/owl-carousel/owl.theme.default.min.css
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
924b0dc630d1c5dff9fa31aead9509775b1d476bfe0a5ac2977b2f11205a26ac

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2390845
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 06 Apr 2021 06:15:36 GMT
server
cloudflare
etag
W/"606bfc88-3f5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pFw7E2ffLDTiZB%2BFbQRJFhRPwPN0ho6b2fJ2J4AriLxKSHhNB4fW9OhPKYoBq7ehuITe4%2FFEBd4HWlxMb9Tj3HzXsm%2FaES3s7OKrCCFaGttkCgPYenxtSnjLJpk1Whn5P0vFVWCLqOupeh1nDA0Zgw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=2592000
cf-ray
6ff0eb95a9ea0125-AMS
expires
Sat, 23 Apr 2022 05:12:23 GMT
owl.carousel.min.css
lizspaperloft.com/template/vendors/owl-carousel/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://lizspaperloft.com/template/vendors/owl-carousel/owl.carousel.min.css
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
521410e1fc44780061e09adc980275fb5ea277fd5d9e538454214ec4379ff4bc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
539910
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 06 Apr 2021 06:15:37 GMT
server
cloudflare
etag
W/"606bfc89-d17"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y4F8ifdg%2FupS6KATp466oXWKWOltoTyWFAkFM4IzNlPd7rbJfjjEuEqidaJyGL7c97BOecB4FIytBTWnIHd1BtMRzbeisZvHpJaBipgH7xrsu0qBxzTNNR4zKXZXzy6%2FftvPx87%2F39XcYoZOaJvWog%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=2592000
cf-ray
6ff0eb95a9e90125-AMS
expires
Sat, 14 May 2022 15:21:18 GMT
magnific-popup.css
lizspaperloft.com/template/vendors/Magnific-Popup/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://lizspaperloft.com/template/vendors/Magnific-Popup/magnific-popup.css
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
45d1f5f6cf913746c45dd697b1a8f3b719c02d8b3f678dc7fc2766d54e1aaf6e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
457967
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 06 Apr 2021 06:15:36 GMT
server
cloudflare
etag
W/"606bfc88-1b27"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bHzIJmmAM%2BzroYxhjc%2BSM63ipAFFqHPYW8HWSqxSmTK8JdTe5J8waN74cQ3wNrXA00i5UaR8J%2FuTgqXbgfP8Bzs5CN3fru6VR0Vs3t%2B59pCCQRYXHU9FZ6clZIfMrnAfVCllrxXaN6tj2wd5OBiTFw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=2592000
cf-ray
6ff0eb95a9ec0125-AMS
expires
Sun, 15 May 2022 14:07:01 GMT
style.css
lizspaperloft.com/template/css/ 		41 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://lizspaperloft.com/template/css/style.css
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
faf4661d03ebf2f1b29a9f0b85ab5ca1d1026bcab048df045d85dca5e2859cbc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
457967
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 06 Apr 2021 06:15:32 GMT
server
cloudflare
etag
W/"606bfc84-a2e3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4VGo0vMBV%2BL5ak9nCTghu87gzQvX2%2FqRV9%2F7Yuzg71BTvqrWoe47xU%2FkGjbbktoY82pvUwKHmnmtrrzv9TR7PLsMWHL8FUhOmRP%2BhYuS%2BXZoezFNqOI8FJHTkNpWlPsxdrLfiiiRhPndzabBLnxoUA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=2592000
cf-ray
6ff0eb95a9eb0125-AMS
expires
Sun, 15 May 2022 14:07:01 GMT
plugin.min.js
get.optad360.io/sf/4be3cb92-a399-488d-a445-a51558b6ee9b/ 		280 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://get.optad360.io/sf/4be3cb92-a399-488d-a445-a51558b6ee9b/plugin.min.js
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:3800:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6f19334fe9b6238724f9a3cef47321ccac8c16a20ae3717057d131415badae1f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 20:20:54 GMT
content-encoding
gzip
last-modified
Thu, 07 Apr 2022 11:24:00 GMT
server
AmazonS3
age
3535
etag
W/"10455f1267752549779203af07a80198"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 ba77f90aac0ddbc2c4c2c02062fac762.cloudfront.net (CloudFront)
cache-control
public, max-age=3600
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
XmqaVs461lZF0lsLl4oaMekgUIjRWOVQyycHdprQqFb_IoUO229HhA==
logo.png
lizspaperloft.com/template/img/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lizspaperloft.com/template/img/logo.png
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
338e82d153d7528cf84d4a23482d2d7e308db7095b8392c3488e68dda0db9d42

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
36241
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
4873
last-modified
Tue, 06 Apr 2021 08:33:53 GMT
server
cloudflare
etag
"606c1cf1-1309"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AcmGlIEH4y7rdx8N4ShYCB1IxwebmmNzmsbGHmmOJcI8ogeo%2B7LtCZu8rWnw2k%2BInM%2Fdm85pcRFOTjKs38rkdhjzvW%2FgoFZc%2Bi5sH4xPRFeC1A7JqekNKe3X09g3%2FUb8kTdiyhK4UxwnoUYCAARRkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6ff0eb95da2e0125-AMS
expires
Fri, 20 May 2022 11:15:47 GMT
6-amazing-hostess-gifts.jpg
lizspaperloft.com/img/gift-ideas/46/ 		51 KB
51 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lizspaperloft.com/img/gift-ideas/46/6-amazing-hostess-gifts.jpg
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
92840660fe25bc8221d448f9651bf3ea9d924d6093edc257559c2e98239e5979

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
51943
last-modified
Mon, 21 Feb 2022 15:57:32 GMT
server
cloudflare
etag
"6213b66c-cae7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y2WyTeXjzX9iHqML5whCp6%2FKYr9tmttA265IehLsAvCYnXVbvyEE7kYNutU0SmcJHhesMKZ2OTdDX501oHa54Ll2Uw1jhqsuG2iG7wnkUeKL6tIe%2F9XcwdrOb9kPqig38QWDVvg3oKZ1aEdwPWLUiA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6ff0eb95da2f0125-AMS
expires
Fri, 20 May 2022 21:19:48 GMT
party-ideas-bird-themed-baby-shower.jpg
lizspaperloft.com/img/party-planning/66/ 		66 KB
66 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lizspaperloft.com/img/party-planning/66/party-ideas-bird-themed-baby-shower.jpg
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8379c65b5db0f6ade463ba40d4017c327ca12d3403e64484bd0ea1b6c796294c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
67550
last-modified
Mon, 21 Feb 2022 15:56:34 GMT
server
cloudflare
etag
"6213b632-107de"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h9oDMIkWPLGpSOKn4tfc1ueu%2BIvsPcVB3o1GT2Bv%2FhypzCJkPHvR3xIlLt9IohnG%2BT0DG4w%2BdP11hYidj64v%2BWJ3ai%2BBaaN4OhDyC0OM4vpzsn8X4NkpaFyoVWx%2BnBGTC8FqgYKvxwfwOMLMw7xXFg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6ff0eb95da310125-AMS
expires
Fri, 20 May 2022 21:19:48 GMT
great-poems-read-thanksgiving-day.png
lizspaperloft.com/img/holidays/79/ 		98 KB
99 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lizspaperloft.com/img/holidays/79/great-poems-read-thanksgiving-day.png
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1bb251267df92cbdc97a23b1e417a7bc40a8e10db73ac7baaf05fdc509961d86

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
100437
last-modified
Mon, 21 Feb 2022 15:55:48 GMT
server
cloudflare
etag
"6213b604-18855"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BiLbqyHSIlRrM7kyd9aNiMjT4hApsXchG%2FOlHUIeUl%2B3DIn0%2Bq4HmqnzYS%2BR%2F9UJfaXkU23ly1ml%2BOesGHR5oElqZqFCiBmnpf2cl9i4Vq0Q95aUcftlYQX1JAu4SOp1T4nECPqGHx91lxYAFA%2B7OA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6ff0eb960a520125-AMS
expires
Fri, 20 May 2022 21:19:48 GMT
33-tips-make-spring-cleaning-easier.gif
lizspaperloft.com/img/your-best-life/36/ 		217 KB
218 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lizspaperloft.com/img/your-best-life/36/33-tips-make-spring-cleaning-easier.gif
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
62c7a4a8d89680c949c9e79163c4995185befd8f96430c0fa9755e3083f42eab

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
222151
last-modified
Mon, 05 Apr 2021 15:46:02 GMT
server
cloudflare
etag
"606b30ba-363c7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k9JaM%2B6498lkJNraOCFeZgtVBr8wl729DgRe9Q8LAAQgWT3a8t7luBhTmbtsnDMxq3iEoldpThQPR5JomcNakIDQ6nO5We0jrLA9Q6d9bcFSpDKWuCW%2BqtDmLOY%2Bk92B6%2Fb1NWMmhS5bFQttrVcW2w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6ff0eb960a540125-AMS
expires
Fri, 20 May 2022 21:19:48 GMT
how-royal-family-actually-makes-their-money.jpg
lizspaperloft.com/img/tv-movies/99/ 		129 KB
129 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lizspaperloft.com/img/tv-movies/99/how-royal-family-actually-makes-their-money.jpg
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
002084fa5c9418e25362d61c5d8dc7993995b7e737843fb0fb776d5f51d01fa9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
131907
last-modified
Mon, 05 Apr 2021 15:55:22 GMT
server
cloudflare
etag
"606b32ea-20343"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dr%2FHHpV%2BSKSw3FfjyjZ82aporH72b1gAc3Wr7N6EY6SxQpqU4eXSoAVhLgPfD26jPeYXfe1q5J3VYKWbSD%2BwG9GxeuwNBtfPLNPCnzvF6OQvQzce3MIBsSo8Hrr54ASfwKb2cHT5vVp3Q1rYl3SH7A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6ff0eb960a550125-AMS
expires
Fri, 20 May 2022 21:19:48 GMT
you-have-film-siren.jpg
lizspaperloft.com/img/tv-movies/05/ 		149 KB
150 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lizspaperloft.com/img/tv-movies/05/you-have-film-siren.jpg
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
89a5cfd08b7b3d3de5da747e3da6b444575c48b1eb0a107d176c64f4fa173b10

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
152812
last-modified
Mon, 05 Apr 2021 16:45:34 GMT
server
cloudflare
etag
"606b3eae-254ec"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ID%2FnVDf0ljFJytTULpXIgWQB1wsBWB2LP%2BXsnWnkkrTAxeegiBflx8uVDY2IvpvRInIDifXPrH4TZSXimwoIj6K%2B5jcQlUUU%2BkO2p8RtFb9dCotqPSZnoaJRlR1hNpR6TXpJm%2BWyIwiI2fZDNVOaUg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6ff0eb960a570125-AMS
expires
Fri, 20 May 2022 21:19:48 GMT
will-smith-gets-emotional-discussing-his-evolution.jpg
lizspaperloft.com/img/entertainment/81/ 		371 KB
372 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lizspaperloft.com/img/entertainment/81/will-smith-gets-emotional-discussing-his-evolution.jpg
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a3e9bdb71906b8e4409ae42d49bc07826b57c128164235bf126188cdddc2f14b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
380245
last-modified
Mon, 05 Apr 2021 16:45:52 GMT
server
cloudflare
etag
"606b3ec0-5cd55"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V2%2B03fAmF1jyVd6%2B56iHEilY7JkAI3ouWX%2F5YUx9A4PKj%2Fr6kzVTzAa%2FEHED5Gr2kp%2BW6smjh6b1CyMrDcfKvTWsbez5k3WwdTbmQ%2FFX%2B9s0wtuBV8rb0iDt%2Fr8u80DaUtEKHeFrWBW79gD4gAwRZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6ff0eb960a580125-AMS
expires
Fri, 20 May 2022 21:19:48 GMT
mary-kay-letourneaus-ex-husband-vili-fualaau-was-side-before-she-died.png
lizspaperloft.com/img/entertainment/11/ 		1 MB
1 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lizspaperloft.com/img/entertainment/11/mary-kay-letourneaus-ex-husband-vili-fualaau-was-side-before-she-died.png
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1dd80f9f8d09d3341e35c8dc3ac35f3de4b6d6a3a6940cd85cc6a59aa4ac492

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1339430
last-modified
Mon, 05 Apr 2021 17:42:40 GMT
server
cloudflare
etag
"606b4c10-147026"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jgJgczuo2WgagqRV8EJ3Z5AIx8BrxOVXeqZr67kLd3cToE9vG2JlzsHPDtsAVO1LnRsYhaFK8cdsQyMOep9RpaCLUMW91FkbUlqmuXPJFRBMrDQYnyskCbxTcqUn0R%2FAPYZ0%2FvU7EENAd9Zytj0%2F2w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6ff0eb960a5b0125-AMS
expires
Fri, 20 May 2022 21:19:48 GMT
dear-even-hansen-movie-cast-is-extremely-star-studded.jpg
lizspaperloft.com/img/entertainment/14/ 		151 KB
151 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lizspaperloft.com/img/entertainment/14/dear-even-hansen-movie-cast-is-extremely-star-studded.jpg
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7a7e1efdbe81c643cd002d5985e8a60257d76e260fed3d6422d4284529e8c65

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
154188
last-modified
Mon, 05 Apr 2021 16:08:18 GMT
server
cloudflare
etag
"606b35f2-25a4c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dfbR0zLSg9vAeUV01V5%2FkmT02bjSRYGbx5oxBWKpl0YF6dRJuBn8s%2F2ddx%2FP10RvleLxyjjbrfiCqU64YodSv3CEECJSV9%2BFjCwtz0TKIZgHseh0dOklXgyS2TIFlR5%2Fpj8onxYpHIU1F8B%2BA5Gr5w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6ff0eb960a5e0125-AMS
expires
Fri, 20 May 2022 21:19:48 GMT
how-unblock-throat-chakra.jpg
lizspaperloft.com/img/self-improvement/62/ 		51 KB
51 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lizspaperloft.com/img/self-improvement/62/how-unblock-throat-chakra.jpg
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c610b4bbc61182bb3cd61788cc96d8f9143f2cc191fa41371197920fbd80062

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3770
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
52056
last-modified
Tue, 09 Nov 2021 10:59:16 GMT
server
cloudflare
etag
"618a5484-cb58"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=59heyKK8Ug8LnQhVfMNea7%2BPykbgJ7jX0gBkkR4acYUcTFIUDk3z0jED%2FTdjnCp7uBo4xBJwr6SgBfOb5KfGPIjdIUt9UfPCzBHTXjFUB%2BVHDg83%2FMa6MMCujNoiV%2BjscGwyLE17IHS4bxf3cjZY8A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6ff0eb960a630125-AMS
expires
Fri, 20 May 2022 20:16:58 GMT
jennifer-lopez-joanna-gaines-were-spotted-working-her.jpg
lizspaperloft.com/img/entertainment/33/ 		232 KB
233 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lizspaperloft.com/img/entertainment/33/jennifer-lopez-joanna-gaines-were-spotted-working-her.jpg
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1b0fe28b487a7d38e53d5549b31c8f92e89febf8ffd74bb7f0a1624c7395d04

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1003
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
237766
last-modified
Mon, 05 Apr 2021 16:07:32 GMT
server
cloudflare
etag
"606b35c4-3a0c6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B4L%2Bc9z4yPYUoMK%2FQgatywuKPltTJopRTj%2BYy45FEcR%2BS2Uy97G5CVBYOSSy4It2lKbWizU6Y3aPHhhiAt5rybvsf3h0ExMFyAC6sQqi901nxMg6CTWbfMLEZLNM4W5inGE1MNx7%2BpZJ7i5j3oEg0A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6ff0eb960a660125-AMS
expires
Fri, 20 May 2022 21:03:05 GMT
30-cute-christmas-sweaters-you-can-wear-with-any-outfit.jpg
lizspaperloft.com/img/style/69/ 		168 KB
169 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lizspaperloft.com/img/style/69/30-cute-christmas-sweaters-you-can-wear-with-any-outfit.jpg
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a12db1519c4f3394693c42eb8a8e6d0415cafbe7e0387ba6d824351364481d2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1003
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
172412
last-modified
Mon, 05 Apr 2021 16:07:32 GMT
server
cloudflare
etag
"606b35c4-2a17c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hDo7rK7ekGE6ZRAC1oc%2F4IT2d7OYh5wRbcCmuPHWQzT67XYpLTmPIu6rchgS5geX2TwHeIaAKT3XIs9c6MP8Mzd%2Bl0UcUrk%2F59%2FR2Swi3EQCFpfj%2Brh9BY6TfSFJHcs%2FUK9vhXUMx3D2fvVDALutCw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6ff0eb960a670125-AMS
expires
Fri, 20 May 2022 21:03:05 GMT
how-make-zombie-door-fromthe-walking-deadfor-halloween.jpg
lizspaperloft.com/img/holidays/81/ 		67 KB
67 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lizspaperloft.com/img/holidays/81/how-make-zombie-door-fromthe-walking-deadfor-halloween.jpg
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
71cf4136b9a8327132fc54dffdbc96bc6ddbf48e9050264b33fc457b6149c81a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1003
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
68365
last-modified
Mon, 21 Feb 2022 15:56:48 GMT
server
cloudflare
etag
"6213b640-10b0d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7C44oDXd8a9L9uaBNAZmduoCcWz21mYVsv07B2wD16pQnJ4KBvM9cEmLDi7I85rxYNaEXTGq9NKydObCwsmd7QF2uU8N2k3szUsg3AHoF4s%2FX4WUbuc%2Bs%2FyyxqgKJzSj15zLXcCREsfY8YTWYs2jLg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6ff0eb960a690125-AMS
expires
Fri, 20 May 2022 21:03:05 GMT
15-examples-law-attraction-bible.jpg
lizspaperloft.com/img/self-improvement/80/ 		53 KB
54 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lizspaperloft.com/img/self-improvement/80/15-examples-law-attraction-bible.jpg
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b29440625a04aa7de80ff85c9a125321c88d67b951ceda13115269b4020168d9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5606
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
54550
last-modified
Tue, 09 Nov 2021 10:59:16 GMT
server
cloudflare
etag
"618a5484-d516"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HQPObJy%2B2w01AB2p1NTprxq3X9yfjx0tDB5%2BWgaq6adhCzt8KgRFh%2FRG1VfG6wTpwC8MYU1r4sAQGz6Aga5QTbB0uzJQo3KL8IL62BHkvi0A8kDjoC8%2BJjurfGMcDhxwOslS2aOi%2BWyr9MrDm1pPCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6ff0eb960a6b0125-AMS
expires
Fri, 20 May 2022 19:46:22 GMT
respect-trailer-explains-why-aretha-franklin-chose-jennifer-hudson-play-her.png
lizspaperloft.com/img/tv-movies/14/ 		1 MB
1 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lizspaperloft.com/img/tv-movies/14/respect-trailer-explains-why-aretha-franklin-chose-jennifer-hudson-play-her.png
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
41c302d1d8bb290cdac6d110f44da808d9adcb7327378063a10ade591976cea1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1002
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1203238
last-modified
Mon, 05 Apr 2021 17:41:00 GMT
server
cloudflare
etag
"606b4bac-125c26"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ij7PR%2FmdDplzb4vxSTXWll9JPnnPpz%2BALuPMo7PdsTfETFzAZDCaMf2HGyKkfjkSdjj6KYZxeIKSEiaWghEqj%2FIp64McaxX2QwTrSCXdMoOy6ZLtOsxJanLjQmSxZAboptpAmOj%2BFbyfhKrc9VdIKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6ff0eb960a6c0125-AMS
expires
Fri, 20 May 2022 21:03:06 GMT
25-scrapbook-ideas-beginners.jpg
lizspaperloft.com/img/your-best-life/55/ 		135 KB
135 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lizspaperloft.com/img/your-best-life/55/25-scrapbook-ideas-beginners.jpg
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a84f2d69d6e8d03741219c188668e5d99aa6bc3651b23d6aee31da98756ebc4d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
29110
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
137814
last-modified
Mon, 05 Apr 2021 16:00:14 GMT
server
cloudflare
etag
"606b340e-21a56"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YetPYqxeNupkCBIR4geilWk8v1QnSfrfhe5KQCZElAYJuctEIOwJ5psXi0V6BSC7mDfGPLoNQFcKxK37XfZak4r2n3TM4GtWsWaTfcP6gVor5DpZLohmY68sSFLUQQ1G73IAJ3xqKtUiUUNQY9Rq0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6ff0eb960a6d0125-AMS
expires
Fri, 20 May 2022 13:14:38 GMT
18-best-mother-son-wedding-dance-songs.png
lizspaperloft.com/img/party-planning/34/ 		165 KB
166 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lizspaperloft.com/img/party-planning/34/18-best-mother-son-wedding-dance-songs.png
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2d307da74741d6b6026ec9df019cd82dc3bfcc322c932fc7fe9b5ebabcd486d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1003
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
168974
last-modified
Mon, 21 Feb 2022 15:55:00 GMT
server
cloudflare
etag
"6213b5d4-2940e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nsiaMd0ILsU2UqZXu5ogz6ioIaopm%2FcEm%2BkCaOHKf8gDRMvdf%2Fr7ZqVTDqMwnQvju9SgHmsMZvww4HQGBMPaRfv2D6Vfo2phZelSU9eFZMq17yQNgj0gwcXY5sM6SSb9a3LNMSef24v%2FlJni89f%2BsA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6ff0eb960a6e0125-AMS
expires
Fri, 20 May 2022 21:03:05 GMT
liquid-exfoliants-are-next-big-thing-beauty-here-s-what-you-need-know.jpg
lizspaperloft.com/img/skin-makeup/97/ 		53 KB
53 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lizspaperloft.com/img/skin-makeup/97/liquid-exfoliants-are-next-big-thing-beauty-here-s-what-you-need-know.jpg
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e9716d8324899b6c3879c632a07fcd39c2f9527335febf2a070504cf96fc726

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1002
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
53954
last-modified
Mon, 05 Apr 2021 15:42:14 GMT
server
cloudflare
etag
"606b2fd6-d2c2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0fhnRsFTvIcrTzj4Ijg0eYyG%2BmsHXkYX6NPST8uXCEBg67dbr%2B7u0wSNHxCm0wB%2FF8h%2FcLv4nwYFyqwlEk%2BEFsl9NryOfWveVaivbdlYc%2BrXKiOXmN8BCAM3B%2FMg%2B5guHsn5%2FlAPTNDuux3%2FPQBLUA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6ff0eb960a710125-AMS
expires
Fri, 20 May 2022 21:03:06 GMT
why-is-sean-spicer-even-dancing-with-stars.jpg
lizspaperloft.com/img/tv-movies/41/ 		346 KB
347 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lizspaperloft.com/img/tv-movies/41/why-is-sean-spicer-even-dancing-with-stars.jpg
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d606ea735063f3b366c7af92a5294022cbb063d06d12fd544622704b81e449f3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1002
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
354571
last-modified
Mon, 05 Apr 2021 16:39:46 GMT
server
cloudflare
etag
"606b3d52-5690b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dFuAQLqd1eg8dT%2F4Oow6JAP1A4awQmvx2%2B37kADkjiKcnNYAae2C%2BZLXfFp1lK3NNeW%2FxE%2FfiuvxCrJ8qiF1frCZCqkX23uIDBSFBg%2FQlxHaOFfNXci1v14p74gRL95QKucXlfvpKHQcihjWjARLsw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6ff0eb960a720125-AMS
expires
Fri, 20 May 2022 21:03:06 GMT
how-create-wednesday-addams-halloween-costume.jpg
lizspaperloft.com/img/holidays/39/ 		58 KB
59 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lizspaperloft.com/img/holidays/39/how-create-wednesday-addams-halloween-costume.jpg
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
74804780bace24623da9e1547966720e292906113ed14874a5cd5bce4dba7c67

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1002
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
59871
last-modified
Mon, 21 Feb 2022 15:56:50 GMT
server
cloudflare
etag
"6213b642-e9df"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e2Ds7Z0osmQBjdsyJjsDHL%2B0xZ3coYtVJc8js2m1GmfCztN9OJO0Ml1y5%2BniLpq4LujztjwECTi7FaCLSncP7tJm9WQOihaXW%2B2m%2BAaeSOYrIRvpOhOhbRcOR2mCLU7kuA8ys7rV64uHTWMu%2BQF1Pw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6ff0eb960a740125-AMS
expires
Fri, 20 May 2022 21:03:06 GMT
jquery-3.2.1.min.js
lizspaperloft.com/template/vendors/jquery/ 		85 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lizspaperloft.com/template/vendors/jquery/jquery-3.2.1.min.js
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2390845
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 06 Apr 2021 06:15:36 GMT
server
cloudflare
etag
W/"606bfc88-15283"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6%2BD%2BsxRKIJ0UhTObVW9YQxt2F%2FuSigDW%2B0XF3UItyUEl4AdKym2vzXq09pdYyDEwKRkxY2HJn%2BVZPCZBwv3DlywFmBYWg7dzza5JJthq4LxZ6IfKNZZ7xmDAGTyAL2%2FnzSyb19rUIyzZZnmNhAO92g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=2592000
cf-ray
6ff0eb95a9f10125-AMS
expires
Sat, 23 Apr 2022 05:12:23 GMT
bootstrap.bundle.min.js
lizspaperloft.com/template/vendors/bootstrap/ 		69 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lizspaperloft.com/template/vendors/bootstrap/bootstrap.bundle.min.js
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
13f578716138aaf01e3b930e863b46b6a0f33e77513b52c193c949fcf47b080e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
224567
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 06 Apr 2021 06:15:35 GMT
server
cloudflare
etag
W/"606bfc87-11536"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KLI%2BNPZ%2BJjnvsjg4johzDhBBh40mh29m%2BaE4%2BIVsO2q1x7K8JuRsrlkDEp5LhFARZS95QytXWTWrWheZcphHflPFXGSmHQCXhp0wEvLfB1jJIzpPviqexdSbDZ2CbiCC6Hmr%2BZWYC6bOg8QefDh6fw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=2592000
cf-ray
6ff0eb95da240125-AMS
expires
Wed, 18 May 2022 06:57:01 GMT
owl.carousel.min.js
lizspaperloft.com/template/vendors/owl-carousel/ 		43 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lizspaperloft.com/template/vendors/owl-carousel/owl.carousel.min.js
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a53c43f834b32309b084ea9314df8307e9c78cee2202c6e07f216ae4ae5b704d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1747975
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 06 Apr 2021 06:15:37 GMT
server
cloudflare
etag
W/"606bfc89-ad36"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nn%2BWisIY4jAXBhtCFvBqGn0Qv6QSsjrpZpj6PUi2HsDUlwHucFo3z%2FBPb0GHPkQ1pI%2BRBic3MYdU%2FHkwpqA8zoWreWAMb0oCV3nIV%2FXHK35ik%2FYUnnficZT%2FFsZ0%2BqrJaVrv3RxjJEeVV7EsL3gQag%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=2592000
cf-ray
6ff0eb95da260125-AMS
expires
Sat, 30 Apr 2022 15:46:53 GMT
jquery.nice-select.min.js
lizspaperloft.com/template/vendors/nice-select/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lizspaperloft.com/template/vendors/nice-select/jquery.nice-select.min.js
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
66bdef0724e5306421bcc7e0910e41b5645228119ad9096ca4a6099e48d94e6a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2083866
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 06 Apr 2021 06:15:36 GMT
server
cloudflare
etag
W/"606bfc88-b7e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Crdvn%2B5HrCrXAmyIqtDBqckL%2BkQPvQlBlCDIrVNtHfVZJAQrkteoE6NlwTiE6kfXk2CZAKHLdolEW1iQaLWyBFajgSDUYPXNTyrQx3zW3Autne5xsqnh3%2BsE5qpo9T2Rus%2FlNs1Dy14lqt3%2FeFV9A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=2592000
cf-ray
6ff0eb95da280125-AMS
expires
Tue, 26 Apr 2022 18:28:42 GMT
jquery.magnific-popup.min.js
lizspaperloft.com/template/vendors/Magnific-Popup/ 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lizspaperloft.com/template/vendors/Magnific-Popup/jquery.magnific-popup.min.js
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
482458
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 06 Apr 2021 06:15:36 GMT
server
cloudflare
etag
W/"606bfc88-4ef8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yaCsAFXrzEijRARMeCfajNbCZCVkuDavkRu0HZNRHQctYdjjwgtcN%2FCkwe99802krW%2BNPCBDMKMtkbLx4f7lIZOIbATQ%2BF5IYSjfztg8fNmjyaUtiPeTTe1s4u2J7ZJdjBm70EWBriAOd3p2th%2BrUg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=2592000
cf-ray
6ff0eb95da2a0125-AMS
expires
Sun, 15 May 2022 07:18:50 GMT
jquery.ajaxchimp.min.js
lizspaperloft.com/template/js/ 		5 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lizspaperloft.com/template/js/jquery.ajaxchimp.min.js
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c7c17459ec57867f6812625f1b95e2f878363ca728b92a5968d2fc8e60d9712

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2083866
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 06 Apr 2021 06:15:32 GMT
server
cloudflare
etag
W/"606bfc84-12d4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3wPAl2wCbCBGUOyDzeb4bvWbcxITYqISk9YbCID7VxNQMEAbsVVGbGxY4%2FM3Pf2J6rrrfJkvuti1glU5F28LO6Q23U7X66IYtzVo71ftUs1yB0CAXI%2BU70DgoXbrrcDzl2cJ40mnfyX%2FR3UIpmpJZw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=2592000
cf-ray
6ff0eb95da2b0125-AMS
expires
Tue, 26 Apr 2022 18:28:42 GMT
mail-script.js
lizspaperloft.com/template/js/ 		1 KB
778 B 		Script
General
Check archive.org
Download Go to
Full URL
https://lizspaperloft.com/template/js/mail-script.js
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
01f639fd4c4119503e72e2bf2eb9c8a5984f7c83c7683c82dd0350ee9f63b3fd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
482458
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 06 Apr 2021 06:15:32 GMT
server
cloudflare
etag
W/"606bfc84-4ce"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=anobhuiaCgaX1C2PWZVnK0%2BAJx6iuvbArWQI4x5HinGit7oUImt6MPyWeG87z58Na%2Fb95%2BWyMDytvzCt3LetC3G4gVx56qk8ibHmLLYmu7OOUC3mHhLc1%2FSmoGRpsEqo6WODo25%2B1%2BFGSAt5WVgCDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=2592000
cf-ray
6ff0eb95da2c0125-AMS
expires
Sun, 15 May 2022 07:18:50 GMT
main.js
lizspaperloft.com/template/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lizspaperloft.com/template/js/main.js
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eb1c11244a3cfb59e1a08031732c6b9d7fdca0d73edca403bc147347aaf588e1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
482458
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 06 Apr 2021 06:15:33 GMT
server
cloudflare
etag
W/"606bfc85-9ec"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4et1if2nfOpgZ57M%2BTGPGdzefbkWusBOutzFPtvM7j4OMbZarszdh1Pa%2BHhrBtAnziSPR8I337uqj3Galx%2B3yTefk8wkZlr0oGGFg9v5omFcpxsoGRUNU0YrFnzETkoRuCxGecw0eY%2FpqXl8%2BdgFhg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=2592000
cf-ray
6ff0eb95da2d0125-AMS
expires
Sun, 15 May 2022 07:18:50 GMT
widgets.js
platform.twitter.com/ 		97 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67BE) /
Resource Hash
2b37b00f9400fedda05e3feb73c40b2a19af5fbd2d2d327c39e9476cff3dd9c8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 20 Apr 2022 21:19:48 GMT
Content-Encoding
gzip
Age
673
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ",edge;dur=1
Content-Length
29461
x-tw-cdn
VZ
Last-Modified
Wed, 13 Apr 2022 12:38:34 GMT
Server
ECS (frb/67BE)
Etag
"f1369725ba22125b0df0251e74090aa0+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=1800
ab12745d93c5.js
www.instagram.com/static/bundles/es6/EmbedSDK.js/
Redirect Chain
  • https://www.instagram.com/embed.js
  • https://www.instagram.com/static/bundles/es6/EmbedSDK.js/ab12745d93c5.js
15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.instagram.com/static/bundles/es6/EmbedSDK.js/ab12745d93c5.js
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Server
2a03:2880:f21c:80e5:face:b00c:0:4420 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
2a04fa46b4ebc4bb2c93126695f45b0acf711870e1f169bb95247592c28c24a8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Sun, 17 Apr 2022 10:42:31 GMT
x-fb-trip-id
1679558926
etag
"ab12745d93c5"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
edge-control
max-age=1209600, no-transform
cache-control
public,max-age=31536000,immutable
cross-origin-resource-policy
cross-origin
content-encoding
br
content-length
4843

Redirect headers

date
Wed, 20 Apr 2022 21:19:48 GMT
x-fb-trip-id
1679558926
x-ig-origin-region
odn
content-type
text/html; charset=utf-8
location
https://www.instagram.com/static/bundles/es6/EmbedSDK.js/ab12745d93c5.js
cache-control
max-age=21600
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
0
css
fonts.googleapis.com/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,600
Requested by
Host: lizspaperloft.com
URL: https://lizspaperloft.com/template/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
675dcd6b9174a58e7a075bdb8b16b49ab0268c38443341ede6f343f4ce92e481
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 20 Apr 2022 19:27:03 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 20 Apr 2022 21:19:48 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 20 Apr 2022 21:19:48 GMT
css
fonts.googleapis.com/ 		3 KB
544 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Josefin+Sans:400,600,700
Requested by
Host: lizspaperloft.com
URL: https://lizspaperloft.com/template/css/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
bd31cefd1c8e60607eb5c3468ae82fee34636abefb85dbaf3e754e32d1917ac3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 20 Apr 2022 21:19:36 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 20 Apr 2022 21:19:48 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 20 Apr 2022 21:19:48 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v28/ 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v28/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://pt.lizspaperloft.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 22:45:07 GMT
x-content-type-options
nosniff
age
81281
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44656
x-xss-protection
0
last-modified
Tue, 01 Mar 2022 22:03:03 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 19 Apr 2023 22:45:07 GMT
Qw3aZQNVED7rKGKxtqIqX5EUDXx4.woff2
fonts.gstatic.com/s/josefinsans/v23/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/josefinsans/v23/Qw3aZQNVED7rKGKxtqIqX5EUDXx4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Josefin+Sans:400,600,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
aa1c72e44c5aa91d24fc6ef2966a7d68363dd342bc325989e9f4dfaae39f54f0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://pt.lizspaperloft.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:46:08 GMT
x-content-type-options
nosniff
age
34420
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
26696
x-xss-protection
0
last-modified
Thu, 03 Feb 2022 00:39:22 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 20 Apr 2023 11:46:08 GMT
widget_iframe.bbd13993eb53d3a11ac08f5e8cf9d6a4.html
platform.twitter.com/widgets/ Frame B44D 		319 KB
104 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.bbd13993eb53d3a11ac08f5e8cf9d6a4.html?origin=https%3A%2F%2Fpt.lizspaperloft.com
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67BC) /
Resource Hash
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Referer
https://pt.lizspaperloft.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
628062
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
105433
Content-Type
text/html; charset=utf-8
Date
Wed, 20 Apr 2022 21:19:48 GMT
Etag
"8321d7cf58d70200c1423dfa0bca40f6+gzip"
Last-Modified
Wed, 13 Apr 2022 12:15:11 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (frb/67BC)
Server-Timing
"x-cache;desc= HIT,x-tw-cdn;desc=VZ",edge;dur=1
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
settings
syndication.twitter.com/ Frame B44D 		169 B
424 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://syndication.twitter.com/settings?session_id=41b4eae3853ca3bb051497ea22f6d59e17bdb86d
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.bbd13993eb53d3a11ac08f5e8cf9d6a4.html?origin=https%3A%2F%2Fpt.lizspaperloft.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.72 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
d7f2a53ec64c3613054b8aca405af6eeb1e8dc1bf371d4676f5dbe917e3986d8
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-response-time
118
date
Wed, 20 Apr 2022 21:19:47 GMT
content-encoding
gzip
last-modified
Wed, 20 Apr 2022 21:19:48 GMT
server
tsa_o
vary
Origin
strict-transport-security
max-age=631138519
content-type
application/json; charset=utf-8
access-control-allow-origin
https://platform.twitter.com
cache-control
must-revalidate, max-age=600
access-control-allow-credentials
true
x-connection-hash
07bf3f6aa6b9dd62bc28945d2fdce04bf1b96fbadea2921b5163ec5ca777e13b
content-length
143
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		83 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/4be3cb92-a399-488d-a445-a51558b6ee9b/plugin.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
sffe /
Resource Hash
6ca8ffa3793893211b88ffda414c65d61a0d9a66a6cf571427b55912f6245ec0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28542
x-xss-protection
0
server
sffe
etag
"1192 / 740 of 1000 / last-modified: 1650452814"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Wed, 20 Apr 2022 21:19:48 GMT
prebid6.13.0.js
get.optad360.io/sf/ 		527 KB
528 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://get.optad360.io/sf/prebid6.13.0.js
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/4be3cb92-a399-488d-a445-a51558b6ee9b/plugin.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:3800:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
710bf3b3a54e164c3bde1c64dd239d2e8cafb6277fecfcfff4bda901d81d377b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 29 Mar 2022 06:38:41 GMT
via
1.1 ba77f90aac0ddbc2c4c2c02062fac762.cloudfront.net (CloudFront)
last-modified
Wed, 02 Mar 2022 11:37:42 GMT
server
AmazonS3
age
1953668
etag
"9880469287264dec1b2db80d6f0c4c98"
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=360000000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-length
539768
x-amz-cf-id
v64OiBjEgtrbQj8qqj7z2XS8o_Aagf0cvSqdwQO4-hJeMWtiLEDlQQ==
openrtb
adx.adform.net/adx/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://adx.adform.net/adx/openrtb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.246 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://pt.lizspaperloft.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://pt.lizspaperloft.com
access-control-max-age
86400
allow
POST,OPTIONS
cache-control
no-cache, no-store, must-revalidate, no-transform
date
Wed, 20 Apr 2022 21:19:48 GMT
expires
-1
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
openrtb
adx.adform.net/adx/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://adx.adform.net/adx/openrtb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.246 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://pt.lizspaperloft.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://pt.lizspaperloft.com
access-control-max-age
86400
allow
POST,OPTIONS
cache-control
no-cache, no-store, must-revalidate, no-transform
date
Wed, 20 Apr 2022 21:19:48 GMT
expires
-1
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
latest.json
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20220420
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid6.13.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3bed460c8d9b5ca84c390278610d80bdc15c12abaa1481b85b1a375e1215aeda
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://pt.lizspaperloft.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
22729
x-jsd-version
1.0.1317
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19144-FRA, cache-cdg20741-CDG
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"66f-OtFGlWPBgwv4HsnJYzbdTiRqi7A"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KmDRfD3%2BRPwg7JuiXIeAagf5D16j7gxS%2Bz9agx3vS2PKHOI9AHVfsoKPP8NXaychctZNQmWiynh0LkglWVUjr7YvD9vTbxflbKFm7oDOuh51UV%2Ft4TYh1LvqQx417jylNhiGnlk%2BE8cNp6SmxFw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=604800, s-maxage=43200
cf-ray
6ff0eb9779030215-ZRH
access-control-expose-headers
*
localstore.js
script.4dex.io/ 		483 B
943 B 		Script
General
Check archive.org
Download Go to
Full URL
https://script.4dex.io/localstore.js
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid6.13.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
801633
x-amz-request-id
tx0c810f9b689a43feb0d6c-0062543d8e
x-amz-id-2
tx0c810f9b689a43feb0d6c-0062543d8e
last-modified
Mon, 11 Apr 2022 14:37:55 GMT
server
cloudflare
etag
W/"922cffdd75f7192f75231d92684885aa"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y4iDM1AAXRhoe%2BBWIFFuOohxhtT5xt36El3lidnqL7pehLMinjed2OgMJZ0o9lSsP%2FqgbkDlo%2BBPU5Z7zn1RRTBfUiR8O0C%2BO3n1RgoBDOHgXOIM7c0UxexSAvjzNxuoOB8ZB4ROMiLH2%2F%2B0"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=1800
x-amz-version-id
1649687875786561
cf-ray
6ff0eb978be15a31-MXP
bids
prebid-eu.creativecdn.com/bidder/prebid/ 		0
182 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid6.13.0.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS
ip-185-184-8-90.rtbhouse.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://pt.lizspaperloft.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://pt.lizspaperloft.com
date
Wed, 20 Apr 2022 21:19:48 GMT
access-control-allow-credentials
true
access-control-max-age
3600
vary
Origin
access-control-allow-methods
POST
prebid
ib.adnxs.com/ut/v3/ 		10 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid6.13.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
8e2f9be3123d627bd899e7927cd9ead60d05975abc973c0794ed1db14dc4b5f3
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pt.lizspaperloft.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 20 Apr 2022 21:19:48 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
193.27.14.25; 193.27.14.25; 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
a1969249-6bd2-453a-9fa4-746727c1e234
Server
nginx/1.21.3
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://pt.lizspaperloft.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
c
prebid.a-mo.net/a/ 		0
350 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid6.13.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
147.75.38.124 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://pt.lizspaperloft.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://pt.lizspaperloft.com
date
Wed, 20 Apr 2022 21:19:47 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
server
envoy
x-envoy-upstream-service-time
1
vary
origin, Accept-Encoding
prebid
ib.adnxs.com/ut/v3/ 		10 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid6.13.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
1e694c08571bfbf2c4a52da22a7d339d48c480146c4fa948f5a39bf52c99a0d0
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pt.lizspaperloft.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 20 Apr 2022 21:19:48 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
193.27.14.25; 193.27.14.25; 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
65cc8216-5e12-40bd-841a-23d2ab7d8279
Server
nginx/1.21.3
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://pt.lizspaperloft.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
openrtb
adx.adform.net/adx/ 		0
411 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adx.adform.net/adx/openrtb
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid6.13.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.246 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pt.lizspaperloft.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/json

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:48 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
POST,OPTIONS
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://pt.lizspaperloft.com
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires
-1
openrtb
adx.adform.net/adx/ 		0
412 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adx.adform.net/adx/openrtb
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid6.13.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.246 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pt.lizspaperloft.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/json

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:48 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
POST,OPTIONS
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://pt.lizspaperloft.com
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires
-1
c
prebid.a-mo.net/a/ 		0
228 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid6.13.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
147.75.38.124 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://pt.lizspaperloft.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://pt.lizspaperloft.com
date
Wed, 20 Apr 2022 21:19:48 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
server
envoy
x-envoy-upstream-service-time
9
vary
origin, Accept-Encoding
prebid
ib.adnxs.com/ut/v3/ 		10 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid6.13.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e4d103cf93f178c3b8d7e61f8b7a2ba969784c766ce16a578fb83be5385c87f6
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pt.lizspaperloft.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 20 Apr 2022 21:19:48 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
193.27.14.25; 193.27.14.25; 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
1de7ede2-16a4-4c69-b5fa-df06b139ca5b
Server
nginx/1.21.3
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://pt.lizspaperloft.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
bids
prebid-eu.creativecdn.com/bidder/prebid/ 		0
182 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid6.13.0.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS
ip-185-184-8-90.rtbhouse.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://pt.lizspaperloft.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://pt.lizspaperloft.com
date
Wed, 20 Apr 2022 21:19:48 GMT
access-control-allow-credentials
true
access-control-max-age
3600
vary
Origin
access-control-allow-methods
POST
prebid
ib.adnxs.com/ut/v3/ 		9 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid6.13.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
c0fbc22f10dccac81439d9c7dbc1b72544aa874e8dddda873dcaf15ef0dd9447
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pt.lizspaperloft.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 20 Apr 2022 21:19:48 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
193.27.14.25; 193.27.14.25; 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
6de99506-3ec0-4444-b419-8f74e3affcf3
Server
nginx/1.21.3
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://pt.lizspaperloft.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
pubads_impl_2022041401.js
securepubads.g.doubleclick.net/gpt/ 		362 KB
123 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041401.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
sffe /
Resource Hash
108a5ee6306c726271c490dceca48e5fb5a148ea41fcb9fe55cd5d348f16eb57
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 20:59:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1223
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
125916
x-xss-protection
0
last-modified
Thu, 14 Apr 2022 08:34:33 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Thu, 20 Apr 2023 20:59:25 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		82 B
103 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=pt.lizspaperloft.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
a944f9ef22a49bdcee0175bf86081c9ebbbc3da5268cad0708346c15bb8d304e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Apr 2022 21:19:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
78
x-xss-protection
0
expires
Wed, 20 Apr 2022 21:19:48 GMT
adagio.js
script.4dex.io/ 		72 KB
23 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://script.4dex.io/adagio.js
Requested by
Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c842fa8019eafc4beae4bd989e2c486d3ecd7a407edb21804c35a1726a90fec7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
485740
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-request-id
txcccc64b450964da48c126-0062543f97
x-amz-id-2
txcccc64b450964da48c126-0062543f97
last-modified
Mon, 11 Apr 2022 14:37:55 GMT
server
cloudflare
etag
W/"e88bab2e9c57f44732eeec31ca508d70"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=efkZSusNYuyivZD420gf%2B2DvIAjpzWklXqyweSibmb0LpSfw4IygpxpP01g6X6d7bBERerJByNTjE%2B%2BfrM1nEDaosc%2BS15RqMZVIxcp3iTNv8vh4KsTea4lYReYSggvpQQDvR%2FnBaG12FAcB"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=1800
access-control-allow-credentials
true
x-amz-version-id
1649687874851815
cf-ray
6ff0eb981e4d734b-MRS
access-control-allow-headers
Authorization
expires
Wed, 20 Apr 2022 21:49:48 GMT
integrator.js
adservice.google.de/adsid/ 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=pt.lizspaperloft.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Apr 2022 21:19:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=pt.lizspaperloft.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Apr 2022 21:19:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		1009 B
576 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=32471245794900&correlator=4210107993115095&eid=31063377%2C31065401%2C31066184&output=ldjh&gdfp_req=1&vrg=2022041401&ptt=17&impl=fif&iu_parts=121764058%3A22528037647%2Ccelebs-networth.com%2Ccelebs-networth.com_Interstitial&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=1&adks=3132106321&sfv=1-0-38&ecs=20220420&ists=1&fas=8&fsapi=false&sc=1&cookie_enabled=1&abxe=1&dt=1650489588488&lmt=1650489588&dlt=1650489588061&idt=406&biw=1600&bih=1200&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fpt.lizspaperloft.com%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=318061361.1650489588&ga_sid=1650489588&ga_hid=577484960&ga_fc=false&btvi=-1&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041401.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
63cefbc4133c7e859c623d9ce6e0751e94bfc16d5861fd24c3dacdc6ae228ada
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
546
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://pt.lizspaperloft.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 01E9 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://pt.lizspaperloft.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 20 Apr 2022 21:19:48 GMT
expires
Thu, 20 Apr 2023 21:19:48 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
pubads_impl_page_level_ads_2022041401.js
securepubads.g.doubleclick.net/gpt/ 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022041401.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041401.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
sffe /
Resource Hash
c321245e6d62047e34eb64d468495376a05026060a19408588ba2dd9e552f1aa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 14 Apr 2022 10:47:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
556323
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13283
x-xss-protection
0
last-modified
Thu, 14 Apr 2022 08:34:33 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Fri, 14 Apr 2023 10:47:45 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022041401&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
cf5521546e58ea96d01455479ff4461630555192e19cdd750401f572f188bc21
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Apr 2022 21:19:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10523
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=pt.lizspaperloft.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041401.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Apr 2022 21:19:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=pt.lizspaperloft.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041401.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Apr 2022 21:19:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		19 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=32471245794900&correlator=4210107993115095&eid=31063377%2C31065401%2C31066184&output=ldjh&gdfp_req=1&vrg=2022041401&ptt=17&impl=fif&iu_parts=121764058%3A22528037647%2Ccelebs-networth.com%2Ccelebs-networth.com_SF&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C750x100%7C970x90&ifi=2&adks=1095535024&sfv=1-0-38&ecs=20220420&fsapi=false&prev_scp=hb_format_appnexus%3Dbanner%26hb_size_appnexus%3D728x90%26hb_pb_appnexus%3D0.26%26hb_adid_appnexus%3D24038aa2c117f35%26hb_bidder_appnexus%3Dappnexus%26hb_format_bluerooste%3Dbanner%26hb_size_blueroosterm%3D970x90%26hb_pb_blueroostermed%3D0.02%26hb_adid_blueroosterm%3D2258e9ef9635fa6%26hb_bidder_bluerooste%3Dblueroostermedia%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.26%26hb_adid%3D24038aa2c117f35%26hb_bidder%3Dappnexus&cust_params=pubcid%3Dee225e62-3a6d-4651-b25c-d4a19947483a&sc=1&cookie_enabled=1&abxe=1&dt=1650489588674&lmt=1650489588&dlt=1650489588061&idt=406&biw=1600&bih=1200&adxs=436&adys=1200&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fpt.lizspaperloft.com%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=0x-1&msz=728x-1&fws=640&ohw=0&ga_vid=318061361.1650489588&ga_sid=1650489588&ga_hid=577484960&ga_fc=false&btvi=1&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041401.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
a78fc80bfe80d553ad5df7623c161af9e81ba477f78ed376c05153cbb5a53d9f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:49 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9549
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://pt.lizspaperloft.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		78 KB
23 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=32471245794900&correlator=4210107993115095&eid=31063377%2C31065401%2C31066184&output=ldjh&gdfp_req=1&vrg=2022041401&ptt=17&impl=fif&iu_parts=121764058%3A22528037647%2Ccelebs-networth.com%2Ccelebs-networth.com_ATF&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C970x250%7C970x300&ifi=3&adks=2150126683&sfv=1-0-38&ecs=20220420&fsapi=false&prev_scp=hb_format_appnexus%3Dbanner%26hb_size_appnexus%3D970x250%26hb_pb_appnexus%3D0.07%26hb_adid_appnexus%3D21f7fb166de6b49%26hb_bidder_appnexus%3Dappnexus%26hb_format_bluerooste%3Dbanner%26hb_size_blueroosterm%3D970x250%26hb_pb_blueroostermed%3D0.08%26hb_adid_blueroosterm%3D234d6d2dc4ff074%26hb_bidder_bluerooste%3Dblueroostermedia%26hb_format%3Dbanner%26hb_size%3D970x250%26hb_pb%3D0.08%26hb_adid%3D234d6d2dc4ff074%26hb_bidder%3Dblueroostermedia&cust_params=pubcid%3Dee225e62-3a6d-4651-b25c-d4a19947483a&sc=1&cookie_enabled=1&abxe=1&dt=1650489588682&lmt=1650489588&dlt=1650489588061&idt=406&biw=1600&bih=1200&adxs=436&adys=240&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fpt.lizspaperloft.com%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=0x-1&msz=728x-1&fws=640&ohw=0&ga_vid=318061361.1650489588&ga_sid=1650489588&ga_hid=577484960&ga_fc=false&btvi=0&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041401.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
fc5232f374867af26681cfdeef028a49c5708ab1124f9cae4997fde6dea9da26
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:49 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23910
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://pt.lizspaperloft.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 20 Apr 2022 21:19:48 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame BAD3 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://pt.lizspaperloft.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
3936
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 20 Apr 2022 20:14:12 GMT
expires
Thu, 20 Apr 2023 20:14:12 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame D287 		783 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
69d7a96bc36e1d50c32ce5396f6e23b0c9e7b3a73b7c389629c111c2f1c5c65f
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-NyaEoWXTXZkSwIPFhAtnnQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://pt.lizspaperloft.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
511
content-security-policy
script-src 'report-sample' 'nonce-NyaEoWXTXZkSwIPFhAtnnQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 20 Apr 2022 21:19:48 GMT
expires
Wed, 20 Apr 2022 21:19:48 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
LJGn0i2Pg8yG-wzimFR5htSsDE5oolsrGkll4HQxngw.js
pagead2.googlesyndication.com/bg/ Frame BAD3 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/LJGn0i2Pg8yG-wzimFR5htSsDE5oolsrGkll4HQxngw.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2c91a7d22d8f83cc86fb0ce298547986d4ac0c4e68a25b2b1a4965e074319e0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 14:40:20 GMT
content-encoding
br
x-content-type-options
nosniff
age
110368
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13643
x-xss-protection
0
last-modified
Mon, 11 Apr 2022 15:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 19 Apr 2023 14:40:20 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame D287 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022041401&jk=32471245794900&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
openrtb
adx.adform.net/adx/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://adx.adform.net/adx/openrtb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.246 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://pt.lizspaperloft.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://pt.lizspaperloft.com
access-control-max-age
86400
allow
POST,OPTIONS
cache-control
no-cache, no-store, must-revalidate, no-transform
date
Wed, 20 Apr 2022 21:19:48 GMT
expires
-1
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
openrtb
adx.adform.net/adx/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://adx.adform.net/adx/openrtb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.246 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://pt.lizspaperloft.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://pt.lizspaperloft.com
access-control-max-age
86400
allow
POST,OPTIONS
cache-control
no-cache, no-store, must-revalidate, no-transform
date
Wed, 20 Apr 2022 21:19:48 GMT
expires
-1
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
openrtb
adx.adform.net/adx/ 		0
411 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adx.adform.net/adx/openrtb
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid6.13.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.246 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pt.lizspaperloft.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/json

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:48 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
POST,OPTIONS
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://pt.lizspaperloft.com
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires
-1
prebid
ib.adnxs.com/ut/v3/ 		13 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid6.13.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
ceea75ef4b44fa966d673306ae0d3b8564155d56231809240479eab8b299c3cf
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pt.lizspaperloft.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 20 Apr 2022 21:19:48 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
193.27.14.25; 193.27.14.25; 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
e2afd53f-366b-4838-bbfe-13cad2461eb3
Server
nginx/1.21.3
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://pt.lizspaperloft.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
bids
prebid-eu.creativecdn.com/bidder/prebid/ 		0
182 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid6.13.0.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS
ip-185-184-8-90.rtbhouse.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://pt.lizspaperloft.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://pt.lizspaperloft.com
date
Wed, 20 Apr 2022 21:19:48 GMT
access-control-allow-credentials
true
access-control-max-age
3600
vary
Origin
access-control-allow-methods
POST
prebid
ib.adnxs.com/ut/v3/ 		10 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid6.13.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
3f7aaa0630d1b0419bd532c259cc4ab9bf4b9d8e89fd14b8458e6551ca167aba
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pt.lizspaperloft.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 20 Apr 2022 21:19:48 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
193.27.14.25; 193.27.14.25; 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
2817fe3d-60d4-464f-8368-ef48e869130f
Server
nginx/1.21.3
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://pt.lizspaperloft.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
c
prebid.a-mo.net/a/ 		0
204 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid6.13.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
147.75.38.124 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://pt.lizspaperloft.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://pt.lizspaperloft.com
date
Wed, 20 Apr 2022 21:19:48 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
server
envoy
x-envoy-upstream-service-time
4
vary
origin, Accept-Encoding
prebid
ib.adnxs.com/ut/v3/ 		10 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid6.13.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e653eaed83aeecb02dd5f3d11848e1f860db1b052e70df4ff9cbc9175eb2edb8
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pt.lizspaperloft.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Date
Wed, 20 Apr 2022 21:19:49 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
193.27.14.25; 193.27.14.25; 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
eb311ba0-828c-4f2a-b12f-edfacbdab04c
Server
nginx/1.21.3
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://pt.lizspaperloft.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
c
prebid.a-mo.net/a/ 		0
204 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid6.13.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
147.75.38.124 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://pt.lizspaperloft.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://pt.lizspaperloft.com
date
Wed, 20 Apr 2022 21:19:48 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
server
envoy
x-envoy-upstream-service-time
2
vary
origin, Accept-Encoding
openrtb
adx.adform.net/adx/ 		0
411 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adx.adform.net/adx/openrtb
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid6.13.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.246 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pt.lizspaperloft.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/json

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:48 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
POST,OPTIONS
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://pt.lizspaperloft.com
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires
-1
prebid
ib.adnxs.com/ut/v3/ 		145 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid6.13.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
27c213c59fde2e5782b568e0d63b8b13b04eb8420512972823d5ba9f62d68204
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://pt.lizspaperloft.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 20 Apr 2022 21:19:48 GMT
X-Proxy-Origin
193.27.14.25; 193.27.14.25; 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
4a350f3c-6569-49ed-8cf1-8d4f8587f892
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://pt.lizspaperloft.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
145
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
bids
prebid-eu.creativecdn.com/bidder/prebid/ 		0
182 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid6.13.0.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS
ip-185-184-8-90.rtbhouse.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://pt.lizspaperloft.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://pt.lizspaperloft.com
date
Wed, 20 Apr 2022 21:19:48 GMT
access-control-allow-credentials
true
access-control-max-age
3600
vary
Origin
access-control-allow-methods
POST
generate_204
tpc.googlesyndication.com/ Frame BAD3 		0
9 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?mbQIHw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:48 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
integrator.js
adservice.google.de/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=pt.lizspaperloft.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041401.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Apr 2022 21:19:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=pt.lizspaperloft.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041401.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Apr 2022 21:19:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		17 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=32471245794900&correlator=4210107993115095&eid=31063377%2C31065401%2C31066184&output=ldjh&gdfp_req=1&vrg=2022041401&ptt=17&impl=fif&iu_parts=121764058%3A22528037647%2Ccelebs-networth.com%2Ccelebs-networth.com_am_S2&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250%7C336x280%7C360x300%7C580x400&ifi=4&adks=3711858918&sfv=1-0-38&ecs=20220420&fsapi=false&prev_scp=hb_format_appnexus%3Dbanner%26hb_size_appnexus%3D336x280%26hb_pb_appnexus%3D0.07%26hb_adid_appnexus%3D467f4a1eef88819%26hb_bidder_appnexus%3Dappnexus%26hb_format_bluerooste%3Dbanner%26hb_size_blueroosterm%3D300x250%26hb_pb_blueroostermed%3D0.02%26hb_adid_blueroosterm%3D4582401b47acaa9%26hb_bidder_bluerooste%3Dblueroostermedia%26hb_format%3Dbanner%26hb_size%3D336x280%26hb_pb%3D0.07%26hb_adid%3D467f4a1eef88819%26hb_bidder%3Dappnexus&cust_params=pubcid%3Dee225e62-3a6d-4651-b25c-d4a19947483a&sc=1&cookie=ID%3D171f417a1f26b045-2232691c7ecd00ba%3AT%3D1650489588%3AS%3DALNI_MYSZiK2QU5GT0-XLg7W73FTSoa76g&abxe=1&dt=1650489589008&lmt=1650489589&dlt=1650489588061&idt=406&biw=1600&bih=1200&adxs=460&adys=1522&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fpt.lizspaperloft.com%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=0x-1&msz=300x-1&fws=640&ohw=0&psts=AGkb-H8nCze6nsAS9elrvRwB4CU8iybNF2joSB6_XppkPRbd&ga_vid=318061361.1650489588&ga_sid=1650489588&ga_hid=577484960&ga_fc=false&btvi=2&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041401.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
a91e18d4af2c456afc3a0a1a36b23f119b21f047a9781fe56a39da9bb4b7aec2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:49 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9578
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://pt.lizspaperloft.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
integrator.js
adservice.google.de/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=pt.lizspaperloft.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041401.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Apr 2022 21:19:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=pt.lizspaperloft.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041401.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Apr 2022 21:19:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		18 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=32471245794900&correlator=4210107993115095&eid=31063377%2C31065401%2C31066184&output=ldjh&gdfp_req=1&vrg=2022041401&ptt=17&impl=fif&iu_parts=121764058%3A22528037647%2Ccelebs-networth.com%2Ccelebs-networth.com_am_S1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250%7C336x280%7C360x300%7C580x200&ifi=5&adks=3777506267&sfv=1-0-38&ecs=20220420&fsapi=false&prev_scp=hb_format_appnexus%3Dbanner%26hb_size_appnexus%3D336x280%26hb_pb_appnexus%3D0.07%26hb_adid_appnexus%3D47992e390bfab83%26hb_bidder_appnexus%3Dappnexus%26hb_format%3Dbanner%26hb_size%3D336x280%26hb_pb%3D0.07%26hb_adid%3D47992e390bfab83%26hb_bidder%3Dappnexus&cust_params=pubcid%3Dee225e62-3a6d-4651-b25c-d4a19947483a&sc=1&cookie=ID%3D171f417a1f26b045-2232691c7ecd00ba%3AT%3D1650489588%3AS%3DALNI_MYSZiK2QU5GT0-XLg7W73FTSoa76g&abxe=1&dt=1650489589042&lmt=1650489589&dlt=1650489588061&idt=406&biw=1600&bih=1200&adxs=460&adys=330&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fpt.lizspaperloft.com%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=0x-1&msz=300x-1&fws=640&ohw=0&psts=AGkb-H8nCze6nsAS9elrvRwB4CU8iybNF2joSB6_XppkPRbd&ga_vid=318061361.1650489588&ga_sid=1650489588&ga_hid=577484960&ga_fc=false&btvi=0&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041401.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
53b7b550acc8de8faf9a78bdbf1076c11c1b8ae989a29ea62d65daffbbb2b0fa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:49 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10169
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://pt.lizspaperloft.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 80F1 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041401.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://pt.lizspaperloft.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 20 Apr 2022 21:19:48 GMT
expires
Thu, 20 Apr 2023 21:19:48 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
pixel
googleads.g.doubleclick.net/xbbe/ Frame E25B 		624 B
975 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CJD8NRDO0zYYgcPQxwEwAQ&v=APEucNU4-yI2odYzw8ALMVPAlDhp9Rkc1EJ90_qI1MfCVykelF3ZL-nGqFdaQiD07BwbdnckKvsjAW5zncKX3n6N2vjPGhUwkUe6aj0G-FktNoiijEUQzvgNsmwyIPGOW4KbaO0-qPtQ75Gu_7JOzLxNha2WqX4V2-rL-YL3wJUD4TiWUPjUHaCBmEBiI9lqgE0_iHQuiRRkeeaXsmV1ymqslt4od150Rw
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
276
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 20 Apr 2022 21:19:49 GMT
expires
Wed, 20 Apr 2022 21:19:49 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame 80F1 		27 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AAnsEbNmmR3-xncoQPslwF6vlYW1MK-t_mlcQqcSeNhn7QYJrm3OsxfboP7ojFxxMrvidnCJbBXkNQz8mOSsMi-_bO-kDPxtMO3iGMcwvfVGKYg-QwV1tRS7mA35IPb3fAgzQ4kY452ok7iNWFQkM7au3xzA&cry=1&dbm_d=AKAmf-BIq-vswGoeUQeuJ8NQ2Qhup1pt8jiBaDVu-w3WyuH7K3eNT36ohUJESNJXmuY-4QfeEl3_xIPQusXzA284zPieZq1Ms5kQVd9pSFDfWOMIKyLOpYSsInIoaadUtQIu0qTzFU7ejdO0L_3AUKc0kcCddNTfKi9waYJp8VVqHSPuAShSMvkiZ8ew_8JPwiaGEutv12pbC4OLUVC7WcdBH0hlc7v6uSZKCASxK65txS8x5Is4o3G4z_bNq7XMh7148mZrErr-VaDxCdFY1JYID5le7eluY9Y7p1gUJOCVIIqvRdazMNQKeIn3z2qyG5Ff_J-hIUMH6l_ug4FGoPG4oDga9keRZu-u7SK-K4itqte-Se_ZGu7YAQZvg6B8Si3cnbee9N30591UGAAVHS0GX9Weqbs6lPyCmACY8khFrTrZESU30BbXPKK72v3m58XwcQMlZ0jHe196KBkjwHpfxeRVzEtoROMYu2yShxgWizvNfzCD6FMPn5Vbj2TmJJOWZzejOHk9xkdk87naodkWdcSEqZGtyTpAr0KluoL7UJbqoj3LQED6xQ60htOQYtEFzdAJhGcKxt0liEftQxpsYrYIIakHJX2MK5rUTQI_ZWTj-vWP_29U_8wOXGTuFd6lxakJepfpVZobruybtNQTC9R8aBR95ghcQ_tprygeq7Oxow8me9FDepcMJTgbwZChf2IDmfXbct6wNbqv48OcHX5V1WtdgWMqSLX8nXusSsIrxLWXxRweQABIIr5c_9nTjmtPPkr1QLJw9PonRp38nV2BcdykKetVqpf3-GBDEXwbDxGA5OSowwHH6HwzL6eZtEZ1OK2QGDAbOXxKLPyukCLTLP6PivGEJVJbIPWPZHPwvQOYz8QW_EPyOUZwf93EteA6cFdbYOISdlvl8QVdk3p_j19QgBzkxk92BIwRQ9FO4jpnjS0ZTlHXjKZdgga9QhzwunT2urUAAuTp9RAynV2O6wqET8oB2aAQfWY1M_G0tIvmYcqfmpfAEVcmaOcZZDYTdDru31UWDNAkMsPqWS4o4jBgrIE3A-KiVdGqc6AqFV4A-lReHKB8mNLeNzJUfPFVKEmeGLhFwFPTvTSovWxhmaYN9YlVoO0v81YM7h6K3FrLncOIoXE4c6gaAZ6ECufFYH10yk0CtwG6Fjby7KqGvGtv_2Z8Hnvtya9hSHchS0n9dbJiLkYqheNqZukIkYNT6MPJXZsKExaSb6Cz4ULYGB4OxW5PtoofJ3PvO4TxlKMLG4t1uVMg0teNUoZmPnAuu-0yjcyz7vrcaTjwHiY1v9nDD1E1p4BDzBEk1CdBsBTtwk-KhXSPFB09KGsXAosKkl3eoKPs2QXG9IN4SyT8TDE3e_HWAcHoIfCIaifH7To_vvUvLk_I9t6ilLJokIkrZMDjusN5JtWTFIAU-cu9et47pi7GMFm29_UI4EUKeMt7ZsHd03NS8XrqoqoQazj_PN7A4mutPjxCqAVx4hPGBM8Wk3eu6KEqeSLVDk_ZcmJEi3dNalvLVpwTYSHghtC3uuo0-ziCmNKy91uF8WgyHdxVXVP0EHsabjUgfiQRg29Jao6Zh-7HJsIhfotzfsXcoJHXvaKw0VAG6adrLwFE3cJiUbqrQjQ35zF7khZuxvVSn0JfC6cJMTdD7eHl3UbYvAQciMxTtuwE27trAefSmBdVR9WbAkPjwzuQ6VsOvrIgSOQ-6tO33xtEebs1-r6C0BTsg1SvZG8bd4VtH2CZ0pKFWqUlc_5esV3bOovtDPTKgjH9ogZ3fuFEFAwyeeF0w2-WmykjVyQwec_RWDxhC6Cw18raLah1aRNCyeLqvp41KZmP7fSz425Y-W7q5gGAG0R6FYoTGM_xOUAtqvr1vY8Wqf0z-K2UPqY0NahAAicwgCxQ9IzjyyNcUGqXTpAMbeB39vfxoVICeCn88x3MrePfAIq0SI8v7gOMGuW_kTQllG8JwUx-fbnov_q5DedDLf2w8IzCp3fllHTq4Y8dGm6B8z-nsrtBJCnIOuVvvv2qx25WWq35sG06wwc2rTZz5yQviX1rNRpcChUrLQkBdxz0ce58waeyyv06BhTI_wX7YJtJuU_izah7MhfoUAovBX5EIsjlMEWqBzjiNhQFLPsSfPCl_of9f8YM7gtb1lPBnMsOVzc9ex8MUJLiEyIhr_qLZWWihb6TezYUoGE-p1IivDAL3kya_N7Fxeb-rUl6dDOu6i7a2kPEQgFt7hDHZ-hFftlRHuOvQSvvyO3CW17zbKyiRyWAnRkNTiD6Txaw2LfINP2WY5619FS4E7MuQNYYFfEYCcEXkqct7yQHeOHONjZ9rpHqCr0stoMuufmugWSumkZ8tMPex5Z_5AiKJvTuDZl2CEDiCr9vAm17WtzQBZ9vfcgATcqcyVAr9DpcstJ3L9aalvMXCaqz8kyD39ihfduXZ6F7s-1ZSciUWIrPjcniJfwpxDpagPtFPOrvfmg55MN5n9wEaGhXNNkhvOKM6y1zKxq7tWjY_-CfMb1b1nZyMNltI2XqOmtQlyOm0T4nggtK3qkxWSD4a7IfgrmYlx2XaPsWuHdOuwxBn5pwl3evOZN5UMQgBNh0jmGv-sniogDLRbCqXRusb6z1DnS1cKFbhvnDWB9qQgmYmtw5tiVNBC81dckVxTTFN7HvJLgdpK_Dt1E0ZYUAAbx3yRIlgJNAXVdsQwEITlc5mB2BB-H3B5Z1qNqAWJoYpjmXBx9biCp7jV1Ninv0rMarzvnExmKO3UVDEfyHBZ941bB-O65zt3mvQsKkStr4GHAhrBa6MAMtKQaCuh1g54GDVfJL9kVbbHUGFPouRTeMv6cjE9lyLU9DXgJAKpMOgPnyubZqh2RxvRbWCSYoypIfTmQqlq1XtiDBUkv6VLJ7H-Md4MpSsKJo0ofwhGnDO4P12N55R5v57ZcyTz6GPBlRDTvrMKd5NjuPdOsob_EdzLwo6aGcQMAi66xgj5FJhTSLpvG2kdRkd_gxHz5o-qlUDuPEE3cpq6lST8vMn15s2Gu03UMR7AFE7KPiuvunJW5zHyZiZ5BXaafuwfr5i_w3W7PrW1Nu8rGNwsVtk_m8o06_ZVcO7BG1U65JAZ-AfPE1aWvJjpD0zH8zukwW1DQRyIjaK2hie4AQuh8epouhGwG2i9ab55DEWt0oqXfkfwBIpLjWwedgFkcBKdWDgK-NXySNsDShIqEvJ3NJjuUlzXPVUmUHAJ2OWVVlBh7cqj3mNezuxZgziIL2aya1wIoJolsYB4m95Lx7ruw7d-PhyiELEm8NYjPT1uwHYBbYIujKuymxVpY6FloBHV0uwwIsaj4Og1l8hnuaBPGTSHMWtmcLO-ga1oUrgfBjIcXILUofJXUqxYR42sAorSiMyRlvgxePu5GNTQJcpW_zXo1PoxPWorFfIAyWq87KcET39zPcuQ9t_Y_dYR1q_W8gVJKrmaPtp5xOaG4qK_L6XY1i3Ni6D2ui_cnx133Y5NeBadv2FPZWC1-hwv9sZTOYm7AMGIC38Oj1eoeouvDENdUBGNmyjQXyPlNiy2edo6oMod4h1mQZH1CLkn98m42X3EHjY1d7fm4gfcrk0Q0FsCP7nMAj2lbmE7jaRiFjtPoZ5UhsATqtC5SsnsJ1i-xXe7ywnuOL-u0aCYJPMAjETBudKL8Tw5cn-NzWOJz5yX91PyGuGxuXP07LZvBVRyTLSfilHz6QPYFZCgaK7jqU318iavRYDXh2g9p24Fjts48BPNUpHl-9PxwgXHxvtyJGNn4FQJYMT74uqUIeqZVf_hSt_I9MgPIKjbYa0HsnaKX1cbQ1bBjg_guzuCSPNtPK9kD-cBYw0xke9odQnjphZlYdfY1GnCzZkfDYyrVpt0gN9URcbUgxxV10wuXvaSdfXg2hmDVIzYjXDvNYyNMHJGDwuOmiwV8xhMePafTGbgjYb70QWgTbeMOFEKZf9XiN_whw_lQlnkXvr87vBuUZln9vRbaWrRpHDw4FWwq-OvD8ci0RjpO8WXLo54YkQQ1ehZ4yP4lIlwRRFPXZiDZXQwfO3cN6dO1IBmKCeEZfmvxUVJvjwGVme89Ims_ljTEWzTN5J7tVpwX86MIQfFGDvfNSHdSaFbcCQ7K5y_BKOGWYJqxg-dRLrOS3mqGT4b6_MV0n0Qt1GwG1Emw7SDFW4woGb8m9P05LYbuBL-andf_h0GU44rkk8rh0VJOobZRQKQGU8XD-vx9oDjl3qrbRaFqWsHcJgcrCeenGzTXdSKYcSWZExKl3aNygD1QVqxj8e9PkluIY&cid=CAQSLQCNIrLMyTyxPyWSFKP3YG2IvXPrDni2ozokT8gfP4EqCPW9_FtfsTMP4d7ukw&rfl=1%2Chttps%253A%252F%252Fpt.lizspaperloft.com%252F%240
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
261b8cd0496e1a916c0ccd3ea6fa97e13922d6721c3ab5c5dcb268bcc6acc082
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16413
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 80F1 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D4c-z60zO48WDlXQgDIkoEcwS5Ah7jt5ntjSrP0NgnIgF-VHZISWCk6N2KuOMbpleKwknvcdF_1bRg_pZsOdBHxGLsp7e8ETt6IPd5CC1W74j8NHA
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
a1.adform.net/adfscript/ Frame 80F1 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a1.adform.net/adfscript/?bn=54370173;click=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CYuU-9HhgYsCGLvKO7_UP5u2d2A2M1KXCaeHgprDwD5Ok_orXKRABIKqAwyJgldqigrAHoAGTpo--A8gBCakCCmX3rhg1sj6oAwGqBI8CT9BLydD9fG1_aUmHp4khhsVR2szxt-_IZ0jeKFi8sm2Fr-oSAACAr5oYvpU4uFgyQPshdMio3MqPD2-UJC0IOTSxcHzAtUqhS2uhmbBRKSLALdQt1i3ktpLOYtSUiXinbIKmoXHX6BbKRW6SfkX2c3-AjL5qZ2mw3VLVwBWoJctHa8UmoOo0TKVHqORjYwfprPMNAIdRTZg6Kooib48kXBMe-2xLpBoawaa1tGRmJS6ZkesgVCVEHFXFOLZcpybwyLNln62issZhXOXo8koAfJDsUSHDAXTc3HzJFUXa4Fz-uvBJ_OqDp8XJ41tVJWI29PPnwtfBJ6CeBFpZTYtdfn7VYXT0JmxQn3-omh0OncAE_d30tO0D4AQDkAYBoAZNgAfV2fBBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi03OTQ0NzI2NzAwNjA0NzAxgAoDmAsByAsBgAwBsBPyxPEO2BMN2BQB0BUB-BYBgBcB&ae=1&num=1&cid=CAQSLQCNIrLMyTyxPyWSFKP3YG2IvXPrDni2ozokT8gfP4EqCPW9_FtfsTMP4d7ukw&sig=AOD64_1GD8XAVq-t3XgVg4nxvHhgbqRu3g&client=ca-pub-5512390705137507&dbm_c=AKAmf-DGJB980y18Yjx98pZH9cHEHCyGOJ2lnWzmh40uLydI2Zep0v4I48pXQGngeBSpXp2DeSEU01bBSx_7RuqikqSUJcN2G5MuJZCR5ZAitqAQXOT3uQW-PzWz5kqXM8dzEMjZdXQzg901FOB53ct84p1QSXCvbQ&cry=1&dbm_d=AKAmf-BuT1eLFpuK-M_vF_zQ3zN8H9qH_CI8Q0zpsHCXymmdxw0vvuVixkd8bckDE0ZdI0dDmF2zR2xjTQR4CI_Y0t5JKMeKUvXboWq0g-ucMF2Z2f_3KQ_4xOrt_GV1hUt68-e4GtOAjqE5SlzizcycrzeFJMtHz1tx9xoITmG5WFnjdmvJOsDDeb_I_r6SdYXERMoRkNrOWPCFSMFkS-3CdxeIkd0CtGnRrmQUjIT9zGxV73vQqcAwlfYL8DbwtowVN4FQWFTR2Txg1quzaNUY148DCohY_APJPVEwnRbe_dFvKHnlBu3CmLX1NzqTUf7og4nTT2xmV2cnVAq0U3QFY30-UO5oShaMrMX12lvIEho14HyEklsnLVvkKVAzkiarU3kB6wThpD7gH9x1m4sJDwmVJru88FeLsPCDDzWRO_nXAE3aa9KkD11txM_gO9CaDy-GA6bv0zWQAwQng7js7xxsToCFLQ&adurl=
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.24 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
f9dc5ca4e7676e4848a5a541b1782fe636b556b71d4c789b7e155d7b0e6fc265
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
2210
expires
-1
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 80F1 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/window_focus_fy2019.js
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
10
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 04 May 2022 21:19:39 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 80F1 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:15:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
231
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6409
x-xss-protection
0
server
cafe
etag
15284592792851369840
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 04 May 2022 21:15:58 GMT
l
www.google.com/ads/measurement/ Frame 80F1 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQcBVUBFe-A0o64rCn77_1KORuZaaExGhsHMG-JVT2tTXMx5xPDXIpYC9W_XK6McXeuMqHu
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 80F1 		119 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ef2e3293c1558e5b49e30e1e094cfc3412ec386a68067aee04a92fc913f2c2ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36950
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1650454428054601"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 20 Apr 2022 21:19:49 GMT
rum
dsum-sec.casalemedia.com/ Frame E25B
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6HivpohbL-9M1jL3fiwJU&google_cver=1
43 B
1014 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6HivpohbL-9M1jL3fiwJU&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJD8NRDO0zYYgcPQxwEwAQ&v=APEucNU4-yI2odYzw8ALMVPAlDhp9Rkc1EJ90_qI1MfCVykelF3ZL-nGqFdaQiD07BwbdnckKvsjAW5zncKX3n6N2vjPGhUwkUe6aj0G-FktNoiijEUQzvgNsmwyIPGOW4KbaO0-qPtQ75Gu_7JOzLxNha2WqX4V2-rL-YL3wJUD4TiWUPjUHaCBmEBiI9lqgE0_iHQuiRRkeeaXsmV1ymqslt4od150Rw
Protocol
HTTP/1.1
Server
69.192.160.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a69-192-160-245.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 20 Apr 2022 21:19:49 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 20 Apr 2022 21:19:49 GMT

Redirect headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI6HivpohbL-9M1jL3fiwJU&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame E25B
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YmB49UKycvfJ7qLWk3e5DQAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEXHA18JL0ABy9JBgbYVBxI&google_cver=1
43 B
894 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEXHA18JL0ABy9JBgbYVBxI&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJD8NRDO0zYYgcPQxwEwAQ&v=APEucNU4-yI2odYzw8ALMVPAlDhp9Rkc1EJ90_qI1MfCVykelF3ZL-nGqFdaQiD07BwbdnckKvsjAW5zncKX3n6N2vjPGhUwkUe6aj0G-FktNoiijEUQzvgNsmwyIPGOW4KbaO0-qPtQ75Gu_7JOzLxNha2WqX4V2-rL-YL3wJUD4TiWUPjUHaCBmEBiI9lqgE0_iHQuiRRkeeaXsmV1ymqslt4od150Rw
Protocol
HTTP/1.1
Server
69.192.160.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a69-192-160-245.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 20 Apr 2022 21:19:49 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 20 Apr 2022 21:19:49 GMT

Redirect headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEXHA18JL0ABy9JBgbYVBxI&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame E25B
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEI8SIxyKh_0QHZTg7jvkwE8&google_cver=1
43 B
1014 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEI8SIxyKh_0QHZTg7jvkwE8&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJD8NRDO0zYYgcPQxwEwAQ&v=APEucNU4-yI2odYzw8ALMVPAlDhp9Rkc1EJ90_qI1MfCVykelF3ZL-nGqFdaQiD07BwbdnckKvsjAW5zncKX3n6N2vjPGhUwkUe6aj0G-FktNoiijEUQzvgNsmwyIPGOW4KbaO0-qPtQ75Gu_7JOzLxNha2WqX4V2-rL-YL3wJUD4TiWUPjUHaCBmEBiI9lqgE0_iHQuiRRkeeaXsmV1ymqslt4od150Rw
Protocol
HTTP/1.1
Server
185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 20 Apr 2022 21:19:49 GMT
X-Proxy-Origin
193.27.14.25; 193.27.14.25; 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
9a6e02ed-71da-4ec4-94bc-e3bca43fa7c5
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEI8SIxyKh_0QHZTg7jvkwE8&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame E25B
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODA5MjkzNDc3MjEzODg2NDM3Mg%3D%3D
170 B
243 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODA5MjkzNDc3MjEzODg2NDM3Mg%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJD8NRDO0zYYgcPQxwEwAQ&v=APEucNU4-yI2odYzw8ALMVPAlDhp9Rkc1EJ90_qI1MfCVykelF3ZL-nGqFdaQiD07BwbdnckKvsjAW5zncKX3n6N2vjPGhUwkUe6aj0G-FktNoiijEUQzvgNsmwyIPGOW4KbaO0-qPtQ75Gu_7JOzLxNha2WqX4V2-rL-YL3wJUD4TiWUPjUHaCBmEBiI9lqgE0_iHQuiRRkeeaXsmV1ymqslt4od150Rw
Protocol
H2
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 20 Apr 2022 21:19:49 GMT
X-Proxy-Origin
193.27.14.25; 193.27.14.25; 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
161e9207-e2fa-4554-86e8-5e4f27206112
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODA5MjkzNDc3MjEzODg2NDM3Mg%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/ Frame 80F1 		25 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AAnsEbNmmR3-xncoQPslwF6vlYW1MK-t_mlcQqcSeNhn7QYJrm3OsxfboP7ojFxxMrvidnCJbBXkNQz8mOSsMi-_bO-kDPxtMO3iGMcwvfVGKYg-QwV1tRS7mA35IPb3fAgzQ4kY452ok7iNWFQkM7au3xzA&cry=1&dbm_d=AKAmf-BIq-vswGoeUQeuJ8NQ2Qhup1pt8jiBaDVu-w3WyuH7K3eNT36ohUJESNJXmuY-4QfeEl3_xIPQusXzA284zPieZq1Ms5kQVd9pSFDfWOMIKyLOpYSsInIoaadUtQIu0qTzFU7ejdO0L_3AUKc0kcCddNTfKi9waYJp8VVqHSPuAShSMvkiZ8ew_8JPwiaGEutv12pbC4OLUVC7WcdBH0hlc7v6uSZKCASxK65txS8x5Is4o3G4z_bNq7XMh7148mZrErr-VaDxCdFY1JYID5le7eluY9Y7p1gUJOCVIIqvRdazMNQKeIn3z2qyG5Ff_J-hIUMH6l_ug4FGoPG4oDga9keRZu-u7SK-K4itqte-Se_ZGu7YAQZvg6B8Si3cnbee9N30591UGAAVHS0GX9Weqbs6lPyCmACY8khFrTrZESU30BbXPKK72v3m58XwcQMlZ0jHe196KBkjwHpfxeRVzEtoROMYu2yShxgWizvNfzCD6FMPn5Vbj2TmJJOWZzejOHk9xkdk87naodkWdcSEqZGtyTpAr0KluoL7UJbqoj3LQED6xQ60htOQYtEFzdAJhGcKxt0liEftQxpsYrYIIakHJX2MK5rUTQI_ZWTj-vWP_29U_8wOXGTuFd6lxakJepfpVZobruybtNQTC9R8aBR95ghcQ_tprygeq7Oxow8me9FDepcMJTgbwZChf2IDmfXbct6wNbqv48OcHX5V1WtdgWMqSLX8nXusSsIrxLWXxRweQABIIr5c_9nTjmtPPkr1QLJw9PonRp38nV2BcdykKetVqpf3-GBDEXwbDxGA5OSowwHH6HwzL6eZtEZ1OK2QGDAbOXxKLPyukCLTLP6PivGEJVJbIPWPZHPwvQOYz8QW_EPyOUZwf93EteA6cFdbYOISdlvl8QVdk3p_j19QgBzkxk92BIwRQ9FO4jpnjS0ZTlHXjKZdgga9QhzwunT2urUAAuTp9RAynV2O6wqET8oB2aAQfWY1M_G0tIvmYcqfmpfAEVcmaOcZZDYTdDru31UWDNAkMsPqWS4o4jBgrIE3A-KiVdGqc6AqFV4A-lReHKB8mNLeNzJUfPFVKEmeGLhFwFPTvTSovWxhmaYN9YlVoO0v81YM7h6K3FrLncOIoXE4c6gaAZ6ECufFYH10yk0CtwG6Fjby7KqGvGtv_2Z8Hnvtya9hSHchS0n9dbJiLkYqheNqZukIkYNT6MPJXZsKExaSb6Cz4ULYGB4OxW5PtoofJ3PvO4TxlKMLG4t1uVMg0teNUoZmPnAuu-0yjcyz7vrcaTjwHiY1v9nDD1E1p4BDzBEk1CdBsBTtwk-KhXSPFB09KGsXAosKkl3eoKPs2QXG9IN4SyT8TDE3e_HWAcHoIfCIaifH7To_vvUvLk_I9t6ilLJokIkrZMDjusN5JtWTFIAU-cu9et47pi7GMFm29_UI4EUKeMt7ZsHd03NS8XrqoqoQazj_PN7A4mutPjxCqAVx4hPGBM8Wk3eu6KEqeSLVDk_ZcmJEi3dNalvLVpwTYSHghtC3uuo0-ziCmNKy91uF8WgyHdxVXVP0EHsabjUgfiQRg29Jao6Zh-7HJsIhfotzfsXcoJHXvaKw0VAG6adrLwFE3cJiUbqrQjQ35zF7khZuxvVSn0JfC6cJMTdD7eHl3UbYvAQciMxTtuwE27trAefSmBdVR9WbAkPjwzuQ6VsOvrIgSOQ-6tO33xtEebs1-r6C0BTsg1SvZG8bd4VtH2CZ0pKFWqUlc_5esV3bOovtDPTKgjH9ogZ3fuFEFAwyeeF0w2-WmykjVyQwec_RWDxhC6Cw18raLah1aRNCyeLqvp41KZmP7fSz425Y-W7q5gGAG0R6FYoTGM_xOUAtqvr1vY8Wqf0z-K2UPqY0NahAAicwgCxQ9IzjyyNcUGqXTpAMbeB39vfxoVICeCn88x3MrePfAIq0SI8v7gOMGuW_kTQllG8JwUx-fbnov_q5DedDLf2w8IzCp3fllHTq4Y8dGm6B8z-nsrtBJCnIOuVvvv2qx25WWq35sG06wwc2rTZz5yQviX1rNRpcChUrLQkBdxz0ce58waeyyv06BhTI_wX7YJtJuU_izah7MhfoUAovBX5EIsjlMEWqBzjiNhQFLPsSfPCl_of9f8YM7gtb1lPBnMsOVzc9ex8MUJLiEyIhr_qLZWWihb6TezYUoGE-p1IivDAL3kya_N7Fxeb-rUl6dDOu6i7a2kPEQgFt7hDHZ-hFftlRHuOvQSvvyO3CW17zbKyiRyWAnRkNTiD6Txaw2LfINP2WY5619FS4E7MuQNYYFfEYCcEXkqct7yQHeOHONjZ9rpHqCr0stoMuufmugWSumkZ8tMPex5Z_5AiKJvTuDZl2CEDiCr9vAm17WtzQBZ9vfcgATcqcyVAr9DpcstJ3L9aalvMXCaqz8kyD39ihfduXZ6F7s-1ZSciUWIrPjcniJfwpxDpagPtFPOrvfmg55MN5n9wEaGhXNNkhvOKM6y1zKxq7tWjY_-CfMb1b1nZyMNltI2XqOmtQlyOm0T4nggtK3qkxWSD4a7IfgrmYlx2XaPsWuHdOuwxBn5pwl3evOZN5UMQgBNh0jmGv-sniogDLRbCqXRusb6z1DnS1cKFbhvnDWB9qQgmYmtw5tiVNBC81dckVxTTFN7HvJLgdpK_Dt1E0ZYUAAbx3yRIlgJNAXVdsQwEITlc5mB2BB-H3B5Z1qNqAWJoYpjmXBx9biCp7jV1Ninv0rMarzvnExmKO3UVDEfyHBZ941bB-O65zt3mvQsKkStr4GHAhrBa6MAMtKQaCuh1g54GDVfJL9kVbbHUGFPouRTeMv6cjE9lyLU9DXgJAKpMOgPnyubZqh2RxvRbWCSYoypIfTmQqlq1XtiDBUkv6VLJ7H-Md4MpSsKJo0ofwhGnDO4P12N55R5v57ZcyTz6GPBlRDTvrMKd5NjuPdOsob_EdzLwo6aGcQMAi66xgj5FJhTSLpvG2kdRkd_gxHz5o-qlUDuPEE3cpq6lST8vMn15s2Gu03UMR7AFE7KPiuvunJW5zHyZiZ5BXaafuwfr5i_w3W7PrW1Nu8rGNwsVtk_m8o06_ZVcO7BG1U65JAZ-AfPE1aWvJjpD0zH8zukwW1DQRyIjaK2hie4AQuh8epouhGwG2i9ab55DEWt0oqXfkfwBIpLjWwedgFkcBKdWDgK-NXySNsDShIqEvJ3NJjuUlzXPVUmUHAJ2OWVVlBh7cqj3mNezuxZgziIL2aya1wIoJolsYB4m95Lx7ruw7d-PhyiELEm8NYjPT1uwHYBbYIujKuymxVpY6FloBHV0uwwIsaj4Og1l8hnuaBPGTSHMWtmcLO-ga1oUrgfBjIcXILUofJXUqxYR42sAorSiMyRlvgxePu5GNTQJcpW_zXo1PoxPWorFfIAyWq87KcET39zPcuQ9t_Y_dYR1q_W8gVJKrmaPtp5xOaG4qK_L6XY1i3Ni6D2ui_cnx133Y5NeBadv2FPZWC1-hwv9sZTOYm7AMGIC38Oj1eoeouvDENdUBGNmyjQXyPlNiy2edo6oMod4h1mQZH1CLkn98m42X3EHjY1d7fm4gfcrk0Q0FsCP7nMAj2lbmE7jaRiFjtPoZ5UhsATqtC5SsnsJ1i-xXe7ywnuOL-u0aCYJPMAjETBudKL8Tw5cn-NzWOJz5yX91PyGuGxuXP07LZvBVRyTLSfilHz6QPYFZCgaK7jqU318iavRYDXh2g9p24Fjts48BPNUpHl-9PxwgXHxvtyJGNn4FQJYMT74uqUIeqZVf_hSt_I9MgPIKjbYa0HsnaKX1cbQ1bBjg_guzuCSPNtPK9kD-cBYw0xke9odQnjphZlYdfY1GnCzZkfDYyrVpt0gN9URcbUgxxV10wuXvaSdfXg2hmDVIzYjXDvNYyNMHJGDwuOmiwV8xhMePafTGbgjYb70QWgTbeMOFEKZf9XiN_whw_lQlnkXvr87vBuUZln9vRbaWrRpHDw4FWwq-OvD8ci0RjpO8WXLo54YkQQ1ehZ4yP4lIlwRRFPXZiDZXQwfO3cN6dO1IBmKCeEZfmvxUVJvjwGVme89Ims_ljTEWzTN5J7tVpwX86MIQfFGDvfNSHdSaFbcCQ7K5y_BKOGWYJqxg-dRLrOS3mqGT4b6_MV0n0Qt1GwG1Emw7SDFW4woGb8m9P05LYbuBL-andf_h0GU44rkk8rh0VJOobZRQKQGU8XD-vx9oDjl3qrbRaFqWsHcJgcrCeenGzTXdSKYcSWZExKl3aNygD1QVqxj8e9PkluIY&cid=CAQSLQCNIrLMyTyxPyWSFKP3YG2IvXPrDni2ozokT8gfP4EqCPW9_FtfsTMP4d7ukw&rfl=1%2Chttps%253A%252F%252Fpt.lizspaperloft.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e66bfceb15a6ee125dff79826be02a07b766843e6c660edf55ec0c22d1a407c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:09:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
612
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9777
x-xss-protection
0
server
cafe
etag
12512753850102923420
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 04 May 2022 21:09:37 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 80F1 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AAnsEbNmmR3-xncoQPslwF6vlYW1MK-t_mlcQqcSeNhn7QYJrm3OsxfboP7ojFxxMrvidnCJbBXkNQz8mOSsMi-_bO-kDPxtMO3iGMcwvfVGKYg-QwV1tRS7mA35IPb3fAgzQ4kY452ok7iNWFQkM7au3xzA&cry=1&dbm_d=AKAmf-BIq-vswGoeUQeuJ8NQ2Qhup1pt8jiBaDVu-w3WyuH7K3eNT36ohUJESNJXmuY-4QfeEl3_xIPQusXzA284zPieZq1Ms5kQVd9pSFDfWOMIKyLOpYSsInIoaadUtQIu0qTzFU7ejdO0L_3AUKc0kcCddNTfKi9waYJp8VVqHSPuAShSMvkiZ8ew_8JPwiaGEutv12pbC4OLUVC7WcdBH0hlc7v6uSZKCASxK65txS8x5Is4o3G4z_bNq7XMh7148mZrErr-VaDxCdFY1JYID5le7eluY9Y7p1gUJOCVIIqvRdazMNQKeIn3z2qyG5Ff_J-hIUMH6l_ug4FGoPG4oDga9keRZu-u7SK-K4itqte-Se_ZGu7YAQZvg6B8Si3cnbee9N30591UGAAVHS0GX9Weqbs6lPyCmACY8khFrTrZESU30BbXPKK72v3m58XwcQMlZ0jHe196KBkjwHpfxeRVzEtoROMYu2yShxgWizvNfzCD6FMPn5Vbj2TmJJOWZzejOHk9xkdk87naodkWdcSEqZGtyTpAr0KluoL7UJbqoj3LQED6xQ60htOQYtEFzdAJhGcKxt0liEftQxpsYrYIIakHJX2MK5rUTQI_ZWTj-vWP_29U_8wOXGTuFd6lxakJepfpVZobruybtNQTC9R8aBR95ghcQ_tprygeq7Oxow8me9FDepcMJTgbwZChf2IDmfXbct6wNbqv48OcHX5V1WtdgWMqSLX8nXusSsIrxLWXxRweQABIIr5c_9nTjmtPPkr1QLJw9PonRp38nV2BcdykKetVqpf3-GBDEXwbDxGA5OSowwHH6HwzL6eZtEZ1OK2QGDAbOXxKLPyukCLTLP6PivGEJVJbIPWPZHPwvQOYz8QW_EPyOUZwf93EteA6cFdbYOISdlvl8QVdk3p_j19QgBzkxk92BIwRQ9FO4jpnjS0ZTlHXjKZdgga9QhzwunT2urUAAuTp9RAynV2O6wqET8oB2aAQfWY1M_G0tIvmYcqfmpfAEVcmaOcZZDYTdDru31UWDNAkMsPqWS4o4jBgrIE3A-KiVdGqc6AqFV4A-lReHKB8mNLeNzJUfPFVKEmeGLhFwFPTvTSovWxhmaYN9YlVoO0v81YM7h6K3FrLncOIoXE4c6gaAZ6ECufFYH10yk0CtwG6Fjby7KqGvGtv_2Z8Hnvtya9hSHchS0n9dbJiLkYqheNqZukIkYNT6MPJXZsKExaSb6Cz4ULYGB4OxW5PtoofJ3PvO4TxlKMLG4t1uVMg0teNUoZmPnAuu-0yjcyz7vrcaTjwHiY1v9nDD1E1p4BDzBEk1CdBsBTtwk-KhXSPFB09KGsXAosKkl3eoKPs2QXG9IN4SyT8TDE3e_HWAcHoIfCIaifH7To_vvUvLk_I9t6ilLJokIkrZMDjusN5JtWTFIAU-cu9et47pi7GMFm29_UI4EUKeMt7ZsHd03NS8XrqoqoQazj_PN7A4mutPjxCqAVx4hPGBM8Wk3eu6KEqeSLVDk_ZcmJEi3dNalvLVpwTYSHghtC3uuo0-ziCmNKy91uF8WgyHdxVXVP0EHsabjUgfiQRg29Jao6Zh-7HJsIhfotzfsXcoJHXvaKw0VAG6adrLwFE3cJiUbqrQjQ35zF7khZuxvVSn0JfC6cJMTdD7eHl3UbYvAQciMxTtuwE27trAefSmBdVR9WbAkPjwzuQ6VsOvrIgSOQ-6tO33xtEebs1-r6C0BTsg1SvZG8bd4VtH2CZ0pKFWqUlc_5esV3bOovtDPTKgjH9ogZ3fuFEFAwyeeF0w2-WmykjVyQwec_RWDxhC6Cw18raLah1aRNCyeLqvp41KZmP7fSz425Y-W7q5gGAG0R6FYoTGM_xOUAtqvr1vY8Wqf0z-K2UPqY0NahAAicwgCxQ9IzjyyNcUGqXTpAMbeB39vfxoVICeCn88x3MrePfAIq0SI8v7gOMGuW_kTQllG8JwUx-fbnov_q5DedDLf2w8IzCp3fllHTq4Y8dGm6B8z-nsrtBJCnIOuVvvv2qx25WWq35sG06wwc2rTZz5yQviX1rNRpcChUrLQkBdxz0ce58waeyyv06BhTI_wX7YJtJuU_izah7MhfoUAovBX5EIsjlMEWqBzjiNhQFLPsSfPCl_of9f8YM7gtb1lPBnMsOVzc9ex8MUJLiEyIhr_qLZWWihb6TezYUoGE-p1IivDAL3kya_N7Fxeb-rUl6dDOu6i7a2kPEQgFt7hDHZ-hFftlRHuOvQSvvyO3CW17zbKyiRyWAnRkNTiD6Txaw2LfINP2WY5619FS4E7MuQNYYFfEYCcEXkqct7yQHeOHONjZ9rpHqCr0stoMuufmugWSumkZ8tMPex5Z_5AiKJvTuDZl2CEDiCr9vAm17WtzQBZ9vfcgATcqcyVAr9DpcstJ3L9aalvMXCaqz8kyD39ihfduXZ6F7s-1ZSciUWIrPjcniJfwpxDpagPtFPOrvfmg55MN5n9wEaGhXNNkhvOKM6y1zKxq7tWjY_-CfMb1b1nZyMNltI2XqOmtQlyOm0T4nggtK3qkxWSD4a7IfgrmYlx2XaPsWuHdOuwxBn5pwl3evOZN5UMQgBNh0jmGv-sniogDLRbCqXRusb6z1DnS1cKFbhvnDWB9qQgmYmtw5tiVNBC81dckVxTTFN7HvJLgdpK_Dt1E0ZYUAAbx3yRIlgJNAXVdsQwEITlc5mB2BB-H3B5Z1qNqAWJoYpjmXBx9biCp7jV1Ninv0rMarzvnExmKO3UVDEfyHBZ941bB-O65zt3mvQsKkStr4GHAhrBa6MAMtKQaCuh1g54GDVfJL9kVbbHUGFPouRTeMv6cjE9lyLU9DXgJAKpMOgPnyubZqh2RxvRbWCSYoypIfTmQqlq1XtiDBUkv6VLJ7H-Md4MpSsKJo0ofwhGnDO4P12N55R5v57ZcyTz6GPBlRDTvrMKd5NjuPdOsob_EdzLwo6aGcQMAi66xgj5FJhTSLpvG2kdRkd_gxHz5o-qlUDuPEE3cpq6lST8vMn15s2Gu03UMR7AFE7KPiuvunJW5zHyZiZ5BXaafuwfr5i_w3W7PrW1Nu8rGNwsVtk_m8o06_ZVcO7BG1U65JAZ-AfPE1aWvJjpD0zH8zukwW1DQRyIjaK2hie4AQuh8epouhGwG2i9ab55DEWt0oqXfkfwBIpLjWwedgFkcBKdWDgK-NXySNsDShIqEvJ3NJjuUlzXPVUmUHAJ2OWVVlBh7cqj3mNezuxZgziIL2aya1wIoJolsYB4m95Lx7ruw7d-PhyiELEm8NYjPT1uwHYBbYIujKuymxVpY6FloBHV0uwwIsaj4Og1l8hnuaBPGTSHMWtmcLO-ga1oUrgfBjIcXILUofJXUqxYR42sAorSiMyRlvgxePu5GNTQJcpW_zXo1PoxPWorFfIAyWq87KcET39zPcuQ9t_Y_dYR1q_W8gVJKrmaPtp5xOaG4qK_L6XY1i3Ni6D2ui_cnx133Y5NeBadv2FPZWC1-hwv9sZTOYm7AMGIC38Oj1eoeouvDENdUBGNmyjQXyPlNiy2edo6oMod4h1mQZH1CLkn98m42X3EHjY1d7fm4gfcrk0Q0FsCP7nMAj2lbmE7jaRiFjtPoZ5UhsATqtC5SsnsJ1i-xXe7ywnuOL-u0aCYJPMAjETBudKL8Tw5cn-NzWOJz5yX91PyGuGxuXP07LZvBVRyTLSfilHz6QPYFZCgaK7jqU318iavRYDXh2g9p24Fjts48BPNUpHl-9PxwgXHxvtyJGNn4FQJYMT74uqUIeqZVf_hSt_I9MgPIKjbYa0HsnaKX1cbQ1bBjg_guzuCSPNtPK9kD-cBYw0xke9odQnjphZlYdfY1GnCzZkfDYyrVpt0gN9URcbUgxxV10wuXvaSdfXg2hmDVIzYjXDvNYyNMHJGDwuOmiwV8xhMePafTGbgjYb70QWgTbeMOFEKZf9XiN_whw_lQlnkXvr87vBuUZln9vRbaWrRpHDw4FWwq-OvD8ci0RjpO8WXLo54YkQQ1ehZ4yP4lIlwRRFPXZiDZXQwfO3cN6dO1IBmKCeEZfmvxUVJvjwGVme89Ims_ljTEWzTN5J7tVpwX86MIQfFGDvfNSHdSaFbcCQ7K5y_BKOGWYJqxg-dRLrOS3mqGT4b6_MV0n0Qt1GwG1Emw7SDFW4woGb8m9P05LYbuBL-andf_h0GU44rkk8rh0VJOobZRQKQGU8XD-vx9oDjl3qrbRaFqWsHcJgcrCeenGzTXdSKYcSWZExKl3aNygD1QVqxj8e9PkluIY&cid=CAQSLQCNIrLMyTyxPyWSFKP3YG2IvXPrDni2ozokT8gfP4EqCPW9_FtfsTMP4d7ukw&rfl=1%2Chttps%253A%252F%252Fpt.lizspaperloft.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 08:56:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
44609
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 20 Apr 2023 08:56:20 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 768F 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
44609
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 20 Apr 2022 08:56:20 GMT
expires
Thu, 20 Apr 2023 08:56:20 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
LJGn0i2Pg8yG-wzimFR5htSsDE5oolsrGkll4HQxngw.js
pagead2.googlesyndication.com/bg/ Frame 768F 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/LJGn0i2Pg8yG-wzimFR5htSsDE5oolsrGkll4HQxngw.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2c91a7d22d8f83cc86fb0ce298547986d4ac0c4e68a25b2b1a4965e074319e0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 14:40:20 GMT
content-encoding
br
x-content-type-options
nosniff
age
110369
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13643
x-xss-protection
0
last-modified
Mon, 11 Apr 2022 15:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 19 Apr 2023 14:40:20 GMT
bootstrap.js
s1.adform.net/stoat/626/s1.adform.net/ Frame 80F1 		33 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by
Host: a1.adform.net
URL: https://a1.adform.net/adfscript/?bn=54370173;click=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CYuU-9HhgYsCGLvKO7_UP5u2d2A2M1KXCaeHgprDwD5Ok_orXKRABIKqAwyJgldqigrAHoAGTpo--A8gBCakCCmX3rhg1sj6oAwGqBI8CT9BLydD9fG1_aUmHp4khhsVR2szxt-_IZ0jeKFi8sm2Fr-oSAACAr5oYvpU4uFgyQPshdMio3MqPD2-UJC0IOTSxcHzAtUqhS2uhmbBRKSLALdQt1i3ktpLOYtSUiXinbIKmoXHX6BbKRW6SfkX2c3-AjL5qZ2mw3VLVwBWoJctHa8UmoOo0TKVHqORjYwfprPMNAIdRTZg6Kooib48kXBMe-2xLpBoawaa1tGRmJS6ZkesgVCVEHFXFOLZcpybwyLNln62issZhXOXo8koAfJDsUSHDAXTc3HzJFUXa4Fz-uvBJ_OqDp8XJ41tVJWI29PPnwtfBJ6CeBFpZTYtdfn7VYXT0JmxQn3-omh0OncAE_d30tO0D4AQDkAYBoAZNgAfV2fBBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi03OTQ0NzI2NzAwNjA0NzAxgAoDmAsByAsBgAwBsBPyxPEO2BMN2BQB0BUB-BYBgBcB&ae=1&num=1&cid=CAQSLQCNIrLMyTyxPyWSFKP3YG2IvXPrDni2ozokT8gfP4EqCPW9_FtfsTMP4d7ukw&sig=AOD64_1GD8XAVq-t3XgVg4nxvHhgbqRu3g&client=ca-pub-5512390705137507&dbm_c=AKAmf-DGJB980y18Yjx98pZH9cHEHCyGOJ2lnWzmh40uLydI2Zep0v4I48pXQGngeBSpXp2DeSEU01bBSx_7RuqikqSUJcN2G5MuJZCR5ZAitqAQXOT3uQW-PzWz5kqXM8dzEMjZdXQzg901FOB53ct84p1QSXCvbQ&cry=1&dbm_d=AKAmf-BuT1eLFpuK-M_vF_zQ3zN8H9qH_CI8Q0zpsHCXymmdxw0vvuVixkd8bckDE0ZdI0dDmF2zR2xjTQR4CI_Y0t5JKMeKUvXboWq0g-ucMF2Z2f_3KQ_4xOrt_GV1hUt68-e4GtOAjqE5SlzizcycrzeFJMtHz1tx9xoITmG5WFnjdmvJOsDDeb_I_r6SdYXERMoRkNrOWPCFSMFkS-3CdxeIkd0CtGnRrmQUjIT9zGxV73vQqcAwlfYL8DbwtowVN4FQWFTR2Txg1quzaNUY148DCohY_APJPVEwnRbe_dFvKHnlBu3CmLX1NzqTUf7og4nTT2xmV2cnVAq0U3QFY30-UO5oShaMrMX12lvIEho14HyEklsnLVvkKVAzkiarU3kB6wThpD7gH9x1m4sJDwmVJru88FeLsPCDDzWRO_nXAE3aa9KkD11txM_gO9CaDy-GA6bv0zWQAwQng7js7xxsToCFLQ&adurl=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
3d0bf782b47dcd079eedf6bb34ecb0742c114a4e4b90e37a58a412482101b475

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:49 GMT
content-encoding
gzip
last-modified
Thu, 10 Feb 2022 15:16:56 GMT
server
nginx
x-cache-status
HIT
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=100000
expires
Fri, 22 Apr 2022 00:10:18 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 768F 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BL5WH9XhgYp7LCoqOjuwPruCh-AkAAAAAOAHgBAI&bg=!Dg2lDUnNAAZvJBiFTyQ7ACkAdvg8WjaIVjlPGupZR0pQPsYrYEbbfVHNUdl8LnsWLlZxBgcxYBfNYwIAAABGUgAAAAJoAQeZAuWPzXov-9AHAuJdNVBBMUbnPlCK6XF7mQQ7HTDze1dqE9MzV9SqkdXASi-lqnOCAhwIypy6gIAbjhhsxHgBZxNakFlucHj3syr92jwAP8jJq5Ek35rqI7AaIk7lLGAGZTAKEl9AoiVLA8RLTBMyM8H4N78n-UqFia2QZpwDLTn-jwZ2jT2wrcfS6qQV3XPluaIUubcwUA5A2qXDMWzqvf3wevLf9UR-gQPp3OkdIzILT5hwwJv2Z6E2lNDGY1LxpohGDqcTC5GUz_7Y_YI4tKj0jrpBoMsx6T59PvWYFAOhin4pp3R1PAo0_-RxC7xK9befBqYNcVHy1jIgEVdqLYkZCJP8A8iWChKutbevQ6ev8mnMvQUNa4_4GLsxeipf2oV6i2nyqJxkDYl2vlcXaZ1LKC5JVVp0Lu62THJG2CIfW1K-0J_-TxzEJmXoyr8ZL7D5FjqIEpsKDaxuyfJkbi2WviaEFC2Mn_R-XYhPTN8ZTruM3nDsRh0lsR0ZoMWVcynUAiiOQPz8zZUyZQ8xZQmgSX5pUMSsEPCPCbgyz29qDoBiSMfR2FZKhUQTDzzSXj7n__VW8hzzPNF6eR0MFgBb-vWMs3OrTK6NC8UDO3YgXeSxMEX1Q1nIwdbTlvq83s4g1ajnBgkh-9cU4y09ym_1iO2QxIAtbZdPM_oLnx5pZyj8WBOqd5P0PM-tqtWl-ywKziPRK2fniQx5N7UMCv4rP3Sq2I_NSDnXa9OTJrZsaGeO7IJCmFRKZe7CB5J4_vG2CxZXjsmao_LvjhpFngonrrdNVHAl22DcyaivSUgQjcDqSLxQPZPZ-M2jIw5o44WY7VVU0CPYmbAfGbMRPrXCHdMO0vnxLt7KV1SZGa1j_4vj9K1VDPpQjVjMkMbSH4sT7o308Ni6hLPSpREIcCHzIVx1_X-PXJkTAJL2ID23tEH6PwkpUzSH43pu_uZzwNCdfWMFGXPNU5qZU9TPVF1UJ_q4GTA
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
a1.adform.net/adfserve/ Frame 80F1 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a1.adform.net/adfserve/?CC=1&bn=54370173;click=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CYuU-9HhgYsCGLvKO7_UP5u2d2A2M1KXCaeHgprDwD5Ok_orXKRABIKqAwyJgldqigrAHoAGTpo--A8gBCakCCmX3rhg1sj6oAwGqBI8CT9BLydD9fG1_aUmHp4khhsVR2szxt-_IZ0jeKFi8sm2Fr-oSAACAr5oYvpU4uFgyQPshdMio3MqPD2-UJC0IOTSxcHzAtUqhS2uhmbBRKSLALdQt1i3ktpLOYtSUiXinbIKmoXHX6BbKRW6SfkX2c3-AjL5qZ2mw3VLVwBWoJctHa8UmoOo0TKVHqORjYwfprPMNAIdRTZg6Kooib48kXBMe-2xLpBoawaa1tGRmJS6ZkesgVCVEHFXFOLZcpybwyLNln62issZhXOXo8koAfJDsUSHDAXTc3HzJFUXa4Fz-uvBJ_OqDp8XJ41tVJWI29PPnwtfBJ6CeBFpZTYtdfn7VYXT0JmxQn3-omh0OncAE_d30tO0D4AQDkAYBoAZNgAfV2fBBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi03OTQ0NzI2NzAwNjA0NzAxgAoDmAsByAsBgAwBsBPyxPEO2BMN2BQB0BUB-BYBgBcB&ae=1&num=1&cid=CAQSLQCNIrLMyTyxPyWSFKP3YG2IvXPrDni2ozokT8gfP4EqCPW9_FtfsTMP4d7ukw&sig=AOD64_1GD8XAVq-t3XgVg4nxvHhgbqRu3g&client=ca-pub-5512390705137507&dbm_c=AKAmf-DGJB980y18Yjx98pZH9cHEHCyGOJ2lnWzmh40uLydI2Zep0v4I48pXQGngeBSpXp2DeSEU01bBSx_7RuqikqSUJcN2G5MuJZCR5ZAitqAQXOT3uQW-PzWz5kqXM8dzEMjZdXQzg901FOB53ct84p1QSXCvbQ&cry=1&dbm_d=AKAmf-BuT1eLFpuK-M_vF_zQ3zN8H9qH_CI8Q0zpsHCXymmdxw0vvuVixkd8bckDE0ZdI0dDmF2zR2xjTQR4CI_Y0t5JKMeKUvXboWq0g-ucMF2Z2f_3KQ_4xOrt_GV1hUt68-e4GtOAjqE5SlzizcycrzeFJMtHz1tx9xoITmG5WFnjdmvJOsDDeb_I_r6SdYXERMoRkNrOWPCFSMFkS-3CdxeIkd0CtGnRrmQUjIT9zGxV73vQqcAwlfYL8DbwtowVN4FQWFTR2Txg1quzaNUY148DCohY_APJPVEwnRbe_dFvKHnlBu3CmLX1NzqTUf7og4nTT2xmV2cnVAq0U3QFY30-UO5oShaMrMX12lvIEho14HyEklsnLVvkKVAzkiarU3kB6wThpD7gH9x1m4sJDwmVJru88FeLsPCDDzWRO_nXAE3aa9KkD11txM_gO9CaDy-GA6bv0zWQAwQng7js7xxsToCFLQ&adurl=;js=1;adfxid=1x;7167;set=en-US|en-US|1600X1200|0|750|100|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;fd=0|0&CREFURL=https%3A%2F%2Fpt.lizspaperloft.com
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.24 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
1c8bf8cbe4f6429279e56e59929ef2315bb5c29f89e333e98d26d64c8c4afaba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
3868
expires
-1
1x1.b
mm.melia.com/dynview/melia-com/ Frame 80F1 		111 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mm.melia.com/dynview/melia-com/1x1.b?ead-publisher=mhi_dbm&ead-name=3_EMEA_PT_C_DE_p-mhi_dbm&ead-location=display_Prospecting_DE-728x90_de&ead-creative=DE-mhi_dbm-c_presummer_tenerife_videoinbanner-728x90_de&ead-creativetype=728x90_de&eseg-name=campaign&eseg-item=presummer&ead-mediaplan=DE-Prospecting&ea-rnd=12523&adfrmid=6718199658697509927
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
109.232.197.33 , France, ASN50234 (EULERIAN-AS, FR),
Reverse DNS
ml.eulerian.net
Software
EWS /
Resource Hash
0609b70c35eab974a2c2d99d6da5d84d95b97f9fe3d28828710d04835153cb20
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Date
Wed, 20 Apr 2022 21:19:49 GMT
X-Content-Type-Options
nosniff
Server
EWS
Strict-Transport-Security
max-age=604800
Content-Type
image/png
Cache-Control
max-age=0, private
Connection
Close
Accept-Ranges
none
X-Robots-Tag
noindex
Content-Length
111
X-XSS-Protection
0
truncated
/ Frame 80F1 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fe7e7519d81d0e00a237672a4cd5c8728f608363b36a8fe785c64ef9d71399e8

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png
container.html
d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C02A 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041401.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://pt.lizspaperloft.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 20 Apr 2022 21:19:48 GMT
expires
Thu, 20 Apr 2023 21:19:48 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022041401&jk=32471245794900&bg=!1Nel15PNAAZvJBiFTyQ7ACkAdvg8WkdKgm3QmcYBM8hIzqtPtNocDvJGuj5jJw_A9Dqw3aTN8lF2yAIAAABdUgAAAAFoAQcKAOJczXZveyzowYBYDXNyGDD-F5pIJ7cNL96eFCnkF-6t0vcGQFwrhxxjw22jmtieU1-LEr_gOPvzhv2IYHXyV7K2ZJEBAf5WGJUH7fJf3-U3ORg1Em0urJGebqW9p3iroFbp5dJ8D446OQ9n7lfsfFwIsLAKjRKfJFyPANX2Sym6cSBiFKWMZxzKAL0OUiB72MPqMWYjtgzjf4CfT2gZmUI98awvMTubX-Gmz-4jxH2BA21bcVjYD8NuBybwpUbji9SHxq1-bM94I00PmnrY-O_wfTAIWlERaJQjH4qXZcY1nJG7mQKcdH91iQfuj06rhiDHoTz0Qr5u2c8h3HGAIzijnUS60ffIpaCcEjnPMEVFfbBEi4fWQBiDpxxSuplNCM062NGUK2UBtWiQCzC-dXLdfuwvAiXbepvlv_RwP_Xh37FwuPml131JSvzddcvFa-pRv_1CN2fMysB61FLOB0kjIyq3BI-e3WlIAmPaoUhtOidnROrj-a-S4ZXqaStNSk4FJYxEmcqbn-Hp3xvtq85ZTQmeKtc9sbxxnVxKVrq5DxOTtMWbc6HOxTWFZ1R5ceQC7vXg8BSjUD5biyF999eCTuVdCgBS1mFYc5ZaLsi_gB1xfFaIxRv7iekTDrS2BSQXESvSxOPa1Fd0VLbDJlfKrUnZTJTWCI_VHGkNsKmxiNo3lVu8BNoSCTGi-UoV8Dyj9Ar4rIouCYaV488RIs-lHuvkmUOvr8L7214rN8toLbYMzxr_DfHmAx7pJgkqz2Ii5ay_O219ztvBpKChXEgbomRqgyiPrY0rnx4AKTQ8MJdSxAVCGirjN1aYc_UQv3e6wB7i1z5fkYLVU4sAuXosQGfAK0BdgdlQhLvonMClHbWt5B_VYrOlKzzAYP3SgQO15ocV6hKt6HnUs8PFpLOgdFI-8H1Kko8EScRfEwnpLMiiDHcoM4uc9JybTd6MKk0vU6Mqr8pAT1ts_IFdCfc4crnJDqAq3pJDkcJdmdHSevi2U7R_yTF3CAk_pzdamWIUqdZTARE4obWvLtnH6sb7KNwlblhjafsqeDZXVrIqyMSQmYBsDBiP486FAiqosc36fit2LH4ekJjEJhQ_ye8nHKU5B69-DjdF_oFFIrAbQsozIRlY8sMyIQBSf8fBQIl44jN7dUtQ8unl5ywa9GlPYDSeO5frIVrA-lz6ZkJl2eI
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/ Frame C02A 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/abg_lite_fy2019.js
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a7d5c1bfe43c8beefab2fa059f4fcaa029fcbbace9a672aae1dfe1ffb7d6976c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:18:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
76
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8002
x-xss-protection
0
server
cafe
etag
5332015062585099865
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 04 May 2022 21:18:33 GMT
css
fonts.googleapis.com/ Frame C02A 		8 KB
714 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:700,500,400,300
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 20 Apr 2022 19:30:46 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 20 Apr 2022 21:19:49 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 20 Apr 2022 21:19:49 GMT
outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220413_RC00/ Frame C02A 		14 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220413_RC00/outstream.min.css
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 13:04:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
29713
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2798
x-xss-protection
0
last-modified
Wed, 13 Apr 2022 10:38:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 20 Apr 2023 13:04:36 GMT
outstream.min.js
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220413_RC00/ Frame C02A 		347 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220413_RC00/outstream.min.js
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0900693ba4018c6de9126b543a8a3c50080eb74d1ed0696e5cc8fca0c0c99513
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 13:04:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
29713
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
122258
x-xss-protection
0
last-modified
Wed, 13 Apr 2022 10:38:38 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 20 Apr 2023 13:04:36 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame C02A 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:15:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
231
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6409
x-xss-protection
0
server
cafe
etag
15284592792851369840
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 04 May 2022 21:15:58 GMT
l
www.google.com/ads/measurement/ Frame C02A 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQBqYdqw3pcm1og8hIl-oTzr4MQHdOdvtfVgUqOJyTxc1_SpBCY6I1A5lRUs6CVyw81ONG6taddCwVuWwpr1aR57GIQ-g
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
Standard
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/ Frame 80F1 		90 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
f7e06ae449bdd4ebece6e26cdb36840f7cb19f28b57bbb6b8647a54535557d3f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:49 GMT
content-encoding
gzip
last-modified
Thu, 10 Feb 2022 15:16:56 GMT
server
nginx
x-cache-status
HIT
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=100000
expires
Fri, 22 Apr 2022 00:11:04 GMT
csi
csi.gstatic.com/ Frame C02A 		0
327 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~l282vxti&c=8289927038026&slotId=4144963519013&qqid=CK2Kpe3Io_cCFVOK_Qcd6aAK8A&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220413_RC00/outstream.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame C02A 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 17:56:19 GMT
x-content-type-options
nosniff
age
12210
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15828
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:28 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 20 Apr 2023 17:56:19 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame C02A 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 15 Apr 2022 01:46:21 GMT
x-content-type-options
nosniff
age
502408
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 15 Apr 2023 01:46:21 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame C02A 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=COpcu9XhgYu27A9OU9u8P6cGqgA_n_cq7acihhLSVEM_mor3AARABIKqAwyJgldqigrAHoAGX_pvwAsgBBakCCmX3rhg1sj6oAwHIA5sEqgTDAk_QUYNs6IigaOHekCPRrMUdfshPE0DlYB7OYed8GmkmwNpq4qR0m8uzpCpLD3eez6qp8Jrd-g7eQ-yLEMrkksQ6dsRunJc-mtvph6s2IAjMxXuoW3Bl4dsn3N5sy5HgkrdY2srb-6FJkV0MpOrzOHSgt_rtMMm7dm97QvabtKE7o-Bzm81wsnD5moA7g-TU11CupusYUn5EzGV5VJk_AwCpOCG6R2berJPg6ds4COUvW2k6FIWEmMZbZtBWn66sC5XHtG9QuygbjPSI6APLw3STnFnWQrMe12wyv1varjT3uPlL4iR5sgFO4Tx0A-_ZJ8YOPHWVeMHfbfol0qOWB-saI-S8ib_V4qYpN7tGVLVz_53JCtV-m6S50P0JlB88NxrvBuMdjgR-Zr_YZQlcu7Kb7ERHN68LHaU6A8AwhpWmsJUlwATf_rLW8gPgBAOQBgGgBnaAB9GB5I8BqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi03OTQ0NzI2NzAwNjA0NzAxgAoDyAsB4AsBgAwBsBPno-gOyBP1-OLfA9gTCogUAtgUAdAVAfgWAYAXAQ&eventType=clickstring&clientTime=1650489589503&ai=COpcu9XhgYu27A9OU9u8P6cGqgA_n_cq7acihhLSVEM_mor3AARABIKqAwyJgldqigrAHoAGX_pvwAsgBBakCCmX3rhg1sj6oAwHIA5sEqgTDAk_QUYNs6IigaOHekCPRrMUdfshPE0DlYB7OYed8GmkmwNpq4qR0m8uzpCpLD3eez6qp8Jrd-g7eQ-yLEMrkksQ6dsRunJc-mtvph6s2IAjMxXuoW3Bl4dsn3N5sy5HgkrdY2srb-6FJkV0MpOrzOHSgt_rtMMm7dm97QvabtKE7o-Bzm81wsnD5moA7g-TU11CupusYUn5EzGV5VJk_AwCpOCG6R2berJPg6ds4COUvW2k6FIWEmMZbZtBWn66sC5XHtG9QuygbjPSI6APLw3STnFnWQrMe12wyv1varjT3uPlL4iR5sgFO4Tx0A-_ZJ8YOPHWVeMHfbfol0qOWB-saI-S8ib_V4qYpN7tGVLVz_53JCtV-m6S50P0JlB88NxrvBuMdjgR-Zr_YZQlcu7Kb7ERHN68LHaU6A8AwhpWmsJUlwATf_rLW8gPgBAOQBgGgBnaAB9GB5I8BqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi03OTQ0NzI2NzAwNjA0NzAxgAoDyAsB4AsBgAwBsBPno-gOyBP1-OLfA9gTCogUAtgUAdAVAfgWAYAXAQ
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
vast
bid.g.doubleclick.net/dbm/ Frame C02A 		29 KB
16 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-Doy2MSGQU9CPOs4LYOvjkCKFI8aTeIV6qmvgL7OGOELWU4UuR4ADp7Ncr-eITfc9OPopDG_KZ0_sLBrnIAbHlWuAJj1w&cry=1&dbm_d=AKAmf-CagUVOFQo1X2bqvjCAAqeKmi0WUIct7z6pSAIth8Rh-t3fVsRyQZBvVyG2q3DZd8_1-W_T06y8JJ4-Q9pIJkufcp8uyVwO1O-_63IL4tD4mEssYRfdM5tN-H9i9rZEKRqq2sQnXOK0M_r5Lop8g3fEpRqkgRLhKgF8xVSgxMXNIS1nHDdIu440RvMqvQalRw35FAS1SkR4-tUPEDQybrrpM7-WoJoi-E4_drLdHHR7uXmR5wuGVY_zNQcCgQlkiIGyOn3w_x0BLxfgZsqGtJOuopdPzOFZo-9Jx1nZjTRIAkmqFXeWHgWmnXu28Iz3Pnm5CL8FE604cl9bNDeGwLbEjHsb80fP6vgBgqRbNrpu31s3ggu4mgwJ99yVqJ4Ijhv231p3dONFs8RULcEzPVUMu25M1XC88bZBSTZkOj0Po21AzhAKPYZ2Dp-WLudOTv7eFon1QtBHNr1eWh-jPREtGQo5iOjXp0GADikptR6_C8LIwwtheV2Aw1xeSZL4TKmwrQcWfpOiEGh2ubVpyyvXD0amtUMe3IZyrCOcbikuSHefdeS-r5YH91Vx-isD849qlZuAzP5m8TFFQDX7CEd6jkXysweq5_51WDgjUHWCJSiMv5eCWgoPB8MYeo2gQkm7RR8ILBlxRsnR72hjcmK3jwXBsQ_mHHMZVOwXY92ds5dz2dH49wupkLnzHLWG0CVdX6DY5HF-v5ao1EXFrV87mo4Hp8lLlE1HoAaT72YrCJnWF0z8PJRmBm_qVXd_lCqFSsej1SjiEpdUzIRVljn_jWMka9CPfWGBuWtywqLgM2RjF1uLHMMC25Gr79l0dVn94mdIkKiTLqPrdpiqIN0my-QSlta-8Xq-n5nFR20645pzWNoOJ6nAJaHrisziEimkquUb4F8XlQ8L7MjiaCTW1igiJtmDFkbDqM0hZTiYB8yfYch08I3OmYJLyFmWAxIka51rRGYUAr4km07aCtEY0JN7_8K4798LDm_xSeGVN8mIL0b0aE39SX_nCaM60YUd6yMWtJ7kd6msvMaho5Qcn9iwxa6gxAmQFybOIrXcnO5JxnzCso_xZ0YOtO2YktgsXQ6UwcX2B6Wkf7xbZQAFd1P3qZlAT68sF25fFQrbaO00QWDVPSNNdZgy5jdNUeRTdWYY-chqPbnxlS4t4s3Z4wUJrSYnca4no3p0st6WKy4Nwxs6aWLs_822Bd3qYtiJQx0i8-x0aMTbFLSNXprZGksdZJTky48KUF3ik_HxcMhrH3q1gr1-1ASYS9fFqw7LoWzRaacxXluBl-aM9KdtL343xQjfzcRUD2UCfb__69x-6zJ4mH485jhWZWI2C_cpboxGcZy9wMdpW8D4UaFJWTSsuWGZ1pv27PDHxHyGjMu-VTN1godwBtY2QCOSfW0XFM03R0Ut1Ri3uTXgJoNbPIprir4EQSyIJ409hUdHmJD_SAuDZBkMI_ClxnAOWCNp18KUykTJS51xB5Q-Ef0ZUmIEA1DVbcKEN8OcPN70dUMHQbF4ZBp_9oIJXYZxhd9U_kv3dNHQVauSNf1-BudVL2AjpfX49d6P3jnYRmNtW-zKZOLXBUfnbDbxAscLf672o-MUFd6yuRqvmNAOzLMKp0trt79IB7zA-bQc2_V0bMkespq064LfpQRypAdH1nHLKTpHiXvifqdPOGIK_ZFoNXUZ3MW70s110vvf9XTUBqwEZJ2Vy23Uf1vFTfggz49fQcQEYafMU6b9KtDa2A3BVT9f8sSsNObAsgB2r07eteqDZfoccQhnBe8g_ouoe2ohZfIv5GSgjE1EyWEfv8MGSWcX2iT0WsVHdyLx6OtHvz5RFoGFXTxAkzcqojehmC_xRwu3vMYuaEfTQV7Dq5KFDYIF14SaMGHncIJ7My-RUHD2-dEjhWvIDNZnZNsfrPzSjfrknr0LEHH-63aig9wI_b76VPBfCsODVliG66GyNOKdoLBg1pISR6GGN6T9wJry5VT2R_HzlzXvlzqCcbS3v5UIAiJQnDeW_XM3yAr3pFmosW0MKgxiQ8vC4irIyieLRkl0I_nedQ_QIIRRBAYji38uSu0b1774s8WnRNAhsop52_cuNhlvhi_OJi_zqw1o4lVBa-u-vlD9e7b3LfTG3bvq1a2qj_P6RoHrcmRl3n7WdK6qY5jfjFSHSH5T-MmkSesNLZedpQbBBw6ffzLdpW15k9C1yaLT5n94tR7F7Wgis9fFm9orLhBViwDqkAQzJQoj-JNwTWxLvnCWqOk6iQHgpun8XeOpmaC3Yd9yNQa9bciusvFuL-UGE6dpHu0KTd0JaYEmHtejsvurO5hGvijAXnvKfOIfqnvVYdG6luGUjyF0vuSWOhIdtsiuRLBKXdiGmTc_yAa8puJjYzOExFLC1l57lm6NGmHyaAVv9c4eMQQuv-xKVbg3f_B-1W6stwCV-PuAVWCk1g2FAZrFAAKABOrf7YyO0YaGhu7DkcsKo3x_WEO2wkuEdP6a6hI4-iZbFm6bJPfr4S-YiUYfc7SMI-CkrXAwpFKcBZGnFB2HVADIDIkZu-A2rWjoCzVHjbWKNBb0sXPwJh_dP1Blwk4CmyozbrLxayHrkbzwBBmXqK-cHkELxDSoPtrF2cpm-pfkjt2g8t8DF4nOhLbnV-xda5Fd63EuVumUL3Gmx8gL-q3sU3kTRcjpW9OTkQAZJkl4DOvGS3OFejpNdQIa8lNVVcwSwmz-oiHOkfO1Ba78uk2fJwD8ht2Q0tmQOwUCHys2xv0-SC6Lq8hAnr0DyLh2JLKbEX_vbZjWftioQzttQ7ZTt1lQmPMDmPT-4nuqVdvO8xL3qNL6BoEqhHgskw5oITIuJHmR6FWYEugnNM8-VQ8pqhCVM1KUzXYHwUoNFQ_ZE7P861mM7iHuqpgxrHnR5UIXPQGMDgbMZpf63ekHiZ0DR1wPQ-LAAH4BEDBunjvylJOUS13Edieu8Eq4IW-4Twdeum7wl_wLDYrH2J0CqbhiBucjRO6Q3XECQoAg3tTv1ADnuvcRfvnjFvs4nv3AGq7iiTkgEJzIfCQc-6FViTHMWz0JUOWHg0i5Ij0P4VxWeymozQgl6lu2wQk0CoWuJL2DHYCtSKgRn8nMktfm9w1obuB9y7SAMZ49e3mDKVNZE7wtR2kK6pfSzM1RvMvU6YExTQDOcXzlyb-UTBm090RH6hJxjqVeVpfFXEALD0kJ0PUty7jTTlYVtHGQhgLEJnLamoBnSZGLufAZkZudDvDZ8jcY0CAxw9_pxP1bX0Mxuwqgnj2w8peyA44jTXJKeEumVWP80R9N6tGdehd9lq0MF9b-22LZJCtK-td5d1OaIhSIhbFeLkdEF4w2OXz4ZaWT419sPl7ewdUo8jwDGeLSvoERzukq0i11CSOyqsZ9xFtrtSXWEqPFyOYcdgQ-VSjsW6IPbxSOQ5QrJNRVNYHOZpuyup7b9-z8Ds0QWk3XpltR-Zvytdaxip7hVveTbLGhMgx3tgNkY6_pjzRBjHHYfgOv36iLsBejAr6Uku3qEBQKNMkCbTAKf0Ic_DVLmHZe5LCx6FZM4RTBODKbQcPt_-Qu8XqXNeF0AEVSPJing4xQ5hE1kaSsK6oNIkeTeE9fiUUAmlRhCKaCnfseVwUe67ieVTvD3gOeHcLUEMhnhyIBe3ZhFEkTMhGIECXBAVRzVfwVAGuWdcTBFg6tvTEDzhLSOm6hl0jazWqg2PIKbMd0JzzVxUuD_a5oNxxUcDa2KvA8ZaMFpd5BScZffSXWkkL1m4WLxJeqPAfQ6NtR8jd_Eta_Tj_JOSf2zEBrkvxNvhjUYtQ_r1nmQ75i1S272UkyTFzGL0EeFM3zA4MdFHvSqLb1CWmDVU8DVAry5tXGK_g5fsk2yOgBeF5V1WpbdE-TRhdXwga9mqtSmxolLqoM5Tt6fmwGY4ZUOsYv-YuB_HP6ZJo_x3_9wUknh5YxAtv24oNfzI8_TPtxQlDw1zOU1646sViu3M6ALR2ORlWpsEcZzKZIAje5n509erZiNapNd3aexwLZRdVyetvD09UoaKeQsDMUaJud93zjdGS_eMyYXcxbJkgE7H0Km6A&cid=CAASJ-Row093ftuAHf3RTltz17HdDZhuJEoZAl1n_Sr-nY65gW-G63gQ0A&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220413_RC00/outstream.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.71.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wn-in-f156.1e100.net
Software
cafe /
Resource Hash
295312fdc2e0f59ddb60651b102ddb9b3641cfd7b89db0084c9f5f88dc484fb3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:49 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15646
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
a1.adform.net/csimpr/ Frame 80F1 		35 B
502 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://a1.adform.net/csimpr/?bn=54370173&csi=Gc4KwEYaWu7j-kIezvIMCk4bN67wtpV7CpdRT7VHHo_rygPkIxxfk0n4UBYG0Xi1RdU4npzY7MFetgOmG7B8xt6vWmW1dlSa0
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.24 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires
-1
truncated
/ Frame C02A 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fce55aebdeb1228673436efdb29b4b4ec6b00b205cdce110c24cc8d3bb0fd673

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png
adview
securepubads.g.doubleclick.net/pagead/ Frame C02A 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CT3bT9XhgYu27A9OU9u8P6cGqgA_n_cq7acihhLSVEM_mor3AARABIKqAwyJgldqigrAHoAGX_pvwAsgBBakCCmX3rhg1sj6oAwGqBMQCT9BRg2zoiKBo4d6QI9GsxR1-yE8TQOVgHs5h53waaSbA2mripHSby7OkKksPd57Pqqnwmt36Dt5D7IsQyuSSxDp2xG6clz6a2-mHizaOzHbBv2q9w0oOPiI4vcWjGG_SbGTeytuIpkmRtOZP6jfTkaWq-gs-PPiDZPsCA5jBojtjFXRuDnCyh_pvhzmDEdciU66mHhunfUTMkHihmj8B9arNIrtHk91YkODpLjv95i9bnDnhhoSYM1iT01afW4_DkcZmomSKSlD-wxCmUc_j9JriAvfa8e13QQ63W9SpJPe3-nPijNMTAEtEAsQCP_YqxtYsSKuYx8SImLNItByX6tdrPLSLf1xLmrSsK35uaT6x6HgRMgm8pRnGAWnzUpwJIN8k4xad-wlBvnhRK1y3pn-MIwqXmykdqyzHjX7zJD0rIo8ywATf_rLW8gPgBAOIBe_LqL4-kgUGCAMQARgBkgUGCBsQAhgBkgUNCCIQAxgBSI3StwFQAZIFBggdEAQYAZIFBggdEAEYAZIFBggeEAEYAZAGAaAGdoAH0YHkjwGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHChDU9xwY28KuyAHSCAkIiOGAEBABGB3yCBthZHgtc3Vic3luLTc5NDQ3MjY3MDA2MDQ3MDGACgPICwGwE-ej6A7IE_X44t8D2BMKiBQC2BQB0BUBgBcBshceChwIABIUcHViLTU1MTIzOTA3MDUxMzc1MDcYku8h&sigh=36ibcxYdIIg&uach_m=[UACH]&cid=CAQSPgCNIrLM_jxIp3lGnzxQnrsGUFbWEYkKNkHiajPFfbIBHT15-FS0L6VKFDyGZMlhD0iEi8lnzPwGdRRsP18Z&vt=10&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
11022066.js
s1.adform.net/Banners/Elements/Files/63577/11022066/ Frame 580C 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/Banners/Elements/Files/63577/11022066/11022066.js?ADFassetID=11022066&bv=257
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
879cab3d6755806dfc9a395f8a3cfd0978cfab8897d55fda48ad06ef09bb9003
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:49 GMT
content-encoding
gzip
last-modified
Thu, 17 Mar 2022 08:10:54 GMT
server
nginx
etag
W/"6232ed0e-7b0"
x-cache-status
HIT
strict-transport-security
max-age=0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript
Adform.DHTML.js
s1.adform.net/banners/scripts/rmb/ Frame 580C
Redirect Chain
  • https://track.adform.net/banners/scripts/rmb/Adform.DHTML.js
  • https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js
30 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Server
37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:49 GMT
content-encoding
gzip
last-modified
Fri, 14 May 2021 12:35:38 GMT
server
nginx
etag
W/"609e6e9a-76d9"
x-cache-status
HIT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript

Redirect headers

location
https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js
date
Wed, 20 Apr 2022 21:19:49 GMT
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/html
6232eccb9663a849c8c24941
c.bannerflow.net/a/ Frame 580C 		89 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.bannerflow.net/a/6232eccb9663a849c8c24941?did=5ced02fe0fd60d000186f5ac&redirecturl=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCYuU-9HhgYsCGLvKO7_UP5u2d2A2M1KXCaeHgprDwD5Ok_orXKRABIKqAwyJgldqigrAHoAGTpo--A8gBCakCCmX3rhg1sj6oAwGqBI8CT9BLydD9fG1_aUmHp4khhsVR2szxt-_IZ0jeKFi8sm2Fr-oSAACAr5oYvpU4uFgyQPshdMio3MqPD2-UJC0IOTSxcHzAtUqhS2uhmbBRKSLALdQt1i3ktpLOYtSUiXinbIKmoXHX6BbKRW6SfkX2c3-AjL5qZ2mw3VLVwBWoJctHa8UmoOo0TKVHqORjYwfprPMNAIdRTZg6Kooib48kXBMe-2xLpBoawaa1tGRmJS6ZkesgVCVEHFXFOLZcpybwyLNln62issZhXOXo8koAfJDsUSHDAXTc3HzJFUXa4Fz-uvBJ_OqDp8XJ41tVJWI29PPnwtfBJ6CeBFpZTYtdfn7VYXT0JmxQn3-omh0OncAE_d30tO0D4AQDkAYBoAZNgAfV2fBBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi03OTQ0NzI2NzAwNjA0NzAxgAoDmAsByAsBgAwBsBPyxPEO2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSLQCNIrLMyTyxPyWSFKP3YG2IvXPrDni2ozokT8gfP4EqCPW9_FtfsTMP4d7ukw%26sig%3DAOD64_1GD8XAVq-t3XgVg4nxvHhgbqRu3g%26client%3Dca-pub-5512390705137507%26dbm_c%3DAKAmf-DGJB980y18Yjx98pZH9cHEHCyGOJ2lnWzmh40uLydI2Zep0v4I48pXQGngeBSpXp2DeSEU01bBSx_7RuqikqSUJcN2G5MuJZCR5ZAitqAQXOT3uQW-PzWz5kqXM8dzEMjZdXQzg901FOB53ct84p1QSXCvbQ%26cry%3D1%26dbm_d%3DAKAmf-BuT1eLFpuK-M_vF_zQ3zN8H9qH_CI8Q0zpsHCXymmdxw0vvuVixkd8bckDE0ZdI0dDmF2zR2xjTQR4CI_Y0t5JKMeKUvXboWq0g-ucMF2Z2f_3KQ_4xOrt_GV1hUt68-e4GtOAjqE5SlzizcycrzeFJMtHz1tx9xoITmG5WFnjdmvJOsDDeb_I_r6SdYXERMoRkNrOWPCFSMFkS-3CdxeIkd0CtGnRrmQUjIT9zGxV73vQqcAwlfYL8DbwtowVN4FQWFTR2Txg1quzaNUY148DCohY_APJPVEwnRbe_dFvKHnlBu3CmLX1NzqTUf7og4nTT2xmV2cnVAq0U3QFY30-UO5oShaMrMX12lvIEho14HyEklsnLVvkKVAzkiarU3kB6wThpD7gH9x1m4sJDwmVJru88FeLsPCDDzWRO_nXAE3aa9KkD11txM_gO9CaDy-GA6bv0zWQAwQng7js7xxsToCFLQ%26adurl%3Dhttps%3A%2F%2Fa1.adform.net%2FC%2F%3Fbn%3D54370173%3Badfibeg%3D0%3Bcdata%3DiRC99z5vOMPyVUB3sm7qdD3H6zHyVHqzADbraSVMwddeWA_EDGcbq-vhfINXxkXnhcMRvNZZuUQdBto-OTni43tt2n4OwTFixfgN7wWhehNcPlakbYq96RfFbAlL4jcDepog248PTuUVdH9pxlMXHT15XEr-uFmMQeEimShqzcc1%3B%3BCREFURL%3Dhttps%253a%252f%252fpt.lizspaperloft.com%3BC%3D1&domain=https%3a%2f%2fd5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com%2f&targetwindow=_blank
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:d40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
929d9e7f809aae29b56c16a40ca6c2b190a9385a786a0bdd4dcdf4f9c450fd7d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:49 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
application/javascript
cf-ray
6ff0eb9f6caa0211-ZRH
link
<https://c.bannerflow.net/accounts/melia-hotels-international/59c9120b31ae8f128419d688/published/1957125/2252985/preload.jpg>; rel=preload; as=image
request-context
appId=cid-v1:8ccc0d93-c9cf-4965-a9de-1823f9df557e
HdsydzJK.js
tpc.googlesyndication.com/sodar/ Frame C02A 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/HdsydzJK.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220413_RC00/outstream.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 18 Apr 2022 13:10:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
202175
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15407
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 18 Apr 2023 13:10:14 GMT
file.mp4
r5---sn-4g5edns6.c.2mdn.net/videoplayback/id/49cfa2139890e885/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1682025589/sparams/acao,ctier,expire,hcs,id,ip,ipbits,itag,mh... Frame C02A
Redirect Chain
  • https://gcdn.2mdn.net/videoplayback/id/49cfa2139890e885/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1682025589/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signa...
  • https://r5---sn-4g5edns6.c.2mdn.net/videoplayback/id/49cfa2139890e885/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1682025589/sparams/acao,ctier,expire,hcs,id,ip,ipbits...
0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r5---sn-4g5edns6.c.2mdn.net/videoplayback/id/49cfa2139890e885/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1682025589/sparams/acao,ctier,expire,hcs,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,rmhost,source/signature/72A6B7A83B7B2DD0C4FDA4A50D093578BBBEE0EB.0D8D2CBEA1548EB7C358966156EFBD1F70F3FBF0/key/cms1/cms_redirect/yes/hcs/ir/mh/rD/mip/2001:ac8:20:302::202e/mm/42/mn/sn-4g5edns6/ms/onc/mt/1650489130/mv/u/mvi/5/pl/53/rmhost/r1---sn-4g5edns6.c.2mdn.net/file/file.mp4
Protocol
HTTP/1.1
Server
2a00:1450:4001:6d::a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gvs 1.0 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 20 Apr 2022 21:19:49 GMT
X-Content-Type-Options
nosniff
Connection
close
Alt-Svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length
2723323
Last-Modified
Fri, 15 Apr 2022 15:21:01 GMT
Server
gvs 1.0
Vary
Origin
Content-Type
video/mp4
Access-Control-Allow-Origin
null
Access-Control-Expose-Headers
Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control
private, max-age=86400
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Timing-Allow-Origin
null
Expires
Wed, 20 Apr 2022 21:19:49 GMT

Redirect headers

date
Wed, 20 Apr 2022 21:19:49 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
704
x-xss-protection
0
pragma
no-cache
server
ClientMapServer
location
https://r5---sn-4g5edns6.c.2mdn.net/videoplayback/id/49cfa2139890e885/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1682025589/sparams/acao,ctier,expire,hcs,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,rmhost,source/signature/72A6B7A83B7B2DD0C4FDA4A50D093578BBBEE0EB.0D8D2CBEA1548EB7C358966156EFBD1F70F3FBF0/key/cms1/cms_redirect/yes/hcs/ir/mh/rD/mip/2001:ac8:20:302::202e/mm/42/mn/sn-4g5edns6/ms/onc/mt/1650489130/mv/u/mvi/5/pl/53/rmhost/r1---sn-4g5edns6.c.2mdn.net/file/file.mp4
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
access-control-expose-headers
Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
expires
Fri, 01 Jan 1990 00:00:00 GMT
csi
csi.gstatic.com/ Frame C02A 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~l282vxtt&c=8289927038026&slotId=4144963519013&qqid=CK2Kpe3Io_cCFVOK_Qcd6aAK8A&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=1000&br=890&mt=video%2Fmp4&vs=1024x576&ulv=1&cll=0&vmfc=12&vhc=0&msm=1&aits=0%2C18%2C22%2C37%2C692%2C59%2C342%2C343%2C344%2C345%2C346%2C347&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=347&vsrc=web_video_ads&ape=1&met.4=videopreviewvisible.qp
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220413_RC00/outstream.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
H0ZEmIz7.html
tpc.googlesyndication.com/sodar/ Frame 7234 		23 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
480877
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8727
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 15 Apr 2022 07:45:12 GMT
expires
Sat, 15 Apr 2023 07:45:12 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
LJGn0i2Pg8yG-wzimFR5htSsDE5oolsrGkll4HQxngw.js
pagead2.googlesyndication.com/bg/ Frame 7234 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/LJGn0i2Pg8yG-wzimFR5htSsDE5oolsrGkll4HQxngw.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2c91a7d22d8f83cc86fb0ce298547986d4ac0c4e68a25b2b1a4965e074319e0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 14:40:20 GMT
content-encoding
br
x-content-type-options
nosniff
age
110369
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13643
x-xss-protection
0
last-modified
Mon, 11 Apr 2022 15:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 19 Apr 2023 14:40:20 GMT
container.html
d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9E8D 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041401.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://pt.lizspaperloft.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 20 Apr 2022 21:19:48 GMT
expires
Thu, 20 Apr 2023 21:19:48 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
preload.jpg
c.bannerflow.net/accounts/melia-hotels-international/59c9120b31ae8f128419d688/published/1957125/2252985/ Frame 580C 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.bannerflow.net/accounts/melia-hotels-international/59c9120b31ae8f128419d688/published/1957125/2252985/preload.jpg
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:d40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
95123151b63c2ac4a243f8ac1e0f11895292b5e9966a8fd0e96fb3760822ac8c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 20 Apr 2022 21:19:49 GMT
cf-cache-status
HIT
age
1659190
content-length
9504
x-ms-lease-status
unlocked
last-modified
Mon, 21 Mar 2022 08:48:04 GMT
server
cloudflare
etag
0x8DA0B17837D5039
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
x-ms-request-id
1c49a563-501e-009b-6ae5-452c23000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public,max-age=31536000,immutable
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6ff0eb9fdd380211-ZRH
cf-bgj
h2pri
pixel
googleads.g.doubleclick.net/xbbe/ Frame 8E4D 		624 B
297 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiB_aO-ATAB&v=APEucNV5fYa6eOX2zA9aiMkYtLFAehcyRx_ExvYmMW_3v9w7MBXBoKUpOqqS3DVxWoprshUPVFbK7NaVrDYyDemWsE56VVeI1ARaLi5jk9i0SLhfaWxYtFC2czc1nmMHRg-18CC04DOFfesB9zgkyC2JmISgnCXsDhxTASejAeTWpgEJJpajLPtqVjFvqKtn4F0E_-1wRutuy2znL12OKzpVq-Mdok3x1w
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
276
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 20 Apr 2022 21:19:49 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame 9E8D 		84 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DzelBinH6wJMxx5fkT1yxD-UkUZuJ8ZtfkroerNq2ZkSyehWYKdVIUwDe64-PpH9w7LpzraCoSyawVeEGyWzOY_ejjrtWT9cenxZ_wgFhsR8otde0XNWNhZDGnxrhPnlDBkUbtefT4GaWRnyVzuLeprPFrDQ&dbm_d=AKAmf-B1jMR_XEGm239VIQtnll5yUuz-sQ__Ed3JtrwoKtsatPyBCKawzKhQWkuJdGiVvi3Wq83Dc7JsXI-BphtdVsLRoK-Pzi2UvM1VQx6QMGMMCmq_tmVFotGCWlbU4sSmLzL5vAvQQKIn9LVphdHufFmtDtFXY30oS2n_DMrW_wWtln1FUBLFcEcoUwT2PPiVxPflQm-P4fgT59N8hf9CH26_UXFZcu7qiN3oBwYYwFnDoQrt5mt9Z7dFfkG8zRoHO44vpmj5o8O1nH-g6KisiR0pLURvbqVtGyU9RRRU8TiMnuGX-jxk3HbgawPXIF8uCjnMYwyGRkUA9kmQckm-_MFtDF00L5W9k7B9SJy8JOnY2s1m-e0s4Msabys6me6_GEMO_MWgGozCR9dZDabEX1K_l6SyNJsGlcwecDj8ITl9I5a4POMJoYz7Yw6y4ezcqX5KgwBsOqNzFxcjXoV-4BHjuJx6kwk7DCCOSvDqYIksFJ-c_59KfeXHFnbpvpxfKYwgq7wxh05G89mldk151CN6Md6jvr2TfRZ_na194sCZd8ze6UNQTRQaFWqpjDgqxZx1WOjIwYZ23qPlj1aqoNeb8HzdIrG1eGwvtdotJrymOK_E7PLOvSukjw6oAqJj2VJe_pkGGCMjp1sX-_ExuxZz96qW3pznNi-ytjYyOqDBRUxLnPm327gyqf1kxfPBMKyX0TLE1yZBrUF6xS2g7yWA09P2ZvYpnpQyDgpY5Ul8OdqpFpbycxrWv1fdX2dPffwxZhQ6prPhHdcPgoFsXiNWliYd6BlOv8tCLSuDRsEa0Mv4c3iWyw5bmSuIrX_ktJ0Jrca7XwjLIju1vKDe9gwfR6ArGCRm18zO_tlf4GpfhUG4Vh7v5oIY_HjDetd5Iu-yrmWOuZW3R0gNavsfHArJT3_zi9bedl5pwkg9J_-a_MWrorSieObyIcvWWyLOWxUTZMcl92PfX3xhqxeARVxuxMsWGygYCTgjCndWDoh5iur4U-NwfJjLj80G5VY15RQ6du7ZDtWAz_4yqKdt_GkdKI7JLuCv1hBJisfkFJnlOZeG8hT_IvE3opBnq3iv7RpndG9I8n1JQTm7ssVovGwiOw8M4crUzJS6tXC5_i6vnW3c4hfK4Xk-WA3wAuDFY3p8qXeuGEEXtXyE4H18VUl82h0E-Rf8TJrlX5-Q2ZbbVx4UGBOWXmqGVzJlJcuOzFcfR2JGOFQ6K30htHtOa0X5RLraZuMgwiifTR4dieaWPFoQ8FQbqZIa4qVe_1SjuCaShsnNcGUDFZ-enVdYD-RGWpOUgXFYe54tbw3RDO00o47_Td8cea0wssUXR3mFeQxT08pfgyCYaOMIf3NH7l0KfLCrLiJDm5J29qw6f6Ie-bz4hN-4LB0K4vE7U3kjUFtaM9ASXHHpqhToM7lS0mOBtC6l7re-aWwMRCNN7mJ7puSwDQYFqzDWKwFxWhMmm4fqxVWKoxnSZo6hScHUDtCSJLHyqIfdSClvz2Q1eG2T79vpe4YkshpPrQq_ZdP7kWG7nhvSN94neA7K8Q0viJMyupIlHPA9qBlO7EPgON8D39IWfcMgdX7rKJhzqMq9D_YIFrVj5OOIZZqFqN7XscX8EiSglpDM3Y7XXj6JX9mF8noUfz7kfnqvgXo7c4RIXHKpi2FBydUms9yom0EI3_KU0M4Mm_aZKteLgeANaLAnjcXB1EesIrZhavZCOSLVdr-QA8kDvRtZsEQknVGgCLwqgU72mne0o0QTB8_r6tHKyAGwcGS7_LFqa_kWBispaRTSZaZsf3A3szhZpSQ93qB-t6yH8lvsHvC4i2vA-TacsqCFZI266swJYyC3HqBAKyOPKdwg3YeBLbVnOqudQAhLIThzCJGRBEcbFjDW-hpyDlLsbAXb76Y6ii49zbI3ednb2IMaPj-tWhXWh6OW86Fhd5s4E1P-BWnAv-ZvZCjusYJIcNie-ZIukHwr0JJYnx79o30GPoC4YgkMiantBvlpgdA1tLhbTanErx8bg1NzBeYmPBhyz4oLldyBF7CmD11fXGQKaq1bhJpga9pw-U-FPo_RIhzwLefc77YN8EiVOgoc-Jy68rYQqQWYWvp_YaCFTEWWP2hwuaVyOCInFID7ierElGsL71EPuEPKK7Da6UQteJJ4sqq-R88535dj3Pb1KUIm_a66IZE1DtW_cCnEDWjLJzcgBSOeh8Ln1zyfymgxktco1jOpESY_C1Ar051abuRAWB_8GfGo7diwHzanUEQGJL6ffXedzsNDPEgwFttvQ7TNe5GROPVfZAJ7Ao17HhKzD0bX_N_kj7MNyo8DZY3IE4orPpTlNWo0VSu2CvC3Pjrghwa_fJNuFjswL032jLpuYmMVogkSfhnf2WhPVvwyY7eH9KRa4-QcSeMt4zj3Brs7l0YDVKOomjFn2fNj9tTohXoZVw1nvsWPCoeF9LCVLL6S3ShWZdr1NxglA-yd8biBA8bpCOEmvn2IBU5Wo31kWK3O4mKbR-G4G44FvDpbRsup5YdJbo-zhQHD-2aAjrkTCY1LZnaGytCtjyGW9oEYYmhUmGAVc4yGHt-edjd6svmghp2JHqxIm_a1ufaktWoK1PWpzbo6uo1UvmSNhBUV7j5JUap5vVR9-TXtwUP4aZJWeELKnzQi8kw97_58manMqDp9hxl8TjeZP0hgodw57DgbVrWjBl0_cJFjS9IQXD74OeQVT_atpxAVzqSmrGMj8xIYl9GZnCpkMt605PWcdC8_ca3azdpcRomj4uqQMxT12Xb32V0Lepp-bkQgUOfeplmL8psvQ5DweyyiNV4L2U5Xuqe1Lhsh8sYRXMeueI8FFtTRbD2maUD3oLH52i7prjDV0Gg8DwqchSskS3_qbPDA4yMydSbimznrdqz2lXhhQvmjIBzQA1woIKINnoituG9tDcf2PFlQZloBPrYxP3U-0JQnJRw1AFRuElFud__s2G5vAmyPOFj5-ozPAdoJoKFCL68xeVi7v1FWUmQu6J25k2xyY8gRffNvS3brjQPskehmdfwGp3EDItsUGrjEQHyvl8JtGXdh_S30u4IxMtZQno-x34i9Kyk6Rd9UxqJ9TL2lfzdIxYFovMZXYfIN4vJb2XXnCWzd1QuGBv48YlzRhmECXygw_K2wf3m2ZsawBgrIO7cDo1DYmrZVg_PU2WX-cDW-xDTIA3w_0MtXV1fBkN7nuJkVNWhnpnjRqrjkQvyRIeEe1mJbxSzuCOg2YznyWLcj9RbVY5-n1XBHwvpPTFekdVijHIqLGyPu14qPK2zMoeylkm_A82osdSclkXTWYu3yEWvGijMXAkBe&cid=CAASJORosT8Ui8Rykl-Vw9ZDqUAPMMUune9c8yzbOMMOdkYQPMCxrg&rfl=1%2Chttps%253A%252F%252Fpt.lizspaperloft.com%252F%240
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
d0c7601774a4c4e3d9a4d6a1217f74d67981b005302aa5eb4bc7ddbdc94ad01e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34332
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 9E8D 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DWsRyFgZ96691LWhpq4g-PMy0T_GTDq6QpaT7LHHNFUhe7azxXpNFCSSEf00Dy4neKciXg8oIjhi8xeR8TRgYEvO9zYY1lWEG6FY-BFfpkWEPpt58
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 9E8D 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/window_focus_fy2019.js
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
10
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 04 May 2022 21:19:39 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 9E8D 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ef2e3293c1558e5b49e30e1e094cfc3412ec386a68067aee04a92fc913f2c2ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36950
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1650454428054601"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 20 Apr 2022 21:19:49 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 9E8D 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:15:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
231
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6409
x-xss-protection
0
server
cafe
etag
15284592792851369840
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 04 May 2022 21:15:58 GMT
l
www.google.com/ads/measurement/ Frame 9E8D 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRAwYMQeYI50_7cMAEaJGmpMcNny13OkkzLanncWoEnpT3tdDxvs06Tzoit_1V_iOdmt1luEAjTqvNYwWDcW0msdnb1Ww
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
file.mp4
r5---sn-4g5edns6.c.2mdn.net/videoplayback/id/49cfa2139890e885/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1682025589/sparams/acao,ctier,expire,hcs,id,ip,ipbits,itag,mh... Frame C02A 		3 MB
3 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://r5---sn-4g5edns6.c.2mdn.net/videoplayback/id/49cfa2139890e885/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1682025589/sparams/acao,ctier,expire,hcs,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,rmhost,source/signature/72A6B7A83B7B2DD0C4FDA4A50D093578BBBEE0EB.0D8D2CBEA1548EB7C358966156EFBD1F70F3FBF0/key/cms1/cms_redirect/yes/hcs/ir/mh/rD/mip/2001:ac8:20:302::202e/mm/42/mn/sn-4g5edns6/ms/onc/mt/1650489130/mv/u/mvi/5/pl/53/rmhost/r1---sn-4g5edns6.c.2mdn.net/file/file.mp4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:6d::a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gvs 1.0 /
Resource Hash
ef26a0ba972764225128f30872097aef24a27a3eb97ad27ad60de92e1c7c0774
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Range
bytes=0-

Response headers

date
Wed, 20 Apr 2022 21:19:49 GMT
x-content-type-options
nosniff
Content-Range
bytes 0-2723322/2723323
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length
2723323
expires
Wed, 20 Apr 2022 21:19:49 GMT
last-modified
Fri, 15 Apr 2022 15:21:01 GMT
server
gvs 1.0
vary
Origin
content-type
video/mp4
access-control-allow-origin
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
access-control-expose-headers
Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control
private, max-age=86400
access-control-allow-credentials
true
accept-ranges
bytes
timing-allow-origin
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
client-protocol
quic
csi
csi.gstatic.com/ Frame C02A 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~l282vxxo&c=8289927038026&slotId=4144963519013&qqid=CK2Kpe3Io_cCFVOK_Qcd6aAK8A&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=1000&br=890&mt=video%2Fmp4&vs=1024x576&ple=0&umsem=0&event_name=unmeasurable_asset&resource_name=https%253A%252F%252Fgcdn.2mdn.net%252Fvideoplayback%252Fid%252F49cfa2139890e885%252Fitag%252F347%252Fsource%252Fweb_video_ads%252Fctier%252FL%252Facao%252Fyes%252Fip%252F0.0.0.0%252Fipbits%252F0%252Fexpire%252F1682025589%252Fsparams%252Fip%252Cipbits%252Cexpire%252Cid%252Citag%252Csource%252Cctier%252Cacao%252Fsignature%252F13849E40BC715E6AA08E373BAA622535F100BDF6.2E4CB505DC3C347F3821161EA83002EB232AFCBA%252Fkey%252Fck2%252Ffile%252Ffile.mp4&encoded_body_size=0&transfer_size=0
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220413_RC00/outstream.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
widget.312873177f7c8c26c3a1.js
c.bannerflow.net/scripts/ Frame 580C 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.bannerflow.net/scripts/widget.312873177f7c8c26c3a1.js
Requested by
Host: c.bannerflow.net
URL: https://c.bannerflow.net/a/6232eccb9663a849c8c24941?did=5ced02fe0fd60d000186f5ac&redirecturl=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCYuU-9HhgYsCGLvKO7_UP5u2d2A2M1KXCaeHgprDwD5Ok_orXKRABIKqAwyJgldqigrAHoAGTpo--A8gBCakCCmX3rhg1sj6oAwGqBI8CT9BLydD9fG1_aUmHp4khhsVR2szxt-_IZ0jeKFi8sm2Fr-oSAACAr5oYvpU4uFgyQPshdMio3MqPD2-UJC0IOTSxcHzAtUqhS2uhmbBRKSLALdQt1i3ktpLOYtSUiXinbIKmoXHX6BbKRW6SfkX2c3-AjL5qZ2mw3VLVwBWoJctHa8UmoOo0TKVHqORjYwfprPMNAIdRTZg6Kooib48kXBMe-2xLpBoawaa1tGRmJS6ZkesgVCVEHFXFOLZcpybwyLNln62issZhXOXo8koAfJDsUSHDAXTc3HzJFUXa4Fz-uvBJ_OqDp8XJ41tVJWI29PPnwtfBJ6CeBFpZTYtdfn7VYXT0JmxQn3-omh0OncAE_d30tO0D4AQDkAYBoAZNgAfV2fBBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi03OTQ0NzI2NzAwNjA0NzAxgAoDmAsByAsBgAwBsBPyxPEO2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSLQCNIrLMyTyxPyWSFKP3YG2IvXPrDni2ozokT8gfP4EqCPW9_FtfsTMP4d7ukw%26sig%3DAOD64_1GD8XAVq-t3XgVg4nxvHhgbqRu3g%26client%3Dca-pub-5512390705137507%26dbm_c%3DAKAmf-DGJB980y18Yjx98pZH9cHEHCyGOJ2lnWzmh40uLydI2Zep0v4I48pXQGngeBSpXp2DeSEU01bBSx_7RuqikqSUJcN2G5MuJZCR5ZAitqAQXOT3uQW-PzWz5kqXM8dzEMjZdXQzg901FOB53ct84p1QSXCvbQ%26cry%3D1%26dbm_d%3DAKAmf-BuT1eLFpuK-M_vF_zQ3zN8H9qH_CI8Q0zpsHCXymmdxw0vvuVixkd8bckDE0ZdI0dDmF2zR2xjTQR4CI_Y0t5JKMeKUvXboWq0g-ucMF2Z2f_3KQ_4xOrt_GV1hUt68-e4GtOAjqE5SlzizcycrzeFJMtHz1tx9xoITmG5WFnjdmvJOsDDeb_I_r6SdYXERMoRkNrOWPCFSMFkS-3CdxeIkd0CtGnRrmQUjIT9zGxV73vQqcAwlfYL8DbwtowVN4FQWFTR2Txg1quzaNUY148DCohY_APJPVEwnRbe_dFvKHnlBu3CmLX1NzqTUf7og4nTT2xmV2cnVAq0U3QFY30-UO5oShaMrMX12lvIEho14HyEklsnLVvkKVAzkiarU3kB6wThpD7gH9x1m4sJDwmVJru88FeLsPCDDzWRO_nXAE3aa9KkD11txM_gO9CaDy-GA6bv0zWQAwQng7js7xxsToCFLQ%26adurl%3Dhttps%3A%2F%2Fa1.adform.net%2FC%2F%3Fbn%3D54370173%3Badfibeg%3D0%3Bcdata%3DiRC99z5vOMPyVUB3sm7qdD3H6zHyVHqzADbraSVMwddeWA_EDGcbq-vhfINXxkXnhcMRvNZZuUQdBto-OTni43tt2n4OwTFixfgN7wWhehNcPlakbYq96RfFbAlL4jcDepog248PTuUVdH9pxlMXHT15XEr-uFmMQeEimShqzcc1%3B%3BCREFURL%3Dhttps%253a%252f%252fpt.lizspaperloft.com%3BC%3D1&domain=https%3a%2f%2fd5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com%2f&targetwindow=_blank
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:d40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7ac12c45b91c1e960c86dca2b137081c6e861123624d08442f5a80ff24be47de

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 20 Apr 2022 21:19:49 GMT
content-encoding
br
cf-cache-status
HIT
content-md5
HZEQkVfbP7Jm3zV8y9pNcA==
age
3734261
cf-polished
origSize=19187
x-ms-lease-status
unlocked
last-modified
Mon, 07 Mar 2022 14:49:32 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
acda45bd-d01e-0085-4d05-33c0fb000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public,max-age=31536000,immutable
x-ms-version
2009-09-19
cf-ray
6ff0eb9ffd770211-ZRH
cf-bgj
minify
document.64441b2ae6.js
c.bannerflow.net/accounts/melia-hotels-international/59c9120b31ae8f128419d688/published/1957125/2252985/ Frame 580C 		90 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.bannerflow.net/accounts/melia-hotels-international/59c9120b31ae8f128419d688/published/1957125/2252985/document.64441b2ae6.js
Requested by
Host: c.bannerflow.net
URL: https://c.bannerflow.net/a/6232eccb9663a849c8c24941?did=5ced02fe0fd60d000186f5ac&redirecturl=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCYuU-9HhgYsCGLvKO7_UP5u2d2A2M1KXCaeHgprDwD5Ok_orXKRABIKqAwyJgldqigrAHoAGTpo--A8gBCakCCmX3rhg1sj6oAwGqBI8CT9BLydD9fG1_aUmHp4khhsVR2szxt-_IZ0jeKFi8sm2Fr-oSAACAr5oYvpU4uFgyQPshdMio3MqPD2-UJC0IOTSxcHzAtUqhS2uhmbBRKSLALdQt1i3ktpLOYtSUiXinbIKmoXHX6BbKRW6SfkX2c3-AjL5qZ2mw3VLVwBWoJctHa8UmoOo0TKVHqORjYwfprPMNAIdRTZg6Kooib48kXBMe-2xLpBoawaa1tGRmJS6ZkesgVCVEHFXFOLZcpybwyLNln62issZhXOXo8koAfJDsUSHDAXTc3HzJFUXa4Fz-uvBJ_OqDp8XJ41tVJWI29PPnwtfBJ6CeBFpZTYtdfn7VYXT0JmxQn3-omh0OncAE_d30tO0D4AQDkAYBoAZNgAfV2fBBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi03OTQ0NzI2NzAwNjA0NzAxgAoDmAsByAsBgAwBsBPyxPEO2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSLQCNIrLMyTyxPyWSFKP3YG2IvXPrDni2ozokT8gfP4EqCPW9_FtfsTMP4d7ukw%26sig%3DAOD64_1GD8XAVq-t3XgVg4nxvHhgbqRu3g%26client%3Dca-pub-5512390705137507%26dbm_c%3DAKAmf-DGJB980y18Yjx98pZH9cHEHCyGOJ2lnWzmh40uLydI2Zep0v4I48pXQGngeBSpXp2DeSEU01bBSx_7RuqikqSUJcN2G5MuJZCR5ZAitqAQXOT3uQW-PzWz5kqXM8dzEMjZdXQzg901FOB53ct84p1QSXCvbQ%26cry%3D1%26dbm_d%3DAKAmf-BuT1eLFpuK-M_vF_zQ3zN8H9qH_CI8Q0zpsHCXymmdxw0vvuVixkd8bckDE0ZdI0dDmF2zR2xjTQR4CI_Y0t5JKMeKUvXboWq0g-ucMF2Z2f_3KQ_4xOrt_GV1hUt68-e4GtOAjqE5SlzizcycrzeFJMtHz1tx9xoITmG5WFnjdmvJOsDDeb_I_r6SdYXERMoRkNrOWPCFSMFkS-3CdxeIkd0CtGnRrmQUjIT9zGxV73vQqcAwlfYL8DbwtowVN4FQWFTR2Txg1quzaNUY148DCohY_APJPVEwnRbe_dFvKHnlBu3CmLX1NzqTUf7og4nTT2xmV2cnVAq0U3QFY30-UO5oShaMrMX12lvIEho14HyEklsnLVvkKVAzkiarU3kB6wThpD7gH9x1m4sJDwmVJru88FeLsPCDDzWRO_nXAE3aa9KkD11txM_gO9CaDy-GA6bv0zWQAwQng7js7xxsToCFLQ%26adurl%3Dhttps%3A%2F%2Fa1.adform.net%2FC%2F%3Fbn%3D54370173%3Badfibeg%3D0%3Bcdata%3DiRC99z5vOMPyVUB3sm7qdD3H6zHyVHqzADbraSVMwddeWA_EDGcbq-vhfINXxkXnhcMRvNZZuUQdBto-OTni43tt2n4OwTFixfgN7wWhehNcPlakbYq96RfFbAlL4jcDepog248PTuUVdH9pxlMXHT15XEr-uFmMQeEimShqzcc1%3B%3BCREFURL%3Dhttps%253a%252f%252fpt.lizspaperloft.com%3BC%3D1&domain=https%3a%2f%2fd5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com%2f&targetwindow=_blank
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:d40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f6c417546ab95f377359977407b1c777b74643ef2f7e5eb6aaf410ce540c462a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 20 Apr 2022 21:19:49 GMT
content-encoding
br
cf-cache-status
HIT
content-md5
ZEQbKub/JHrdQz//0StmlA==
age
1659189
cf-polished
origSize=94267
x-ms-lease-status
unlocked
last-modified
Mon, 21 Mar 2022 08:48:19 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
8b9a6aa5-201e-0038-55e5-4549e6000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public,max-age=31536000,immutable
x-ms-version
2009-09-19
cf-ray
6ff0eb9ffd780211-ZRH
cf-bgj
minify
animated-creative.113bb23e864a7f983e9d.js
c.bannerflow.net/scripts/ Frame 580C 		142 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.bannerflow.net/scripts/animated-creative.113bb23e864a7f983e9d.js
Requested by
Host: c.bannerflow.net
URL: https://c.bannerflow.net/a/6232eccb9663a849c8c24941?did=5ced02fe0fd60d000186f5ac&redirecturl=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCYuU-9HhgYsCGLvKO7_UP5u2d2A2M1KXCaeHgprDwD5Ok_orXKRABIKqAwyJgldqigrAHoAGTpo--A8gBCakCCmX3rhg1sj6oAwGqBI8CT9BLydD9fG1_aUmHp4khhsVR2szxt-_IZ0jeKFi8sm2Fr-oSAACAr5oYvpU4uFgyQPshdMio3MqPD2-UJC0IOTSxcHzAtUqhS2uhmbBRKSLALdQt1i3ktpLOYtSUiXinbIKmoXHX6BbKRW6SfkX2c3-AjL5qZ2mw3VLVwBWoJctHa8UmoOo0TKVHqORjYwfprPMNAIdRTZg6Kooib48kXBMe-2xLpBoawaa1tGRmJS6ZkesgVCVEHFXFOLZcpybwyLNln62issZhXOXo8koAfJDsUSHDAXTc3HzJFUXa4Fz-uvBJ_OqDp8XJ41tVJWI29PPnwtfBJ6CeBFpZTYtdfn7VYXT0JmxQn3-omh0OncAE_d30tO0D4AQDkAYBoAZNgAfV2fBBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi03OTQ0NzI2NzAwNjA0NzAxgAoDmAsByAsBgAwBsBPyxPEO2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSLQCNIrLMyTyxPyWSFKP3YG2IvXPrDni2ozokT8gfP4EqCPW9_FtfsTMP4d7ukw%26sig%3DAOD64_1GD8XAVq-t3XgVg4nxvHhgbqRu3g%26client%3Dca-pub-5512390705137507%26dbm_c%3DAKAmf-DGJB980y18Yjx98pZH9cHEHCyGOJ2lnWzmh40uLydI2Zep0v4I48pXQGngeBSpXp2DeSEU01bBSx_7RuqikqSUJcN2G5MuJZCR5ZAitqAQXOT3uQW-PzWz5kqXM8dzEMjZdXQzg901FOB53ct84p1QSXCvbQ%26cry%3D1%26dbm_d%3DAKAmf-BuT1eLFpuK-M_vF_zQ3zN8H9qH_CI8Q0zpsHCXymmdxw0vvuVixkd8bckDE0ZdI0dDmF2zR2xjTQR4CI_Y0t5JKMeKUvXboWq0g-ucMF2Z2f_3KQ_4xOrt_GV1hUt68-e4GtOAjqE5SlzizcycrzeFJMtHz1tx9xoITmG5WFnjdmvJOsDDeb_I_r6SdYXERMoRkNrOWPCFSMFkS-3CdxeIkd0CtGnRrmQUjIT9zGxV73vQqcAwlfYL8DbwtowVN4FQWFTR2Txg1quzaNUY148DCohY_APJPVEwnRbe_dFvKHnlBu3CmLX1NzqTUf7og4nTT2xmV2cnVAq0U3QFY30-UO5oShaMrMX12lvIEho14HyEklsnLVvkKVAzkiarU3kB6wThpD7gH9x1m4sJDwmVJru88FeLsPCDDzWRO_nXAE3aa9KkD11txM_gO9CaDy-GA6bv0zWQAwQng7js7xxsToCFLQ%26adurl%3Dhttps%3A%2F%2Fa1.adform.net%2FC%2F%3Fbn%3D54370173%3Badfibeg%3D0%3Bcdata%3DiRC99z5vOMPyVUB3sm7qdD3H6zHyVHqzADbraSVMwddeWA_EDGcbq-vhfINXxkXnhcMRvNZZuUQdBto-OTni43tt2n4OwTFixfgN7wWhehNcPlakbYq96RfFbAlL4jcDepog248PTuUVdH9pxlMXHT15XEr-uFmMQeEimShqzcc1%3B%3BCREFURL%3Dhttps%253a%252f%252fpt.lizspaperloft.com%3BC%3D1&domain=https%3a%2f%2fd5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com%2f&targetwindow=_blank
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:d40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d545b0de5199928169a9eb70e4ea94a856936a826b1bc868619a7ff0a2f85bc6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 20 Apr 2022 21:19:49 GMT
content-encoding
br
cf-cache-status
HIT
content-md5
n7+0gUkvpEd8QT4r3GPRkg==
age
3564602
cf-polished
origSize=145314
x-ms-lease-status
unlocked
last-modified
Mon, 07 Mar 2022 14:49:31 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
4eab124d-901e-002d-1390-345e55000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public,max-age=31536000,immutable
x-ms-version
2009-09-19
cf-ray
6ff0eb9ffd790211-ZRH
cf-bgj
minify
rum
dsum-sec.casalemedia.com/ Frame 8E4D
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELxMPSnr3h1IrVV4or0uEH0&google_cver=1
43 B
894 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELxMPSnr3h1IrVV4or0uEH0&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiB_aO-ATAB&v=APEucNV5fYa6eOX2zA9aiMkYtLFAehcyRx_ExvYmMW_3v9w7MBXBoKUpOqqS3DVxWoprshUPVFbK7NaVrDYyDemWsE56VVeI1ARaLi5jk9i0SLhfaWxYtFC2czc1nmMHRg-18CC04DOFfesB9zgkyC2JmISgnCXsDhxTASejAeTWpgEJJpajLPtqVjFvqKtn4F0E_-1wRutuy2znL12OKzpVq-Mdok3x1w
Protocol
HTTP/1.1
Server
69.192.160.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a69-192-160-245.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 20 Apr 2022 21:19:49 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 20 Apr 2022 21:19:49 GMT

Redirect headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELxMPSnr3h1IrVV4or0uEH0&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 8E4D
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YmB49UKycvfJ7qLWk3e5DQAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELxMPSnr3h1IrVV4or0uEH0&google_cver=1
43 B
894 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELxMPSnr3h1IrVV4or0uEH0&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiB_aO-ATAB&v=APEucNV5fYa6eOX2zA9aiMkYtLFAehcyRx_ExvYmMW_3v9w7MBXBoKUpOqqS3DVxWoprshUPVFbK7NaVrDYyDemWsE56VVeI1ARaLi5jk9i0SLhfaWxYtFC2czc1nmMHRg-18CC04DOFfesB9zgkyC2JmISgnCXsDhxTASejAeTWpgEJJpajLPtqVjFvqKtn4F0E_-1wRutuy2znL12OKzpVq-Mdok3x1w
Protocol
HTTP/1.1
Server
69.192.160.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a69-192-160-245.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 20 Apr 2022 21:19:49 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 20 Apr 2022 21:19:49 GMT

Redirect headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELxMPSnr3h1IrVV4or0uEH0&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 8E4D
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEPjDCDKiCYgBU2p2JmhrMVo&google_cver=1
43 B
1014 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEPjDCDKiCYgBU2p2JmhrMVo&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiB_aO-ATAB&v=APEucNV5fYa6eOX2zA9aiMkYtLFAehcyRx_ExvYmMW_3v9w7MBXBoKUpOqqS3DVxWoprshUPVFbK7NaVrDYyDemWsE56VVeI1ARaLi5jk9i0SLhfaWxYtFC2czc1nmMHRg-18CC04DOFfesB9zgkyC2JmISgnCXsDhxTASejAeTWpgEJJpajLPtqVjFvqKtn4F0E_-1wRutuy2znL12OKzpVq-Mdok3x1w
Protocol
HTTP/1.1
Server
185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 20 Apr 2022 21:19:49 GMT
X-Proxy-Origin
193.27.14.25; 193.27.14.25; 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
8258c5fe-ae17-4db1-b479-d05fb48426ca
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEPjDCDKiCYgBU2p2JmhrMVo&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 8E4D
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODA5MjkzNDc3MjEzODg2NDM3Mg%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODA5MjkzNDc3MjEzODg2NDM3Mg%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiB_aO-ATAB&v=APEucNV5fYa6eOX2zA9aiMkYtLFAehcyRx_ExvYmMW_3v9w7MBXBoKUpOqqS3DVxWoprshUPVFbK7NaVrDYyDemWsE56VVeI1ARaLi5jk9i0SLhfaWxYtFC2czc1nmMHRg-18CC04DOFfesB9zgkyC2JmISgnCXsDhxTASejAeTWpgEJJpajLPtqVjFvqKtn4F0E_-1wRutuy2znL12OKzpVq-Mdok3x1w
Protocol
H3
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 20 Apr 2022 21:19:49 GMT
X-Proxy-Origin
193.27.14.25; 193.27.14.25; 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
a493fda1-4ea6-4888-8697-438e3cbff203
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODA5MjkzNDc3MjEzODg2NDM3Mg%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
html_inpage_rendering_lib_200_275.js
s0.2mdn.net/879366/ Frame 9E8D 		169 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
Origin
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 19:38:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
6075
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60173
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:44:51 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 21 Apr 2022 19:38:34 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/elements/html/ Frame 9E8D 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DzelBinH6wJMxx5fkT1yxD-UkUZuJ8ZtfkroerNq2ZkSyehWYKdVIUwDe64-PpH9w7LpzraCoSyawVeEGyWzOY_ejjrtWT9cenxZ_wgFhsR8otde0XNWNhZDGnxrhPnlDBkUbtefT4GaWRnyVzuLeprPFrDQ&dbm_d=AKAmf-B1jMR_XEGm239VIQtnll5yUuz-sQ__Ed3JtrwoKtsatPyBCKawzKhQWkuJdGiVvi3Wq83Dc7JsXI-BphtdVsLRoK-Pzi2UvM1VQx6QMGMMCmq_tmVFotGCWlbU4sSmLzL5vAvQQKIn9LVphdHufFmtDtFXY30oS2n_DMrW_wWtln1FUBLFcEcoUwT2PPiVxPflQm-P4fgT59N8hf9CH26_UXFZcu7qiN3oBwYYwFnDoQrt5mt9Z7dFfkG8zRoHO44vpmj5o8O1nH-g6KisiR0pLURvbqVtGyU9RRRU8TiMnuGX-jxk3HbgawPXIF8uCjnMYwyGRkUA9kmQckm-_MFtDF00L5W9k7B9SJy8JOnY2s1m-e0s4Msabys6me6_GEMO_MWgGozCR9dZDabEX1K_l6SyNJsGlcwecDj8ITl9I5a4POMJoYz7Yw6y4ezcqX5KgwBsOqNzFxcjXoV-4BHjuJx6kwk7DCCOSvDqYIksFJ-c_59KfeXHFnbpvpxfKYwgq7wxh05G89mldk151CN6Md6jvr2TfRZ_na194sCZd8ze6UNQTRQaFWqpjDgqxZx1WOjIwYZ23qPlj1aqoNeb8HzdIrG1eGwvtdotJrymOK_E7PLOvSukjw6oAqJj2VJe_pkGGCMjp1sX-_ExuxZz96qW3pznNi-ytjYyOqDBRUxLnPm327gyqf1kxfPBMKyX0TLE1yZBrUF6xS2g7yWA09P2ZvYpnpQyDgpY5Ul8OdqpFpbycxrWv1fdX2dPffwxZhQ6prPhHdcPgoFsXiNWliYd6BlOv8tCLSuDRsEa0Mv4c3iWyw5bmSuIrX_ktJ0Jrca7XwjLIju1vKDe9gwfR6ArGCRm18zO_tlf4GpfhUG4Vh7v5oIY_HjDetd5Iu-yrmWOuZW3R0gNavsfHArJT3_zi9bedl5pwkg9J_-a_MWrorSieObyIcvWWyLOWxUTZMcl92PfX3xhqxeARVxuxMsWGygYCTgjCndWDoh5iur4U-NwfJjLj80G5VY15RQ6du7ZDtWAz_4yqKdt_GkdKI7JLuCv1hBJisfkFJnlOZeG8hT_IvE3opBnq3iv7RpndG9I8n1JQTm7ssVovGwiOw8M4crUzJS6tXC5_i6vnW3c4hfK4Xk-WA3wAuDFY3p8qXeuGEEXtXyE4H18VUl82h0E-Rf8TJrlX5-Q2ZbbVx4UGBOWXmqGVzJlJcuOzFcfR2JGOFQ6K30htHtOa0X5RLraZuMgwiifTR4dieaWPFoQ8FQbqZIa4qVe_1SjuCaShsnNcGUDFZ-enVdYD-RGWpOUgXFYe54tbw3RDO00o47_Td8cea0wssUXR3mFeQxT08pfgyCYaOMIf3NH7l0KfLCrLiJDm5J29qw6f6Ie-bz4hN-4LB0K4vE7U3kjUFtaM9ASXHHpqhToM7lS0mOBtC6l7re-aWwMRCNN7mJ7puSwDQYFqzDWKwFxWhMmm4fqxVWKoxnSZo6hScHUDtCSJLHyqIfdSClvz2Q1eG2T79vpe4YkshpPrQq_ZdP7kWG7nhvSN94neA7K8Q0viJMyupIlHPA9qBlO7EPgON8D39IWfcMgdX7rKJhzqMq9D_YIFrVj5OOIZZqFqN7XscX8EiSglpDM3Y7XXj6JX9mF8noUfz7kfnqvgXo7c4RIXHKpi2FBydUms9yom0EI3_KU0M4Mm_aZKteLgeANaLAnjcXB1EesIrZhavZCOSLVdr-QA8kDvRtZsEQknVGgCLwqgU72mne0o0QTB8_r6tHKyAGwcGS7_LFqa_kWBispaRTSZaZsf3A3szhZpSQ93qB-t6yH8lvsHvC4i2vA-TacsqCFZI266swJYyC3HqBAKyOPKdwg3YeBLbVnOqudQAhLIThzCJGRBEcbFjDW-hpyDlLsbAXb76Y6ii49zbI3ednb2IMaPj-tWhXWh6OW86Fhd5s4E1P-BWnAv-ZvZCjusYJIcNie-ZIukHwr0JJYnx79o30GPoC4YgkMiantBvlpgdA1tLhbTanErx8bg1NzBeYmPBhyz4oLldyBF7CmD11fXGQKaq1bhJpga9pw-U-FPo_RIhzwLefc77YN8EiVOgoc-Jy68rYQqQWYWvp_YaCFTEWWP2hwuaVyOCInFID7ierElGsL71EPuEPKK7Da6UQteJJ4sqq-R88535dj3Pb1KUIm_a66IZE1DtW_cCnEDWjLJzcgBSOeh8Ln1zyfymgxktco1jOpESY_C1Ar051abuRAWB_8GfGo7diwHzanUEQGJL6ffXedzsNDPEgwFttvQ7TNe5GROPVfZAJ7Ao17HhKzD0bX_N_kj7MNyo8DZY3IE4orPpTlNWo0VSu2CvC3Pjrghwa_fJNuFjswL032jLpuYmMVogkSfhnf2WhPVvwyY7eH9KRa4-QcSeMt4zj3Brs7l0YDVKOomjFn2fNj9tTohXoZVw1nvsWPCoeF9LCVLL6S3ShWZdr1NxglA-yd8biBA8bpCOEmvn2IBU5Wo31kWK3O4mKbR-G4G44FvDpbRsup5YdJbo-zhQHD-2aAjrkTCY1LZnaGytCtjyGW9oEYYmhUmGAVc4yGHt-edjd6svmghp2JHqxIm_a1ufaktWoK1PWpzbo6uo1UvmSNhBUV7j5JUap5vVR9-TXtwUP4aZJWeELKnzQi8kw97_58manMqDp9hxl8TjeZP0hgodw57DgbVrWjBl0_cJFjS9IQXD74OeQVT_atpxAVzqSmrGMj8xIYl9GZnCpkMt605PWcdC8_ca3azdpcRomj4uqQMxT12Xb32V0Lepp-bkQgUOfeplmL8psvQ5DweyyiNV4L2U5Xuqe1Lhsh8sYRXMeueI8FFtTRbD2maUD3oLH52i7prjDV0Gg8DwqchSskS3_qbPDA4yMydSbimznrdqz2lXhhQvmjIBzQA1woIKINnoituG9tDcf2PFlQZloBPrYxP3U-0JQnJRw1AFRuElFud__s2G5vAmyPOFj5-ozPAdoJoKFCL68xeVi7v1FWUmQu6J25k2xyY8gRffNvS3brjQPskehmdfwGp3EDItsUGrjEQHyvl8JtGXdh_S30u4IxMtZQno-x34i9Kyk6Rd9UxqJ9TL2lfzdIxYFovMZXYfIN4vJb2XXnCWzd1QuGBv48YlzRhmECXygw_K2wf3m2ZsawBgrIO7cDo1DYmrZVg_PU2WX-cDW-xDTIA3w_0MtXV1fBkN7nuJkVNWhnpnjRqrjkQvyRIeEe1mJbxSzuCOg2YznyWLcj9RbVY5-n1XBHwvpPTFekdVijHIqLGyPu14qPK2zMoeylkm_A82osdSclkXTWYu3yEWvGijMXAkBe&cid=CAASJORosT8Ui8Rykl-Vw9ZDqUAPMMUune9c8yzbOMMOdkYQPMCxrg&rfl=1%2Chttps%253A%252F%252Fpt.lizspaperloft.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:10:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
547
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3159
x-xss-protection
0
server
cafe
etag
1394524276809619753
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 04 May 2022 21:10:42 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/ Frame 9E8D 		25 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DzelBinH6wJMxx5fkT1yxD-UkUZuJ8ZtfkroerNq2ZkSyehWYKdVIUwDe64-PpH9w7LpzraCoSyawVeEGyWzOY_ejjrtWT9cenxZ_wgFhsR8otde0XNWNhZDGnxrhPnlDBkUbtefT4GaWRnyVzuLeprPFrDQ&dbm_d=AKAmf-B1jMR_XEGm239VIQtnll5yUuz-sQ__Ed3JtrwoKtsatPyBCKawzKhQWkuJdGiVvi3Wq83Dc7JsXI-BphtdVsLRoK-Pzi2UvM1VQx6QMGMMCmq_tmVFotGCWlbU4sSmLzL5vAvQQKIn9LVphdHufFmtDtFXY30oS2n_DMrW_wWtln1FUBLFcEcoUwT2PPiVxPflQm-P4fgT59N8hf9CH26_UXFZcu7qiN3oBwYYwFnDoQrt5mt9Z7dFfkG8zRoHO44vpmj5o8O1nH-g6KisiR0pLURvbqVtGyU9RRRU8TiMnuGX-jxk3HbgawPXIF8uCjnMYwyGRkUA9kmQckm-_MFtDF00L5W9k7B9SJy8JOnY2s1m-e0s4Msabys6me6_GEMO_MWgGozCR9dZDabEX1K_l6SyNJsGlcwecDj8ITl9I5a4POMJoYz7Yw6y4ezcqX5KgwBsOqNzFxcjXoV-4BHjuJx6kwk7DCCOSvDqYIksFJ-c_59KfeXHFnbpvpxfKYwgq7wxh05G89mldk151CN6Md6jvr2TfRZ_na194sCZd8ze6UNQTRQaFWqpjDgqxZx1WOjIwYZ23qPlj1aqoNeb8HzdIrG1eGwvtdotJrymOK_E7PLOvSukjw6oAqJj2VJe_pkGGCMjp1sX-_ExuxZz96qW3pznNi-ytjYyOqDBRUxLnPm327gyqf1kxfPBMKyX0TLE1yZBrUF6xS2g7yWA09P2ZvYpnpQyDgpY5Ul8OdqpFpbycxrWv1fdX2dPffwxZhQ6prPhHdcPgoFsXiNWliYd6BlOv8tCLSuDRsEa0Mv4c3iWyw5bmSuIrX_ktJ0Jrca7XwjLIju1vKDe9gwfR6ArGCRm18zO_tlf4GpfhUG4Vh7v5oIY_HjDetd5Iu-yrmWOuZW3R0gNavsfHArJT3_zi9bedl5pwkg9J_-a_MWrorSieObyIcvWWyLOWxUTZMcl92PfX3xhqxeARVxuxMsWGygYCTgjCndWDoh5iur4U-NwfJjLj80G5VY15RQ6du7ZDtWAz_4yqKdt_GkdKI7JLuCv1hBJisfkFJnlOZeG8hT_IvE3opBnq3iv7RpndG9I8n1JQTm7ssVovGwiOw8M4crUzJS6tXC5_i6vnW3c4hfK4Xk-WA3wAuDFY3p8qXeuGEEXtXyE4H18VUl82h0E-Rf8TJrlX5-Q2ZbbVx4UGBOWXmqGVzJlJcuOzFcfR2JGOFQ6K30htHtOa0X5RLraZuMgwiifTR4dieaWPFoQ8FQbqZIa4qVe_1SjuCaShsnNcGUDFZ-enVdYD-RGWpOUgXFYe54tbw3RDO00o47_Td8cea0wssUXR3mFeQxT08pfgyCYaOMIf3NH7l0KfLCrLiJDm5J29qw6f6Ie-bz4hN-4LB0K4vE7U3kjUFtaM9ASXHHpqhToM7lS0mOBtC6l7re-aWwMRCNN7mJ7puSwDQYFqzDWKwFxWhMmm4fqxVWKoxnSZo6hScHUDtCSJLHyqIfdSClvz2Q1eG2T79vpe4YkshpPrQq_ZdP7kWG7nhvSN94neA7K8Q0viJMyupIlHPA9qBlO7EPgON8D39IWfcMgdX7rKJhzqMq9D_YIFrVj5OOIZZqFqN7XscX8EiSglpDM3Y7XXj6JX9mF8noUfz7kfnqvgXo7c4RIXHKpi2FBydUms9yom0EI3_KU0M4Mm_aZKteLgeANaLAnjcXB1EesIrZhavZCOSLVdr-QA8kDvRtZsEQknVGgCLwqgU72mne0o0QTB8_r6tHKyAGwcGS7_LFqa_kWBispaRTSZaZsf3A3szhZpSQ93qB-t6yH8lvsHvC4i2vA-TacsqCFZI266swJYyC3HqBAKyOPKdwg3YeBLbVnOqudQAhLIThzCJGRBEcbFjDW-hpyDlLsbAXb76Y6ii49zbI3ednb2IMaPj-tWhXWh6OW86Fhd5s4E1P-BWnAv-ZvZCjusYJIcNie-ZIukHwr0JJYnx79o30GPoC4YgkMiantBvlpgdA1tLhbTanErx8bg1NzBeYmPBhyz4oLldyBF7CmD11fXGQKaq1bhJpga9pw-U-FPo_RIhzwLefc77YN8EiVOgoc-Jy68rYQqQWYWvp_YaCFTEWWP2hwuaVyOCInFID7ierElGsL71EPuEPKK7Da6UQteJJ4sqq-R88535dj3Pb1KUIm_a66IZE1DtW_cCnEDWjLJzcgBSOeh8Ln1zyfymgxktco1jOpESY_C1Ar051abuRAWB_8GfGo7diwHzanUEQGJL6ffXedzsNDPEgwFttvQ7TNe5GROPVfZAJ7Ao17HhKzD0bX_N_kj7MNyo8DZY3IE4orPpTlNWo0VSu2CvC3Pjrghwa_fJNuFjswL032jLpuYmMVogkSfhnf2WhPVvwyY7eH9KRa4-QcSeMt4zj3Brs7l0YDVKOomjFn2fNj9tTohXoZVw1nvsWPCoeF9LCVLL6S3ShWZdr1NxglA-yd8biBA8bpCOEmvn2IBU5Wo31kWK3O4mKbR-G4G44FvDpbRsup5YdJbo-zhQHD-2aAjrkTCY1LZnaGytCtjyGW9oEYYmhUmGAVc4yGHt-edjd6svmghp2JHqxIm_a1ufaktWoK1PWpzbo6uo1UvmSNhBUV7j5JUap5vVR9-TXtwUP4aZJWeELKnzQi8kw97_58manMqDp9hxl8TjeZP0hgodw57DgbVrWjBl0_cJFjS9IQXD74OeQVT_atpxAVzqSmrGMj8xIYl9GZnCpkMt605PWcdC8_ca3azdpcRomj4uqQMxT12Xb32V0Lepp-bkQgUOfeplmL8psvQ5DweyyiNV4L2U5Xuqe1Lhsh8sYRXMeueI8FFtTRbD2maUD3oLH52i7prjDV0Gg8DwqchSskS3_qbPDA4yMydSbimznrdqz2lXhhQvmjIBzQA1woIKINnoituG9tDcf2PFlQZloBPrYxP3U-0JQnJRw1AFRuElFud__s2G5vAmyPOFj5-ozPAdoJoKFCL68xeVi7v1FWUmQu6J25k2xyY8gRffNvS3brjQPskehmdfwGp3EDItsUGrjEQHyvl8JtGXdh_S30u4IxMtZQno-x34i9Kyk6Rd9UxqJ9TL2lfzdIxYFovMZXYfIN4vJb2XXnCWzd1QuGBv48YlzRhmECXygw_K2wf3m2ZsawBgrIO7cDo1DYmrZVg_PU2WX-cDW-xDTIA3w_0MtXV1fBkN7nuJkVNWhnpnjRqrjkQvyRIeEe1mJbxSzuCOg2YznyWLcj9RbVY5-n1XBHwvpPTFekdVijHIqLGyPu14qPK2zMoeylkm_A82osdSclkXTWYu3yEWvGijMXAkBe&cid=CAASJORosT8Ui8Rykl-Vw9ZDqUAPMMUune9c8yzbOMMOdkYQPMCxrg&rfl=1%2Chttps%253A%252F%252Fpt.lizspaperloft.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e66bfceb15a6ee125dff79826be02a07b766843e6c660edf55ec0c22d1a407c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:09:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
612
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9777
x-xss-protection
0
server
cafe
etag
12512753850102923420
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 04 May 2022 21:09:37 GMT
dc_oe=ChMI-NXF7cij9wIVRsvVCh3Mogn0EAAYACDPmoBROhoIm9qCkAEQ3_6y1vIDGPX44t8DIMihhLSVEEITCK2Kpe3Io_cCFVOK_Qcd6aAK8A;dc_rmcid=CAASJ-Row093ftuAHf3RTltz17HdDZhuJEoZAl1n_Sr-nY65gW-G63gQ0A;eps=CIjhgBAQARgd...
ade.googlesyndication.com/ddm/activity/ Frame C02A 		42 B
251 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI-NXF7cij9wIVRsvVCh3Mogn0EAAYACDPmoBROhoIm9qCkAEQ3_6y1vIDGPX44t8DIMihhLSVEEITCK2Kpe3Io_cCFVOK_Qcd6aAK8A;dc_rmcid=CAASJ-Row093ftuAHf3RTltz17HdDZhuJEoZAl1n_Sr-nY65gW-G63gQ0A;eps=CIjhgBAQARgd;met=1;acvw=sv%3D925%26v%3D20220413%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D20053%26vmtime%3D7%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D18%26i0%3D18%26ic%3D0%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D399097614%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1650489589844;dc_rfl=[URL_SIGNALS];ecn1=1;etm1=0;eid1=11;
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/interaction/ Frame C02A 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/interaction/?ai=COpcu9XhgYu27A9OU9u8P6cGqgA_n_cq7acihhLSVEM_mor3AARABIKqAwyJgldqigrAHoAGX_pvwAsgBBakCCmX3rhg1sj6oAwHIA5sEqgTDAk_QUYNs6IigaOHekCPRrMUdfshPE0DlYB7OYed8GmkmwNpq4qR0m8uzpCpLD3eez6qp8Jrd-g7eQ-yLEMrkksQ6dsRunJc-mtvph6s2IAjMxXuoW3Bl4dsn3N5sy5HgkrdY2srb-6FJkV0MpOrzOHSgt_rtMMm7dm97QvabtKE7o-Bzm81wsnD5moA7g-TU11CupusYUn5EzGV5VJk_AwCpOCG6R2berJPg6ds4COUvW2k6FIWEmMZbZtBWn66sC5XHtG9QuygbjPSI6APLw3STnFnWQrMe12wyv1varjT3uPlL4iR5sgFO4Tx0A-_ZJ8YOPHWVeMHfbfol0qOWB-saI-S8ib_V4qYpN7tGVLVz_53JCtV-m6S50P0JlB88NxrvBuMdjgR-Zr_YZQlcu7Kb7ERHN68LHaU6A8AwhpWmsJUlwATf_rLW8gPgBAOQBgGgBnaAB9GB5I8BqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi03OTQ0NzI2NzAwNjA0NzAxgAoDyAsB4AsBgAwBsBPno-gOyBP1-OLfA9gTCogUAtgUAdAVAfgWAYAXAQ&sigh=HLT726Hjw58&label=part2viewed&ad_mt=8&acvw=sv%3D925%26v%3D20220413%26cb%3Dout%26e%3D0%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D20053%26vmtime%3D7%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D18%26i0%3D18%26ic%3D0%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D399097614%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1650489589844
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame C02A 		0
622 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssMyOVYZIGs9n3O62EkJf30YSN-JhPwHpTHHb-A5p_LGe0-OV3R5jX_YGj0UqqH09XCMZ_uH7mHxjO_d9m5_t2hWrW6kRlia8zU194adk7l-vUNi47c0PfMvFCCt53YQnlySEXPS5-0ecAqfJazB3gdAR52RCaWTRSHFNZccWYJv3tGI9Mj1QNl6So4gZrdnJCyHYY127DI_Gk1CpcqsZS8Pj5NUDJVNtXUMVokXeYI7mfqihGFRetaHh7p70lehUJzoISTSIiqTVqfZgzwHXfi27MAiEswyQd46yd9kYYaweOzVqRBHhKumZ3bkvWhhx0veVd1YEALc6IS1dG6ZKfB-Dwm-ye9d0g-CQSF4Ivx0-dlP5ZccsDzqo61pv5rqfYLxIN8SK6tHqQ9UPJ1GvywuJXn47AAcxl2_ufIJWSnKRWzYjcLsLmRxKR00Xz73oV_5WTJKQcP0W0xlqLSk7lUYp8mofP_J9bfI5BlBG-FyrmmPpqGocu0q7uKRlDL1bXPyh9STd2IT-FT3qgsLtqc7EJc2YhMlCz1zZeF1yqj59cKMD1EX27TZ2ixTuIHpmilMjFg0IsQHlqoRtvbzL4OY18HKhyR98rxD9EDTrSTnV5KqBcipYSDZQf3Jy9Of8S6q6jaOf07Rl3k91RbffoGUr_6lIpfsjvbTp5CAy5TK-9fPTeRZxURz8rbTjwT5JNurGV-cVLxePVsFsc71x7TFWn31QvAJzYTYwT1ZFIvfIj3V9fV1GrlGocCNRZ2UQASDrvFPWviD-lx29UqrcZbswDAUnxzYFHiU0D7oy0ER6n27nn8aMJca5agbmv1UytvbvusnszpYAs7FnyNi4qquECfMo-WG5V5hNR8GU7UOlMv0d7Oqbb1NOfDZEkNAfgDyfbjRabB5ScuCeMg28MwDDRj3BwRqmQju9BgrOQhHpo4Ppt-Mj_8332YUfXfm_EAyQh6M6W8a_JUignumvsw3Ob9x3HOa0d_LAeEOXYAE-8Ts7zJuPyVfBOKiekEdMkGMm6zr5HJ9DPcNozd04oaSnzKmTNLmi520MA1sItJlJe8IR8JQt6wFFUQVthfPJ3kPOltusWFpSIsOwUeIrB4Vvcbc0y8I12R_fv9fNaMvxmbsIaU1IIzeSN4TfJH9iqH4UH4N20ZTZ8mG1tba9OKC0c7H5uQ2QCAGiNTNwM4wXe1D_cOTNPMD8ZTOITOHt7x89OEhZU0pui0ND66bIjNzcUddKSq_DUJ01KKQbUrH9-miZqQyF7xFPz80oB_SbWeehA1dWI_6WIJIpq0hI-EbqS9igM_4_w_Q7In9Tl8bQL_bgRvskPwHMuHD14BWBB50l8FUaxk5oGGxOuRUrMICAoLmmbxn1U8hFEBaKyUMqytmd4jsS8X&sai=AMfl-YRjFNAVd0GW42AEbD31p30xFR-lXchiZmm9ounsVzmGJeVByKl6UhwVnUfZCyIcIC7GaRdeoUGPrH6zfJrbLcMtWcxc8PALW6vRPHSO2CmV2Bx9jm7nrAigQnRXBLUAwJQnpELErVboSf19TMJTDnOE55TTp3vvb6d7AEJ8Sgju-SgiTy3L8IwFg5hazhsiQMAFqOHBHu3mpTPGA2kJmj73nMmYveY&sig=Cg0ArKJSzMvBEzfrnywGEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&adurl=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date
Wed, 20 Apr 2022 21:19:49 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
pixel
googleads.g.doubleclick.net/xbbe/ Frame C02A 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CM6y0QEQpvfjARjbwq7IASABMAE&v=APEucNU_O6a3x4DfcytJX9mNUYEt_3fNxpd8p7H1B8W3JhJjWHb80D1axi11cGtKQqCVA1uvMpfUQT1uU3f32vtn5bzcMcHVog
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
gen_204
pagead2.googlesyndication.com/pagead/ Frame C02A 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=video_impression_ping
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dc_oe=ChMI-NXF7cij9wIVRsvVCh3Mogn0EAAYACDPmoBROhoIm9qCkAEQ3_6y1vIDGPX44t8DIMihhLSVEEITCK2Kpe3Io_cCFVOK_Qcd6aAK8A;dc_rmcid=CAASJ-Row093ftuAHf3RTltz17HdDZhuJEoZAl1n_Sr-nY65gW-G63gQ0A;eps=CIjhgBAQARgd...
ade.googlesyndication.com/ddm/activity/ Frame C02A 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI-NXF7cij9wIVRsvVCh3Mogn0EAAYACDPmoBROhoIm9qCkAEQ3_6y1vIDGPX44t8DIMihhLSVEEITCK2Kpe3Io_cCFVOK_Qcd6aAK8A;dc_rmcid=CAASJ-Row093ftuAHf3RTltz17HdDZhuJEoZAl1n_Sr-nY65gW-G63gQ0A;eps=CIjhgBAQARgd;met=1;acvw=sv%3D925%26v%3D20220413%26cb%3Dout%26e%3D15%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D20053%26vmtime%3D7%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D18%26ic%3D18%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D399097614%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1650489589844;ecn1=1;etm1=0;eid1=200101;
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame C02A 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssG2UlWHA7_lAIEdboSiRX5kHu5FhRvxbRq1iLeF8PlaT47X353VlfdDWoig16urLt5RaQCklsdeLJrsMxrWe8q8HOXcRmB2U9Ge7MfkxUycwX_c6Y8xA&sai=AMfl-YT60gCa5PbchMbjQ8DS36_OGyMFqgSmp8VfBL_EOZmBx786t2454ifCTgovM47QLxINzBvNu_elDOVQb2Dj1BUbyS9GL2VTNy12QKN3h9YXmRqDSzRSTlE3v-m_5Ek&sig=Cg0ArKJSzF-xJ-CUIM28EAE&cid=CAASJ-Row093ftuAHf3RTltz17HdDZhuJEoZAl1n_Sr-nY65gW-G63gQ0A&id=lidarv&acvw=sv%3D925%26v%3D20220413%26cb%3Dout%26e%3D15%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D20053%26vmtime%3D7%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D18%26ic%3D18%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D399097614%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1650489589844&avm=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/interaction/ Frame C02A 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/interaction/?ai=COpcu9XhgYu27A9OU9u8P6cGqgA_n_cq7acihhLSVEM_mor3AARABIKqAwyJgldqigrAHoAGX_pvwAsgBBakCCmX3rhg1sj6oAwHIA5sEqgTDAk_QUYNs6IigaOHekCPRrMUdfshPE0DlYB7OYed8GmkmwNpq4qR0m8uzpCpLD3eez6qp8Jrd-g7eQ-yLEMrkksQ6dsRunJc-mtvph6s2IAjMxXuoW3Bl4dsn3N5sy5HgkrdY2srb-6FJkV0MpOrzOHSgt_rtMMm7dm97QvabtKE7o-Bzm81wsnD5moA7g-TU11CupusYUn5EzGV5VJk_AwCpOCG6R2berJPg6ds4COUvW2k6FIWEmMZbZtBWn66sC5XHtG9QuygbjPSI6APLw3STnFnWQrMe12wyv1varjT3uPlL4iR5sgFO4Tx0A-_ZJ8YOPHWVeMHfbfol0qOWB-saI-S8ib_V4qYpN7tGVLVz_53JCtV-m6S50P0JlB88NxrvBuMdjgR-Zr_YZQlcu7Kb7ERHN68LHaU6A8AwhpWmsJUlwATf_rLW8gPgBAOQBgGgBnaAB9GB5I8BqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi03OTQ0NzI2NzAwNjA0NzAxgAoDyAsB4AsBgAwBsBPno-gOyBP1-OLfA9gTCogUAtgUAdAVAfgWAYAXAQ&sigh=HLT726Hjw58&label=vast_creativeview&ad_mt=8&acvw=sv%3D925%26v%3D20220413%26cb%3Dout%26e%3D19%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D0,0,0,0%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D0%26pst%3D-1%26dur%3D20053%26vmtime%3D7%26is%3D18%26i0%3D18%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D399097614%26psm%3D1%26psv%3D0%26psfv%3D0%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0%26t%3D1650489589844
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
csi
csi.gstatic.com/ Frame C02A 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=4~l282vy0b&c=8289927038026&slotId=4144963519013&qqid=CK2Kpe3Io_cCFVOK_Qcd6aAK8A&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=1000&br=890&mt=video%2Fmp4&vs=1024x576&dm=20000&event_name=first_play&asset_bytes=214449&video_bytes=0&cached_data_bytes=0&js_cached=false&css_cached=false&num_assets=11&num_assets_cached=0&num_assets_cache_validated=0&num_assets_unmeasurable=1&video_played_seconds=0.00&video_muted=true&video_seconds_loaded=0.00&met.4=ff.wi~videopreviewstarted.wk
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220413_RC00/outstream.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 7234 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=BegLi9XhgYriHJMaW1wbMxaagDwAAAAA4AeAEAg&bg=!BQalBkLNAAZvJBiFTyQ7ACkAdvg8WkWRS-qCtuwwfvA6kKYHvvhFAZRFWvhb6Dc0AJlRASTCjhT4egIAAACkUgAAAANoAQcKAK9jJD9RCPcrMT5ba0T79rl7NI2bjsDAIPlSJVgxRfK0XlfhUXnRgt3vlPPNAm5A9qI7oncc9h4B11jF5j3WQljwzWp5ZGWWLUaFoT3iajXjh4rViRRU4PE34i_sj190DjsuTuCSKiFPt4tP74XZiqayUB40CpxB6dsFNyv-0AnAnbAqArjpqk5eTyqGJV9JJ72BxBzmXWlFjCqehgZLJK2J6_PWQqI43SKVRmHy9H8mmQLoIm6zup12VKC7l_WcALvYDX5HB5nqVeTuw6e_yU7FiWCVVpi2trfAp61M0lQOoPjkODu2NkZhu4KuLRl_MEsOjE48Axs92pYXHiJtbiaY3jL9INZSjSV86VOb5DojgPmTubgb3yL-Y7Cw4ueRxFz-2KoAejQb6lQa4okTyEZRGHTnC_B3_AMthVHh4hTpjX3F4TzCwoebWSDn5GrDHBwcTFl59IyVTKHPmEsyfpGVWlO44KCIprW5KNOXMcxrWEn3FVLCxx0EkS8n_o1vHr8hiiwEUdRT7Pd6-l8JaKrH6SuGw4D0jBTkRsb4JDYWqYbWHD3qzSxISnIZG8MppHHPXWiAw7MJP5nadGM9B3QC9goKS397b--Azg9g_JtO1ICFyzasZ-3bZGKUYUjec9HwyUJ5CcJgaUkt-40p-tIDh3kA7ka6H4pJf7KhOuz3RCXLFeA_ErXKU88KIjAnR7sEXVbgyRohdMLfwsZnipDUNs2KqaqYatpM6uPTuD7KHEUmagdGsXsuZjAFZMpsxKS4gn55jT6QuwIgYU4GA1EPmOkcXsiMvjH8MtovOvM2FZ95tyu0Qyde_tQJhg30PTD1cTEe0zFqWyUl9E-amJK28yf6oW_j6KdozBgCbH_uOoAk4guiXOz2euoB8f4xjYu2q4rdbD5pTzXCbuP8bMbKK5y9Z3gaxVeM8XofuZ8HG9keTGT6XclR6kUh1MH3vYel65hkb8HdzByc_di52rjtXaD1gaB7TaomZZF49yB85KD4yXlyAMMPi_2Fihwv3bGYMf54Slyge2XJxeEXaDaDrVuqsRZLxkvvmaJykzd9rEcG-OnSAG0cRVR5iwAa_3ijLcFQQ4kU3Zw3FtCCClDVgUcn2PzgBAAY9u9Y-17qhgYDCz6Xbdw-KRYxEpZDDf-9ldq-ECieMCwQ7lzsFHeYiS-6XN9SjyXwN5h2F0XwcWGiGnmdQ1Oo2rQ5TgWAGRyY6ZD8QOatvION
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
300x250.html
s0.2mdn.net/sadbundle/3542255663189065728/ Frame 6B02 		46 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/3542255663189065728/300x250.html?e=69&leftOffset=0&topOffset=0&c=V46C1GHIaV&t=1&renderingType=2
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
78eaddff32589c813d37f5cf5b1f8df80c174f9b3db591975ca8fcc482d3e53c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Wed, 20 Apr 2022 21:19:49 GMT
expires
Thu, 20 Apr 2023 21:19:49 GMT
last-modified
Mon, 24 Jan 2022 12:53:31 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 9E8D 		0
64 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsssBVb0KRfV-8VAG8i8lZWgl6NdJje3i5Kq4U1fyWzOxqOOuXDGZwKYYMvitDUInjOHkGZRu2LrhOrEttmyPLraZZSRc4yH8jaUn8f80PYywtnyGORJP45jSEsPBZLJ50mnS9Bm6it_HZuqK754DkVQ9i5sxLUNuGCZgiNHpo_XLXA_bDA60TUllHc2bRKdkrRixYUgU5T-x5rt5igZj64QLmR24JYDCer0WbVWJgC-onLZBd5IFi8d2M4ucVNCMXgIGNb_7OtR3JAsGumgi5Uqk9bBc0biU0pmyXcw1h2flH-aXDoxpMjUDSf7LyfU-kMNPGGMi2IvkzbNml4YKIYR8gj8gXvhGrdZ6xv5KDboIWzVBAmri6uU8zo9UJK3hZdZaps4bT7jp6Mhn2OmWXhorkKZYWaFUOhjqD1VUuHwgPf5aLOf7UA8oM-DvWPTF1K2q0Kiq_CLfGPuYY6Q-u-zDwaJf3hM4NmsGaqoJZEDJ4OwP5t2lT5gJ3ePnkbovJpAhwG8nIYPyM9eYmr3WLb2fzGgU8MkEcoF3g3mQX-QfGa-IRbwROQNyI0Wo2ly0_sQZHdxgsrjt6ctZ9vMrRKdVNSpnZIoc2kWKX4hj3jjUGFvT1-n0m07oKRWYtfg734SlYO5Q1yQtMBXE_IXQLXytD5nnAkCnAiIIDFkxMKUPZ1EbyUaggglP6EQQMG4reWM7v_ZG2NpJbCMlVyMkEX5kRSyyxMDBc2AOR9Al3K_NNLCZF4bEtTnWDuSZVKjEv7-5lnxs9z4GBcA8rLQbJidEQFOWaODuLB_6tL6EWnPxEX_rMfSfAGBhjl76V9Do_v81FaXnyAu6PymgmTsr_zsqvkC03Ov13-S1EbvYMbncU0fevymn-A7KQM4TcZJZgYmjJOaGPRc8H335zhPPRvoEFE1lr1fdgkWht8Qwf8KXs2yPGVdybt9_psqfKnyltnhEB7OTEs2sfXP04fOt67RD1dYAo7R3R806a2pUKue7TSqA9eNDvHB5pLAiWsCyMbp-JH20RAv1NxCOJh3RUQNoup8aBpS8yTennMeQde2RCnvq6gKe1UAmz_9-fWSLfHdqfVKGHDIgarKuxSZL0laTF3GjZQ1guyS9o3wmv43kRmbvv1HmMeQGj0E6shfPM__tDvegcBSt3bM_7KuT6XiitPj4R07zGgsdZLCdkCxIpHE6FBvj046NydJXBjVBd13hZ2Z8Dy9CgG7fSmyD87NyTBDa7eOdTmOnqUWSLQ6DSXr-Rb0rqpW8fHu_tz5BRr-lIo3zIcitqu7kAP8hGACvIF-BKDaFo80yoR-yL-ICBUseQVlCrdJ0egngVzSFAJo84Kl-lsu1nY0XP0&sai=AMfl-YQr0e7A_9uZT-m08UsLiwTAP-HRiZFXijAm3OEpAFCwNMEkY_2MVfo5NEM9d2PHEtQccseuCOjEb_CiO-XlwwUkIPuY_fQkiL9YUagKFTVjt7NXpwida0_aPE9Zl5-deW-2c7As0YtUfy_sGVSrLc56W8MB6Xw8vZ0KzZ5o1KEq0RzmCG8GJZiGvxXzcimnQz8nLQeTHQvcUrh77FNHPA&sig=Cg0ArKJSzN-UKmm9B9KCEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=81&cbvp=1&cstd=56&cisv=r20220413.82138&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date
Wed, 20 Apr 2022 21:19:49 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 9E8D 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 08:56:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
44609
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 20 Apr 2023 08:56:20 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 09AE 		1 KB
749 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
55565
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=86400
content-encoding
gzip
content-length
724
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 20 Apr 2022 05:53:44 GMT
etag
48472445140208031
expires
Thu, 21 Apr 2022 05:53:44 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame 9E8D 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3ba9caa53f9d0fc2c7182f39ba4c4d5e66c54bc55329a21d95ab5fb3fd4db815

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 580C 		66 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/webp
1152b6d6-6aeb-46a5-9b1f-21f313016244
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/ Frame 51E2 		668 B
0 		Script
General
Check archive.org
Download Go to
Full URL
blob:https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/1152b6d6-6aeb-46a5-9b1f-21f313016244
Requested by
Host: c.bannerflow.net
URL: https://c.bannerflow.net/scripts/animated-creative.113bb23e864a7f983e9d.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cda3c421b62828768ee2741a35bef36bcfdb1199ee3eb987269f7d1ce2dd8876

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Length
668
Enabler_01_247.js
s0.2mdn.net/879366/ Frame 6B02 		118 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/Enabler_01_247.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3542255663189065728/300x250.html?e=69&leftOffset=0&topOffset=0&c=V46C1GHIaV&t=1&renderingType=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/3542255663189065728/300x250.html?e=69&leftOffset=0&topOffset=0&c=V46C1GHIaV&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 20:04:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
4548
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41099
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:45:07 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 21 Apr 2022 20:04:01 GMT
gsap_3.5.1_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame 6B02 		60 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3542255663189065728/300x250.html?e=69&leftOffset=0&topOffset=0&c=V46C1GHIaV&t=1&renderingType=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/3542255663189065728/300x250.html?e=69&leftOffset=0&topOffset=0&c=V46C1GHIaV&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24155
x-xss-protection
0
last-modified
Mon, 31 Aug 2020 21:23:17 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 20 Apr 2022 21:19:49 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 9D0F 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
44609
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 20 Apr 2022 08:56:20 GMT
expires
Thu, 20 Apr 2023 08:56:20 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
font
c.bannerflow.net/fs/api/v2/ Frame 580C 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://c.bannerflow.net/fs/api/v2/font?u=https%3A%2F%2Ffontmanagerstorage.blob.core.windows.net%2Ffontmanagerfonts%2F59c910d931ae9c0318638256%2F58439817-62c3-4146-b079-bf26ee5c4e96.woff&t=%20GISTdehimnoru%C3%9F%C3%A4
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:d40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c4ccadf73a1fda71065011190d5644f48979b6095b0f6bbbfa64b8043c5fc2ed

Request headers

Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
Origin
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:50 GMT
cf-cache-status
HIT
last-modified
Wed, 23 Mar 2022 19:06:57 GMT
server
cloudflare
age
2427173
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
font/woff
access-control-allow-origin
*
cache-control
public, s-maxage=31536000, max-age=31536000, stale-if-error=86400, stale-while-revalidate=86400
content-disposition
attachment; filename=58439817-62c3-4146-b079-bf26ee5c4e96-subset.woff
cf-ray
6ff0eba1a8b4cc46-ZRH
expires
Thu, 23 Mar 2023 19:06:57 GMT
current
dclk-match.dotomi.com/match/bounce/ Frame 09AE 		0
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEITjlGDZOE5ziyZaYTArnoA&google_cver=1&google_push=AYg5qPImiM3uHM_UL8dlO3JWoehjvj2AyDIAOOmoH2Z5Mmu8-STPyd8uf2ZJhgEV0z2AorrlvW4f0hb6HBmOfdYuvdQIlYv8-g8
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:13::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:50 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
pixel
cm.g.doubleclick.net/ Frame 09AE
Redirect Chain
  • https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEDdRJ9tKUTMzSXS4p354hP4&google_cver=1&google_push=AYg5qPJy6lycSuWB8geqwqYX1BSNcXW7LLRhFhuU4gB8fXrzLyUDF5c-7Eodwj48_WDXxYhvmn9v1c9OpqM...
  • https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPJy6lycSuWB8geqwqYX1BSNcXW7LLRhFhuU4gB8fXrzLyUDF5c-7Eodwj48_WDXxYhvmn9v1c9OpqMlarlDTJNRalra0DJV&google_hm=9yJpKkfjQn6aXLh_Dbnz2Rk
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPJy6lycSuWB8geqwqYX1BSNcXW7LLRhFhuU4gB8fXrzLyUDF5c-7Eodwj48_WDXxYhvmn9v1c9OpqMlarlDTJNRalra0DJV&google_hm=9yJpKkfjQn6aXLh_Dbnz2Rk
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:50 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
via
1.1 google
server
Apache-Coyote/1.1
status
302
p3p
CP="NOI DSP COR NID CUR OUR NOR"
location
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPJy6lycSuWB8geqwqYX1BSNcXW7LLRhFhuU4gB8fXrzLyUDF5c-7Eodwj48_WDXxYhvmn9v1c9OpqMlarlDTJNRalra0DJV&google_hm=9yJpKkfjQn6aXLh_Dbnz2Rk
cache-control
no-cache, must-revalidate
content-type
text/html;charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 09AE 		0
172 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEFSuo7Wzy9Wfz6k55euqG-s&google_cver=1&google_push=AYg5qPLgcfLD1LamQAFgWZBZ9P0wPO8xsbOVJPV1nnE1iF2XmlSV1wAdqDGXAeCPSZItupzzwfaCkIMaTO1Fl11Bkrp5TfM1bG_g
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.105.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.105.96.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:50 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pixel
cm.g.doubleclick.net/ Frame 09AE
Redirect Chain
  • https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEGgVs3uWlDd51Gts77lSUwQ&google_cver=1&google_push=AYg5qPIjopDMJNKdQ_K8sMmLERELR8P7LfRGcaYuGNPLyhoAul3bLn1D9H3hF_dojpZjL-kGXTEK6ETx...
  • https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjcxODE5OTY1ODY5NzUwOTkyNw&google_push=AYg5qPIjopDMJNKdQ_K8sMmLERELR8P7LfRGcaYuGNPLyhoAul3bLn1D9H3hF_dojpZjL-kGXTEK6E...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjcxODE5OTY1ODY5NzUwOTkyNw&google_push=AYg5qPIjopDMJNKdQ_K8sMmLERELR8P7LfRGcaYuGNPLyhoAul3bLn1D9H3hF_dojpZjL-kGXTEK6ETx0IJWWiz9ZWpgmTbmZ31m
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:50 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:50 GMT
server
nginx
location
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NjcxODE5OTY1ODY5NzUwOTkyNw&google_push=AYg5qPIjopDMJNKdQ_K8sMmLERELR8P7LfRGcaYuGNPLyhoAul3bLn1D9H3hF_dojpZjL-kGXTEK6ETx0IJWWiz9ZWpgmTbmZ31m
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
dds
rtb.openx.net/sync/ Frame 09AE 		43 B
350 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.openx.net/sync/dds?google_gid=CAESEEPTeZGna7PHw6-rFTiyZXE&google_cver=1&google_push=AYg5qPIdmVdHOtumr2Ll17M0jzUVKJgFeap644Xe_wyCntg-5cZAfIlqpSjmF1DvxEhXlq38hlkOE4PC1bbMl-qXAHw2c289UpGQ
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
Cowboy /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:49 GMT
via
1.1 google
server
Cowboy
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
null
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
x-request-id
ld8rs7vc04bvv3j9tecliu24tsrror19
exptsync
ads.yieldmo.com/ Frame 09AE 		0
35 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yieldmo.com/exptsync?google_gid=CAESELMT44Q_s6P8GfRKGdRXBEs&google_cver=1&google_push=AYg5qPKP9huYBjWUtl6Jv0GCRzJKZ51PjHDzJ-e-UBCqmQEw021s4J3Q_8McTZ9fJhkQVOp_cgvTW6yJsIZfEYIHL8uKPZoNOGRZ
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.77.236.4 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-77-236-4.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:50 GMT
pixel
cm.g.doubleclick.net/ Frame 09AE
Redirect Chain
  • https://ads.avads.net/sync/ggl?google_gid=CAESENjEV3JijkvDLCAzQ0D33tI&google_cver=1&google_push=AYg5qPKYw2mjPzpK3JKDSUZM4twiGAOEvEpe6Po66biDllrWxVjOzepAq2byd7pJKTZIfv5wb9nkNC_p-gn8N2F7MQ9cU0BGLmvD
  • https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=NGRiNmI0YzEtZjc5NS00MDYzLWJmYzItOTY0MmExMDkwYzM4&google_push=AYg5qPKYw2mjPzpK3JKDSUZM4twiGAOEvEpe6Po66biDllrWxVjOzepAq2byd7pJKTZIfv5...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=NGRiNmI0YzEtZjc5NS00MDYzLWJmYzItOTY0MmExMDkwYzM4&google_push=AYg5qPKYw2mjPzpK3JKDSUZM4twiGAOEvEpe6Po66biDllrWxVjOzepAq2byd7pJKTZIfv5wb9nkNC_p-gn8N2F7MQ9cU0BGLmvD
Protocol
H3
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:50 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=NGRiNmI0YzEtZjc5NS00MDYzLWJmYzItOTY0MmExMDkwYzM4&google_push=AYg5qPKYw2mjPzpK3JKDSUZM4twiGAOEvEpe6Po66biDllrWxVjOzepAq2byd7pJKTZIfv5wb9nkNC_p-gn8N2F7MQ9cU0BGLmvD
date
Wed, 20 Apr 2022 21:19:49 GMT
x-envoy-upstream-service-time
6
server
istio-envoy
content-length
0
attr
cm.g.doubleclick.net/pixel/ Frame 09AE 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I8wW9ULObs9qDe-dOiciy-cBJPRS3yPQbURDCPM76Al0JVCF4J2pBMgUfV7PR5qWZWkyPM6g
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:50 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
container.html
d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 8CF2 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041401.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://pt.lizspaperloft.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
2
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 20 Apr 2022 21:19:48 GMT
expires
Thu, 20 Apr 2023 21:19:48 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
font
c.bannerflow.net/fs/api/v2/ Frame 580C 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://c.bannerflow.net/fs/api/v2/font?u=https%3A%2F%2Ffontmanagerstorage.blob.core.windows.net%2Ffontmanagerfonts%2F59c910d931ae9c0318638256%2F63565b7a-3d57-473d-8aa5-528f9c57fb18.woff&t=%20ABCEHLNTZisuz
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:d40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb08a7877623a64fa891caad146ec64c94e4cfee3108951848ceef9da5968c8d

Request headers

Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
Origin
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:50 GMT
cf-cache-status
HIT
last-modified
Wed, 23 Mar 2022 19:50:42 GMT
server
cloudflare
age
2424548
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
font/woff
access-control-allow-origin
*
cache-control
public, s-maxage=31536000, max-age=31536000, stale-if-error=86400, stale-while-revalidate=86400
content-disposition
attachment; filename=63565b7a-3d57-473d-8aa5-528f9c57fb18-subset.woff
cf-ray
6ff0eba2798dcc46-ZRH
expires
Thu, 23 Mar 2023 19:50:42 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 9E8D 		0
26 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsssBVb0KRfV-8VAG8i8lZWgl6NdJje3i5Kq4U1fyWzOxqOOuXDGZwKYYMvitDUInjOHkGZRu2LrhOrEttmyPLraZZSRc4yH8jaUn8f80PYywtnyGORJP45jSEsPBZLJ50mnS9Bm6it_HZuqK754DkVQ9i5sxLUNuGCZgiNHpo_XLXA_bDA60TUllHc2bRKdkrRixYUgU5T-x5rt5igZj64QLmR24JYDCer0WbVWJgC-onLZBd5IFi8d2M4ucVNCMXgIGNb_7OtR3JAsGumgi5Uqk9bBc0biU0pmyXcw1h2flH-aXDoxpMjUDSf7LyfU-kMNPGGMi2IvkzbNml4YKIYR8gj8gXvhGrdZ6xv5KDboIWzVBAmri6uU8zo9UJK3hZdZaps4bT7jp6Mhn2OmWXhorkKZYWaFUOhjqD1VUuHwgPf5aLOf7UA8oM-DvWPTF1K2q0Kiq_CLfGPuYY6Q-u-zDwaJf3hM4NmsGaqoJZEDJ4OwP5t2lT5gJ3ePnkbovJpAhwG8nIYPyM9eYmr3WLb2fzGgU8MkEcoF3g3mQX-QfGa-IRbwROQNyI0Wo2ly0_sQZHdxgsrjt6ctZ9vMrRKdVNSpnZIoc2kWKX4hj3jjUGFvT1-n0m07oKRWYtfg734SlYO5Q1yQtMBXE_IXQLXytD5nnAkCnAiIIDFkxMKUPZ1EbyUaggglP6EQQMG4reWM7v_ZG2NpJbCMlVyMkEX5kRSyyxMDBc2AOR9Al3K_NNLCZF4bEtTnWDuSZVKjEv7-5lnxs9z4GBcA8rLQbJidEQFOWaODuLB_6tL6EWnPxEX_rMfSfAGBhjl76V9Do_v81FaXnyAu6PymgmTsr_zsqvkC03Ov13-S1EbvYMbncU0fevymn-A7KQM4TcZJZgYmjJOaGPRc8H335zhPPRvoEFE1lr1fdgkWht8Qwf8KXs2yPGVdybt9_psqfKnyltnhEB7OTEs2sfXP04fOt67RD1dYAo7R3R806a2pUKue7TSqA9eNDvHB5pLAiWsCyMbp-JH20RAv1NxCOJh3RUQNoup8aBpS8yTennMeQde2RCnvq6gKe1UAmz_9-fWSLfHdqfVKGHDIgarKuxSZL0laTF3GjZQ1guyS9o3wmv43kRmbvv1HmMeQGj0E6shfPM__tDvegcBSt3bM_7KuT6XiitPj4R07zGgsdZLCdkCxIpHE6FBvj046NydJXBjVBd13hZ2Z8Dy9CgG7fSmyD87NyTBDa7eOdTmOnqUWSLQ6DSXr-Rb0rqpW8fHu_tz5BRr-lIo3zIcitqu7kAP8hGACvIF-BKDaFo80yoR-yL-ICBUseQVlCrdJ0egngVzSFAJo84Kl-lsu1nY0XP0&sai=AMfl-YQr0e7A_9uZT-m08UsLiwTAP-HRiZFXijAm3OEpAFCwNMEkY_2MVfo5NEM9d2PHEtQccseuCOjEb_CiO-XlwwUkIPuY_fQkiL9YUagKFTVjt7NXpwida0_aPE9Zl5-deW-2c7As0YtUfy_sGVSrLc56W8MB6Xw8vZ0KzZ5o1KEq0RzmCG8GJZiGvxXzcimnQz8nLQeTHQvcUrh77FNHPA&sig=Cg0ArKJSzN-UKmm9B9KCEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=330&vt=11&dtpt=249&dett=3&cstd=56&cisv=r20220413.82138&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Apr 2022 21:19:50 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
pixel
googleads.g.doubleclick.net/xbbe/ Frame EAA1 		624 B
297 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGNOd9sUBMAE&v=APEucNXdylNJhUE8RZ6NoJnRAemhHeC6mn_HtOkFqWWjFyo2T3pPX0ndi8eXk8DC8M3UlR4m1DZLodlLKqX0-NElUFsxn3Ez1ytor1BLDhMFHMkzpPA-HC5L1_ETltXqzg6KNlAW-fw81dmTINjXGTsCpeNCjUa5aqXf0hvV-97Y3RXayy2vWoBZ9n8HyKgG0H-IcCSlqaSnZgGDVoXqJbQJsk_Zzph_UA
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
276
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 20 Apr 2022 21:19:50 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame 8CF2 		83 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BaD9iLFoA6QS1D0Ww2LaZTCBfQISOZkhkUA1HNQ8KVfoQXdPpiXQ-ikFxWOZB4x54P8NpVNJZPM16vzwhDwLxMqzoUGLn8hG7K4j5hz0fHy0hPgs_Wm-4anZkqp1asU5dibLlS23lJb2czajJ0jdGY3YYZOQ&dbm_d=AKAmf-DsAKyoDFvtFzy5vaxzKfTqJOpWsEtWQL5c5XjgKdoEUnJCBkS6-KgTlz5r0jUTGryHuonIT-pjYbSe-3Eja9g_S2urBzSKqFRehVEW18_PjClKVI8FqgLyNle8Vn60L6VGkRzynw8h97LhbW0qFkdAH2TQ__L3m4KObBWqn_QXrQiBKBQwafZOPjkzOL6Gf80j9YKn8GIwvza9A4Ao6OU_4VWzhjmH0kQ3dC-7BSCBjTyqUQLtdMrkAxdvP_hSElBMhLv2GaUPctg3uN1NmWev-Hc0L6VJqqG8CSdC7KZv-zX3ZNHybrnGnJDgwlHPL58zptO2WD6U-R_2U0Tvon4yWuo97qKIw_S2RdnJwHwlkoFgM6PaA1kfPlR2JEbVMwflM67XWX-Y7GFpGtCR9o1K6VEpNp2fHes-xCLNiAEju1xjSa7mAsb7SL-0uvFgfrjhNHUrHDQpyD1HJ6_6DirFFfFGtIcPHOAKhy-aBM97j4VdsRfuPkAu1T8e08ydBY84F-zV_gIWsafsyNLknsqlFasnUNTQgL9jd2_VQh3Q5cBpUJktIsFrBNwGUugs-Ea5eTnQ8Wd1lNkrocY7KY6ClwFl8mYpgab5SnX-398B6sn3L-iNAJGNFEcgIdCpVkQzlav05aNYJzNC1KtnscdCcZik8d8jqPpWxMkT-m-DJQW0vEmugR4uoqfb9xibE5mgy0fBduX7Zvz7gmiDmG2clrSLILgGNfxbmTcnr4XGjOqe0dZ7mxFFUSiP7OYMGhEBnROy-PsxivjgkWl2Zz2uDlZhj0DidpxuncgWRH-GTsueoFeBTKX-Zz494tcurJyYhbS1xPDfzezKSVqMZN5AZIogQY81ou-8K5pRp-yLnIrdg_U41t_dOHkLejiMoikYxkxDJMtXvy3_HjliZevCiBhoVMI68uS3X2u5x0Osq-XCjlIn-nno615PbItZHHRH0RrY-2_KLjE-iHWGtrbGkNVl13teE_RNx_u3X8J77xJMpyK6FjRW1z6Abe5P36pgxDF4wAAIvXs2-VW_HUYi-LsCjbuPRtUtQEHVYCVzM_PmMyt_Ndt7A1ipfLWXW3-Pm5b-BPINcO87oUmxcYgrqyjzzbtJqSmnXifqMAcR8UsHq6vw9BYPawF38N6OT4QpUFdDPxKWtY9ynm_DsEYtDieNxe466uMjJQE2z8TC16ygZ0iWYn2DmtWQrenqzxbJaFCWyKuVLqOdGPBmjNUI8HeoyM0PnDg_-12cqQlUoTTKk2fbARLMEQ5LTYqHOfwhJGJ5u5olLpTGuZtuO52kLC1SQupdDXLqzTnSuOOr4z0ADqxTS8ZgFw4keVQWxG8WexKeo9WgRhVP0qZ4OWB_IVKjyCQIwxO0o-wbXv8_qzzS54JC36cqoFwDDpyi8e2EY3ykbvlSf3hYsMwEyGSWYqyzRCzGC6PR2kd55bvOg2_q725Zo_4b88Mvd4uA5w4aLtA3P6XDCLkUJBMalxXmd2SHsQoY74VEV1XHxEW4QOcAV5ZWc4nwFjsUt8SGFjjAsAhuoC3DUoKVODS5yGEx1XImfrNbeJoK-SxOkFNV70Q6iQAvRz-V6vniHq3Eqf5ZsKcCWSRZBej2LJazzg4rbEm_VdbMesB_uZf61-71QmV34IUXoMMnOL2YMblg6-pRkP4EmmfwV7bL0Pc0Dc-Ox2628ch7P85Q8GhnveGDf3-S2lSc2tihg7x5bAOWnt1JZliyf9M7q8G4JyaTJXfZcFX7WoOhJoDp0JmIUv77-TkKDr4_vlqMYbgYuhHmJpzBxxg9R7rJLcFsXP51lHQ_htbSbeo5RHJJqsKcE-Lo4eS3-FUVlYBK05kFLyk0UbYV-M54xUY7JReL3JwZH9fIl0XQk6cRl-zEbC3OEd-XTsmkIYt009ddE_UCJA4D_aNLJIRMr5ueQz7PIW9ATF-eqV59ROxz6lfrBxI1XLhWQb2c7B6Q8f4XZq60CosOFcW-ypTB98uZVn8j5E6Ub-L0RC8JcvE53l6tF2HCbiyPVHGqHHqixB92CQ5uoI-4F1jKYlCoh0-QUSouokTxYZhWiBU-xilasQD2wUq_ZTiOkCLp-ccxuns7TTsNkb2hjdEDn-xR7c6JDi7RhSOChx3ZzIgUSIvu1d9MzJdMHSFBdSeda5_hQXsvO_pFlf0gAbRarze7rz4YHxin4jSp9_sZLVvsPKDuujeWinuhvc_udWM2RmSDlhcfi_i1T0U0mn6XQgRnFvbCrw_ntfMar83PqK_2-Up71gv61zLVLLWyd-QHRRhPcKVdPB0u5DUU9lKYovWHbM9UH1BdHgWQjS2cKMa1FJROVxwYGi36BaPBUvUTOIs3KsV4dIyhqxlJ5W7azhBhondR7LIiISvV5jI2G-NaekupDkij9sB7KQQJuBEw0DUX_Wzbf-yh9TElNXeSexXNyzB_E-cbwPwF9dClQX4Bn_3A32_b6c9KB-tTGn-xHlj8t3TwH1U3pVhhy55NV3o-qxt72qzs44CeUWo2N7khaj21Mzij2cGU6KJby3bR6PTHmYdHC2gQjjGtUrWuVxf9TfVijWRpFnI5OcmajUUCpB3_kY2_dsOtTPeMlM9qVs6xy0Vc8T1mfais31wur4NW-nXqF837LCi5PuQj7DXEz_j0pC6EfGkM4DxN2AwCWNhgf31EyIj6xisfXw8t2pBxDzz5tLS7Nd3E46XSY6QogvELz1oaOyXSWK3Uj8in6XrMKW-GflG3Bzvh4soj3gzNRfxF_lC8kFArb4mt-cv4OWCgRv8zr9xGWywsCACL5ahk1b3KV2ivsLkJwu1Zd3oBKU1pTQglj0pPfywt5dD3qn5PIuAfOvdKWaAs6qZzOuLLcvWRTUHyJbWn1S65vPQQybB1CqJgJ9NdDiUuMi1Ss7NHk82zEn22I9mPanLLmcKFSArR2Cevj_Nc4U3L-tehassRyFCY8SadtQXRB-mF_hy1oIBhyUrLBqegk1EBh50EY7Tptge8Ga50Aa-sqpGqf_YknFXiOozUxqZKpkokvhF7_fJoG-ejtF42AnpnQ4C3_YZcQjLhMkDkeqy1c95bg19oISt1guIGOqQuEwtIoZQz7ATsNDG4pGXyH6Zx5FvWoD1-VL4cezt2_BDQLpfHrH4-FD83nByCF1cpsP3zTdhWVOJgIpwVbfuYKMdFFL109RNAwcQQ1AuhZ8MoIv4LB4kpWEnVwTU4uAN9FwIPD37iDcakTF2bamfmB3SwgRvnaOnyx4b3FPcR8a-EBH_vaBsCM7KuuvuuTHNgMX5gF8E-ndCFMtEZ-qCJBOsAuVOAZgHTGnBcnVQwZXeg4-pXBAc5VoidzJXEsU5WVSZzDR_sovJvfMsrsqfPKimx0AiwhdGsIp_MdNl3eFEI5aeHH9KrWDt4RSVbmpy-OUbAoJJbIcTeZupTqozU3eUc71M&cid=CAASJORoWlG5a4Yd5eFwl3Ot2IpzOkqblRXxbm1pxsn4s2mej7jE7A&rfl=1%2Chttps%253A%252F%252Fpt.lizspaperloft.com%252F%240
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
f9d6ad667fb61dda87c8e7618d2d2c0ba596e2aeb3c3e372448f9a23aa1294bb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:50 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34306
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 8CF2 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C0uyUaN2efx7IifCXsU-MWBPza0Wb10PncBw3gyCsvOt2uv1Ygk21tqSNgogIhpIqRbHplbvxCGw6zowr9HKF5-Jb-yuvhKqWiXY7mKE4rp7NuTJ4
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:50 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
skeleton.gif
static.adsafeprotected.com/ Frame 8CF2
Redirect Chain
  • https://pixel.adsafeprotected.com/rfw/st/999585/61793174/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=&ias_dspID=3&ias_campId=27619585&ias_pubId=pub-5512390705137507&ias_chanId=1&ias_placementId=167258...
  • https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=
43 B
482 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Server
2600:9000:2156:8a00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 06 Aug 2021 16:14:35 GMT
via
1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
age
22223116
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
43
last-modified
Mon, 17 Aug 2020 23:55:15 GMT
server
AmazonS3
etag
"45cf913e5d9d3c9b2058033056d3dd23"
x-amz-version-id
iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
cache-control
max-age=315360000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
image/gif
x-amz-cf-id
yPsaFKWPC_m_AYN5leX42CHJ2DS_fazHvj6IWjyOKRguLqMVJOiFWw==

Redirect headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:50 GMT
x-server-name
app08.ie.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
location
https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=
cache-control
no-cache
content-length
0
server
nginx
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 8CF2 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/window_focus_fy2019.js
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
11
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 04 May 2022 21:19:39 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 8CF2 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ef2e3293c1558e5b49e30e1e094cfc3412ec386a68067aee04a92fc913f2c2ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36950
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1650454428054601"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 20 Apr 2022 21:19:50 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 8CF2 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:15:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
232
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6409
x-xss-protection
0
server
cafe
etag
15284592792851369840
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 04 May 2022 21:15:58 GMT
l
www.google.com/ads/measurement/ Frame 8CF2 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRShHW-C7bcPBFGGkiMkuwV8MyoBJFAPy57QXs91ttcp88476EK1bCezAj2g5sgVnZzWBslgdlseh75C5dd8BWNlp4DfA
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
LJGn0i2Pg8yG-wzimFR5htSsDE5oolsrGkll4HQxngw.js
pagead2.googlesyndication.com/bg/ Frame 9D0F 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/LJGn0i2Pg8yG-wzimFR5htSsDE5oolsrGkll4HQxngw.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2c91a7d22d8f83cc86fb0ce298547986d4ac0c4e68a25b2b1a4965e074319e0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 14:40:20 GMT
content-encoding
br
x-content-type-options
nosniff
age
110370
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13643
x-xss-protection
0
last-modified
Mon, 11 Apr 2022 15:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 19 Apr 2023 14:40:20 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame 6B02 		7 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d2f1c02480d0eee7e883d40b60f4ebe9a7816d872cfae71769ea68f235cda3ed
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Apr 2022 21:19:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5470
x-xss-protection
0
60005582_20220301245337111_300x250_Look_01.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 6B02 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20220301245337111_300x250_Look_01.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8f5754e162c6914f84645c43b52dd3fb050092dc7214e09c50831cec1a97b40b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/3542255663189065728/300x250.html?e=69&leftOffset=0&topOffset=0&c=V46C1GHIaV&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 14:20:02 GMT
x-content-type-options
nosniff
age
25188
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
45326
x-xss-protection
0
last-modified
Tue, 01 Mar 2022 08:53:37 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 21 Apr 2022 14:20:02 GMT
60005582_20220301245333532_300x250_Look_02.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 6B02 		38 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20220301245333532_300x250_Look_02.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ef886cb5d32f41ad994d2e851d2056c029e93e0f76116695f8ab525785e2306e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/3542255663189065728/300x250.html?e=69&leftOffset=0&topOffset=0&c=V46C1GHIaV&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 14:20:02 GMT
x-content-type-options
nosniff
age
25188
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38756
x-xss-protection
0
last-modified
Tue, 01 Mar 2022 08:53:33 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 21 Apr 2022 14:20:02 GMT
postview.gif
portal.o2online.de/nws/img/ Frame 6B02 		43 B
609 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14112_PV&mediacode=27008872_4307561_324252033_165558522_-0&ref=27008872_4307561_324252033_165558522_-0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
82.113.101.132 Offenbach, Germany, ASN6805 (TDDE-ASN1, DE),
Reverse DNS
portal.o2online.de
Software
Apache /
Resource Hash
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 20 Apr 2022 21:19:50 GMT
Last-Modified
Wed, 26 Aug 2020 10:11:24 GMT
Server
Apache
ETag
"2b-5adc50abeeb00"
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection
close
Accept-Ranges
bytes
Content-Type
image/gif
Content-Length
43
font
c.bannerflow.net/fs/api/v2/ Frame 580C 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://c.bannerflow.net/fs/api/v2/font?u=https%3A%2F%2Ffontmanagerstorage.blob.core.windows.net%2Ffontmanagerfonts%2F59c910d931ae9c0318638256%2Fb8d39551-68ea-4ae7-9f0e-5ab5c1261bdd.woff&t=%20%25%2a-35KSegilnorstu
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:d40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cfff66f0285504658a03b932d7bc9451d655ea76dc758be3dad7750b57ed7999

Request headers

Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
Origin
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:50 GMT
cf-cache-status
HIT
last-modified
Wed, 23 Mar 2022 19:50:42 GMT
server
cloudflare
age
2424548
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
font/woff
access-control-allow-origin
*
cache-control
public, s-maxage=31536000, max-age=31536000, stale-if-error=86400, stale-while-revalidate=86400
content-disposition
attachment; filename=b8d39551-68ea-4ae7-9f0e-5ab5c1261bdd-subset.woff
cf-ray
6ff0eba2b9d7cc46-ZRH
expires
Thu, 23 Mar 2023 19:50:42 GMT
rum
dsum-sec.casalemedia.com/ Frame EAA1
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFg8LpraSfrkmU0LYwWQ3rs&google_cver=1
43 B
894 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFg8LpraSfrkmU0LYwWQ3rs&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGNOd9sUBMAE&v=APEucNXdylNJhUE8RZ6NoJnRAemhHeC6mn_HtOkFqWWjFyo2T3pPX0ndi8eXk8DC8M3UlR4m1DZLodlLKqX0-NElUFsxn3Ez1ytor1BLDhMFHMkzpPA-HC5L1_ETltXqzg6KNlAW-fw81dmTINjXGTsCpeNCjUa5aqXf0hvV-97Y3RXayy2vWoBZ9n8HyKgG0H-IcCSlqaSnZgGDVoXqJbQJsk_Zzph_UA
Protocol
HTTP/1.1
Server
69.192.160.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a69-192-160-245.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 20 Apr 2022 21:19:50 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 20 Apr 2022 21:19:50 GMT

Redirect headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:50 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFg8LpraSfrkmU0LYwWQ3rs&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame EAA1
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YmB49UKycvfJ7qLWk3e5DQAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFg8LpraSfrkmU0LYwWQ3rs&google_cver=1
43 B
894 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFg8LpraSfrkmU0LYwWQ3rs&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGNOd9sUBMAE&v=APEucNXdylNJhUE8RZ6NoJnRAemhHeC6mn_HtOkFqWWjFyo2T3pPX0ndi8eXk8DC8M3UlR4m1DZLodlLKqX0-NElUFsxn3Ez1ytor1BLDhMFHMkzpPA-HC5L1_ETltXqzg6KNlAW-fw81dmTINjXGTsCpeNCjUa5aqXf0hvV-97Y3RXayy2vWoBZ9n8HyKgG0H-IcCSlqaSnZgGDVoXqJbQJsk_Zzph_UA
Protocol
HTTP/1.1
Server
69.192.160.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a69-192-160-245.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 20 Apr 2022 21:19:50 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 20 Apr 2022 21:19:50 GMT

Redirect headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:50 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFg8LpraSfrkmU0LYwWQ3rs&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame EAA1
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEDbnoyCPFyUR4wr9QL6hScM&google_cver=1
43 B
1014 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEDbnoyCPFyUR4wr9QL6hScM&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGNOd9sUBMAE&v=APEucNXdylNJhUE8RZ6NoJnRAemhHeC6mn_HtOkFqWWjFyo2T3pPX0ndi8eXk8DC8M3UlR4m1DZLodlLKqX0-NElUFsxn3Ez1ytor1BLDhMFHMkzpPA-HC5L1_ETltXqzg6KNlAW-fw81dmTINjXGTsCpeNCjUa5aqXf0hvV-97Y3RXayy2vWoBZ9n8HyKgG0H-IcCSlqaSnZgGDVoXqJbQJsk_Zzph_UA
Protocol
HTTP/1.1
Server
185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 20 Apr 2022 21:19:50 GMT
X-Proxy-Origin
193.27.14.25; 193.27.14.25; 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
b3241002-737a-4901-9ec2-d83493ddc954
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:50 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEDbnoyCPFyUR4wr9QL6hScM&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame EAA1
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODA5MjkzNDc3MjEzODg2NDM3Mg%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODA5MjkzNDc3MjEzODg2NDM3Mg%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGNOd9sUBMAE&v=APEucNXdylNJhUE8RZ6NoJnRAemhHeC6mn_HtOkFqWWjFyo2T3pPX0ndi8eXk8DC8M3UlR4m1DZLodlLKqX0-NElUFsxn3Ez1ytor1BLDhMFHMkzpPA-HC5L1_ETltXqzg6KNlAW-fw81dmTINjXGTsCpeNCjUa5aqXf0hvV-97Y3RXayy2vWoBZ9n8HyKgG0H-IcCSlqaSnZgGDVoXqJbQJsk_Zzph_UA
Protocol
H3
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:50 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 20 Apr 2022 21:19:50 GMT
X-Proxy-Origin
193.27.14.25; 193.27.14.25; 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
8302e9d2-7f0c-4b44-9fce-ce54f2c66ff4
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODA5MjkzNDc3MjEzODg2NDM3Mg%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
optimize
c.bannerflow.net/io/api/image/ Frame 554E 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.bannerflow.net/io/api/image/optimize?u=https%3A%2F%2Fc.bannerflow.net%2Faccounts%2Fmelia-hotels-international%2F59c9120b31ae8f128419d688%2Fimages%2Fa326ed08-c4ea-44d9-8af8-9453fe674daa.jpg&w=765&h=90&q=85&f=webp&rt=cover&x1=0&y1=591&x2=1600&y2=779
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:d40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
802f33a3941dcda9d727eae784ad9056e2618204b6e79bb8bcff0840e9762d62

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:50 GMT
cf-cache-status
HIT
last-modified
Wed, 20 Apr 2022 09:56:05 GMT
api-supported-versions
2.0
age
41025
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/webp
cache-control
public, max-age=86400,stale-if-error=86400,stale-while-revalidate=86400
accept-ranges
bytes
cf-ray
6ff0eba30a860211-ZRH
content-length
1694
server
cloudflare
request-context
appId=cid-v1:aa2d0cc3-fd7d-4ac0-80ca-1db03d937ce1
27624350-8080-45f5-8ac5-4bcbf8478d7e.svg
c.bannerflow.net/accounts/melia-hotels-international/59c9120b31ae8f128419d688/images/ Frame 554E 		7 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.bannerflow.net/accounts/melia-hotels-international/59c9120b31ae8f128419d688/images/27624350-8080-45f5-8ac5-4bcbf8478d7e.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:d40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c3109a82c3a2c23e65bf887a0c7d13be0a8c7a3d1468103051144cb9e84ad77

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 20 Apr 2022 21:19:50 GMT
content-encoding
br
cf-cache-status
HIT
content-md5
5Xuj2A+y0C5AFucBYDjFgA==
age
3740
x-ms-lease-status
unlocked
last-modified
Fri, 18 Jun 2021 07:47:06 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
cba44f8b-801e-0031-2a48-3c0c35000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
cf-ray
6ff0eba32ac00211-ZRH
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 6B02 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 20 Apr 2022 21:19:50 GMT
html_inpage_rendering_lib_200_276.js
s0.2mdn.net/879366/ Frame 8CF2 		170 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
Origin
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 16:19:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
18044
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60311
x-xss-protection
0
last-modified
Wed, 02 Mar 2022 23:07:25 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 21 Apr 2022 16:19:06 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/elements/html/ Frame 8CF2 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BaD9iLFoA6QS1D0Ww2LaZTCBfQISOZkhkUA1HNQ8KVfoQXdPpiXQ-ikFxWOZB4x54P8NpVNJZPM16vzwhDwLxMqzoUGLn8hG7K4j5hz0fHy0hPgs_Wm-4anZkqp1asU5dibLlS23lJb2czajJ0jdGY3YYZOQ&dbm_d=AKAmf-DsAKyoDFvtFzy5vaxzKfTqJOpWsEtWQL5c5XjgKdoEUnJCBkS6-KgTlz5r0jUTGryHuonIT-pjYbSe-3Eja9g_S2urBzSKqFRehVEW18_PjClKVI8FqgLyNle8Vn60L6VGkRzynw8h97LhbW0qFkdAH2TQ__L3m4KObBWqn_QXrQiBKBQwafZOPjkzOL6Gf80j9YKn8GIwvza9A4Ao6OU_4VWzhjmH0kQ3dC-7BSCBjTyqUQLtdMrkAxdvP_hSElBMhLv2GaUPctg3uN1NmWev-Hc0L6VJqqG8CSdC7KZv-zX3ZNHybrnGnJDgwlHPL58zptO2WD6U-R_2U0Tvon4yWuo97qKIw_S2RdnJwHwlkoFgM6PaA1kfPlR2JEbVMwflM67XWX-Y7GFpGtCR9o1K6VEpNp2fHes-xCLNiAEju1xjSa7mAsb7SL-0uvFgfrjhNHUrHDQpyD1HJ6_6DirFFfFGtIcPHOAKhy-aBM97j4VdsRfuPkAu1T8e08ydBY84F-zV_gIWsafsyNLknsqlFasnUNTQgL9jd2_VQh3Q5cBpUJktIsFrBNwGUugs-Ea5eTnQ8Wd1lNkrocY7KY6ClwFl8mYpgab5SnX-398B6sn3L-iNAJGNFEcgIdCpVkQzlav05aNYJzNC1KtnscdCcZik8d8jqPpWxMkT-m-DJQW0vEmugR4uoqfb9xibE5mgy0fBduX7Zvz7gmiDmG2clrSLILgGNfxbmTcnr4XGjOqe0dZ7mxFFUSiP7OYMGhEBnROy-PsxivjgkWl2Zz2uDlZhj0DidpxuncgWRH-GTsueoFeBTKX-Zz494tcurJyYhbS1xPDfzezKSVqMZN5AZIogQY81ou-8K5pRp-yLnIrdg_U41t_dOHkLejiMoikYxkxDJMtXvy3_HjliZevCiBhoVMI68uS3X2u5x0Osq-XCjlIn-nno615PbItZHHRH0RrY-2_KLjE-iHWGtrbGkNVl13teE_RNx_u3X8J77xJMpyK6FjRW1z6Abe5P36pgxDF4wAAIvXs2-VW_HUYi-LsCjbuPRtUtQEHVYCVzM_PmMyt_Ndt7A1ipfLWXW3-Pm5b-BPINcO87oUmxcYgrqyjzzbtJqSmnXifqMAcR8UsHq6vw9BYPawF38N6OT4QpUFdDPxKWtY9ynm_DsEYtDieNxe466uMjJQE2z8TC16ygZ0iWYn2DmtWQrenqzxbJaFCWyKuVLqOdGPBmjNUI8HeoyM0PnDg_-12cqQlUoTTKk2fbARLMEQ5LTYqHOfwhJGJ5u5olLpTGuZtuO52kLC1SQupdDXLqzTnSuOOr4z0ADqxTS8ZgFw4keVQWxG8WexKeo9WgRhVP0qZ4OWB_IVKjyCQIwxO0o-wbXv8_qzzS54JC36cqoFwDDpyi8e2EY3ykbvlSf3hYsMwEyGSWYqyzRCzGC6PR2kd55bvOg2_q725Zo_4b88Mvd4uA5w4aLtA3P6XDCLkUJBMalxXmd2SHsQoY74VEV1XHxEW4QOcAV5ZWc4nwFjsUt8SGFjjAsAhuoC3DUoKVODS5yGEx1XImfrNbeJoK-SxOkFNV70Q6iQAvRz-V6vniHq3Eqf5ZsKcCWSRZBej2LJazzg4rbEm_VdbMesB_uZf61-71QmV34IUXoMMnOL2YMblg6-pRkP4EmmfwV7bL0Pc0Dc-Ox2628ch7P85Q8GhnveGDf3-S2lSc2tihg7x5bAOWnt1JZliyf9M7q8G4JyaTJXfZcFX7WoOhJoDp0JmIUv77-TkKDr4_vlqMYbgYuhHmJpzBxxg9R7rJLcFsXP51lHQ_htbSbeo5RHJJqsKcE-Lo4eS3-FUVlYBK05kFLyk0UbYV-M54xUY7JReL3JwZH9fIl0XQk6cRl-zEbC3OEd-XTsmkIYt009ddE_UCJA4D_aNLJIRMr5ueQz7PIW9ATF-eqV59ROxz6lfrBxI1XLhWQb2c7B6Q8f4XZq60CosOFcW-ypTB98uZVn8j5E6Ub-L0RC8JcvE53l6tF2HCbiyPVHGqHHqixB92CQ5uoI-4F1jKYlCoh0-QUSouokTxYZhWiBU-xilasQD2wUq_ZTiOkCLp-ccxuns7TTsNkb2hjdEDn-xR7c6JDi7RhSOChx3ZzIgUSIvu1d9MzJdMHSFBdSeda5_hQXsvO_pFlf0gAbRarze7rz4YHxin4jSp9_sZLVvsPKDuujeWinuhvc_udWM2RmSDlhcfi_i1T0U0mn6XQgRnFvbCrw_ntfMar83PqK_2-Up71gv61zLVLLWyd-QHRRhPcKVdPB0u5DUU9lKYovWHbM9UH1BdHgWQjS2cKMa1FJROVxwYGi36BaPBUvUTOIs3KsV4dIyhqxlJ5W7azhBhondR7LIiISvV5jI2G-NaekupDkij9sB7KQQJuBEw0DUX_Wzbf-yh9TElNXeSexXNyzB_E-cbwPwF9dClQX4Bn_3A32_b6c9KB-tTGn-xHlj8t3TwH1U3pVhhy55NV3o-qxt72qzs44CeUWo2N7khaj21Mzij2cGU6KJby3bR6PTHmYdHC2gQjjGtUrWuVxf9TfVijWRpFnI5OcmajUUCpB3_kY2_dsOtTPeMlM9qVs6xy0Vc8T1mfais31wur4NW-nXqF837LCi5PuQj7DXEz_j0pC6EfGkM4DxN2AwCWNhgf31EyIj6xisfXw8t2pBxDzz5tLS7Nd3E46XSY6QogvELz1oaOyXSWK3Uj8in6XrMKW-GflG3Bzvh4soj3gzNRfxF_lC8kFArb4mt-cv4OWCgRv8zr9xGWywsCACL5ahk1b3KV2ivsLkJwu1Zd3oBKU1pTQglj0pPfywt5dD3qn5PIuAfOvdKWaAs6qZzOuLLcvWRTUHyJbWn1S65vPQQybB1CqJgJ9NdDiUuMi1Ss7NHk82zEn22I9mPanLLmcKFSArR2Cevj_Nc4U3L-tehassRyFCY8SadtQXRB-mF_hy1oIBhyUrLBqegk1EBh50EY7Tptge8Ga50Aa-sqpGqf_YknFXiOozUxqZKpkokvhF7_fJoG-ejtF42AnpnQ4C3_YZcQjLhMkDkeqy1c95bg19oISt1guIGOqQuEwtIoZQz7ATsNDG4pGXyH6Zx5FvWoD1-VL4cezt2_BDQLpfHrH4-FD83nByCF1cpsP3zTdhWVOJgIpwVbfuYKMdFFL109RNAwcQQ1AuhZ8MoIv4LB4kpWEnVwTU4uAN9FwIPD37iDcakTF2bamfmB3SwgRvnaOnyx4b3FPcR8a-EBH_vaBsCM7KuuvuuTHNgMX5gF8E-ndCFMtEZ-qCJBOsAuVOAZgHTGnBcnVQwZXeg4-pXBAc5VoidzJXEsU5WVSZzDR_sovJvfMsrsqfPKimx0AiwhdGsIp_MdNl3eFEI5aeHH9KrWDt4RSVbmpy-OUbAoJJbIcTeZupTqozU3eUc71M&cid=CAASJORoWlG5a4Yd5eFwl3Ot2IpzOkqblRXxbm1pxsn4s2mej7jE7A&rfl=1%2Chttps%253A%252F%252Fpt.lizspaperloft.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:10:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
548
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3159
x-xss-protection
0
server
cafe
etag
1394524276809619753
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 04 May 2022 21:10:42 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/ Frame 8CF2 		25 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BaD9iLFoA6QS1D0Ww2LaZTCBfQISOZkhkUA1HNQ8KVfoQXdPpiXQ-ikFxWOZB4x54P8NpVNJZPM16vzwhDwLxMqzoUGLn8hG7K4j5hz0fHy0hPgs_Wm-4anZkqp1asU5dibLlS23lJb2czajJ0jdGY3YYZOQ&dbm_d=AKAmf-DsAKyoDFvtFzy5vaxzKfTqJOpWsEtWQL5c5XjgKdoEUnJCBkS6-KgTlz5r0jUTGryHuonIT-pjYbSe-3Eja9g_S2urBzSKqFRehVEW18_PjClKVI8FqgLyNle8Vn60L6VGkRzynw8h97LhbW0qFkdAH2TQ__L3m4KObBWqn_QXrQiBKBQwafZOPjkzOL6Gf80j9YKn8GIwvza9A4Ao6OU_4VWzhjmH0kQ3dC-7BSCBjTyqUQLtdMrkAxdvP_hSElBMhLv2GaUPctg3uN1NmWev-Hc0L6VJqqG8CSdC7KZv-zX3ZNHybrnGnJDgwlHPL58zptO2WD6U-R_2U0Tvon4yWuo97qKIw_S2RdnJwHwlkoFgM6PaA1kfPlR2JEbVMwflM67XWX-Y7GFpGtCR9o1K6VEpNp2fHes-xCLNiAEju1xjSa7mAsb7SL-0uvFgfrjhNHUrHDQpyD1HJ6_6DirFFfFGtIcPHOAKhy-aBM97j4VdsRfuPkAu1T8e08ydBY84F-zV_gIWsafsyNLknsqlFasnUNTQgL9jd2_VQh3Q5cBpUJktIsFrBNwGUugs-Ea5eTnQ8Wd1lNkrocY7KY6ClwFl8mYpgab5SnX-398B6sn3L-iNAJGNFEcgIdCpVkQzlav05aNYJzNC1KtnscdCcZik8d8jqPpWxMkT-m-DJQW0vEmugR4uoqfb9xibE5mgy0fBduX7Zvz7gmiDmG2clrSLILgGNfxbmTcnr4XGjOqe0dZ7mxFFUSiP7OYMGhEBnROy-PsxivjgkWl2Zz2uDlZhj0DidpxuncgWRH-GTsueoFeBTKX-Zz494tcurJyYhbS1xPDfzezKSVqMZN5AZIogQY81ou-8K5pRp-yLnIrdg_U41t_dOHkLejiMoikYxkxDJMtXvy3_HjliZevCiBhoVMI68uS3X2u5x0Osq-XCjlIn-nno615PbItZHHRH0RrY-2_KLjE-iHWGtrbGkNVl13teE_RNx_u3X8J77xJMpyK6FjRW1z6Abe5P36pgxDF4wAAIvXs2-VW_HUYi-LsCjbuPRtUtQEHVYCVzM_PmMyt_Ndt7A1ipfLWXW3-Pm5b-BPINcO87oUmxcYgrqyjzzbtJqSmnXifqMAcR8UsHq6vw9BYPawF38N6OT4QpUFdDPxKWtY9ynm_DsEYtDieNxe466uMjJQE2z8TC16ygZ0iWYn2DmtWQrenqzxbJaFCWyKuVLqOdGPBmjNUI8HeoyM0PnDg_-12cqQlUoTTKk2fbARLMEQ5LTYqHOfwhJGJ5u5olLpTGuZtuO52kLC1SQupdDXLqzTnSuOOr4z0ADqxTS8ZgFw4keVQWxG8WexKeo9WgRhVP0qZ4OWB_IVKjyCQIwxO0o-wbXv8_qzzS54JC36cqoFwDDpyi8e2EY3ykbvlSf3hYsMwEyGSWYqyzRCzGC6PR2kd55bvOg2_q725Zo_4b88Mvd4uA5w4aLtA3P6XDCLkUJBMalxXmd2SHsQoY74VEV1XHxEW4QOcAV5ZWc4nwFjsUt8SGFjjAsAhuoC3DUoKVODS5yGEx1XImfrNbeJoK-SxOkFNV70Q6iQAvRz-V6vniHq3Eqf5ZsKcCWSRZBej2LJazzg4rbEm_VdbMesB_uZf61-71QmV34IUXoMMnOL2YMblg6-pRkP4EmmfwV7bL0Pc0Dc-Ox2628ch7P85Q8GhnveGDf3-S2lSc2tihg7x5bAOWnt1JZliyf9M7q8G4JyaTJXfZcFX7WoOhJoDp0JmIUv77-TkKDr4_vlqMYbgYuhHmJpzBxxg9R7rJLcFsXP51lHQ_htbSbeo5RHJJqsKcE-Lo4eS3-FUVlYBK05kFLyk0UbYV-M54xUY7JReL3JwZH9fIl0XQk6cRl-zEbC3OEd-XTsmkIYt009ddE_UCJA4D_aNLJIRMr5ueQz7PIW9ATF-eqV59ROxz6lfrBxI1XLhWQb2c7B6Q8f4XZq60CosOFcW-ypTB98uZVn8j5E6Ub-L0RC8JcvE53l6tF2HCbiyPVHGqHHqixB92CQ5uoI-4F1jKYlCoh0-QUSouokTxYZhWiBU-xilasQD2wUq_ZTiOkCLp-ccxuns7TTsNkb2hjdEDn-xR7c6JDi7RhSOChx3ZzIgUSIvu1d9MzJdMHSFBdSeda5_hQXsvO_pFlf0gAbRarze7rz4YHxin4jSp9_sZLVvsPKDuujeWinuhvc_udWM2RmSDlhcfi_i1T0U0mn6XQgRnFvbCrw_ntfMar83PqK_2-Up71gv61zLVLLWyd-QHRRhPcKVdPB0u5DUU9lKYovWHbM9UH1BdHgWQjS2cKMa1FJROVxwYGi36BaPBUvUTOIs3KsV4dIyhqxlJ5W7azhBhondR7LIiISvV5jI2G-NaekupDkij9sB7KQQJuBEw0DUX_Wzbf-yh9TElNXeSexXNyzB_E-cbwPwF9dClQX4Bn_3A32_b6c9KB-tTGn-xHlj8t3TwH1U3pVhhy55NV3o-qxt72qzs44CeUWo2N7khaj21Mzij2cGU6KJby3bR6PTHmYdHC2gQjjGtUrWuVxf9TfVijWRpFnI5OcmajUUCpB3_kY2_dsOtTPeMlM9qVs6xy0Vc8T1mfais31wur4NW-nXqF837LCi5PuQj7DXEz_j0pC6EfGkM4DxN2AwCWNhgf31EyIj6xisfXw8t2pBxDzz5tLS7Nd3E46XSY6QogvELz1oaOyXSWK3Uj8in6XrMKW-GflG3Bzvh4soj3gzNRfxF_lC8kFArb4mt-cv4OWCgRv8zr9xGWywsCACL5ahk1b3KV2ivsLkJwu1Zd3oBKU1pTQglj0pPfywt5dD3qn5PIuAfOvdKWaAs6qZzOuLLcvWRTUHyJbWn1S65vPQQybB1CqJgJ9NdDiUuMi1Ss7NHk82zEn22I9mPanLLmcKFSArR2Cevj_Nc4U3L-tehassRyFCY8SadtQXRB-mF_hy1oIBhyUrLBqegk1EBh50EY7Tptge8Ga50Aa-sqpGqf_YknFXiOozUxqZKpkokvhF7_fJoG-ejtF42AnpnQ4C3_YZcQjLhMkDkeqy1c95bg19oISt1guIGOqQuEwtIoZQz7ATsNDG4pGXyH6Zx5FvWoD1-VL4cezt2_BDQLpfHrH4-FD83nByCF1cpsP3zTdhWVOJgIpwVbfuYKMdFFL109RNAwcQQ1AuhZ8MoIv4LB4kpWEnVwTU4uAN9FwIPD37iDcakTF2bamfmB3SwgRvnaOnyx4b3FPcR8a-EBH_vaBsCM7KuuvuuTHNgMX5gF8E-ndCFMtEZ-qCJBOsAuVOAZgHTGnBcnVQwZXeg4-pXBAc5VoidzJXEsU5WVSZzDR_sovJvfMsrsqfPKimx0AiwhdGsIp_MdNl3eFEI5aeHH9KrWDt4RSVbmpy-OUbAoJJbIcTeZupTqozU3eUc71M&cid=CAASJORoWlG5a4Yd5eFwl3Ot2IpzOkqblRXxbm1pxsn4s2mej7jE7A&rfl=1%2Chttps%253A%252F%252Fpt.lizspaperloft.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e66bfceb15a6ee125dff79826be02a07b766843e6c660edf55ec0c22d1a407c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:09:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
613
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9777
x-xss-protection
0
server
cafe
etag
12512753850102923420
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Wed, 04 May 2022 21:09:37 GMT
pre-summer22_h_low.mp4
productsup.melia.com/production/ Frame 532F 		224 KB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://productsup.melia.com/production/pre-summer22_h_low.mp4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.27 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-27.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash

Request headers

Referer
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Range
bytes=0-

Response headers

x-amz-version-id
Q6moKFDsjYlyK1W4.RP99wPb7MQNVV3h
via
1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
etag
"88914c9106e744f92c40234550dec9b6"
last-modified
Mon, 21 Mar 2022 07:56:34 GMT
server
AmazonS3
age
1027
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
video/mp4
Content-Range
bytes 0-788348/788349
date
Wed, 20 Apr 2022 21:03:59 GMT
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
Content-Length
788349
x-amz-cf-id
JKo_j_zZQAGpawPWHXceeOj5S24JML7-uinnw48rpXzT8ks_BxiEyQ==
LJGn0i2Pg8yG-wzimFR5htSsDE5oolsrGkll4HQxngw.js
pagead2.googlesyndication.com/bg/ Frame 0F84 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/LJGn0i2Pg8yG-wzimFR5htSsDE5oolsrGkll4HQxngw.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2c91a7d22d8f83cc86fb0ce298547986d4ac0c4e68a25b2b1a4965e074319e0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 14:40:20 GMT
content-encoding
br
x-content-type-options
nosniff
age
110370
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13643
x-xss-protection
0
last-modified
Mon, 11 Apr 2022 15:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 19 Apr 2023 14:40:20 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 8CF2 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 08:56:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
44610
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 20 Apr 2023 08:56:20 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 1D01 		1 KB
749 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
55566
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=86400
content-encoding
gzip
content-length
724
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 20 Apr 2022 05:53:44 GMT
etag
48472445140208031
expires
Thu, 21 Apr 2022 05:53:44 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame 8CF2 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4035ebe5cb2d406bb1994e2cd6148a03ed88da2c9b3ca2ffc9da86e1e5a602fc

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png
index.html
s0.2mdn.net/sadbundle/6657181183598343709/ Frame A84B 		36 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/6657181183598343709/index.html?e=69&leftOffset=0&topOffset=0&c=rG8LDoX2Hl&t=1&renderingType=2&ev=01_248
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6441798447ba251e1090a35dcee01ee8b3e9446325a4c058fabda6090a90a16
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Wed, 20 Apr 2022 21:19:50 GMT
expires
Thu, 20 Apr 2023 21:19:50 GMT
last-modified
Wed, 05 May 2021 19:27:44 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 8CF2 		0
27 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstOTG6wPI1gsX4rOgzQA08vAVWYrFAQNR1I7YOKvwt3INgDSnkB4NsYzOrFH9n0EyXyCNO7pjGkJNopkTuds3Cs-pC1aWAzXDDJ9tRWPzUdkIWnoviAGacx2hah9FhsLNFlDnhZbJo6s9MSovCYzmMT-XguFucrcyWGLkmqB6mb4MpcAjNIc7eOsDL4Qlu4EAUztd5JfShWPS-hgbbHCwk--EA3ewmmDSGXpcQMWQfPOzKwQtrI4JSdStYKbmR45Q6_RTyxDFevqUyReEgN_u6Gidzr5QDH4OqOzFijkN2eA6EkNNBpw905i_isonlSiKPiUt1DTH5feUsVaNo5-syM99c1K6LTbI0vAkVfe9qsmZymBiXmKtv7eyrddXfbsp1Ln8vkkwsxtuAvAyFz8EjLLD-mHnBhNngEix87IK_5fP8wMkTqKDyTbHmSR6KF2NjEGlHy6NxhiQq0zLy7xf5p6ZUq7kDMlJkU-9zeb4GgpL6gogedrvO_ufdOJB4T6JWyW9nsm12ysA7FPQqwtKIFld3U1uV6VvLHvioTUnYjkecAWufVF9QSdIRX9MgnvV53lU2D-05XorggAlHiUfYxas6Zafme2KJpGYs53_RCIykwbgJtyqTyrNkENiW-AK09CN8wcJVivpuUZY9_13HS2pvSsUFXuAwppgmf1qtZLHC3KtyE72UL5eckOC_g2Qo3jZc17rq_-UD7GGX7s2HG-yz1Mx7JI_FPK1yqzNpfl1p6FKpg29U6L8zVodzldbxjiBXk_9wLUTPonHX5SGlK6BV8IAR2bra95f1n9yCsIx_j_3_dmw5qhesx2wabl3dMfYszAy0scwGpABagHpaW9pZ6A7E0Vk9Dp9nI7yNyd8xbGnQRWe9OH1dY7ZIJ1CXxUadFR8U8Pj15PmFB_Ya1u-sZ3NNAP8QdHidtWBKiMQDzAqQYNbv3iap-IJlmCOSkclZydmipl-Zm28f4KQUiw-9lAVTtgBSgvthYXeWYJreZ3D9twi3BHSOizYxwliKtaEdhyNC_0lbdEb-B0lDPFhI9U93-10d-yuSwIt8uiX8A88grL_OsUhHC_X3_XCOxxRY_4nhQY0n1_yZKCoUZjuAMEfwUwhmFWqzgFGaKmMx9QhbEF_JATxCrhSjqr1f1SBCxvlP5_IwUJv9-8xUn2NgnoZiJ9f2x9Wz0usUr2VyMGrZFEduAP5Xh_c6i9XMUuYinibnKb5Pj3PnGt6LhvN3pS5QpK-dzAhgyWCrW0NlpPN0Et28XsN4ikB31lgax4Wy0UG7pG1A9_yX7LwYK4f_qDKgtzlv7RQtlRuz7XtRLl1jWtozYxCDHpHUttYM-icien9GvifilmnOuPzo&sai=AMfl-YQCmVXpQU1MH5SRpzYFG0IzFa_akN1dXTKX4LP_H9RY_ox_Kov_W4W4X7yl2CTTv4v261Ypuk6D1PV1Amn982NfoKjUjuAGeDf11gFR_caHv_FmpbsbbS4bPpja3Wx4NX4vcKhjdkfFxGOV4EGTczTMbnFiwg-gqzp33QTmcJ7tUKFh6YlBAHMNFf-Ad9Gk4t1Tl9nf8Je8LVT7IBE9Bw&sig=Cg0ArKJSzKu1J8JWi7w4EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=87&cbvp=1&cstd=82&cisv=r20220413.90447&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date
Wed, 20 Apr 2022 21:19:50 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
ai.aspx
m.exactag.com/ Frame 8CF2 		43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://m.exactag.com/ai.aspx?extProvApi=sky-dv360&extProvId=300&extPu=sky-dv360&extLi=27619585&extPm=415076051&extCr=16725820018&gdpr=&gdpr_consent=&rnd=36870423
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.202.235.10 Düsseldorf, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
P3P
policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Connection
close
X-ET-Monitoring
1
Content-Length
43
Pragma
no-cache
X-ET-Code
0
Last-Modified
Mi, 20 Apr 2022 09:19:50 GMT
Server
Microsoft-IIS/8.5
Date
Wed, 20 Apr 2022 21:19:49 GMT
Access-Control-Max-Age
1000
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
Cache-Control
private
Access-Control-Allow-Credentials
true
X-ET-Camp
923
Access-Control-Allow-Headers
*
Expires
Mon, 26 Jul 1997 05:00:00 GMT
firstevent
skydeutschland.demdex.net/ Frame 8CF2
Redirect Chain
  • https://skydeutschland.demdex.net/event?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=132133369&d_placement=331926956&d_campaign=27483059&d_bust=36870423&gdpr=&gdpr_consent=
  • https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=132133369&d_placement=331926956&d_campaign=27483059&d_bust=36870423&gdpr=&gdpr_...
42 B
967 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=132133369&d_placement=331926956&d_campaign=27483059&d_bust=36870423&gdpr=&gdpr_consent=
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Server
52.31.67.18 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-31-67-18.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v031-04eb9e131.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
qEWy2iDhQrI=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS
dcs-prod-irl1-1-v031-0f3341810.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
F1O/ppOSStc=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=132133369&d_placement=331926956&d_campaign=27483059&d_bust=36870423&gdpr=&gdpr_consent=
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 1135 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
44610
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 20 Apr 2022 08:56:20 GMT
expires
Thu, 20 Apr 2023 08:56:20 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
activeview
pagead2.googlesyndication.com/pcs/ Frame 80F1 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstCeAITPq_IdiebMCSV_ACXntBTuev3pJz5xrCqptHo3RivY7UtLrSbfVb4zatIzJY_pyCK8Ipl8SFLR2-F5Q00DN4P6PWdr67zTi4C6UPH9z1m03exjA&sai=AMfl-YSdaKYyrXmItf0agg7ZpN6pmzsGIBvySaL0zkT_7huMlx0Jn8FILswEwUwgIt8JSSJ63M7zsHBuy-nNQM3k_vqXq2B1WXmmFMPo0y36&sig=Cg0ArKJSzIrV3V4yvzkOEAE&cid=CAQSLQCNIrLMyTyxPyWSFKP3YG2IvXPrDni2ozokT8gfP4EqCPW9_FtfsTMP4d7ukw&id=lidar2&mcvt=1010&p=1110,436,1204,1164&mtos=132,1010,1010,1010,1010&tos=132,878,0,0,0&v=20220420&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1095535024&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1650489589085&rpt=316&isd=0&lsd=0&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:50 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
google
match.adsrvr.org/track/cmf/ Frame 1D01 		70 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/google?google_gid=CAESEO3lDZ12CWz1cYMthM1lqrE&google_cver=1&google_push=AYg5qPISichJHSiIC3R20PM0Kn5P-bfEFiVb8vBk69YetOYESCPLOo_brO_Xy-k_qz1-1RORWmF1ohS5mZVYcPCjUO9_dckU9fv3
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:50 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame 1D01
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEIp7HHKVAvbU4aPm3K1e3FE&google_cver=1&google_push=AYg5qPJQlLXqY80ooFkh6m3BwmZVsPlfWmbDq2dw94KTeeo1lWZDzJl5mUwTmvH8legeNlMts3jwCrUnGkhfxPIsB0_6...
  • https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEIp7HHKVAvbU4aPm3K1e3FE&google_cver=1&google_push=AYg5qPJQlLXqY80ooFkh6m3BwmZVsPlfWmbDq2dw94KTeeo1lWZDzJl5mUwTmvH8legeNlMts3jwCrUnGkhfxP...
  • https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJQlLXqY80ooFkh6m3BwmZVsPlfWmbDq2dw94KTeeo1lWZDzJl5mUwTmvH8legeNlMts3jwCrUnGkhfxPIsB0_6qU-xTopk&google_hm=ouw-tisfQcWPyM5jSJTHVA==
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJQlLXqY80ooFkh6m3BwmZVsPlfWmbDq2dw94KTeeo1lWZDzJl5mUwTmvH8legeNlMts3jwCrUnGkhfxPIsB0_6qU-xTopk&google_hm=ouw-tisfQcWPyM5jSJTHVA==
Protocol
H3
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:51 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
//cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPJQlLXqY80ooFkh6m3BwmZVsPlfWmbDq2dw94KTeeo1lWZDzJl5mUwTmvH8legeNlMts3jwCrUnGkhfxPIsB0_6qU-xTopk&google_hm=ouw-tisfQcWPyM5jSJTHVA==
Date
Wed, 20 Apr 2022 21:19:51 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
pixel
cm.g.doubleclick.net/ Frame 1D01
Redirect Chain
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=_R_4EmLUSc2yy0u-42WsuQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=_R_4EmLUSc2yy0u-42WsuQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKT4QFISWP3hGebSC2c_jbZBUS5Y3f0Mez3SybvCvDymeT4smk3sBSJnquCewguI8VC0tLmGS8wEG-GUlStNAywk9IhxbvL
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:50 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=_R_4EmLUSc2yy0u-42WsuQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKT4QFISWP3hGebSC2c_jbZBUS5Y3f0Mez3SybvCvDymeT4smk3sBSJnquCewguI8VC0tLmGS8wEG-GUlStNAywk9IhxbvL
date
Wed, 20 Apr 2022 21:19:49 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
sync
dsp.adkernel.com/ Frame 1D01 		42 B
233 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsp.adkernel.com/sync?exchange=11&google_gid=CAESEEiCaojMNkOIIPKVtJeSRU0&google_cver=1&google_push=AYg5qPK4h2iX0ZX1pel0yieVCQ34zUnIuaK0Dh8nFsuUclks0HZwiwAvAttr4Tbr5st_KSNQJx--E7MukFDHcFPz5vzYSK2H5Dg
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 20 Apr 2022 21:19:50 GMT
Server
nginx
Age
0
Content-Type
image/gif
Cache-Control
no-store
Connection
keep-alive
Content-Length
42
pixel
cm.g.doubleclick.net/ Frame 1D01
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDmnxOd4Y_pgc0lJ6yNcZq0&google_cver=1&googl...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok...
0
0
pixel
cm.g.doubleclick.net/ Frame 1D01
Redirect Chain
  • https://cs.media.net/cksync?type=g&google_gid=CAESEHJzYLEOLakqnKiXCMGF-kc&google_cver=1&google_push=AYg5qPJ4lHXklniQR9zfcfBcNfN4hQNvGomRvkBB5TrPLKh4UYlDI8ujAbwY4HlcxAjsqiY-nxk9NlIM6d0HjUCGmUdwMjjtZrTy
  • https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjkzNDkxMTkwNzU3NjkwMTAwMFYxMA%3d%3d&mn_hm=MjkzNDkxMTkwNzU3NjkwMTAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPJ4lHXklniQR9zfcfBcNfN4hQN...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjkzNDkxMTkwNzU3NjkwMTAwMFYxMA%3d%3d&mn_hm=MjkzNDkxMTkwNzU3NjkwMTAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPJ4lHXklniQR9zfcfBcNfN4hQNvGomRvkBB5TrPLKh4UYlDI8ujAbwY4HlcxAjsqiY-nxk9NlIM6d0HjUCGmUdwMjjtZrTy&gdpr=&gdpr_consent=
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:50 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 20 Apr 2022 21:19:50 GMT
Server
Apache
P3P
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Location
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=MjkzNDkxMTkwNzU3NjkwMTAwMFYxMA%3d%3d&mn_hm=MjkzNDkxMTkwNzU3NjkwMTAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPJ4lHXklniQR9zfcfBcNfN4hQNvGomRvkBB5TrPLKh4UYlDI8ujAbwY4HlcxAjsqiY-nxk9NlIM6d0HjUCGmUdwMjjtZrTy&gdpr=&gdpr_consent=
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html
Content-Length
154
X-MNET-HL2
E
Expires
Wed, 20 Apr 2022 21:19:50 GMT
pub
cs.chocolateplatform.com/ Frame 1D01 		0
68 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESEAYQ3X8J0-E3F25sR0lkypY&google_cver=1&google_push=AYg5qPIwQF0Ov1LFZ4toHTv9HcFzbMtrUvvQnoL8EXNCixPLsTuFQdQE1Z5bOef_R9sV655sWKOMXUC5azi3kJkVT_dgWw8fUG4
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.203.145.121 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Chocolate Cookie Sync Powered by Vdopia /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:49 GMT
server
Chocolate Cookie Sync Powered by Vdopia
attr
cm.g.doubleclick.net/pixel/ Frame 1D01 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J7_C6GSvSMyf4Wh_WuL9L4Uw9ldgkj21QcPuMnG_CG7_6M210HupqZIQJd1GiXNtnbAkwD
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:50 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
style.css
s0.2mdn.net/sadbundle/6657181183598343709/ Frame A84B 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/6657181183598343709/style.css
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6657181183598343709/index.html?e=69&leftOffset=0&topOffset=0&c=rG8LDoX2Hl&t=1&renderingType=2&ev=01_248
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2392bb69de9eb1e9efad1da54204d43b70c52e5b6004b053d1e645fac906ac3f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6657181183598343709/index.html?e=69&leftOffset=0&topOffset=0&c=rG8LDoX2Hl&t=1&renderingType=2&ev=01_248
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 21:52:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
84456
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1741
x-xss-protection
0
last-modified
Wed, 05 May 2021 19:27:44 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 19 Apr 2023 21:52:14 GMT
Enabler_01_244.js
s0.2mdn.net/879366/ Frame A84B 		109 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/Enabler_01_244.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6657181183598343709/index.html?e=69&leftOffset=0&topOffset=0&c=rG8LDoX2Hl&t=1&renderingType=2&ev=01_248
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e7052ee7e4fa3d19fa953957b23d6cd29b2311739ec0932d6e570577d19f2503
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6657181183598343709/index.html?e=69&leftOffset=0&topOffset=0&c=rG8LDoX2Hl&t=1&renderingType=2&ev=01_248
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 11:47:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
34367
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38072
x-xss-protection
0
last-modified
Tue, 07 Jul 2020 18:35:15 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 21 Apr 2022 11:47:03 GMT
gsap.min.js
cdnjs.cloudflare.com/ajax/libs/gsap/3.4.2/ Frame A84B 		59 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/gsap/3.4.2/gsap.min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6657181183598343709/index.html?e=69&leftOffset=0&topOffset=0&c=rG8LDoX2Hl&t=1&renderingType=2&ev=01_248
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a3c5ff7e114ffe32212ee07123f9dc6aa19c09072e44fe64649c9cc747040cab
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:50 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1133
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
21678
timing-allow-origin
*
last-modified
Tue, 21 Jul 2020 23:12:03 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5f177643-eca3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mHBLlX7Yw%2B16Q1pN3nq7fSh7IbFQ33fHMOKgBSA92J0iDoaoTNieESHoov8Te9qa7cZsF1YerDzNPQA%2FNIXwf9mwwxFzGmm3A0JfYt9W%2BNgCTruMk7UURspwuE%2B4pjCxGxWS0szg7%2BG5eLOun8y94qik"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6ff0eba4a8f823df-ZRH
expires
Mon, 10 Apr 2023 21:19:50 GMT
pre-summer22_h_low.mp4
productsup.melia.com/production/ Frame 532F 		34 KB
34 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://productsup.melia.com/production/pre-summer22_h_low.mp4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.27 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-27.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b081da29fb0d2b34dd03b08da016d059bca2064de9cc5de2abd86dda92f22805

Request headers

Referer
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Range
bytes=753664-

Response headers

x-amz-version-id
Q6moKFDsjYlyK1W4.RP99wPb7MQNVV3h
via
1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
etag
"88914c9106e744f92c40234550dec9b6"
last-modified
Mon, 21 Mar 2022 07:56:34 GMT
server
AmazonS3
age
1027
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
video/mp4
Content-Range
bytes 753664-788348/788349
date
Wed, 20 Apr 2022 21:19:50 GMT
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
Content-Length
34685
x-amz-cf-id
pFlytDXAIGsSlGXcMNyW3Eo3PwikDonj84onH5cMrAgbTJe2sMC42g==
gen_204
pagead2.googlesyndication.com/pagead/ Frame 9D0F 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BZ8BT9XhgYtHhLcPd7_UP-aiK-AkAAAAAOAHgBAI&bg=!srGlsfXNAAZvJBiFTyQ7ACkAdvg8WoXypH08-W-ZAshTJFDpnKkr2GUgPD-WJKfCrTH5cj-igSlrNwIAAAEEUgAAAAFoAQeZAvY2KTRTLYYLOOhz6SRZtgY91gk_6KtlPnCRavqcgpUfOfW2PpFd9t8t4Et10LgkWq4Ltr5kApoG9ihMUv18wqFxkzq0oSHOpyLTW02kaRjMl0ZUtTaUJGszhnOXVWFJvqdRV5es7hlSmaAHymVLI3GcQziiWCY4NVhb6c3bJ0zHhdMNwuuJpPgs5mXg2SM81vMHOXhok7hBuL_26cQ_bKHHyoE4H1KIas4okiE23GIHLoqK4dceJ0NwjZRmcKsjVcN_EGWsBZEPFsKMG1JCW4wgOAIylK0-IBXf3IHI1-mIKiRSwZSQzpF54vwgz4rNYwSMMIBEZeZONn5KTPVSrUB3mdbRVCgRlA5sqEsLdJBKDEkLylRE7kQ4q7FiIwXEEhgsubtKuJuMz5VxSWm72tNIPrP9F7R2Fg4mgk61kIUU9YPhS8e16ZR0RciL_ttB6VGxtZIFJcexIbVoClQqG0fc30LRTEJu6LUs9xNjVHcdFmlQ4517gy1t03jp3T-jAzidBSk61ECY4d2uGNkJZ56fJrtPibQCQmGXpRcihbpQPEGlxdzD39BxBaAEuRwlhdd0FbrsPOh8pdtc_QhM-Hrgzpa-EsMj_SYUFA1zlUI2EtxsvChn9N2jirmq1jBoQkbMy_XQMxuZ45pEoea3fZF5UydmH2f_oGunbadj4a730eyHw7YDLqmhZRZg-hLo11KJpCcLlq5j3EBg6yby1DbfO58SBfb764FyNsuxad8Wa-LZLbzwN_D7A6e1Mp8pqOfjqXofMJHMCEmZrx4YgMAtHyQJ0j-fN5Ml-eE2phHNojWpCUUBX1JSyxCnBY-s9ca2fSg_plbyg4IlL5QtSCga3Gn4DrO5AESHlJlvcbA-voy80dEE_EJiYkBq8ANnADXMkBDaXTeL0xNB8MjJTQ7hYhHVuCGTeP9XSmqf0T0SwVXSmG2XggLM8kQaLT94p6rlDMGmOI_6p86kLKhy_RxzKmDdQvC0l4hOazLi8ak8lNhWEF6x0w
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:50 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
LJGn0i2Pg8yG-wzimFR5htSsDE5oolsrGkll4HQxngw.js
pagead2.googlesyndication.com/bg/ Frame 1135 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/LJGn0i2Pg8yG-wzimFR5htSsDE5oolsrGkll4HQxngw.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2c91a7d22d8f83cc86fb0ce298547986d4ac0c4e68a25b2b1a4965e074319e0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 14:40:20 GMT
content-encoding
br
x-content-type-options
nosniff
age
110370
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13643
x-xss-protection
0
last-modified
Mon, 11 Apr 2022 15:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 19 Apr 2023 14:40:20 GMT
59c9120b31ae8f128419d688
c.bannerflow.net/tr/v2/pixel/ Frame 580C 		0
162 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://c.bannerflow.net/tr/v2/pixel/59c9120b31ae8f128419d688
Requested by
Host: c.bannerflow.net
URL: https://c.bannerflow.net/a/6232eccb9663a849c8c24941?did=5ced02fe0fd60d000186f5ac&redirecturl=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCYuU-9HhgYsCGLvKO7_UP5u2d2A2M1KXCaeHgprDwD5Ok_orXKRABIKqAwyJgldqigrAHoAGTpo--A8gBCakCCmX3rhg1sj6oAwGqBI8CT9BLydD9fG1_aUmHp4khhsVR2szxt-_IZ0jeKFi8sm2Fr-oSAACAr5oYvpU4uFgyQPshdMio3MqPD2-UJC0IOTSxcHzAtUqhS2uhmbBRKSLALdQt1i3ktpLOYtSUiXinbIKmoXHX6BbKRW6SfkX2c3-AjL5qZ2mw3VLVwBWoJctHa8UmoOo0TKVHqORjYwfprPMNAIdRTZg6Kooib48kXBMe-2xLpBoawaa1tGRmJS6ZkesgVCVEHFXFOLZcpybwyLNln62issZhXOXo8koAfJDsUSHDAXTc3HzJFUXa4Fz-uvBJ_OqDp8XJ41tVJWI29PPnwtfBJ6CeBFpZTYtdfn7VYXT0JmxQn3-omh0OncAE_d30tO0D4AQDkAYBoAZNgAfV2fBBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi03OTQ0NzI2NzAwNjA0NzAxgAoDmAsByAsBgAwBsBPyxPEO2BMN2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSLQCNIrLMyTyxPyWSFKP3YG2IvXPrDni2ozokT8gfP4EqCPW9_FtfsTMP4d7ukw%26sig%3DAOD64_1GD8XAVq-t3XgVg4nxvHhgbqRu3g%26client%3Dca-pub-5512390705137507%26dbm_c%3DAKAmf-DGJB980y18Yjx98pZH9cHEHCyGOJ2lnWzmh40uLydI2Zep0v4I48pXQGngeBSpXp2DeSEU01bBSx_7RuqikqSUJcN2G5MuJZCR5ZAitqAQXOT3uQW-PzWz5kqXM8dzEMjZdXQzg901FOB53ct84p1QSXCvbQ%26cry%3D1%26dbm_d%3DAKAmf-BuT1eLFpuK-M_vF_zQ3zN8H9qH_CI8Q0zpsHCXymmdxw0vvuVixkd8bckDE0ZdI0dDmF2zR2xjTQR4CI_Y0t5JKMeKUvXboWq0g-ucMF2Z2f_3KQ_4xOrt_GV1hUt68-e4GtOAjqE5SlzizcycrzeFJMtHz1tx9xoITmG5WFnjdmvJOsDDeb_I_r6SdYXERMoRkNrOWPCFSMFkS-3CdxeIkd0CtGnRrmQUjIT9zGxV73vQqcAwlfYL8DbwtowVN4FQWFTR2Txg1quzaNUY148DCohY_APJPVEwnRbe_dFvKHnlBu3CmLX1NzqTUf7og4nTT2xmV2cnVAq0U3QFY30-UO5oShaMrMX12lvIEho14HyEklsnLVvkKVAzkiarU3kB6wThpD7gH9x1m4sJDwmVJru88FeLsPCDDzWRO_nXAE3aa9KkD11txM_gO9CaDy-GA6bv0zWQAwQng7js7xxsToCFLQ%26adurl%3Dhttps%3A%2F%2Fa1.adform.net%2FC%2F%3Fbn%3D54370173%3Badfibeg%3D0%3Bcdata%3DiRC99z5vOMPyVUB3sm7qdD3H6zHyVHqzADbraSVMwddeWA_EDGcbq-vhfINXxkXnhcMRvNZZuUQdBto-OTni43tt2n4OwTFixfgN7wWhehNcPlakbYq96RfFbAlL4jcDepog248PTuUVdH9pxlMXHT15XEr-uFmMQeEimShqzcc1%3B%3BCREFURL%3Dhttps%253a%252f%252fpt.lizspaperloft.com%3BC%3D1&domain=https%3a%2f%2fd5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com%2f&targetwindow=_blank
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:d40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 20 Apr 2022 21:19:50 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
6ff0eba4bcca0211-ZRH
content-length
0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
request-context
appId=cid-v1:1d9bcaa3-5ddc-4e5d-973c-949d7ceab63e
sodar
pagead2.googlesyndication.com/getconfig/ Frame A84B 		7 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_244&st=int
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_244.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e62d54228fddc3f254f816dd251462b91a84c6c3d9fb0efd3019741e5d2a1d0f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Apr 2022 21:19:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5524
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ Frame A84B 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_244.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:19:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 20 Apr 2022 21:19:50 GMT
blank.png_1621952972643_blank.png
s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/ Frame A84B 		95 B
120 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/blank.png_1621952972643_blank.png
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9df9512d0f2332b34e43e220b6bdc675dc6b663e72406edde64fd96dc9128e1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6657181183598343709/index.html?e=69&leftOffset=0&topOffset=0&c=rG8LDoX2Hl&t=1&renderingType=2&ev=01_248
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 23:27:00 GMT
x-content-type-options
nosniff
age
78770
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
95
x-xss-protection
0
last-modified
Tue, 25 May 2021 14:29:47 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-programmable"
report-to
{"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 19 Apr 2023 23:27:00 GMT
DCO_Sky_ist_Wenn_300x250_1.jpg_1634118112701_DCO_Sky_ist_Wenn_300x250_1.jpg
s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/ Frame A84B 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/DCO_Sky_ist_Wenn_300x250_1.jpg_1634118112701_DCO_Sky_ist_Wenn_300x250_1.jpg
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
57e93fdbf1afa598c0761c3729e1fe3ac8f8d3469fcee77e7182b1d7803eb145
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6657181183598343709/index.html?e=69&leftOffset=0&topOffset=0&c=rG8LDoX2Hl&t=1&renderingType=2&ev=01_248
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 20:37:12 GMT
x-content-type-options
nosniff
age
88958
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15178
x-xss-protection
0
last-modified
Wed, 13 Oct 2021 09:42:24 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-programmable"
report-to
{"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 19 Apr 2023 20:37:12 GMT
DCO_Sky_ist_Wenn_SkyGo_V2_300x250_2.jpg_1634118112701_DCO_Sky_ist_Wenn_SkyGo_V2_300x250_2.jpg
s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/ Frame A84B 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/DCO_Sky_ist_Wenn_SkyGo_V2_300x250_2.jpg_1634118112701_DCO_Sky_ist_Wenn_SkyGo_V2_300x250_2.jpg
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3a3ab954663ae472128d91abec0ade61efdebaa344f970409434a7ed63ef9df5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6657181183598343709/index.html?e=69&leftOffset=0&topOffset=0&c=rG8LDoX2Hl&t=1&renderingType=2&ev=01_248
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 05:39:39 GMT
x-content-type-options
nosniff
age
56411
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17636
x-xss-protection
0
last-modified
Wed, 13 Oct 2021 09:42:39 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-programmable"
report-to
{"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 20 Apr 2023 05:39:39 GMT
DCO_Sky_ist_Wenn_SkyGo_V2_300x250_3.jpg_1634538332792_DCO_Sky_ist_Wenn_SkyGo_V2_300x250_3.jpg
s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/ Frame A84B 		28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/DCO_Sky_ist_Wenn_SkyGo_V2_300x250_3.jpg_1634538332792_DCO_Sky_ist_Wenn_SkyGo_V2_300x250_3.jpg
Requested by
Host: d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
374ab94edf42f3fa6b9754f8c40f0475184f16f2742704522fee1f3bee9385ea
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6657181183598343709/index.html?e=69&leftOffset=0&topOffset=0&c=rG8LDoX2Hl&t=1&renderingType=2&ev=01_248
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 18:59:56 GMT
x-content-type-options
nosniff
age
94794
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28421
x-xss-protection
0
last-modified
Mon, 18 Oct 2021 06:25:47 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-programmable"
report-to
{"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 19 Apr 2023 18:59:56 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 8CF2 		0
26 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstOTG6wPI1gsX4rOgzQA08vAVWYrFAQNR1I7YOKvwt3INgDSnkB4NsYzOrFH9n0EyXyCNO7pjGkJNopkTuds3Cs-pC1aWAzXDDJ9tRWPzUdkIWnoviAGacx2hah9FhsLNFlDnhZbJo6s9MSovCYzmMT-XguFucrcyWGLkmqB6mb4MpcAjNIc7eOsDL4Qlu4EAUztd5JfShWPS-hgbbHCwk--EA3ewmmDSGXpcQMWQfPOzKwQtrI4JSdStYKbmR45Q6_RTyxDFevqUyReEgN_u6Gidzr5QDH4OqOzFijkN2eA6EkNNBpw905i_isonlSiKPiUt1DTH5feUsVaNo5-syM99c1K6LTbI0vAkVfe9qsmZymBiXmKtv7eyrddXfbsp1Ln8vkkwsxtuAvAyFz8EjLLD-mHnBhNngEix87IK_5fP8wMkTqKDyTbHmSR6KF2NjEGlHy6NxhiQq0zLy7xf5p6ZUq7kDMlJkU-9zeb4GgpL6gogedrvO_ufdOJB4T6JWyW9nsm12ysA7FPQqwtKIFld3U1uV6VvLHvioTUnYjkecAWufVF9QSdIRX9MgnvV53lU2D-05XorggAlHiUfYxas6Zafme2KJpGYs53_RCIykwbgJtyqTyrNkENiW-AK09CN8wcJVivpuUZY9_13HS2pvSsUFXuAwppgmf1qtZLHC3KtyE72UL5eckOC_g2Qo3jZc17rq_-UD7GGX7s2HG-yz1Mx7JI_FPK1yqzNpfl1p6FKpg29U6L8zVodzldbxjiBXk_9wLUTPonHX5SGlK6BV8IAR2bra95f1n9yCsIx_j_3_dmw5qhesx2wabl3dMfYszAy0scwGpABagHpaW9pZ6A7E0Vk9Dp9nI7yNyd8xbGnQRWe9OH1dY7ZIJ1CXxUadFR8U8Pj15PmFB_Ya1u-sZ3NNAP8QdHidtWBKiMQDzAqQYNbv3iap-IJlmCOSkclZydmipl-Zm28f4KQUiw-9lAVTtgBSgvthYXeWYJreZ3D9twi3BHSOizYxwliKtaEdhyNC_0lbdEb-B0lDPFhI9U93-10d-yuSwIt8uiX8A88grL_OsUhHC_X3_XCOxxRY_4nhQY0n1_yZKCoUZjuAMEfwUwhmFWqzgFGaKmMx9QhbEF_JATxCrhSjqr1f1SBCxvlP5_IwUJv9-8xUn2NgnoZiJ9f2x9Wz0usUr2VyMGrZFEduAP5Xh_c6i9XMUuYinibnKb5Pj3PnGt6LhvN3pS5QpK-dzAhgyWCrW0NlpPN0Et28XsN4ikB31lgax4Wy0UG7pG1A9_yX7LwYK4f_qDKgtzlv7RQtlRuz7XtRLl1jWtozYxCDHpHUttYM-icien9GvifilmnOuPzo&sai=AMfl-YQCmVXpQU1MH5SRpzYFG0IzFa_akN1dXTKX4LP_H9RY_ox_Kov_W4W4X7yl2CTTv4v261Ypuk6D1PV1Amn982NfoKjUjuAGeDf11gFR_caHv_FmpbsbbS4bPpja3Wx4NX4vcKhjdkfFxGOV4EGTczTMbnFiwg-gqzp33QTmcJ7tUKFh6YlBAHMNFf-Ad9Gk4t1Tl9nf8Je8LVT7IBE9Bw&sig=Cg0ArKJSzKu1J8JWi7w4EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=280&vt=11&dtpt=193&dett=3&cstd=82&cisv=r20220413.90447&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=
Requested by
Host: pt.lizspaperloft.com
URL: https://pt.lizspaperloft.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 20 Apr 2022 21:19:50 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
sky_medium.woff
s0.2mdn.net/creatives/assets/3668815/ Frame A84B 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/creatives/assets/3668815/sky_medium.woff
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6657181183598343709/style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4373878b9f750698b6a199ebc0eb0e550df208c5a1f9f778a346e271a2b4d733
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/6657181183598343709/style.css
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 21:15:04 GMT
x-content-type-options
nosniff
age
286
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27952
x-xss-protection
0
last-modified
Thu, 20 Feb 2020 12:38:21 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 20 Apr 2022 21:30:04 GMT
LJGn0i2Pg8yG-wzimFR5htSsDE5oolsrGkll4HQxngw.js
pagead2.googlesyndication.com/bg/ Frame 3168 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/LJGn0i2Pg8yG-wzimFR5htSsDE5oolsrGkll4HQxngw.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2c91a7d22d8f83cc86fb0ce298547986d4ac0c4e68a25b2b1a4965e074319e0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 14:40:20 GMT
content-encoding
br
x-content-type-options
nosniff
age
110370
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13643
x-xss-protection
0
last-modified
Mon, 11 Apr 2022 15:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 19 Apr 2023 14:40:20 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 1135 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BUGgs9nhgYt-9C9zE7_UPkPa48AcAAAAAOAHgBAI&bg=!j4yljMjNAAZvJBiFTyQ7ACkAdvg8WrWzziED-hAzoNyEs4WhzHIKfju6fdZYD1dNADjOcUsAqgcAuAIAAAB_UgAAAAFoAQeZAvhG5Z8f_YzU8oiwsPimv9MmXW0sb5EzXZIInRgDKCdX3xRFUyu1wbPQSGgGE1i62iXOD4iXEQKOHEzpWVOuXwidsUQAHWxU8QWOOT7vZyCXtSSSiVgpnLkNbd6bqpdktI6Bo0dj5MSAIJp-BdgnBiJ1Uu-PQYLkuPyRE0vd7gHOFHR2Uq9zIHqomNGyK4PW2YaKrMFsSlmvihdEV9j8LG-vLk1uG7IO4rbMPo23LGW0U_cdkExsz_e7PUJqV5oi6AErk-sPNpOW0qfnTvm2Rm_vfgZcjUKQiiQsK1LAP9kyxCkbDf-DqU3EmZ2ynNFDvyy-xmeuBqj_FvjAx7uTYBvgJ9UIrbQX7Qsbr0zaBmg5BRNUT_kKmkAJw3xT9X2jmhnKH18FSW5-ajX6jZJr6IHmrTLHNqNvWYyDkZ0j5ZTa8AaT1gGGcjTnZTAzF1ZD5qD53X46V0jwP519rXCnXloLGQ2tAkgWBZRefwyw2h1unZQ9I8G_0ZMCEVIHCGVLzm0KciT81iNp_3p1NEOxx7mCcSE-KytnOn0Nl0Gu4qS34Ypoj_5PozZi9DFE4ChNR_kq6KjmXKChRftwJwTpJ6QJnL2WuCkT6i3etjurgxQLhJuIGJaZJxae35rgc7szY_uxSGAGPqkKI9ixv47a9Gj2KJKFrZFTO_lQdN7tnWiFDfQPk1mORJOczxQGBWUU-ymEByM5Fbq4CIyBAJ-PbXQIWxAXq30WCVX_DsofoqeoPyfxOHKtaSZDvvgh64rXh3RAaQXXQS7S9dQA-kHgDrSz827PzbrBbPiq6bpxUHpaLtqo6fGk86LJHCCumw-9_1EUFxzwlaV1fR4v62pENnKxevzbZABnNhw0WEAWDYo-77y0WwYLIUk7K6eVOJswwm6ijWguos9gZPEmWyxfLTr8hq1K7nlV9NtKF88VsPTlu_edYERRU1ucDOSUoV5IPRi5HNvySuF_XjeBr1Leqc1a_4PwVHyFrasG9LPc7OKZMiqJypvC3baV
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:50 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
a1.adform.net/serving/unload/ Frame 80F1 		35 B
502 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://a1.adform.net/serving/unload/?version=15&unload=6718199658697509927@@54370173,1551039507743951491,100|1181|0|0|0|0|0|0|0||40|1|||||1|0|0|wttyaNguiY1cPlakbYq96RfFbAlL4jcDepog248PTuUVdH9pxlMXHfL_QlhaeLlf0|||11||0
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.24 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:51 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires
-1
pre-summer22_h_low.mp4
productsup.melia.com/production/ Frame 532F 		578 KB
579 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://productsup.melia.com/production/pre-summer22_h_low.mp4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.27 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-27.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9b4e594b808e6b6b6ca69cc6c7058408d00d2269a8e4fe908b60434c77d2d783

Request headers

Referer
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Range
bytes=196608-

Response headers

x-amz-version-id
Q6moKFDsjYlyK1W4.RP99wPb7MQNVV3h
via
1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
etag
"88914c9106e744f92c40234550dec9b6"
last-modified
Mon, 21 Mar 2022 07:56:34 GMT
server
AmazonS3
age
1028
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
video/mp4
Content-Range
bytes 196608-788348/788349
date
Wed, 20 Apr 2022 21:19:50 GMT
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
Content-Length
591741
x-amz-cf-id
IvRN4_3GcXqkmWWPDTqlXKOszWJNqWHXVGdwAGWdNgDE8z1s95Nhog==
activeview
pagead2.googlesyndication.com/pcs/ Frame 8CF2 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv2zv5N9Ad88osnOO5__fvpMP_N_dH8S1eSSRgXTrwH-OuxDDKOlFXIANvYYVsb4jtNCXmSxazYLB92M9_EhjkeSmya0zKz8kdwSRaHzyuMb6IOcYlzeg&sai=AMfl-YRSf3Ec-3ypo9lRpE_kBgeYmJWSwpbIf7W2QvF9Yyv_7HdTugD-K1o0NL12X6OiOfiz6B1PhXLUyaISDmjMgkJYiikAVwiZ9Yc2xkihc08-hCJc9O2Vz3CEMGU&sig=Cg0ArKJSzHHfe13a4EVNEAE&cid=CAASJORoWlG5a4Yd5eFwl3Ot2IpzOkqblRXxbm1pxsn4s2mej7jE7A&id=lidar2&mcvt=1000&p=575,460,825,760&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220420&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3777506267&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1650489590125&rpt=226&isd=0&lsd=0&met=ce&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:51 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fpt.lizspaperloft.com%2F&domain=pt.lizspaperloft.com&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://pt.lizspaperloft.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
https://pt.lizspaperloft.com
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Wed, 20 Apr 2022 21:19:50 GMT
expires
0
pragma
no-cache
server-processing-duration-in-ticks
1408
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
sid
mug.criteo.com/
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fpt.lizspaperloft.com%2F&domain=pt.lizspaperloft.com&cw=1&lsw=1
  • https://mug.criteo.com/sid?cpp=2S0DHnw3b0c4RFlhTjVWVHd1NEp2NEJ0c1VVcXRHTDVKVTVocHFlMk52ZmluT0lsZnVQT2p6TFo5NXd6S1kxRTlPaVFwdGZLd2E5bUlrYjFsaElTbU5iVE1XcVpnekh1TXlSNFQ2YmlXTjJoR1dyeUJXYzR5SitReTFIRm...
360 B
622 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=2S0DHnw3b0c4RFlhTjVWVHd1NEp2NEJ0c1VVcXRHTDVKVTVocHFlMk52ZmluT0lsZnVQT2p6TFo5NXd6S1kxRTlPaVFwdGZLd2E5bUlrYjFsaElTbU5iVE1XcVpnekh1TXlSNFQ2YmlXTjJoR1dyeUJXYzR5SitReTFIRmhkVlZzeUxrNTJIalRyNTg2V0Fpc0M0Tm1BaVY3UFp3SWxsb1lXbUF6ckRma0JvalJJR0s3QW1TbGtkeGJrNzB5dWs5ZGkyOGhQbHdOeU43R2VkeXBqQjBoRE15OUNScmVLTUtHSzh2WndtWllpWTdER2M5cHBxaUZpWFJiRG5kWTVXdm5udXZzfA&cppv=2
Protocol
H2
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
ebc588aed8b8d247bf7ab72d7f91de1d0be3cfa4ab6046ab32a43e005152f4c2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pt.lizspaperloft.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:50 GMT
content-encoding
gzip
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2703
strict-transport-security
max-age=31536000; preload;
expires
0

Redirect headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:50 GMT
location
https://mug.criteo.com/sid?cpp=2S0DHnw3b0c4RFlhTjVWVHd1NEp2NEJ0c1VVcXRHTDVKVTVocHFlMk52ZmluT0lsZnVQT2p6TFo5NXd6S1kxRTlPaVFwdGZLd2E5bUlrYjFsaElTbU5iVE1XcVpnekh1TXlSNFQ2YmlXTjJoR1dyeUJXYzR5SitReTFIRmhkVlZzeUxrNTJIalRyNTg2V0Fpc0M0Tm1BaVY3UFp3SWxsb1lXbUF6ckRma0JvalJJR0s3QW1TbGtkeGJrNzB5dWs5ZGkyOGhQbHdOeU43R2VkeXBqQjBoRE15OUNScmVLTUtHSzh2WndtWllpWTdER2M5cHBxaUZpWFJiRG5kWTVXdm5udXZzfA&cppv=2
strict-transport-security
max-age=31536000; preload;
access-control-allow-methods
GET
content-type
text/html; charset=utf-8
access-control-allow-origin
https://pt.lizspaperloft.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
1922
content-length
509
expires
0
rid
match.adsrvr.org/track/ 		109 B
545 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=prebid&fmt=json
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid6.13.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
cb10bc08acd0b1ff67cddb8435e544b350c49b3b9dc433f6cbc7dcda664b7de7

Request headers

Referer
https://pt.lizspaperloft.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 20 Apr 2022 21:19:51 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://pt.lizspaperloft.com
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
109
expires
Fri, 20 May 2022 21:19:51 GMT
async_usersync.html
acdn.adnxs.com/dmp/ Frame 1389 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid6.13.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://pt.lizspaperloft.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
57483
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Wed, 20 Apr 2022 21:19:51 GMT
ETag
W/"623de86a-cf34"
Expires
Thu, 14 Apr 2022 05:21:37 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
159827, 1020423
X-Served-By
cache-lga21972-LGA, cache-hhn4047-HHN
X-Timer
S1650489592.702647,VS0,VE0
async_usersync.html
acdn.adnxs.com/dmp/ Frame AA37 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid6.13.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://pt.lizspaperloft.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
57483
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Wed, 20 Apr 2022 21:19:51 GMT
ETag
W/"623de86a-cf34"
Expires
Thu, 14 Apr 2022 05:21:37 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
159827, 1054265
X-Served-By
cache-lga21972-LGA, cache-hhn4021-HHN
X-Timer
S1650489592.702850,VS0,VE0
async_usersync.html
acdn.adnxs.com/dmp/ Frame 14C5 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid6.13.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://pt.lizspaperloft.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
57482
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Wed, 20 Apr 2022 21:19:51 GMT
ETag
W/"623de86a-cf34"
Expires
Thu, 14 Apr 2022 05:21:37 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
159827, 1049883
X-Served-By
cache-lga21972-LGA, cache-hhn4062-HHN
X-Timer
S1650489592.708905,VS0,VE0
async_usersync.html
acdn.adnxs.com/dmp/ Frame 23B3 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid6.13.0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://pt.lizspaperloft.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
57483
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Wed, 20 Apr 2022 21:19:51 GMT
ETag
W/"623de86a-cf34"
Expires
Thu, 14 Apr 2022 05:21:37 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
159827, 1020424
X-Served-By
cache-lga21972-LGA, cache-hhn4047-HHN
X-Timer
S1650489592.711112,VS0,VE0
async_usersync
ib.adnxs.com/ Frame 1389 		0
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 20 Apr 2022 21:19:51 GMT
X-Proxy-Origin
193.27.14.25; 193.27.14.25; 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
a0f66a19-554b-4e6b-a9ba-6cc71a7857ac
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame AA37 		0
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 20 Apr 2022 21:19:51 GMT
X-Proxy-Origin
193.27.14.25; 193.27.14.25; 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
52403a1b-fbfb-402b-b160-c268362e8607
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 14C5 		0
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 20 Apr 2022 21:19:51 GMT
X-Proxy-Origin
193.27.14.25; 193.27.14.25; 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
990c9108-639b-4ae9-a954-5f94afc83ca8
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 23B3 		0
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 20 Apr 2022 21:19:51 GMT
X-Proxy-Origin
193.27.14.25; 193.27.14.25; 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
6b84c52f-b2dc-4d14-85fb-f39367d5b25e
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sid
mug.criteo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=2S0DHnw3b0c4RFlhTjVWVHd1NEp2NEJ0c1VVcXRHTDVKVTVocHFlMk52ZmluT0lsZnVQT2p6TFo5NXd6S1kxRTlPaVFwdGZLd2E5bUlrYjFsaElTbU5iVE1XcVpnekh1TXlSNFQ2YmlXTjJoR1dyeUJXYzR5SitReTFIRmhkVlZzeUxrNTJIalRyNTg2V0Fpc0M0Tm1BaVY3UFp3SWxsb1lXbUF6ckRma0JvalJJR0s3QW1TbGtkeGJrNzB5dWs5ZGkyOGhQbHdOeU43R2VkeXBqQjBoRE15OUNScmVLTUtHSzh2WndtWllpWTdER2M5cHBxaUZpWFJiRG5kWTVXdm5udXZzfA&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
null
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Wed, 20 Apr 2022 21:19:51 GMT
expires
0
pragma
no-cache
server-processing-duration-in-ticks
1045
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
dc_oe=ChMI-NXF7cij9wIVRsvVCh3Mogn0EAAYACDPmoBROhoIm9qCkAEQ3_6y1vIDGPX44t8DIMihhLSVEEITCK2Kpe3Io_cCFVOK_Qcd6aAK8A;dc_rmcid=CAASJ-Row093ftuAHf3RTltz17HdDZhuJEoZAl1n_Sr-nY65gW-G63gQ0A;eps=CIjhgBAQARgd...
ade.googlesyndication.com/ddm/activity/ Frame C02A 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI-NXF7cij9wIVRsvVCh3Mogn0EAAYACDPmoBROhoIm9qCkAEQ3_6y1vIDGPX44t8DIMihhLSVEEITCK2Kpe3Io_cCFVOK_Qcd6aAK8A;dc_rmcid=CAASJ-Row093ftuAHf3RTltz17HdDZhuJEoZAl1n_Sr-nY65gW-G63gQ0A;eps=CIjhgBAQARgd;met=1;acvw=sv%3D925%26v%3D20220413%26cb%3Dout%26e%3D9%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D8,232,293,739%26tos%3D2041,0,0,0,0%26mtos%3D2041,2041,2041,2041,2041%26amtos%3D0,0,0,0,0%26mcvt%3D2041%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2324%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D6%26pst%3D286%26dur%3D20053%26vmtime%3D2334%26dtos%3D2041%26dtoss%3D1%26dvs%3D2041%26dfvs%3D2041%26dvpt%3D2324%26is%3D275%26i0%3D18%26ic%3D16777473%26cs%3D16777491%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D399097614%26psm%3D7%26psv%3D6%26psfv%3D6%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,2041;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.07%26t%3D1650489589844;ecn1=1;etm1=0;eid1=200000;
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:52 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame C02A 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssG2UlWHA7_lAIEdboSiRX5kHu5FhRvxbRq1iLeF8PlaT47X353VlfdDWoig16urLt5RaQCklsdeLJrsMxrWe8q8HOXcRmB2U9Ge7MfkxUycwX_c6Y8xA&sai=AMfl-YT60gCa5PbchMbjQ8DS36_OGyMFqgSmp8VfBL_EOZmBx786t2454ifCTgovM47QLxINzBvNu_elDOVQb2Dj1BUbyS9GL2VTNy12QKN3h9YXmRqDSzRSTlE3v-m_5Ek&sig=Cg0ArKJSzF-xJ-CUIM28EAE&cid=CAASJ-Row093ftuAHf3RTltz17HdDZhuJEoZAl1n_Sr-nY65gW-G63gQ0A&id=lidarv&acvw=sv%3D925%26v%3D20220413%26cb%3Dout%26e%3D9%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D8,232,293,739%26tos%3D2041,0,0,0,0%26mtos%3D2041,2041,2041,2041,2041%26amtos%3D0,0,0,0,0%26mcvt%3D2041%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D2324%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D6%26pst%3D286%26dur%3D20053%26vmtime%3D2334%26dtos%3D2041%26dtoss%3D1%26dvs%3D2041%26dfvs%3D2041%26dvpt%3D2324%26is%3D275%26i0%3D18%26ic%3D16777473%26cs%3D16777491%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D399097614%26psm%3D7%26psv%3D6%26psfv%3D6%26psa%3D0%26pngs%3D9,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,2041&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.07%26t%3D1650489589844
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:52 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adview
securepubads.g.doubleclick.net/pagead/ Frame C02A 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CT3bT9XhgYu27A9OU9u8P6cGqgA_n_cq7acihhLSVEM_mor3AARABIKqAwyJgldqigrAHoAGX_pvwAsgBBakCCmX3rhg1sj6oAwGqBMQCT9BRg2zoiKBo4d6QI9GsxR1-yE8TQOVgHs5h53waaSbA2mripHSby7OkKksPd57Pqqnwmt36Dt5D7IsQyuSSxDp2xG6clz6a2-mHizaOzHbBv2q9w0oOPiI4vcWjGG_SbGTeytuIpkmRtOZP6jfTkaWq-gs-PPiDZPsCA5jBojtjFXRuDnCyh_pvhzmDEdciU66mHhunfUTMkHihmj8B9arNIrtHk91YkODpLjv95i9bnDnhhoSYM1iT01afW4_DkcZmomSKSlD-wxCmUc_j9JriAvfa8e13QQ63W9SpJPe3-nPijNMTAEtEAsQCP_YqxtYsSKuYx8SImLNItByX6tdrPLSLf1xLmrSsK35uaT6x6HgRMgm8pRnGAWnzUpwJIN8k4xad-wlBvnhRK1y3pn-MIwqXmykdqyzHjX7zJD0rIo8ywATf_rLW8gPgBAOIBe_LqL4-kgUGCAMQARgBkgUGCBsQAhgBkgUNCCIQAxgBSI3StwFQAZIFBggdEAQYAZIFBggdEAEYAZIFBggeEAEYAZAGAaAGdoAH0YHkjwGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHChDU9xwY28KuyAHSCAkIiOGAEBABGB3yCBthZHgtc3Vic3luLTc5NDQ3MjY3MDA2MDQ3MDGACgPICwGwE-ej6A7IE_X44t8D2BMKiBQC2BQB0BUBgBcBshceChwIABIUcHViLTU1MTIzOTA3MDUxMzc1MDcYku8h&sigh=36ibcxYdIIg&vt=1&uach_m=[UACH]
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers
async_usersync
ib.adnxs.com/ Frame 1389 		0
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 20 Apr 2022 21:19:52 GMT
X-Proxy-Origin
193.27.14.25; 193.27.14.25; 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
e3a95180-177b-4743-bac3-fca4c793054a
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame AA37 		0
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 20 Apr 2022 21:19:52 GMT
X-Proxy-Origin
193.27.14.25; 193.27.14.25; 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
df4772d6-3379-489e-b524-b0ceedceb915
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 14C5 		0
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 20 Apr 2022 21:19:52 GMT
X-Proxy-Origin
193.27.14.25; 193.27.14.25; 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
31b5e4c6-0ccb-4162-bfab-643189d72f5c
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 23B3 		0
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 20 Apr 2022 21:19:52 GMT
X-Proxy-Origin
193.27.14.25; 193.27.14.25; 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
951db3b4-ddf8-4d71-a7d4-b2539638eb38
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
/
a1.adform.net/serving/unload/ Frame 80F1 		35 B
502 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://a1.adform.net/serving/unload/?version=15&unload=6718199658697509927@@54370173,1551039507743951491,100|4681|0|0|0|0|0|0|0||160|1|||||1|0|0|wttyaNguiY1cPlakbYq96RfFbAlL4jcDepog248PTuUVdH9pxlMXHfL_QlhaeLlf0|||01||0
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.24 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:54 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires
-1
dc_oe=ChMI-NXF7cij9wIVRsvVCh3Mogn0EAAYACDPmoBROhoIm9qCkAEQ3_6y1vIDGPX44t8DIMihhLSVEEITCK2Kpe3Io_cCFVOK_Qcd6aAK8A;dc_rmcid=CAASJ-Row093ftuAHf3RTltz17HdDZhuJEoZAl1n_Sr-nY65gW-G63gQ0A;eps=CIjhgBAQARgd...
ade.googlesyndication.com/ddm/activity/ Frame C02A 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI-NXF7cij9wIVRsvVCh3Mogn0EAAYACDPmoBROhoIm9qCkAEQ3_6y1vIDGPX44t8DIMihhLSVEEITCK2Kpe3Io_cCFVOK_Qcd6aAK8A;dc_rmcid=CAASJ-Row093ftuAHf3RTltz17HdDZhuJEoZAl1n_Sr-nY65gW-G63gQ0A;eps=CIjhgBAQARgd;met=1;acvw=sv%3D925%26v%3D20220413%26cb%3Dout%26e%3D1%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D8,232,293,739%26tos%3D4772,0,0,0,0%26mtos%3D4772,4772,4772,4772,4772%26amtos%3D0,0,0,0,0%26mcvt%3D4772%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D5055%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D12%26pst%3D286%26dur%3D20053%26vmtime%3D5071%26dtos%3D2731%26dtoss%3D2%26dvs%3D2731%26dfvs%3D2731%26dvpt%3D2731%26is%3D275%26i0%3D18%26i1%3D275%26ic%3D0%26cs%3D16777491%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26qmt%3D4772,4772,4772,4772,4772%26qnc%3D0%26qmv%3D0%26qnv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D399097614%26psm%3D63%26psv%3D62%26psfv%3D62%26psa%3D0%26pngs%3D9s,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,4772;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.07%26t%3D1650489589844;ecn1=1;etm1=0;eid1=960584;
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:54 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/interaction/ Frame C02A 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/interaction/?ai=COpcu9XhgYu27A9OU9u8P6cGqgA_n_cq7acihhLSVEM_mor3AARABIKqAwyJgldqigrAHoAGX_pvwAsgBBakCCmX3rhg1sj6oAwHIA5sEqgTDAk_QUYNs6IigaOHekCPRrMUdfshPE0DlYB7OYed8GmkmwNpq4qR0m8uzpCpLD3eez6qp8Jrd-g7eQ-yLEMrkksQ6dsRunJc-mtvph6s2IAjMxXuoW3Bl4dsn3N5sy5HgkrdY2srb-6FJkV0MpOrzOHSgt_rtMMm7dm97QvabtKE7o-Bzm81wsnD5moA7g-TU11CupusYUn5EzGV5VJk_AwCpOCG6R2berJPg6ds4COUvW2k6FIWEmMZbZtBWn66sC5XHtG9QuygbjPSI6APLw3STnFnWQrMe12wyv1varjT3uPlL4iR5sgFO4Tx0A-_ZJ8YOPHWVeMHfbfol0qOWB-saI-S8ib_V4qYpN7tGVLVz_53JCtV-m6S50P0JlB88NxrvBuMdjgR-Zr_YZQlcu7Kb7ERHN68LHaU6A8AwhpWmsJUlwATf_rLW8gPgBAOQBgGgBnaAB9GB5I8BqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi03OTQ0NzI2NzAwNjA0NzAxgAoDyAsB4AsBgAwBsBPno-gOyBP1-OLfA9gTCogUAtgUAdAVAfgWAYAXAQ&sigh=HLT726Hjw58&label=videoplaytime25&ad_mt=5072&acvw=sv%3D925%26v%3D20220413%26cb%3Dout%26e%3D1%26nas%3D1%26if%3D1%26sdk%3Dh%26p%3D8,232,293,739%26tos%3D4772,0,0,0,0%26mtos%3D4772,4772,4772,4772,4772%26amtos%3D0,0,0,0,0%26mcvt%3D4772%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D5055%26gmm%3D4%26efpf%3D2%26nio%3D1%26vmmk%3D52%26nmt%3D0%26tcm%3D1%26bt%3D12%26pst%3D286%26dur%3D20053%26vmtime%3D5071%26dtos%3D2731%26dtoss%3D2%26dvs%3D2731%26dfvs%3D2731%26dvpt%3D2731%26is%3D275%26i0%3D18%26i1%3D275%26ic%3D0%26cs%3D16777491%26c%3D1%26mc%3D1%26nc%3D0%26mv%3D0%26nv%3D0%26qmt%3D4772,4772,4772,4772,4772%26qnc%3D0%26qmv%3D0%26qnv%3D0%26lte%3D-1%26ces%26avms%3Dnio%26qi%3D399097614%26psm%3D63%26psv%3D62%26psfv%3D62%26psa%3D0%26pngs%3D9s,14,15s%26veid%3Dumt%3A1,xdi%3A0,mvp_lv%3A1%26ssb%3D0,0,0,0,0,0,0,0,0,0,4772&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26dav%3D0%26ss%3D0.07%26t%3D1650489589844
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 20 Apr 2022 21:19:54 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cm.g.doubleclick.net
URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok_oise8fWqhk4svYsGRtb8nko&google_gid=CAESEDmnxOd4Y_pgc0lJ6yNcZq0

Verdicts & Comments Add Verdict or Comment

49 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails function| $ function| jQuery object| AdSlotCollection object| bootstrap object| __twttrll object| twttr object| __twttr object| __s object| instgrm boolean| __isGoogleAllowed object| googletag object| pbjs325474 object| AdPlayerPro function| pbjs325474Chunk object| _pbjsGlobals object| ADAGIO object| ggeac object| google_tag_data object| google_js_reporting_queue undefined| google_measure_js_timing object| google_reactive_ads_global_state object| googleToken object| googleIMState function| processGoogleToken number| google_unique_id object| gaGlobal object| sas object| apntag object| _ADAGIO object| GoogleGcLKhOms object| ampInaboxIframes object| ampInaboxPendingMessages object| google_image_requests

38 Cookies

Domain/Path Name / Value
pt.lizspaperloft.com/ Name: _pbjs_userid_consent_data
Value: 6683316680106290
.lizspaperloft.com/ Name: _sharedID
Value: ee225e62-3a6d-4651-b25c-d4a19947483a
.adnxs.com/ Name: uuid2
Value: 8092934772138864372
prebid.a-mo.net/ Name: __amc
Value: 2_1650489588_1650489588
.adnxs.com/ Name: icu
Value: ChgI8Jt7EAoYAiACKAIw9fGBkwY4AkACSAIQ9fGBkwYYAQ..
.adform.net/ Name: C
Value: 1
.casalemedia.com/ Name: CMID
Value: YmB49UKycvfJ7qLWk3e5DQAA
.casalemedia.com/ Name: CMPS
Value: 3229
.casalemedia.com/ Name: CMPRO
Value: 1125
.adform.net/ Name: uid
Value: 6718199658697509927
.adform.net/ Name: TPC
Value: 1650489589357
.melia.com/ Name: etuix
Value: 2jyQNUORzZys_FoRVWf1Qh2rItgpvzf_qM2LfAWyGIig3CzPJnuOBQ--
.melia.com/ Name: et0
Value: Nq0qs254irXgxbqtlwaTB6zhmtRIay6HRNhyNPL_3czY8FDChT4X85lEUtqmXjyLiC3QxC46B_8FurpArh2i1tby9BkrMrsHMkzT5eUjvnOtCDRx8wB7MvR8dWThxKKZ9GUz6yozR.xGPx0ytgIJ9KfnMLVfZYfHsoFUSF8CvKl7904dnyW0e5O9IBKsb_BTmYg-
.melia.com/ Name: et
Value: 1
.lizspaperloft.com/ Name: __gads
Value: ID=171f417a1f26b045:T=1650489588:S=ALNI_MYmHnYhY-Ic2fba4ijpo4_0oOSHpw
.doubleclick.net/ Name: IDE
Value: AHWqTUnwbVPzK_KXLSVcmXADkHUGAcZF3M9kBnJabxgI7byb_NPgiiZCCIUp4fd1FE0
.ctnsnet.com/ Name: cid_f722692a47e3427e9a5cb87f0db9f3d9
Value: 1
.blismedia.com/ Name: b
Value: 626078F6739F0D20C296A0C0BLIS
.ads.avads.net/ Name: av-mid
Value: 4db6b4c1-f795-4063-bfc2-9642a1090c38
.ads.avads.net/ Name: av-tp-gadx
Value: 1
.o2online.de/ Name: webShopPV
Value: ?partnerId=O2_DSP_TRA_HAV_14112_PV&mediacode=27008872_4307561_324252033_165558522_-0&ref=27008872_4307561_324252033_165558522_-0
.casalemedia.com/ Name: CMST
Value: YmB49WJgePYA
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2In<IYyv/!A#FB.TOKKnyW<U1`VROYQM-:=5b+JZ2v2pEWD2xL)+`5S).vp_IQ)US/bDZ/X%W#.wL4W1Qw1_Gdn-7
.casalemedia.com/ Name: CMRUM3
Value: 2d626078f62760CAESEFg8LpraSfrkmU0LYwWQ3rs
.pubmatic.com/ Name: KTPCACOOKIE
Value: YES
.demdex.net/ Name: demdex
Value: 37747604278428482270407829147324333584
.media.net/ Name: visitor-id
Value: 2934911907576901000V10
.media.net/ Name: data-g
Value: CAESEHJzYLEOLakqnKiXCMGF-kc~~3
.pubmatic.com/ Name: KADUSERCOOKIE
Value: FD1FF812-62D4-49CD-B2CB-4BBEE365ACB9
.skydeutschland.demdex.net/ Name: skydeutschland
Value: 37747604278428482270407829147324333584
.bidswitch.net/ Name: tuuid
Value: a2ec3eb6-2b1f-41c5-8fc8-ce634894c754
.bidswitch.net/ Name: c
Value: 1650489590
.bidswitch.net/ Name: tuuid_lu
Value: 1650489591
.bidswitch.net/ Name: google_push
Value: AYg5qPJQlLXqY80ooFkh6m3BwmZVsPlfWmbDq2dw94KTeeo1lWZDzJl5mUwTmvH8legeNlMts3jwCrUnGkhfxPIsB0_6qU-xTopk
.adsrvr.org/ Name: TDID
Value: 44a8e3f0-c8a6-460e-b19d-2afa49e9ec50
pt.lizspaperloft.com/ Name: unifiedid
Value: %7B%22TDID%22%3A%2244a8e3f0-c8a6-460e-b19d-2afa49e9ec50%22%2C%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222022-04-20T21%3A19%3A51%22%7D
.lizspaperloft.com/ Name: cto_bundle
Value: cxbddF96NFFPN21lYVZhU2hLVzB0Sk10R3Y0Qm0lMkJqaWMxbXdtZjR5c1VxdkolMkIlMkZBNmJFMzhCZ0hLVXhERURiJTJGc2tzZlNzSkZQdFB1Ym9pOFlmQzNSOWQlMkJOWWxkcHlzNU4wTHBhQUE4RFpjOU4zM2p5JTJCRmdUJTJGQVdCNTJsaHk2S09iUmdY
.lizspaperloft.com/ Name: cto_bidid
Value: Lt-frF9TJTJCc29ia3NMTSUyRjN2U1pJaTR2WVRrOXlucjAlMkIxR25Nanh2dTJhYXZUQTQ3VmR4dEVKYnlkNm1makxDRVhmWGZUa00zJTJGc1hKdjNqVThQbXVUQm15bHZBJTNEJTNE

2 Console Messages

Source Level URL
Text
network error URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YmB49UKycvfJ7qLWk3e5DQAABGUAAAAB&google_cver=1&google_push=AYg5qPJHM3Bl4APWb2t98by_s-PbS9FXk84u3vMWp0Gc5fgARpVjPnAIObNrfhIIgRe4Ynacbmok_oise8fWqhk4svYsGRtb8nko&google_gid=CAESEDmnxOd4Y_pgc0lJ6yNcZq0
Message:
Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
javascript warning URL: https://d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Message:
The resource https://c.bannerflow.net/accounts/melia-hotels-international/59c9120b31ae8f128419d688/published/1957125/2252985/preload.jpg was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a1.adform.net
acdn.adnxs.com
ade.googlesyndication.com
ads.avads.net
ads.yieldmo.com
adservice.google.com
adservice.google.de
adx.adform.net
bid.g.doubleclick.net
c.bannerflow.net
c1.adform.net
cdn.jsdelivr.net
cdnjs.cloudflare.com
cm.g.doubleclick.net
cs.chocolateplatform.com
cs.media.net
csi.gstatic.com
d5fa0b2c9fcd34ad127755b12ab68a22.safeframe.googlesyndication.com
dclk-match.dotomi.com
dsp.adkernel.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
gcdn.2mdn.net
gcm.ctnsnet.com
get.optad360.io
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
ib.adnxs.com
image6.pubmatic.com
imasdk.googleapis.com
lizspaperloft.com
m.exactag.com
match.adsrvr.org
mm.melia.com
mug.criteo.com
pagead2.googlesyndication.com
pixel.adsafeprotected.com
platform.twitter.com
portal.o2online.de
prebid-eu.creativecdn.com
prebid.a-mo.net
productsup.melia.com
pt.lizspaperloft.com
r5---sn-4g5edns6.c.2mdn.net
rtb.openx.net
s0.2mdn.net
s1.adform.net
script.4dex.io
securepubads.g.doubleclick.net
skydeutschland.demdex.net
static.adsafeprotected.com
syndication.twitter.com
tpc.googlesyndication.com
tr.blismedia.com
track.adform.net
www.google.com
www.googletagservices.com
www.instagram.com
x.bidswitch.net
cm.g.doubleclick.net
104.244.42.72
109.232.197.33
142.250.181.226
142.250.185.226
142.250.186.98
143.204.98.27
147.75.38.124
15.197.193.217
151.101.193.108
159.203.145.121
174.137.133.49
178.250.2.146
185.184.8.90
185.33.220.244
185.64.190.78
2001:4860:4802:32::3
213.202.235.10
23.35.228.23
2600:9000:2156:3800:11:a4de:2580:93a1
2600:9000:2156:8a00:8:48e:53c0:93a1
2606:2800:234:59:254c:406:2366:268c
2606:4700:20::681a:9a9
2606:4700::6810:5914
2606:4700::6810:d40
2606:4700::6811:190e
2a00:1450:4001:6d::a
2a00:1450:4001:800::200e
2a00:1450:4001:80f::2002
2a00:1450:4001:810::200a
2a00:1450:4001:811::2002
2a00:1450:4001:813::2002
2a00:1450:4001:813::2006
2a00:1450:4001:828::2002
2a00:1450:4001:829::2001
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2002
2a00:1450:4001:830::200a
2a00:1450:4001:831::2001
2a00:1450:4001:831::2004
2a02:2638:1::13
2a02:fa8:8806:13::1400
2a03:2880:f21c:80e5:face:b00c:0:4420
2a06:98c1:3120::7
34.96.105.8
35.186.193.173
35.205.207.25
35.211.178.172
35.227.252.103
37.157.4.24
37.157.6.234
37.157.6.246
52.17.82.33
52.31.67.18
54.77.236.4
69.192.160.245
74.125.71.156
82.113.101.132
002084fa5c9418e25362d61c5d8dc7993995b7e737843fb0fb776d5f51d01fa9
01f639fd4c4119503e72e2bf2eb9c8a5984f7c83c7683c82dd0350ee9f63b3fd
0609b70c35eab974a2c2d99d6da5d84d95b97f9fe3d28828710d04835153cb20
0900693ba4018c6de9126b543a8a3c50080eb74d1ed0696e5cc8fca0c0c99513
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
108a5ee6306c726271c490dceca48e5fb5a148ea41fcb9fe55cd5d348f16eb57
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13f578716138aaf01e3b930e863b46b6a0f33e77513b52c193c949fcf47b080e
1bb251267df92cbdc97a23b1e417a7bc40a8e10db73ac7baaf05fdc509961d86
1c8bf8cbe4f6429279e56e59929ef2315bb5c29f89e333e98d26d64c8c4afaba
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
1e694c08571bfbf2c4a52da22a7d339d48c480146c4fa948f5a39bf52c99a0d0
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
2392bb69de9eb1e9efad1da54204d43b70c52e5b6004b053d1e645fac906ac3f
261b8cd0496e1a916c0ccd3ea6fa97e13922d6721c3ab5c5dcb268bcc6acc082
27c213c59fde2e5782b568e0d63b8b13b04eb8420512972823d5ba9f62d68204
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
295312fdc2e0f59ddb60651b102ddb9b3641cfd7b89db0084c9f5f88dc484fb3
2a04fa46b4ebc4bb2c93126695f45b0acf711870e1f169bb95247592c28c24a8
2b37b00f9400fedda05e3feb73c40b2a19af5fbd2d2d327c39e9476cff3dd9c8
2c3109a82c3a2c23e65bf887a0c7d13be0a8c7a3d1468103051144cb9e84ad77
2c91a7d22d8f83cc86fb0ce298547986d4ac0c4e68a25b2b1a4965e074319e0c
32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7
338e82d153d7528cf84d4a23482d2d7e308db7095b8392c3488e68dda0db9d42
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
374ab94edf42f3fa6b9754f8c40f0475184f16f2742704522fee1f3bee9385ea
3a3ab954663ae472128d91abec0ade61efdebaa344f970409434a7ed63ef9df5
3ba9caa53f9d0fc2c7182f39ba4c4d5e66c54bc55329a21d95ab5fb3fd4db815
3bed460c8d9b5ca84c390278610d80bdc15c12abaa1481b85b1a375e1215aeda
3c7c17459ec57867f6812625f1b95e2f878363ca728b92a5968d2fc8e60d9712
3d0bf782b47dcd079eedf6bb34ecb0742c114a4e4b90e37a58a412482101b475
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3f7aaa0630d1b0419bd532c259cc4ab9bf4b9d8e89fd14b8458e6551ca167aba
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
4035ebe5cb2d406bb1994e2cd6148a03ed88da2c9b3ca2ffc9da86e1e5a602fc
41c302d1d8bb290cdac6d110f44da808d9adcb7327378063a10ade591976cea1
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
4373878b9f750698b6a199ebc0eb0e550df208c5a1f9f778a346e271a2b4d733
45d1f5f6cf913746c45dd697b1a8f3b719c02d8b3f678dc7fc2766d54e1aaf6e
48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
521410e1fc44780061e09adc980275fb5ea277fd5d9e538454214ec4379ff4bc
53b7b550acc8de8faf9a78bdbf1076c11c1b8ae989a29ea62d65daffbbb2b0fa
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57e93fdbf1afa598c0761c3729e1fe3ac8f8d3469fcee77e7182b1d7803eb145
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62c7a4a8d89680c949c9e79163c4995185befd8f96430c0fa9755e3083f42eab
63cefbc4133c7e859c623d9ce6e0751e94bfc16d5861fd24c3dacdc6ae228ada
66bdef0724e5306421bcc7e0910e41b5645228119ad9096ca4a6099e48d94e6a
675dcd6b9174a58e7a075bdb8b16b49ab0268c38443341ede6f343f4ce92e481
69d7a96bc36e1d50c32ce5396f6e23b0c9e7b3a73b7c389629c111c2f1c5c65f
6ca8ffa3793893211b88ffda414c65d61a0d9a66a6cf571427b55912f6245ec0
6f19334fe9b6238724f9a3cef47321ccac8c16a20ae3717057d131415badae1f
710bf3b3a54e164c3bde1c64dd239d2e8cafb6277fecfcfff4bda901d81d377b
71cf4136b9a8327132fc54dffdbc96bc6ddbf48e9050264b33fc457b6149c81a
74804780bace24623da9e1547966720e292906113ed14874a5cd5bce4dba7c67
78eaddff32589c813d37f5cf5b1f8df80c174f9b3db591975ca8fcc482d3e53c
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11
7a12db1519c4f3394693c42eb8a8e6d0415cafbe7e0387ba6d824351364481d2
7ac12c45b91c1e960c86dca2b137081c6e861123624d08442f5a80ff24be47de
7c610b4bbc61182bb3cd61788cc96d8f9143f2cc191fa41371197920fbd80062
802f33a3941dcda9d727eae784ad9056e2618204b6e79bb8bcff0840e9762d62
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8379c65b5db0f6ade463ba40d4017c327ca12d3403e64484bd0ea1b6c796294c
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
879cab3d6755806dfc9a395f8a3cfd0978cfab8897d55fda48ad06ef09bb9003
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
89a5cfd08b7b3d3de5da747e3da6b444575c48b1eb0a107d176c64f4fa173b10
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e2f9be3123d627bd899e7927cd9ead60d05975abc973c0794ed1db14dc4b5f3
8f5754e162c6914f84645c43b52dd3fb050092dc7214e09c50831cec1a97b40b
924b0dc630d1c5dff9fa31aead9509775b1d476bfe0a5ac2977b2f11205a26ac
92840660fe25bc8221d448f9651bf3ea9d924d6093edc257559c2e98239e5979
929d9e7f809aae29b56c16a40ca6c2b190a9385a786a0bdd4dcdf4f9c450fd7d
95123151b63c2ac4a243f8ac1e0f11895292b5e9966a8fd0e96fb3760822ac8c
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b4e594b808e6b6b6ca69cc6c7058408d00d2269a8e4fe908b60434c77d2d783
9df9512d0f2332b34e43e220b6bdc675dc6b663e72406edde64fd96dc9128e1b
9e9716d8324899b6c3879c632a07fcd39c2f9527335febf2a070504cf96fc726
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a2d307da74741d6b6026ec9df019cd82dc3bfcc322c932fc7fe9b5ebabcd486d
a3c5ff7e114ffe32212ee07123f9dc6aa19c09072e44fe64649c9cc747040cab
a3e9bdb71906b8e4409ae42d49bc07826b57c128164235bf126188cdddc2f14b
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a53c43f834b32309b084ea9314df8307e9c78cee2202c6e07f216ae4ae5b704d
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a78fc80bfe80d553ad5df7623c161af9e81ba477f78ed376c05153cbb5a53d9f
a7d5c1bfe43c8beefab2fa059f4fcaa029fcbbace9a672aae1dfe1ffb7d6976c
a84f2d69d6e8d03741219c188668e5d99aa6bc3651b23d6aee31da98756ebc4d
a91e18d4af2c456afc3a0a1a36b23f119b21f047a9781fe56a39da9bb4b7aec2
a944f9ef22a49bdcee0175bf86081c9ebbbc3da5268cad0708346c15bb8d304e
aa1c72e44c5aa91d24fc6ef2966a7d68363dd342bc325989e9f4dfaae39f54f0
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b081da29fb0d2b34dd03b08da016d059bca2064de9cc5de2abd86dda92f22805
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1b0fe28b487a7d38e53d5549b31c8f92e89febf8ffd74bb7f0a1624c7395d04
b29440625a04aa7de80ff85c9a125321c88d67b951ceda13115269b4020168d9
b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79
bd31cefd1c8e60607eb5c3468ae82fee34636abefb85dbaf3e754e32d1917ac3
bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a
c0fbc22f10dccac81439d9c7dbc1b72544aa874e8dddda873dcaf15ef0dd9447
c321245e6d62047e34eb64d468495376a05026060a19408588ba2dd9e552f1aa
c4ccadf73a1fda71065011190d5644f48979b6095b0f6bbbfa64b8043c5fc2ed
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
c842fa8019eafc4beae4bd989e2c486d3ecd7a407edb21804c35a1726a90fec7
cb08a7877623a64fa891caad146ec64c94e4cfee3108951848ceef9da5968c8d
cb10bc08acd0b1ff67cddb8435e544b350c49b3b9dc433f6cbc7dcda664b7de7
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cda3c421b62828768ee2741a35bef36bcfdb1199ee3eb987269f7d1ce2dd8876
ceea75ef4b44fa966d673306ae0d3b8564155d56231809240479eab8b299c3cf
cf5521546e58ea96d01455479ff4461630555192e19cdd750401f572f188bc21
cfff66f0285504658a03b932d7bc9451d655ea76dc758be3dad7750b57ed7999
d0c7601774a4c4e3d9a4d6a1217f74d67981b005302aa5eb4bc7ddbdc94ad01e
d2f1c02480d0eee7e883d40b60f4ebe9a7816d872cfae71769ea68f235cda3ed
d545b0de5199928169a9eb70e4ea94a856936a826b1bc868619a7ff0a2f85bc6
d606ea735063f3b366c7af92a5294022cbb063d06d12fd544622704b81e449f3
d7a7e1efdbe81c643cd002d5985e8a60257d76e260fed3d6422d4284529e8c65
d7f2a53ec64c3613054b8aca405af6eeb1e8dc1bf371d4676f5dbe917e3986d8
e1dd80f9f8d09d3341e35c8dc3ac35f3de4b6d6a3a6940cd85cc6a59aa4ac492
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839
e4d103cf93f178c3b8d7e61f8b7a2ba969784c766ce16a578fb83be5385c87f6
e62d54228fddc3f254f816dd251462b91a84c6c3d9fb0efd3019741e5d2a1d0f
e653eaed83aeecb02dd5f3d11848e1f860db1b052e70df4ff9cbc9175eb2edb8
e66bfceb15a6ee125dff79826be02a07b766843e6c660edf55ec0c22d1a407c1
e7052ee7e4fa3d19fa953957b23d6cd29b2311739ec0932d6e570577d19f2503
e8a90594cc8c2796c488059c7ee25ce6cc9de27c7ac359ee680b50a2bf438da6
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
eb1c11244a3cfb59e1a08031732c6b9d7fdca0d73edca403bc147347aaf588e1
ebc588aed8b8d247bf7ab72d7f91de1d0be3cfa4ab6046ab32a43e005152f4c2
ec8af15c3e1fce30e228908cbfdc1402bfbb0e69c4d84be1efac0b0d918fdfdb
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef26a0ba972764225128f30872097aef24a27a3eb97ad27ad60de92e1c7c0774
ef2e3293c1558e5b49e30e1e094cfc3412ec386a68067aee04a92fc913f2c2ce
ef886cb5d32f41ad994d2e851d2056c029e93e0f76116695f8ab525785e2306e
f6441798447ba251e1090a35dcee01ee8b3e9446325a4c058fabda6090a90a16
f6c417546ab95f377359977407b1c777b74643ef2f7e5eb6aaf410ce540c462a
f7e06ae449bdd4ebece6e26cdb36840f7cb19f28b57bbb6b8647a54535557d3f
f9d6ad667fb61dda87c8e7618d2d2c0ba596e2aeb3c3e372448f9a23aa1294bb
f9dc5ca4e7676e4848a5a541b1782fe636b556b71d4c789b7e155d7b0e6fc265
faf4661d03ebf2f1b29a9f0b85ab5ca1d1026bcab048df045d85dca5e2859cbc
fc5232f374867af26681cfdeef028a49c5708ab1124f9cae4997fde6dea9da26
fce55aebdeb1228673436efdb29b4b4ec6b00b205cdce110c24cc8d3bb0fd673
fe7e7519d81d0e00a237672a4cd5c8728f608363b36a8fe785c64ef9d71399e8