hr.chicadventureit.com Open in urlscan Pro
2606:4700:3033::ac43:b333 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://hr.chicadventureit.com/50-compassionate-condolence-messages
Submission: On February 11 via manual (February 11th 2022, 3:07:33 pm UTC) from DE — Scanned from DE

Summary HTTP 119 Redirects Links 28 Behaviour Indicators

Summary

This website contacted 33 IPs in 4 countries across 31 domains to perform 119 HTTP transactions. The main IP is 2606:4700:3033::ac43:b333, located in United States and belongs to CLOUDFLARENET, US. The main domain is hr.chicadventureit.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 30th 2021. Valid for: a year.

This is the only time hr.chicadventureit.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
12	2606:4700:303... 2606:4700:3033::ac43:b333	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	188.166.135.13 188.166.135.13	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	2606:4700::68... 2606:4700::6810:5614	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:223... 2600:9000:223c:8a00:6:b871:4f00:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:225... 2600:9000:225e:ba00:11:a4de:2580:93a1	16509 (AMAZON-02) (AMAZON-02)
5	45.133.44.25 45.133.44.25	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
1	151.139.128.11 151.139.128.11	20446 (HIGHWINDS3) (HIGHWINDS3)
1	35.190.59.101 35.190.59.101	15169 (GOOGLE) (GOOGLE)
2	35.201.67.47 35.201.67.47	15169 (GOOGLE) (GOOGLE)
2	35.190.91.160 35.190.91.160	15169 (GOOGLE) (GOOGLE)
7	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
3	45.133.44.24 45.133.44.24	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1	78.47.199.218 78.47.199.218	24940 (HETZNER-AS) (HETZNER-AS)
12	37.157.4.25 37.157.4.25	198622 (ADFORM) (ADFORM)
2	2606:4700:20:... 2606:4700:20::681a:8a9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 6	185.33.220.100 185.33.220.100	29990 (ASN-APPNEX) (ASN-APPNEX)
4	185.184.8.65 185.184.8.65	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
4	147.75.38.124 147.75.38.124	54825 (PACKET) (PACKET)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
3 9	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
2 4	184.30.24.241 184.30.24.241	16625 (AKAMAI-AS) (AKAMAI-AS)
5	37.157.6.235 37.157.6.235	198622 (ADFORM) (ADFORM)
1	34.96.105.8 34.96.105.8	15169 (GOOGLE) (GOOGLE)
1 1	159.65.197.210 159.65.197.210	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2 2	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
1	35.212.101.174 35.212.101.174	15169 (GOOGLE) (GOOGLE)
2 2	35.158.233.132 35.158.233.132	16509 (AMAZON-02) (AMAZON-02)
2 2	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
1 1	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
119	33

12 2606:4700:3033::ac43:b333 (United States)

ASN13335 (CLOUDFLARENET, US)

hr.chicadventureit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
chicadventureit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.166.135.13 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)

go5s.biz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:8a00:6:b871:4f00:93a1 (United States)

ASN16509 (AMAZON-02, US)

cmp.optad360.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:225e:ba00:11:a4de:2580:93a1 (United States)

ASN16509 (AMAZON-02, US)

get.optad360.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 45.133.44.25 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

js.wpadmngr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
na.nawpush.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
9873bb2aa8.85e954452d.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.128.11 (United States)

ASN20446 (HIGHWINDS3, US)

s.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.59.101 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 101.59.190.35.bc.googleusercontent.com

r.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.67.47 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 47.67.201.35.bc.googleusercontent.com

t.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.91.160 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 160.91.190.35.bc.googleusercontent.com

p.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 45.133.44.24 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

js.wpushsdk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js.wpshsdk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 78.47.199.218 (Nuremberg, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.218.199.47.78.clients.your-server.de

notification.tubecup.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 37.157.4.25 (Denmark)

ASN198622 (ADFORM, DK)

adx.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:8a9 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.33.220.100 (Amsterdam, Netherlands) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.184.8.65 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-65.rtbhouse.net

prebid-eu.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 147.75.38.124 (Amsterdam, Netherlands)

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.185.194 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 184.30.24.241 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-24-241.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.157.6.235 (Denmark)

ASN198622 (ADFORM, DK)

s1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.65.197.210 (Amsterdam, Netherlands) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

match.adsby.bidtheatre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.111.18 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.212.101.174 (Washington, United States)

ASN15169 (GOOGLE, US)
PTR: 174.101.212.35.bc.googleusercontent.com

cs.chocolateplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.158.233.132 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-233-132.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.126.56.137 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.129 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 92 b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 120	96 KB
18	doubleclick.net 3 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 159 googleads.g.doubleclick.net — Cisco Umbrella Rank: 37 cm.g.doubleclick.net — Cisco Umbrella Rank: 175	176 KB
17	adform.net adx.adform.net — Cisco Umbrella Rank: 4785 track.adform.net — Cisco Umbrella Rank: 3678 s1.adform.net — Cisco Umbrella Rank: 7462	145 KB
12	chicadventureit.com hr.chicadventureit.com chicadventureit.com	152 KB
6	adnxs.com 1 redirects ib.adnxs.com — Cisco Umbrella Rank: 210	20 KB
6	skimresources.com s.skimresources.com — Cisco Umbrella Rank: 2775 r.skimresources.com — Cisco Umbrella Rank: 2667 t.skimresources.com — Cisco Umbrella Rank: 2808 p.skimresources.com — Cisco Umbrella Rank: 3600	22 KB
5	google.com adservice.google.com — Cisco Umbrella Rank: 59 www.google.com — Cisco Umbrella Rank: 2	2 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 488	4 KB
4	a-mo.net prebid.a-mo.net — Cisco Umbrella Rank: 1014	984 B
4	creativecdn.com prebid-eu.creativecdn.com — Cisco Umbrella Rank: 5927	736 B
3	google.de adservice.google.de — Cisco Umbrella Rank: 9027	1 KB
3	wpadmngr.com js.wpadmngr.com — Cisco Umbrella Rank: 29894	30 KB
3	optad360.io cmp.optad360.io — Cisco Umbrella Rank: 40385 get.optad360.io — Cisco Umbrella Rank: 25229	199 KB
2	yahoo.com 2 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 269	921 B
2	advertising.com 2 redirects pixel.advertising.com — Cisco Umbrella Rank: 307	941 B
2	3lift.com 2 redirects eb2.3lift.com — Cisco Umbrella Rank: 356	943 B
2	4dex.io script.4dex.io — Cisco Umbrella Rank: 1902	24 KB
2	wpshsdk.com js.wpshsdk.com — Cisco Umbrella Rank: 14510	21 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 401	4 KB
1	rfihub.com 1 redirects a.rfihub.com — Cisco Umbrella Rank: 2921	1 KB
1	chocolateplatform.com cs.chocolateplatform.com — Cisco Umbrella Rank: 2230	122 B
1	bidtheatre.com 1 redirects match.adsby.bidtheatre.com — Cisco Umbrella Rank: 2152	550 B
1	blismedia.com tr.blismedia.com — Cisco Umbrella Rank: 2590	173 B
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 146	38 KB
1	tubecup.net notification.tubecup.net — Cisco Umbrella Rank: 10192	193 B
1	wpushsdk.com js.wpushsdk.com — Cisco Umbrella Rank: 39089	6 KB
1	85e954452d.com 9873bb2aa8.85e954452d.com	199 B
1	nawpush.com na.nawpush.com — Cisco Umbrella Rank: 42228	480 B
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 250	30 KB
1	go5s.biz go5s.biz — Cisco Umbrella Rank: 231191	15 KB
0	sonobi.com Failed sync.go.sonobi.com Failed
119	31

	Domain	Requested by
11	chicadventureit.com	hr.chicadventureit.com chicadventureit.com
10	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
9	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com
8	adx.adform.net	get.optad360.io
7	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com googleads.g.doubleclick.net
7	securepubads.g.doubleclick.net	get.optad360.io securepubads.g.doubleclick.net
6	ib.adnxs.com	1 redirects get.optad360.io googleads.g.doubleclick.net
5	s1.adform.net	track.adform.net s1.adform.net hr.chicadventureit.com
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	track.adform.net	b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com s1.adform.net
4	prebid.a-mo.net	get.optad360.io
4	prebid-eu.creativecdn.com	get.optad360.io
3	adservice.google.com	securepubads.g.doubleclick.net
3	adservice.google.de	securepubads.g.doubleclick.net
3	js.wpadmngr.com	hr.chicadventureit.com js.wpadmngr.com
2	ups.analytics.yahoo.com	2 redirects
2	pixel.advertising.com	2 redirects
2	eb2.3lift.com	2 redirects
2	googleads.g.doubleclick.net	b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com hr.chicadventureit.com
2	www.google.com	tpc.googlesyndication.com b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com
2	b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	script.4dex.io	get.optad360.io script.4dex.io
2	js.wpshsdk.com	js.wpadmngr.com js.wpshsdk.com
2	p.skimresources.com	hr.chicadventureit.com
2	t.skimresources.com	hr.chicadventureit.com s.skimresources.com
2	get.optad360.io	hr.chicadventureit.com get.optad360.io
2	cdn.jsdelivr.net	hr.chicadventureit.com get.optad360.io
1	a.rfihub.com	1 redirects
1	cs.chocolateplatform.com	b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com
1	match.adsby.bidtheatre.com	1 redirects
1	tr.blismedia.com	b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com
1	www.googletagservices.com	b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com
1	notification.tubecup.net
1	js.wpushsdk.com	js.wpadmngr.com
1	9873bb2aa8.85e954452d.com	js.wpadmngr.com
1	na.nawpush.com	js.wpadmngr.com
1	r.skimresources.com	s.skimresources.com
1	s.skimresources.com	hr.chicadventureit.com
1	ajax.googleapis.com	hr.chicadventureit.com
1	cmp.optad360.io	hr.chicadventureit.com
1	go5s.biz	hr.chicadventureit.com
1	hr.chicadventureit.com
0	sync.go.sonobi.com Failed	b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com
119	43

This site contains links to these domains. Also see Links.

Domain
www.optad360.com
chicadventureit.com
bg.chicadventureit.com
fr.chicadventureit.com
hi.chicadventureit.com
hu.chicadventureit.com
cs.chicadventureit.com
tr.chicadventureit.com
ko.chicadventureit.com
ja.chicadventureit.com
el.chicadventureit.com
da.chicadventureit.com
it.chicadventureit.com
ca.chicadventureit.com
de.chicadventureit.com
lv.chicadventureit.com
lt.chicadventureit.com
nl.chicadventureit.com
no.chicadventureit.com
pl.chicadventureit.com
pt.chicadventureit.com
sv.chicadventureit.com
sr.chicadventureit.com
sk.chicadventureit.com
sl.chicadventureit.com
ro.chicadventureit.com
uk.chicadventureit.com
ru.chicadventureit.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-08-30` - `2022-08-29`	a year	crt.sh
go1s.biz R3	`2022-01-10` - `2022-04-10`	3 months	crt.sh
*.optad360.io Amazon	`2021-11-17` - `2022-12-15`	a year	crt.sh
js.wpadmngr.com R3	`2022-01-16` - `2022-04-16`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
*.skimresources.com DigiCert SHA2 Secure Server CA	`2021-09-27` - `2022-10-28`	a year	crt.sh
na.nawpush.com R3	`2022-02-09` - `2022-05-10`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
9873bb2aa8.85e954452d.com R3	`2022-01-19` - `2022-04-19`	3 months	crt.sh
js.wpushsdk.com R3	`2022-01-16` - `2022-04-16`	3 months	crt.sh
js.wpshsdk.com R3	`2022-01-28` - `2022-04-28`	3 months	crt.sh
notification.tubecup.net R3	`2022-01-28` - `2022-04-28`	3 months	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.creativecdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-30` - `2022-04-12`	a year	crt.sh
*.a-mo.net R3	`2021-12-28` - `2022-03-28`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
tr.blismedia.com GTS CA 1D4	`2021-12-23` - `2022-03-23`	3 months	crt.sh
chocolateplatform.com GTS CA 1D4	`2021-12-21` - `2022-03-21`	3 months	crt.sh

This page contains 10 frames:

Primary Page: https://hr.chicadventureit.com/50-compassionate-condolence-messages
Frame ID: DF42172EBD4D951794E8B9462234B50C
Requests: 70 HTTP requests in this frame

Frame: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.8213493451077989
Frame ID: 56A046AC3BC5C8E5C5EE0C7E61A48425
Requests: 1 HTTP requests in this frame

Frame: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 184CDD99419FE245DF9906EAC5B82919
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 541E0D51CE01730B8C8C939314A254E6
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 10971CCA4A03D4AF697DA6C9024E1A86
Requests: 2 HTTP requests in this frame

Frame: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 3F580FCF4150EDF63D94E9AA29F85857
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMwDENi0ZBi6qpSTATAB&v=APEucNURoMg265eIlmGM596VfxtOVT8CPX02LTrb9MGznFuTBrBfFkTt3ZflY-VHS2Mp1NnvD8gX880Art2POOwnA9jz5VwZsMg56L21rfZPhkM-8HZMHk0maP3bG67ZPi9s17jKdIxbhwrfLrl3QFoKQnEW90NATb0FDtr7w712sWQFa2JtOP69JZBstnI8YMbOxdA6SFfqsgELNTbDJaRkxpPKfgUGDg
Frame ID: FE2ED6A5EDCD3753B026405B417DC998
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 9E81545E9A1754643DBBB8D04879B06D
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 63E1FFBB19AF2CF2A4FA03FEFBD53F56
Requests: 9 HTTP requests in this frame

Frame: https://s1.adform.net/Banners/Elements/Files/133175/10866327/10866327.js?ADFassetID=10866327&bv=514
Frame ID: E13698ED60D75869332E2AF6C8C11AA2
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

suosjećajne poruke sućuti za gubitak voljenih osoba

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

119
Requests

88 %
HTTPS

38 %
IPv6

31
Domains

43
Subdomains

33
IPs

4
Countries

984 kB
Transfer

2656 kB
Size

28
Cookies

28 Outgoing links

These are links going to different origins than the main page.

URL: https://www.optad360.com/en/?utm_medium=AdsInfo&utm_source=hr.chicadventureit.com
Title: Ads by optAd360

Search URL Search Domain Scan URL

URL: http://chicadventureit.com/50-compassionate-condolence-messages
Title: ES

Search URL Search Domain Scan URL

URL: http://bg.chicadventureit.com/50-compassionate-condolence-messages
Title: BG

Search URL Search Domain Scan URL

URL: http://fr.chicadventureit.com/50-compassionate-condolence-messages
Title: FR

Search URL Search Domain Scan URL

URL: http://hi.chicadventureit.com/50-compassionate-condolence-messages
Title: HI

Search URL Search Domain Scan URL

URL: http://hu.chicadventureit.com/50-compassionate-condolence-messages
Title: HU

Search URL Search Domain Scan URL

URL: http://cs.chicadventureit.com/50-compassionate-condolence-messages
Title: CS

Search URL Search Domain Scan URL

URL: http://tr.chicadventureit.com/50-compassionate-condolence-messages
Title: TR

Search URL Search Domain Scan URL

URL: http://ko.chicadventureit.com/50-compassionate-condolence-messages
Title: KO

Search URL Search Domain Scan URL

URL: http://ja.chicadventureit.com/50-compassionate-condolence-messages
Title: JA

Search URL Search Domain Scan URL

URL: http://el.chicadventureit.com/50-compassionate-condolence-messages
Title: EL

Search URL Search Domain Scan URL

URL: http://da.chicadventureit.com/50-compassionate-condolence-messages
Title: DA

Search URL Search Domain Scan URL

URL: http://it.chicadventureit.com/50-compassionate-condolence-messages
Title: IT

Search URL Search Domain Scan URL

URL: http://ca.chicadventureit.com/50-compassionate-condolence-messages
Title: CA

Search URL Search Domain Scan URL

URL: http://de.chicadventureit.com/50-compassionate-condolence-messages
Title: DE

Search URL Search Domain Scan URL

URL: http://lv.chicadventureit.com/50-compassionate-condolence-messages
Title: LV

Search URL Search Domain Scan URL

URL: http://lt.chicadventureit.com/50-compassionate-condolence-messages
Title: LT

Search URL Search Domain Scan URL

URL: http://nl.chicadventureit.com/50-compassionate-condolence-messages
Title: NL

Search URL Search Domain Scan URL

URL: http://no.chicadventureit.com/50-compassionate-condolence-messages
Title: NO

Search URL Search Domain Scan URL

URL: http://pl.chicadventureit.com/50-compassionate-condolence-messages
Title: PL

Search URL Search Domain Scan URL

URL: http://pt.chicadventureit.com/50-compassionate-condolence-messages
Title: PT

Search URL Search Domain Scan URL

URL: http://sv.chicadventureit.com/50-compassionate-condolence-messages
Title: SV

Search URL Search Domain Scan URL

URL: http://sr.chicadventureit.com/50-compassionate-condolence-messages
Title: SR

Search URL Search Domain Scan URL

URL: http://sk.chicadventureit.com/50-compassionate-condolence-messages
Title: SK

Search URL Search Domain Scan URL

URL: http://sl.chicadventureit.com/50-compassionate-condolence-messages
Title: SL

Search URL Search Domain Scan URL

URL: http://ro.chicadventureit.com/50-compassionate-condolence-messages
Title: RO

Search URL Search Domain Scan URL

URL: http://uk.chicadventureit.com/50-compassionate-condolence-messages
Title: UK

Search URL Search Domain Scan URL

URL: http://ru.chicadventureit.com/50-compassionate-condolence-messages
Title: RU

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 89

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKvszsyUVNql_0WHPIDAryc&google_cver=1

Request Chain 90

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YgZ7s09t3Q9Tq1FJijSRgAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKvszsyUVNql_0WHPIDAryc&google_cver=1

Request Chain 91

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEG_o9vbUMxofzKnmsm8MjqQ&google_cver=1

Request Chain 92

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTQ0MTEyNDAwNDM4NjQ4NDc5NA%3D%3D

Request Chain 103

https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESEDsTo-KkhX8FmhKQ2DvUHpo&google_cver=1&google_push=AYg5qPL6d9afBI2k6q0mGltXiWNfMM5jW3SmHsREmZu3RwrzqS63DhlVjVI1D6nIV06GPuIBAjPOW5vhUiVohgL0hqtdTmxFbfUA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPL6d9afBI2k6q0mGltXiWNfMM5jW3SmHsREmZu3RwrzqS63DhlVjVI1D6nIV06GPuIBAjPOW5vhUiVohgL0hqtdTmxFbfUA

Request Chain 105

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEGr2y3HRqdLsP6VTT8hmFrI&google_cver=1&google_push=AYg5qPIRcC2SVeLa3HCVB90-e6_HLmBUNXd2dx5mUIEEv_44oXgwQRSggHuVEyK0guNockuPWSAp9loRN2riu2iQh99iEjv2bmHC HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AYg5qPIRcC2SVeLa3HCVB90-e6_HLmBUNXd2dx5mUIEEv_44oXgwQRSggHuVEyK0guNockuPWSAp9loRN2riu2iQh99iEjv2bmHC&google_gid=CAESEGr2y3HRqdLsP6VTT8hmFrI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NTY4NDczNjIzMjg0OTgyOTkyMzA4&google_push=AYg5qPIRcC2SVeLa3HCVB90-e6_HLmBUNXd2dx5mUIEEv_44oXgwQRSggHuVEyK0guNockuPWSAp9loRN2riu2iQh99iEjv2bmHC

Request Chain 107

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEHr7BKX0qzBbw_GzfBUOzZA&google_cver=1&google_push=AYg5qPJoGc3BBEgIrkeWCvIYEWGmH83cDJh3ZHciL3SKNsFrGctN05mv-txSA-kucOVlgrAp5_J6xyWOSAV4vrETAq9LvN_g1Iripw HTTP 302
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEHr7BKX0qzBbw_GzfBUOzZA&google_cver=1&google_push=AYg5qPJoGc3BBEgIrkeWCvIYEWGmH83cDJh3ZHciL3SKNsFrGctN05mv-txSA-kucOVlgrAp5_J6xyWOSAV4vrETAq9LvN_g1Iripw&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEHr7BKX0qzBbw_GzfBUOzZA&google_cver=1&google_push=AYg5qPJoGc3BBEgIrkeWCvIYEWGmH83cDJh3ZHciL3SKNsFrGctN05mv-txSA-kucOVlgrAp5_J6xyWOSAV4vrETAq9LvN_g1Iripw&apid=UP56443b11-8b4c-11ec-8b7a-02b27134b580 HTTP 302
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEHr7BKX0qzBbw_GzfBUOzZA&google_cver=1&google_push=AYg5qPJoGc3BBEgIrkeWCvIYEWGmH83cDJh3ZHciL3SKNsFrGctN05mv-txSA-kucOVlgrAp5_J6xyWOSAV4vrETAq9LvN_g1Iripw&apid=UP56443b11-8b4c-11ec-8b7a-02b27134b580&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVA1NjQ0M2IxMS04YjRjLTExZWMtOGI3YS0wMmIyNzEzNGI1ODA%3D&google_push=AYg5qPJoGc3BBEgIrkeWCvIYEWGmH83cDJh3ZHciL3SKNsFrGctN05mv-txSA-kucOVlgrAp5_J6xyWOSAV4vrETAq9LvN_g1Iripw

Request Chain 108

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEPbKDGKA15VmXYtBZF5HlwQ&google_cver=1&google_push=AYg5qPKKMrGGbxaR72AwOg0m5FguIZJ6redK4utqVRC1HrEzog1fdkVRuQpBvnTyLRQYKNPiazP8zcbMpyAZnEqzOI5R7T567bminw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPKKMrGGbxaR72AwOg0m5FguIZJ6redK4utqVRC1HrEzog1fdkVRuQpBvnTyLRQYKNPiazP8zcbMpyAZnEqzOI5R7T567bminw&google_hm=NzQyNzUzMzQ3MDkyNTk5OTY5OA==

119 HTTP transactions
-1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 50-compassionate-condolence-messages Show response
hr.chicadventureit.com/ 27 KB
8 KB 222ms
137ms Document
text/html 2606:4700:3033::ac43:b333
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hr.chicadventureit.com/50-compassionate-condolence-messages
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:b333 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca0dda6309ab37e30114ef9b9368c57e9a530f3831fcc235743041e5c4119947

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Fri, 11 Feb 2022 15:07:28 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9OIQCNYt9sT9I7yBxQg3iDnRFWa4lFdGLoG9I3NFrP2W6l2cCPeG0J5LDKTjJjU1rV8o78MJYhlUf04Bsif00TGDFI%2FWCAirAbMEBhQlae%2FyT%2B3t5cgyTjwohEOJqRZ5WRsbi6UeEQ%2FmGm936PQs9Pf02FXD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6dbe7cafee033312-CDG
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 styles.css
chicadventureit.com/template/css/ 2 KB
926 B 68ms
53ms Stylesheet
text/css 2606:4700:3033::ac43:b333
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://chicadventureit.com/template/css/styles.css
Requested by: Host: hr.chicadventureit.com
URL: https://hr.chicadventureit.com/50-compassionate-condolence-messages
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:b333 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e291f67dc3e643bfde7604e48a75e17298a3868ebc0c4554b9e8c17355fd6115

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 122730
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 23 Dec 2021 10:45:00 GMT
server: cloudflare
etag: W/"61c4532c-646"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BAk0mgdSZAgJVJdZMzkI4OQIKjg%2Bp4HiZbpq52ku20Dk1EslKb%2F%2FVTn0DvckJJGgLJEVVZP77eA4dgXv8o3ZTzSLDbbRuRLpUjVJIBMbHkEmhRWtBDdxcY8mB7PYWAE317EBt1kQkML6IOnkbiMNnmtk"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 6dbe7cb0f80f3312-CDG
expires: Sat, 12 Mar 2022 05:01:58 GMT

GET
H2 200 bootstrap.css
chicadventureit.com/template/css/ 118 KB
19 KB 64ms
49ms Stylesheet
text/css 2606:4700:3033::ac43:b333
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://chicadventureit.com/template/css/bootstrap.css
Requested by: Host: hr.chicadventureit.com
URL: https://hr.chicadventureit.com/50-compassionate-condolence-messages
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:b333 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c900cdfd1286918aef120e91f4e664aba4b1eabeb6a4c5f68a06acd446783ad8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2358373
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 23 Dec 2021 10:45:00 GMT
server: cloudflare
etag: W/"61c4532c-1d959"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ZHbSeGYX2LY44MVpasMbI6A59MACtnziJbp3IT%2F1htYa46Cc3mF1fEwYfSrc637YzoGA%2BGvv82e9HfKPSdKwhULDDLMGr5F240%2BwD247hmXpm%2F1R9%2F%2BJUtZlYLE4mODiEWylcVvduFyPaYcpYg6HsDk"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 6dbe7cb0f8133312-CDG
expires: Mon, 14 Feb 2022 08:01:15 GMT

GET
H2 200 style.css
chicadventureit.com/template/css/ 125 KB
20 KB 63ms
48ms Stylesheet
text/css 2606:4700:3033::ac43:b333
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://chicadventureit.com/template/css/style.css
Requested by: Host: hr.chicadventureit.com
URL: https://hr.chicadventureit.com/50-compassionate-condolence-messages
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:b333 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 066834a3134ff801b713ae5f6404b3e6db0e320a49a7a5eadcc2e0146dd07cf4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 43409
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 23 Dec 2021 10:45:00 GMT
server: cloudflare
etag: W/"61c4532c-1f34c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a0BKTZzlyRuPFm5FIlICDWuLQZt8B3UnSaaVbVSHVMguNkUJDe2Mh76biHZ8jDFYyy7TwSSX1dYoNbNfBnQNkciVZ%2BeNXXvAPEFQdUlrk0nVItIOul7CjvcnKaLqECYU9QJBWwIejmS80TjsSwxYdTF1"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 6dbe7cb0f81e3312-CDG
expires: Sun, 13 Mar 2022 03:03:59 GMT

GET
H2 200 responsive.css
chicadventureit.com/template/css/ 21 KB
4 KB 65ms
50ms Stylesheet
text/css 2606:4700:3033::ac43:b333
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://chicadventureit.com/template/css/responsive.css
Requested by: Host: hr.chicadventureit.com
URL: https://hr.chicadventureit.com/50-compassionate-condolence-messages
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:b333 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: da0d24aee71e49f30d6f5368c0821fef9dcda1f83a9c3eaf5bdcd2643cfdf99e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 43409
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 23 Dec 2021 10:45:00 GMT
server: cloudflare
etag: W/"61c4532c-5211"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i%2BaQPn%2Bm5hcSRWasbNDeE8%2BIS%2BNflMrqm0oY%2BlzzannXs54RgDjJcMejli5IrlAg%2BDOoJcYtkO0C8wm1AL1AYDGFJSr1ON8BRiArZxFmgHDbtg1m3EnSZ3m29Y05GhIdFzWdTo2EKIUPUDvo4cgk5jld"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 6dbe7cb0f8193312-CDG
expires: Sun, 13 Mar 2022 03:03:59 GMT

GET
H2 200 font-awesome.css
chicadventureit.com/template/css/ 37 KB
8 KB 67ms
53ms Stylesheet
text/css 2606:4700:3033::ac43:b333
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://chicadventureit.com/template/css/font-awesome.css
Requested by: Host: hr.chicadventureit.com
URL: https://hr.chicadventureit.com/50-compassionate-condolence-messages
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:b333 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 123693
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 23 Dec 2021 10:45:00 GMT
server: cloudflare
etag: W/"61c4532c-9226"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tv%2FF4Rx4RR33MFSWeofe6TwpnWvmUPg58etyggO2%2FZGrBkzrxIe5H6WPlHr%2FS6sC%2BrhitkxvKeIgzODVWhZLIfFVe6wX6e1MddXfYAMUKCpAMX%2B7y4azflH9%2BLBiz29%2FOc1apRYG%2BqfJdTr4YjsnAgbd"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 6dbe7cb0f8153312-CDG
expires: Sat, 12 Mar 2022 04:45:55 GMT

GET
H2 200 / Show response
go5s.biz/ 14 KB
15 KB 65ms
23ms Script
application/javascript 188.166.135.13
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://go5s.biz/?te=he4tgmrwmm5ha3ddf42tamzz

Requested by

Host: hr.chicadventureit.com
URL: https://hr.chicadventureit.com/50-compassionate-condolence-messages

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

188.166.135.13 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

e18225f8b8c8a22af705b17ee37ce75a4251ae8f144a183f984d96401876b993

Security Headers

Name	Value
Content-Security-Policy	img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 11 Feb 2022 15:07:28 GMT
server: nginx
content-security-policy: img-src https: data:; upgrade-insecure-requests
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=UTF-8

GET
H2 200 lazyload.min.js Show response
cdn.jsdelivr.net/npm/vanilla-lazyload@12.4.0/dist/ 6 KB
3 KB 81ms
32ms Script
application/javascript 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/vanilla-lazyload@12.4.0/dist/lazyload.min.js

Requested by

Host: hr.chicadventureit.com
URL: https://hr.chicadventureit.com/50-compassionate-condolence-messages

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0be502b9446e16b338d36ccadac232f4a68ab74655f98fec415ccdbbccbf5729

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 9397228
x-jsd-version: 12.4.0
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19145-FRA, cache-mxp6949-MXP
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"1926-ftj+zhhSvu4E/RMH3S02cxSkfWc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 6dbe7cb11b663743-MXP

GET
H2 200 f4825f72-7ded-48ee-8cdc-8374070df25a.min.js Show response
cmp.optad360.io/items/ 497 B
833 B 93ms
29ms Script
application/javascript 2600:9000:223c:8a00:6:b871:4f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp.optad360.io/items/f4825f72-7ded-48ee-8cdc-8374070df25a.min.js
Requested by: Host: hr.chicadventureit.com
URL: https://hr.chicadventureit.com/50-compassionate-condolence-messages
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:8a00:6:b871:4f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bd7680f0d4768bf17b38b5834d7671e6e456d9655b4ae3cb39186d1fcd93f5c2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 10 Feb 2022 19:10:49 GMT
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
last-modified: Mon, 12 Apr 2021 08:54:56 GMT
server: AmazonS3
age: 71800
etag: "7acdc116a0830ba0aef5e087010246ba"
x-cache: Error from cloudfront
content-type: application/javascript
x-amz-cf-pop: FRA56-P2
accept-ranges: bytes
content-length: 497
x-amz-cf-id: -jlF0ScMcYrvbhxFIKWd_8-DHxHTAFk1rsqxz_V1cc3n3q3zTvR0BA==

GET
H2 200 plugin.min.js Show response
get.optad360.io/sf/0c4c153a-9099-4827-ab64-6788c7b23641/ 264 KB
56 KB 46ms
8ms Script
application/javascript 2600:9000:225e:ba00:11:a4de:2580:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.optad360.io/sf/0c4c153a-9099-4827-ab64-6788c7b23641/plugin.min.js
Requested by: Host: hr.chicadventureit.com
URL: https://hr.chicadventureit.com/50-compassionate-condolence-messages
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:ba00:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d1472778577caace5c7a3134a6f2cef7f73c5d76227e92269e3e87c1006e43cc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:03:33 GMT
content-encoding: gzip
last-modified: Fri, 17 Dec 2021 13:40:26 GMT
server: AmazonS3
age: 236
etag: W/"a8cc53a7dce58e1c7606d531a7feead1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 dd4531988f4862a3b186f9d3356a6a74.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
x-amz-cf-pop: FRA60-P4
x-amz-cf-id: cbIYwcBx52xleHlpx3tHp4V5TeAEpnas8uNJTqhN0_MiQbSQwJGVqw==

GET
H2 200 adManager.js Show response
js.wpadmngr.com/static/ 451 B
597 B 38ms
7ms Script
application/javascript 45.133.44.25
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.wpadmngr.com/static/adManager.js
Requested by: Host: hr.chicadventureit.com
URL: https://hr.chicadventureit.com/50-compassionate-condolence-messages
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.25 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 2f499c632d806f66b96dda6cbd4cac0363d331885476a8ac1d9e8ac60954d720

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:28 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 09:03:43 GMT
server: nginx/1.18.0
etag: W/"6166a0ef-1c3"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Fri, 11 Feb 2022 15:12:28 GMT
cache-control: max-age=300
x-proxy-cache: HIT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.1.1/ 85 KB
30 KB 54ms
8ms Script
text/javascript 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js

Requested by

Host: hr.chicadventureit.com
URL: https://hr.chicadventureit.com/50-compassionate-condolence-messages

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 11:23:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13422
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30244
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 11 Feb 2023 11:23:46 GMT

GET
H2 200 jquery-migrate.js Show response
chicadventureit.com/template/js/ 10 KB
4 KB 58ms
44ms Script
application/javascript 2606:4700:3033::ac43:b333
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://chicadventureit.com/template/js/jquery-migrate.js
Requested by: Host: hr.chicadventureit.com
URL: https://hr.chicadventureit.com/50-compassionate-condolence-messages
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:b333 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 123692
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 23 Dec 2021 10:45:00 GMT
server: cloudflare
etag: W/"61c4532c-2748"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EMsEQlDyO%2FRgks1DsB5ersjxLP660AIdHlGywIdRaRjbJuaTvbuXOaO%2BBHq%2F6QXOnc%2BSE%2F0ULqFYesbzK9k3S8wnSnw2WDwN8EALUNM4fdTUlMlWb%2B%2BVp%2Fud9mEbUF1wLadvLc%2BfaJw7M4Csy6Aw2up%2B"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=2592000
cf-ray: 6dbe7cb0f8213312-CDG
expires: Sat, 12 Mar 2022 04:45:56 GMT

GET
H2 200 192355X1677924.skimlinks.js Show response
s.skimresources.com/js/ 55 KB
20 KB 40ms
10ms Script
application/octet-stream 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://s.skimresources.com/js/192355X1677924.skimlinks.js
Requested by: Host: hr.chicadventureit.com
URL: https://hr.chicadventureit.com/50-compassionate-condolence-messages
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6bd8e5080672ee5955ef342243439d7c7f38bcd8bfb9dcd0b55b74e0e22949b5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:28 GMT
content-encoding: gzip
last-modified: Wed, 12 Jan 2022 13:42:11 GMT
server: AmazonS3
x-amz-request-id: QZ0WMXSXYW2RRKV8
etag: "d1bfe4b9ace34fba1490193d4cd767e0"
x-hw: 1644592048.cds206.fr8.hn,1644592048.cds157.fr8.c
content-type: application/octet-stream
cache-control: max-age=3600
accept-ranges: bytes
content-length: 20608
x-amz-id-2: M4tE2msYnlLgIUCl3XwrkIyLdIVCtQq+qzhpnN/dMGl6s3+1lD4+XRi45qw3CWL8LVSbl6EuVEM=

GET
H2 200 adManager.m.js Show response
js.wpadmngr.com/static/ 80 KB
29 KB 26ms
12ms Script
application/javascript 45.133.44.25
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.wpadmngr.com/static/adManager.m.js
Requested by: Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.25 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 8365ad50a44341d8858863fec236793a9b4074461b61cae8aaa25343b47d7ce3

Request headers

Referer: https://hr.chicadventureit.com/
Origin: https://hr.chicadventureit.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:28 GMT
content-encoding: gzip
last-modified: Fri, 11 Feb 2022 11:57:31 GMT
server: nginx/1.18.0
etag: W/"62064f2b-13e4c"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Fri, 11 Feb 2022 15:12:28 GMT
cache-control: max-age=300
x-proxy-cache: HIT

GET fontawesome-webfont.woff2
chicadventureit.com/template/fonts/ 0
0

POST
H2 200 / Show response
r.skimresources.com/api/ 177 B
362 B 48ms
15ms XHR
application/json 35.190.59.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r.skimresources.com/api/

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/192355X1677924.skimlinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.59.101 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

101.59.190.35.bc.googleusercontent.com

Software

openresty/1.11.2.5 /

Resource Hash

040dfe48ef90ff97af8555676f9ad8e1287141a644c639f0b21cd25fa3ff9c4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://hr.chicadventureit.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Fri, 11 Feb 2022 15:07:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: openresty/1.11.2.5
strict-transport-security: max-age=31536000
content-type: application/json
access-control-allow-origin: https://hr.chicadventureit.com
vary: Accept-Encoding
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H2 206 robots.txt
t.skimresources.com/api/v2/ Frame 56A0 0
102 B 48ms
15ms Image
text/plain 35.201.67.47
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.8213493451077989
Requested by: Host: hr.chicadventureit.com
URL: https://hr.chicadventureit.com/50-compassionate-condolence-messages
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.67.47 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 47.67.201.35.bc.googleusercontent.com
Software: Python/3.7 aiohttp/3.5.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:28 GMT
via: 1.1 google
server: Python/3.7 aiohttp/3.5.4
alt-svc: clear
content-length: 0
content-type: text/plain charset=UTF-8

GET
H2 200 px.gif
p.skimresources.com/ 43 B
244 B 53ms
18ms Image
image/gif 35.190.91.160
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=1&rn=4.988450133986951
Requested by: Host: hr.chicadventureit.com
URL: https://hr.chicadventureit.com/50-compassionate-condolence-messages
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.91.160 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 160.91.190.35.bc.googleusercontent.com
Software: Skimlinks Pixel 1.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:28 GMT
via: 1.1 google
server: Skimlinks Pixel 1.0
p3p: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
alt-svc: clear
content-length: 43
content-type: image/gif

GET
H2 200 px.gif
p.skimresources.com/ 43 B
102 B 53ms
18ms Image
image/gif 35.190.91.160
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=2&rn=4.988450133986951
Requested by: Host: hr.chicadventureit.com
URL: https://hr.chicadventureit.com/50-compassionate-condolence-messages
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.91.160 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 160.91.190.35.bc.googleusercontent.com
Software: Skimlinks Pixel 1.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:28 GMT
via: 1.1 google
server: Skimlinks Pixel 1.0
p3p: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
alt-svc: clear
content-length: 43
content-type: image/gif

GET
H2 200 anniversary-quotes-a-very-special-day.jpg
chicadventureit.com/img/anniversary/87/ 15 KB
16 KB 166ms
165ms Image
image/jpeg 2606:4700:3033::ac43:b333
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chicadventureit.com/img/anniversary/87/anniversary-quotes-a-very-special-day.jpg
Requested by: Host: hr.chicadventureit.com
URL: https://hr.chicadventureit.com/50-compassionate-condolence-messages
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:b333 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 649157c8db813c0d1e6c8963bf25c369fc1bc62891e1d3c14c4d898b870287f8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:29 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15811
last-modified: Thu, 23 Dec 2021 10:45:04 GMT
server: cloudflare
etag: "61c45330-3dc3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mSY1AICe%2Bi%2B1BUPB6%2FIzUuJ4MNV2lfkdrBUV9CQzD5eprAYFokJzsDMb7WZJeh1sN%2FXUxN9UoWLXve%2Fr%2FRUfiEBT03XF3TWvl2bD9qemuaRdtCYfaeJh6DzPN0cslxs7Ub1eZhZ6dGDrQRZn65cKJqXG"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6dbe7cb1d9f03312-CDG
expires: Sun, 13 Mar 2022 15:07:29 GMT

GET
H2 200 9-months-miracle-90-new-mom-quotes-14.jpg
chicadventureit.com/img/quotes/69/ 19 KB
19 KB 193ms
192ms Image
image/jpeg 2606:4700:3033::ac43:b333
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chicadventureit.com/img/quotes/69/9-months-miracle-90-new-mom-quotes-14.jpg
Requested by: Host: hr.chicadventureit.com
URL: https://hr.chicadventureit.com/50-compassionate-condolence-messages
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:b333 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31f5fbaa1ce56a0458779f6dc2b2f6532e8140755656e3fe852d84d609173897

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:29 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 19425
last-modified: Thu, 23 Dec 2021 10:45:12 GMT
server: cloudflare
etag: "61c45338-4be1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fh4Z9GhKXE37JJJ%2Bh6whkt%2FC8OFievCMu3AgAYlfT%2BA%2FmxB1gXHt1yN4xoX7E12ppx2rKxztWayUQOxZAODUC9s%2BNUf0PRB9loRH19dFn06X0WywW3CggTefXvauNRIHXhn8xs7F2ZdPGFGFdKNGTb0L"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6dbe7cb1d9f33312-CDG
expires: Sun, 13 Mar 2022 15:07:29 GMT

GET
H2 200 motivational-good-morning-quotes-get-through-your-work-day.jpg
chicadventureit.com/img/boss/42/ 21 KB
21 KB 194ms
193ms Image
image/jpeg 2606:4700:3033::ac43:b333
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chicadventureit.com/img/boss/42/motivational-good-morning-quotes-get-through-your-work-day.jpg
Requested by: Host: hr.chicadventureit.com
URL: https://hr.chicadventureit.com/50-compassionate-condolence-messages
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:b333 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6003b311e3ab12f52cd097fbd0ae3c2ed0c015406cb7d2863761f956ff4026e6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:29 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 21595
last-modified: Thu, 23 Dec 2021 10:45:03 GMT
server: cloudflare
etag: "61c4532f-545b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=86Tmr8PvlwgC9ityBHwtzToOJuLXln9UtK%2FqAp%2BqWahPAJA0es6RdRu2ecjqr2A2z4VM8ntFGMXfzJqMI6hT4F%2Bt6ge4ZK%2BpAEYh70k9EwSB3Ijo5R9UCJUJoQOMtZ%2B%2B9BSPcVP9jh4jr%2BV6GbcYsfsj"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6dbe7cb1d9f43312-CDG
expires: Sun, 13 Mar 2022 15:07:29 GMT

GET
H2 200 you-re-beautiful-inside.jpg
chicadventureit.com/img/baby/13/ 14 KB
14 KB 48ms
48ms Image
image/jpeg 2606:4700:3033::ac43:b333
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chicadventureit.com/img/baby/13/you-re-beautiful-inside.jpg
Requested by: Host: hr.chicadventureit.com
URL: https://hr.chicadventureit.com/50-compassionate-condolence-messages
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:b333 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f55cc93d826e66d7def2a0144ee454980c69ac16728e65da781401ed9a30fa3e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:28 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 279873
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14160
last-modified: Thu, 23 Dec 2021 10:45:17 GMT
server: cloudflare
etag: "61c4533d-3750"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E4UA3XlSTDq5khbn9Q8%2BKB5ruHoFnir6nMJ8WkUCgP0BYZvxOdRqvPK6eT6ltvH7kG%2BUhvECKh2fhr%2FCupw0lPk1QN4mYTKa8N2DizbQnLOeYBzvNyylM4S6aFMgQp2FzwXGSFGzE6ValnlAj%2FiVQGhp"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6dbe7cb1d9f63312-CDG
expires: Thu, 10 Mar 2022 09:22:55 GMT

GET
H2 200 lord-please-keep-sadness-away-from-my-heart.jpg
chicadventureit.com/img/other/09/ 17 KB
18 KB 193ms
193ms Image
image/jpeg 2606:4700:3033::ac43:b333
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://chicadventureit.com/img/other/09/lord-please-keep-sadness-away-from-my-heart.jpg
Requested by: Host: hr.chicadventureit.com
URL: https://hr.chicadventureit.com/50-compassionate-condolence-messages
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:b333 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f4d78a6ce0918a34aa9c2cdcde3fe4604231c53a7f1aae1be9627c3c6c0ad586

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:29 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17878
last-modified: Thu, 23 Dec 2021 10:45:02 GMT
server: cloudflare
etag: "61c4532e-45d6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iKsjsy5%2FcBxWkkOJRYK3LmgSC53%2Bl7ZMRwTWlQN8LG6mSgNjqk%2B%2F9kXpyroDRGH8mgYtZ7AuCX8u0tIQrOGS3z%2BbUiEnEhfL5NPrzdHCcCCQhDg0gd%2BcDLXXL5OsDIPXLgf%2BAS8NukJMn7iNMEY5JZ8g"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6dbe7cb1d9f83312-CDG
expires: Sun, 13 Mar 2022 15:07:29 GMT

GET
H2 200 1553 Show response
na.nawpush.com/tags/ 516 B
480 B 34ms
7ms XHR
application/json 45.133.44.25
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://na.nawpush.com/tags/1553
Requested by: Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.25 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: e245d239a8f9a9bfc1f8a0ea889d8fcf9f591c04c5ac73aefefb70724911ff38

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 11 Feb 2022 15:07:28 GMT
cache-control: max-age=300, public
content-type: application/json
server: nginx/1.18.0
content-encoding: gzip
x-proxy-cache: HIT

GET
H2 200 wp-banners.js Show response
js.wpadmngr.com/npc/sdk/ 0
237 B 9ms
9ms Script
application/javascript 45.133.44.25
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.wpadmngr.com/npc/sdk/wp-banners.js
Requested by: Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.25 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:28 GMT
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
server: nginx/1.18.0
etag: "611fc6d7-0"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Fri, 11 Feb 2022 15:12:28 GMT
cache-control: max-age=300
accept-ranges: bytes
content-length: 0
x-proxy-cache: HIT

GET fontawesome-webfont.woff
chicadventureit.com/template/fonts/ 0
0

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 80 KB
27 KB 73ms
15ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/0c4c153a-9099-4827-ab64-6788c7b23641/plugin.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

0e1e83978ce85a1e05e73059aff03eccece8a18795f23f24a9811acb00f99a27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27174
x-xss-protection: 0
server: sffe
etag: "1128 / 694 of 1000 / last-modified: 1644581237"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 11 Feb 2022 15:07:29 GMT

GET
H2 200 prebid5.14.0.js Show response
get.optad360.io/sf/ 460 KB
142 KB 21ms
21ms Script
application/javascript 2600:9000:225e:ba00:11:a4de:2580:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.optad360.io/sf/prebid5.14.0.js
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/0c4c153a-9099-4827-ab64-6788c7b23641/plugin.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:ba00:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7109518959a6958168f639860050324f4f063fd1697f32677cf9d0180ab02453

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 23 Sep 2021 08:09:18 GMT
content-encoding: gzip
last-modified: Thu, 23 Sep 2021 07:59:54 GMT
server: AmazonS3
age: 12207492
etag: W/"6dd0a13bde35d2daa452bba998871016"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 dd4531988f4862a3b186f9d3356a6a74.cloudfront.net (CloudFront)
cache-control: public, max-age=360000000
x-amz-cf-pop: FRA60-P4
x-amz-cf-id: kYiov4oCmUhVbiLJz4re8UkMeMcTLdLWzIKn_nuT7aV1945YbFyIUg==

POST
H2 200 page Show response
t.skimresources.com/api/v2/ 22 B
344 B 28ms
27ms XHR
application/javascript 35.201.67.47
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/v2/page

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/192355X1677924.skimlinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.67.47 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

47.67.201.35.bc.googleusercontent.com

Software

Python/3.7 aiohttp/3.5.4 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://hr.chicadventureit.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Fri, 11 Feb 2022 15:07:29 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.7 aiohttp/3.5.4
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8, application/javascript
access-control-allow-origin: https://hr.chicadventureit.com
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 22

GET fontawesome-webfont.ttf
chicadventureit.com/template/fonts/ 0
0

GET
H2 200 track Show response
9873bb2aa8.85e954452d.com/in/ 0
199 B 68ms
32ms XHR
text/plain 45.133.44.25
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://9873bb2aa8.85e954452d.com/in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiIxMzMyODUyMjE5MDk4Mzk2MzAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIyLjE1LjAiLCJ0YWdfaWQiOjE1NTMsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTYwMHgxMjAwIiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJFdGMvVW5rbm93biIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MH0=
Requested by: Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.25 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Feb 2022 15:07:29 GMT
server: nginx/1.18.0
vary: Origin
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: *
content-length: 0

GET
H2 200 csub.js Show response
js.wpushsdk.com/npc/sdk/wpu/ 24 KB
6 KB 29ms
7ms Script
application/javascript 45.133.44.24
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.wpushsdk.com/npc/sdk/wpu/csub.js
Requested by: Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.24 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: e24ee213782f6ed0de472f2a8b9374799b9a79643d466133d7a10a81383aa039

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:29 GMT
content-encoding: gzip
last-modified: Wed, 02 Feb 2022 07:44:44 GMT
server: nginx/1.18.0
etag: W/"61fa366c-6155"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Fri, 11 Feb 2022 15:12:29 GMT
cache-control: max-age=300
x-proxy-cache: HIT

GET
H2 200 push.m.js Show response
js.wpshsdk.com/npc/sdk/ 54 KB
20 KB 24ms
6ms Script
application/javascript 45.133.44.24
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.wpshsdk.com/npc/sdk/push.m.js?v=1
Requested by: Host: js.wpadmngr.com
URL: https://js.wpadmngr.com/static/adManager.m.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.24 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 4720daad8daba83ee3b0e5e453f6b9d6d021b2ed5ef662c7dd801998c133b96d

Request headers

Referer: https://hr.chicadventureit.com/
Origin: https://hr.chicadventureit.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:29 GMT
content-encoding: gzip
last-modified: Wed, 01 Sep 2021 08:34:55 GMT
server: nginx/1.18.0
etag: W/"612f3b2f-d82f"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Fri, 11 Feb 2022 15:12:29 GMT
cache-control: max-age=300
x-proxy-cache: HIT

GET
H3 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
1 KB 60ms
23ms XHR
application/json 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20220211

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

80c0452c91c457644e83321a9dbb9fb7525bbc0a091508a7abd1d57440acb4a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://hr.chicadventureit.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 11 Feb 2022 15:07:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 394
x-jsd-version: 1.0.1249
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19121-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"6a0-TWruJ9TyZNhIIJ8CxNUcsWJ5bMs"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 6dbe7cb3ba7692a5-FRA

GET
H3 200 pubads_impl_2022020801.js Show response
securepubads.g.doubleclick.net/gpt/ 357 KB
119 KB 24ms
9ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020801.js?31064837

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

8f4b70778aa21c1c093c6acbad70c70b2e69d4d22e47d9405ee137db16ca050b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 14:16:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3089
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122244
x-xss-protection: 0
last-modified: Tue, 08 Feb 2022 09:34:27 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 11 Feb 2023 14:16:00 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 99 B
117 B 30ms
15ms XHR
application/json 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=hr.chicadventureit.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

af754d85ab6ff3cf3846a303045964ff02f14b7342d6851699af6443abb32f4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 11 Feb 2022 15:07:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 92
x-xss-protection: 0
expires: Fri, 11 Feb 2022 15:07:29 GMT

GET
H2 200 styles.css
js.wpshsdk.com/npc/sdk/push/ 2 KB
1 KB 26ms
9ms Stylesheet
text/css 45.133.44.24
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.wpshsdk.com/npc/sdk/push/styles.css
Requested by: Host: js.wpshsdk.com
URL: https://js.wpshsdk.com/npc/sdk/push.m.js?v=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.133.44.24 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 1530691d7096753c4a33ff3d11be983fbec896774cffe9a3555c2c81e6f18906

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:29 GMT
content-encoding: gzip
last-modified: Thu, 16 Jul 2020 20:33:19 GMT
server: nginx/1.18.0
etag: W/"5f10b98f-843"
content-type: text/css
access-control-allow-origin: *
expires: Fri, 11 Feb 2022 15:12:29 GMT
cache-control: max-age=300
x-proxy-cache: HIT

GET
H2 200 subscription-offers
notification.tubecup.net/in/ 0
193 B 44ms
10ms Image
text/plain 78.47.199.218
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://notification.tubecup.net/in/subscription-offers?href=https%3A%2F%2Fhr.chicadventureit.com%2F50-compassionate-condolence-messages&tcid=0&spot_id=565&site=tcpublisher&source_id=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 78.47.199.218 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.218.199.47.78.clients.your-server.de
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Feb 2022 15:07:29 GMT
server: nginx/1.18.0
vary: Origin
access-control-allow-methods: *
access-control-allow-origin: *
cache-control: no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers: *
content-length: 0

OPTIONS
H2 200 openrtb
adx.adform.net/adx/ Frame 0
0 71ms
20ms Preflight 37.157.4.25
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.25 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://hr.chicadventureit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Fri, 11 Feb 2022 15:07:30 GMT
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://hr.chicadventureit.com
access-control-max-age: 86400
allow: POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1
pragma: no-cache
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains

OPTIONS
H2 200 openrtb
adx.adform.net/adx/ Frame 0
0 67ms
20ms Preflight 37.157.4.25
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.25 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://hr.chicadventureit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Fri, 11 Feb 2022 15:07:30 GMT
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://hr.chicadventureit.com
access-control-max-age: 86400
allow: POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1
pragma: no-cache
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 localstore.js Show response
script.4dex.io/ 483 B
974 B 113ms
40ms Script
application/javascript 2606:4700:20::681a:8a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:30 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1
content-type: application/javascript
x-amz-request-id: txfd1c77a515734f94831ab-0061f15fee
x-amz-id-2: txfd1c77a515734f94831ab-0061f15fee
last-modified: Wed, 26 Jan 2022 14:43:29 GMT
server: cloudflare
etag: W/"922cffdd75f7192f75231d92684885aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dNK8NgrGkYUKnU%2BYfkb3VbdHxwvmIuGwK11jhaGNrd7hp5%2F6KvCqWAKTjTZbkVDE%2B2ykfaUgi4ZZxenVGlIQHLB6icrf7qb2tS552Tg5nGd2Ya78pAUedwkXaBI7en2Yydz3Q6%2FaQA%2FUp66P"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 1643208209303360
cache-control: public, max-age=1800
cf-ray: 6dbe7cb9aab4374d-MXP
expires: Fri, 11 Feb 2022 15:37:30 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 144 B
1 KB 81ms
49ms XHR
application/json 185.33.220.100
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.100 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

032c26a514768ff5c8079b7360e32656b45eca3fff802b1ec28d4185666e5886

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://hr.chicadventureit.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 11 Feb 2022 15:07:30 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 399.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: c13fb230-3158-4a3f-9ddb-74a04b21a3c9
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://hr.chicadventureit.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
184 B 57ms
22ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hr.chicadventureit.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://hr.chicadventureit.com
date: Fri, 11 Feb 2022 15:07:30 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 204 openrtb Show response
adx.adform.net/adx/ 0
412 B 119ms
77ms XHR
text/plain 37.157.4.25
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.25 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hr.chicadventureit.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Fri, 11 Feb 2022 15:07:30 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://hr.chicadventureit.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
350 B 287ms
95ms XHR
text/plain 147.75.38.124
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.38.124 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hr.chicadventureit.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://hr.chicadventureit.com
date: Fri, 11 Feb 2022 15:07:29 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 3
vary: origin, Accept-Encoding

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
227 B 287ms
97ms XHR
text/plain 147.75.38.124
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.38.124 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hr.chicadventureit.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://hr.chicadventureit.com
date: Fri, 11 Feb 2022 15:07:30 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 4
vary: origin, Accept-Encoding

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 11 KB
5 KB 159ms
130ms XHR
application/json 185.33.220.100
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.100 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

3b4967adae332efd52187674d4335bd9ac73bb99229ff088c18eaadb115e82f9

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://hr.chicadventureit.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 11 Feb 2022 15:07:30 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 399.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 451af597-d654-4cf5-a49b-f31dd5b2aee5
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://hr.chicadventureit.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 openrtb Show response
adx.adform.net/adx/ 0
413 B 113ms
71ms XHR
text/plain 37.157.4.25
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.25 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hr.chicadventureit.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Fri, 11 Feb 2022 15:07:30 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://hr.chicadventureit.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
184 B 46ms
15ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hr.chicadventureit.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://hr.chicadventureit.com
date: Fri, 11 Feb 2022 15:07:30 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

GET
H2 200 adagio.js Show response
script.4dex.io/ 71 KB
23 KB 92ms
43ms Fetch
application/javascript 2606:4700:20::681a:8a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7447c1664f6a06328cd895a4914acad40ad47827ebe00becbd570138ff7e785c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:30 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 61380
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-request-id: tx7db07133e92c47a2aea09-0061f161d2
x-amz-id-2: tx7db07133e92c47a2aea09-0061f161d2
last-modified: Wed, 26 Jan 2022 14:43:28 GMT
server: cloudflare
etag: W/"88567a823cfd2840dd0a3198b929d466"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z%2Br4GRW0KB0iQDNXnPkeSR2oj9SbQxF5Gov9evBgJotKIocehr529g7aaqVJCsFmtSefqpsfuAH7UUYv8yY%2FE4CrPWd3z0T%2BK1t4PoIPWZLaqNSt7odSPqPu%2B6dfZI7QDSE7QXq240gRIHDo"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800
access-control-allow-credentials: true
x-amz-version-id: 1643208208262354
cf-ray: 6dbe7cba3852e8fb-MXP
access-control-allow-headers: Authorization

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 75ms
33ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=hr.chicadventureit.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020801.js?31064837

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 11 Feb 2022 15:07:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 61ms
40ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=hr.chicadventureit.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020801.js?31064837

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 11 Feb 2022 15:07:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 468 B
283 B 370ms
370ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020801.js?31064837

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

836426ff9e38252f442e810fb0c3fe47f693a2e6f69637a29b02feaf6ecf10ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:30 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 253
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://hr.chicadventureit.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 13 KB
10 KB 50ms
21ms XHR
application/json 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022020801&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020801.js?31064837

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e9124d28bdab8091945d1e180f104e75fa4aac60ef629bd1abcf3715babee8c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 11 Feb 2022 15:07:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9889
x-xss-protection: 0

GET
H2 200 container.html Show response
b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 184C 6 KB
4 KB 211ms
14ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020801.js?31064837

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Fri, 11 Feb 2022 15:07:30 GMT
expires: Sat, 11 Feb 2023 15:07:30 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 463 B
281 B 645ms
644ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2955955023434888&correlator=1746173604652070&output=ldjh&eid=31061815%2C31063870%2C31064837%2C31063246%2C44755509&output=ldjh&gdfp_req=1&vrg=2022020801&ptt=17&impl=fif&sc=1&sfv=1-0-38&ecs=20220211&iu_parts=121764058%3A22528037647%2Cjf-oeiras.pt%2Cjf-oeiras.pt_o3b_display_sf_o3b&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C750x100%7C970x90&prev_scp=hb_format_appnexus%3Dbanner%26hb_size_appnexus%3D728x90%26hb_pb_appnexus%3D0.03%26hb_adid_appnexus%3D17226fdd25a7a53%26hb_bidder_appnexus%3Dappnexus%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.03%26hb_adid%3D17226fdd25a7a53%26hb_bidder%3Dappnexus&cookie_enabled=1&bc=31&abxe=1&dt=1644592050433&lmt=1644592050&dlt=1644592048742&idt=548&frm=20&biw=1600&bih=1200&oid=2&adxs=436&adys=1200&adks=1013758069&ucis=2&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&url=https%3A%2F%2Fhr.chicadventureit.com%2F50-compassionate-condolence-messages&vis=1&scr_x=0&scr_y=0&psz=0x-1&msz=728x-1&ga_vid=120591194.1644592050&ga_sid=1644592050&ga_hid=152706309&ga_fc=false&fws=640&ohw=0&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020801.js?31064837

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

76b2296e484c72f06bf4d7f6373650df576a461806c5fa0f6abc410880f6ef36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 251
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://hr.chicadventureit.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 174ms
28ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020801.js?31064837

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 11 Feb 2022 15:07:30 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 11 KB
6 KB 94ms
94ms XHR
application/json 185.33.220.100
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.100 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

32aa954c3520b1e7d84171524b0b57a0e6102d208155f0d0b07c19802721d5c7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://hr.chicadventureit.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 11 Feb 2022 15:07:30 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 399.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: bc3587b5-32d9-4f5f-a66f-71dcc797eb3f
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://hr.chicadventureit.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 openrtb Show response
adx.adform.net/adx/ 0
412 B 64ms
63ms XHR
text/plain 37.157.4.25
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.25 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hr.chicadventureit.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Fri, 11 Feb 2022 15:07:30 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://hr.chicadventureit.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
203 B 99ms
99ms XHR
text/plain 147.75.38.124
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.38.124 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hr.chicadventureit.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://hr.chicadventureit.com
date: Fri, 11 Feb 2022 15:07:30 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 7
vary: origin, Accept-Encoding

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
184 B 15ms
15ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hr.chicadventureit.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://hr.chicadventureit.com
date: Fri, 11 Feb 2022 15:07:30 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 204 openrtb Show response
adx.adform.net/adx/ 0
412 B 67ms
67ms XHR
text/plain 37.157.4.25
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.25 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hr.chicadventureit.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Fri, 11 Feb 2022 15:07:30 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://hr.chicadventureit.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
184 B 15ms
14ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hr.chicadventureit.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://hr.chicadventureit.com
date: Fri, 11 Feb 2022 15:07:30 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 11 KB
6 KB 242ms
242ms XHR
application/json 185.33.220.100
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.100 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

b27a9ea837d00e183738cf490640331e665fa051b94ed12b30a568abf4ac0517

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://hr.chicadventureit.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 11 Feb 2022 15:07:30 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 399.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: e7aff17b-1a20-461b-89d2-987ac55c5f17
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://hr.chicadventureit.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
204 B 142ms
142ms XHR
text/plain 147.75.38.124
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.38.124 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hr.chicadventureit.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://hr.chicadventureit.com
date: Fri, 11 Feb 2022 15:07:29 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 51
vary: origin, Accept-Encoding

OPTIONS
H2 200 openrtb
adx.adform.net/adx/ Frame 0
0 19ms
19ms Preflight 37.157.4.25
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.25 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://hr.chicadventureit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Fri, 11 Feb 2022 15:07:30 GMT
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://hr.chicadventureit.com
access-control-max-age: 86400
allow: POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1
pragma: no-cache
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains

OPTIONS
H2 200 openrtb
adx.adform.net/adx/ Frame 0
0 19ms
19ms Preflight 37.157.4.25
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.25 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://hr.chicadventureit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Fri, 11 Feb 2022 15:07:30 GMT
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://hr.chicadventureit.com
access-control-max-age: 86400
allow: POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1
pragma: no-cache
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 541E 13 KB
5 KB 24ms
7ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 11 Feb 2022 14:17:36 GMT
expires: Sat, 11 Feb 2023 14:17:36 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 2994
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 1097 783 B
1 KB 37ms
16ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8d8ae2ab15e0f0e6ff4a44916643400e40552edb95207df9fd026a4aa549cf28

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-AJ0LR3+qC7FAquHAUrzoYg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Fri, 11 Feb 2022 15:07:30 GMT
date: Fri, 11 Feb 2022 15:07:30 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-AJ0LR3+qC7FAquHAUrzoYg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 O0zcrAsc3s2SKI8Tuz5umMJoYZUI79PNRri5GeZhfeg.js Show response
pagead2.googlesyndication.com/bg/ Frame 541E 35 KB
13 KB 22ms
7ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/O0zcrAsc3s2SKI8Tuz5umMJoYZUI79PNRri5GeZhfeg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b4cdcac0b1cdecd92288f13bb3e6e98c268619508efd3cd46b8b919e6617de8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 12:45:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8510
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13545
x-xss-protection: 0
last-modified: Tue, 08 Feb 2022 16:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 11 Feb 2023 12:45:40 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1097 0
0 55ms
55ms Image
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022020801&jk=2955955023434888&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 49ms
33ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=hr.chicadventureit.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020801.js?31064837

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 11 Feb 2022 15:07:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 47ms
32ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=hr.chicadventureit.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020801.js?31064837

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 11 Feb 2022 15:07:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 467 B
286 B 633ms
633ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2955955023434888&correlator=1746173604652070&output=ldjh&eid=31061815%2C31063870%2C31064837%2C31063246%2C44755509&output=ldjh&gdfp_req=1&vrg=2022020801&ptt=17&impl=fif&sc=1&sfv=1-0-38&ecs=20220211&iu_parts=121764058%3A22528037647%2Cjf-oeiras.pt%2Cjf-oeiras.pt_o3b_display_am_o3b_S2&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250%7C336x280%7C360x300%7C580x400&prev_scp=hb_format_appnexus%3Dbanner%26hb_size_appnexus%3D300x250%26hb_pb_appnexus%3D0.10%26hb_adid_appnexus%3D3477b56bf3f9136%26hb_bidder_appnexus%3Dappnexus%26hb_format%3Dbanner%26hb_size%3D300x250%26hb_pb%3D0.10%26hb_adid%3D3477b56bf3f9136%26hb_bidder%3Dappnexus&cookie_enabled=1&bc=31&abxe=1&dt=1644592050738&lmt=1644592050&dlt=1644592048742&idt=548&frm=20&biw=1600&bih=1200&oid=2&adxs=475&adys=1545&adks=3040346750&ucis=3&ifi=3&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&url=https%3A%2F%2Fhr.chicadventureit.com%2F50-compassionate-condolence-messages&vis=1&scr_x=0&scr_y=0&psz=0x0&msz=300x0&ga_vid=120591194.1644592050&ga_sid=1644592050&ga_hid=152706309&ga_fc=false&fws=640&ohw=0&btvi=2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020801.js?31064837

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

058a5858062d1a54e13e75a1489b8fe1caf92be57230271a7f704014b814929a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 256
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://hr.chicadventureit.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 541E 0
9 B 7ms
6ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?zoNeHg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:30 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 35ms
34ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=hr.chicadventureit.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020801.js?31064837

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 11 Feb 2022 15:07:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 32ms
32ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=hr.chicadventureit.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020801.js?31064837

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 11 Feb 2022 15:07:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 20 KB
10 KB 754ms
754ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2955955023434888&correlator=1746173604652070&output=ldjh&eid=31061815%2C31063870%2C31064837%2C31063246%2C44755509&output=ldjh&gdfp_req=1&vrg=2022020801&ptt=17&impl=fif&sc=1&sfv=1-0-38&ecs=20220211&iu_parts=121764058%3A22528037647%2Cjf-oeiras.pt%2Cjf-oeiras.pt_o3b_display_am_o3b_S1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250%7C336x280%7C360x300%7C580x200&prev_scp=hb_format_appnexus%3Dbanner%26hb_size_appnexus%3D300x250%26hb_pb_appnexus%3D0.10%26hb_adid_appnexus%3D358696559823897%26hb_bidder_appnexus%3Dappnexus%26hb_format%3Dbanner%26hb_size%3D300x250%26hb_pb%3D0.10%26hb_adid%3D358696559823897%26hb_bidder%3Dappnexus&cookie=ID%3D7497a47c867ea7b2-222c6e913dcd00e8%3AT%3D1644592050%3AS%3DALNI_MaHfXuvcLZ2dn-zCcqLfcVb1oCBSg&bc=31&abxe=1&dt=1644592050874&lmt=1644592050&dlt=1644592048742&idt=548&frm=20&biw=1600&bih=1200&oid=2&adxs=475&adys=687&adks=2109172079&ucis=4&ifi=4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&url=https%3A%2F%2Fhr.chicadventureit.com%2F50-compassionate-condolence-messages&vis=1&scr_x=0&scr_y=0&psz=0x0&msz=300x0&psts=AGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=120591194.1644592050&ga_sid=1644592050&ga_hid=152706309&ga_fc=false&fws=640&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020801.js?31064837

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

3ad8b49b6936db89f1fbe3a01cd9ce28dcd12ad298e68135ca520a26312d8baf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10351
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://hr.chicadventureit.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022020801&jk=2955955023434888&bg=!lJell9PNAAbAtJCDwLQ7ACkAdvg8WqyD-LzprzNH66feVASNaacl030W4goEyErCwx76nVTxzmclTAIAAABVUgAAAAJoAQeZArG-hqsnNTWrZ9pVbvQGgXfKmuKa9EMTJCeGgJG8zFZsePZptpY5Cs16-gIiHski3R_QoCK_hcJkuYztOdH7vXgQTylOC_57jUYLEszL_hP_K8HO_rj4702MUHJg0frn0CzeVn1X67tBhdqKJaQvcWqja4aCaukJ22P8DFpu7jbN6M8pjnyIDv8zaH-6-tBl5c7PH2D68F1qeg-TYnxWznwaVfrKl4LXrP08W_5AtcsevOIqjvEqTaco-Co6LT_y5OZHqLRMAbckOGGUwDHcR9sZDPaAuIXzrSM8U0r1Q-nUDsyxdT7PHxkkcfT3ioDSxfPtnwl1eSEIoeTRpUAMUkGta5IPea1QMRo9nt5ayK8N0Oo1EkTLkwyUItv_JQLKqwKP2K-FHXKH238GL-z-M3doI4cIHh8GYiuz_XJaDLUuhhX9yUXsOpmlwQfv_v_rQAfEF6rUUbVAALaevdmK_wXEpYJvULDK_e5KRanHO2iIq9NYHY7xO4TFaUynCMqGXkIuWnm5zbb2GL-6RA4fNT6SXNdQ61v350nEc-09k5WSflUtYRpMCXx1Wqb2IIpNKoMrKL-0VMv2jHSdchgmJMA2wn6EGb1r4sUYhZNsUthiMOh9eWH4rwrDofGdCFhAWngI_nva4ChtRF_YDVxRHsMCOBpuBpc35l_iAxUOnlY3y-xpESu17UQIQxIqBwgWgDZ2MvMJBCSAJBcxHnqUCn-xEjHLbzGTIEzK8Cy-Ffb1K7YMeSgInbVU2QXgHZjke7xDor2QZcWv5XUhXAtnq2pqcuQSuwJnrgGZB_z43u98EPGF3KYFeUubNEx9dRoYe3jmOZ4kqCx8IEPc_5u5aTmbMRFCPFLqRD8aYapdeO36I9iFpp6JqdD7DSyVs9ZoaM05-B9Uoust5bvILqC13XawjA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Feb 2022 15:07:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3F58 6 KB
3 KB 22ms
8ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020801.js?31064837

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://hr.chicadventureit.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 11 Feb 2022 15:07:30 GMT
expires: Sat, 11 Feb 2023 15:07:30 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame FE2E 624 B
733 B 46ms
24ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMwDENi0ZBi6qpSTATAB&v=APEucNURoMg265eIlmGM596VfxtOVT8CPX02LTrb9MGznFuTBrBfFkTt3ZflY-VHS2Mp1NnvD8gX880Art2POOwnA9jz5VwZsMg56L21rfZPhkM-8HZMHk0maP3bG67ZPi9s17jKdIxbhwrfLrl3QFoKQnEW90NATb0FDtr7w712sWQFa2JtOP69JZBstnI8YMbOxdA6SFfqsgELNTbDJaRkxpPKfgUGDg

Requested by

Host: b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com
URL: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 11 Feb 2022 15:07:31 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 3F58 26 KB
16 KB 118ms
97ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BTwu2Oktw-hOWFqeI7L2PP2iB3JrnWRO5A8EU0SX_VuZwuY5RerV_zCVXscn6SyCfb4bVFXMdtc66C5KcYF_uX_iY5aMkxHVHIogGjTfRotJGojJxwGVvSyZyqP00p-j_xOtXSCTTRxxe1QXAICD_vfx-aPw&cry=1&dbm_d=AKAmf-AztYtnO0KWXrrV9FsCskRCUIYI7uexJKqBuhfKubIyPcWN1iur8_z4KE2vAuj_7An9aHm2q7krgCDTMgAmiWrTkzPwViZgjxoRSogTpDroIUdwdMok2vPd_cozOSO4E9hm34kGCMEk_3m5ZZqkDN6jjIpsUMEQJpgs2aXW_Ojsagw6mFeXyUm2v2IV-tPp6DCI-5KFcrasmXR7rVn4qV-xGJ5TqJZqDZkeejoDF03R_O4j9P8v3ijnL-HPBJ7yn_9o-dUtqzLwn2gAC-LAOQZIDlNwuFCIpgLgHqlz-R9JKxHmIobdnkBxLk9_7s8lIBFI3JmjA53jzLscfT1IfERVL5dXdiKOcpRcESH_kp8nkSa2dcR4L4xmwL8Ys9pJeZebMKMWZosV7ekmPIBPzuuxAMbVxzKRQ5yvQM2JX4zyGE_8H1NwOF_rO0fS9y1tlOnO9Q4lcGR0L67imvl41a-c7ZZNem363kvSu-9TVZodutcVzRWyfu1FbRKtKD4yupvd9twi29xQ43p5GRVQLZWvkFjLY8GPZ2SPfEVCARUqEqLtMBEtDlFQGl30I33Z7cHQKq79BAMTP8KLN-iGR1WjwLbvAvpW-spOeuzxCzDLFQE4K-px3skx0sk6BSSl74PgV5h_yhWy8gpVeM0ntgZmR8284QjWcftkmtoYpMZcgKPGDNrGGnybYMRHO3NJw7aPvMsSBdJTYJ8imVVtm2f0YJ1FT3yJyB7ukerPA2wKUAUZtJVYu4DMWEVIZry3rhVcHUQ2Gwwiyf1sdv4-9mw2D91bvfiyuXMZ18nK8_-11lWivx1cKNPevny6FA68IEzphIm2BCeRAJxRfYsXHQR2TaOzZ_cgTFS6Dt5997Pu2oZDKwzavGoeMsbQ_MgjF1MDmbDuik1W_o-m3Q9O8EhZyNNMbrRBFlbToykSlUpz7jIffBMwPWdBaiWaq7J_PJNMWOKpSYu0UV4PAOfPEN_vLUBRC_y3b3kJ7hEOEfThwwmPeX357ypu-tlFC0sJ9A9esXFZiB3XnQU3IkPuB5aTezyF2v9ZhK8w97RP025rabrzxO7-ukOOtFZD-5XSmWq180ji49LshUObEFq3aKdyYP5H7igif3IruQQG2vFwUKXzUX7M5q6X52f3LwJnhjxdf7IXIMULqGv_H_K44vibfco6qNvH3Bl7V3Jvg3sjzNW9v56UpI1wt71yvWi01Z-w7ksfkBHna4ZpUBcnX_mKzCUnRT3ak5Buq6MMb-darHtHHm6aE5hsMya_eQ-d97qLFxSfsQGD63fdMWvIOriA_VqYHzlOG7UF-9-0uG0GbPGmEA1guikM-TuxkTJ8L0i2xbvPVCh1YVpRrCOqhpPk8Ipun10JrVFQ5S7OTWMCD3_NLyImBkzqlYGycYo9CaxmehEbHhlMzrRecMfRBgEeVS32WsI3JbA7SFMEOjpfQ6U1u6phnQEapuPqdnvHs63B-7J1OjJypNM3oxK87isO9yiCOppda2W085B39VJeLuyx4Iu_LZ7C6t3GeVQKpMCIxHJkZRbUIZOZkmTTl3axgW3PEbOBDFUKp8PsmjxYOyrHB8Bk8hQuYtQ6IndxcjPLMc1S6ZqNQiyHtTJm5TaVjEqvDdJiQgIax03TmVT4bky5EejhL-Iz2F2mSp1r4ym4GRe-NOWIC0_92FNlMBqPBqqW4zuGfXtHJVFzBUXTmfQHGafn8btekcI1xIEQKoBJAc-QuLG8J_nGx--iVBqzfxCXnuxvjziWn9nf5boToj1cV1k88qbRW8lkLYQDsl4lrgwBqoMfAg2dO_Y_fJrJtN3cjCZfvE0asU4FD_xEZ7VECQsovU5bVJeIyeEPBwDNG2QUr5DuSMN4m3VKokSznhaLsYaA4X2AfJHfDR4sVU4JllZf5e8TUsi41O0OIs1itsK2OJpllhhXk0Fb_3OihiKeQHqOP7Ye6Fn7gbsSozRciK5PqcZwWnaJ942flk8kvSnKaAEI0VBIjP4TJIiIBfTUms268rOGYv_4peX13GqWSaQbxJF7MHjKVXLerdzf4vSljr2aDg8t-770B_cyij7FrEGXvLBgKm2u8MIV6KySjkXX1xZ-_iqmufhcAeRX5i27qQW2gNFf_UE19bh5akZpFh-v_Q8tFPLTmXi5SrGiHuAbJhxm8NYA1Uqi14n1-UQaSrPaxjjlVIKSPPWUfCFHIssu6p3s78bMBxHffnhu7h03toXntz5ZY0ruiKMHr5UeCFgO8Zf1Y88_tAE6x-pJzWj-NAGq6j5eWGvm0H8t2dQjLTkT8SkdRq_Usik6cWedemBy3Y-iPtQNhByVh1j3u1_Ptbe07QalFpz39CP-tKxnHOCeG75mja5bQaLS0800aX_10k-EE9VlNWgfdqtkCTiOFhxtNakNjqGS9_P_tkMPWNB-1CzCpWpIuyLi3yZqnNL5sbTx5Jxm92GLY4Tbo7rrxS76nZR_ekXbsfZztY8sVnsHo9sMtInrITKhKh70kjcnXoPPCDDirOWUS1moAKI0W-oNpGvv0dkE9exwinaJLAFvcTHI3I9t0y6Af38qZ4-eXBTfhE7fBgJ9IJmLxSbMaD6bw7RJbyOK_aThlfsp6QRYHZcO7VORwf_m7IMQJelJ9tYlL38mSnWwx-RLgZOvOHN_LH-W47AIiTmRUnJzpw_f5dNMdAOXKxcF_smAJVTUQLchziodX-XaL5owfphegKzeSzjZhkidJ9qzYHRyEUjMixo91IBWpZiobPzq4bLHwzuaRuUXntd_Be5Yj0nE9pY7vtyVk5eZLRORMoSR68o6Ra3hcKAPhkr3QAVrdhXWeuab26Nw70QTvyjvde4DCvto-xxmXuwwc56SJonsBTzogXGvIKvkmZ-q33pJ0UUvoH4OYkXXxC2GjvyLxg87oZBkLbcD6gZBx8QDbfAn8ZvPP_Y6lCx9SXlcGmpeU0B8XtPJjrTp76EapvnyOZEe4SsqSl4lnawPwvyfA69YJMgCOPA72LBxs9z9kfEwMLmP2B5bmuNP568ZIR4VRojfEYDjoKdXw6kezBtoA6ep_DBbFSmcJxBJIy9q5dth9oy7_wgmwvElQrbddR2KSeo2P-cEU__ZybGMQU4bUJAPwUKW1ebgKozic-6kWkuWH0wSkWLPDdSu_-iUXZLbTCnGOhOxGiRMrCl3ZVxxXQBIGvBCUqR83KiU0AegxfykwPLAZCkgUpWEK1Af9azWE4_cAau-TOfkXdae7_YUd38Kreamisug4IGpQ2Nc8ci0gZ0s2GsuQw8J5dmo2mbgXlOAv931xFBwmuttSWeXmQU&cid=CAASEuRosQ2jiBJvGwBu7FLTyTPKDw&rfl=1%2Chttps%253A%252F%252Fhr.chicadventureit.com%252F%240

Requested by

Host: hr.chicadventureit.com
URL: https://hr.chicadventureit.com/50-compassionate-condolence-messages

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fc4669514762ea623a6e40f9518ae7189fd0bc72a61fb6dca3ac833ea27598a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Feb 2022 15:07:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15743
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3F58 42 B
63 B 40ms
39ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C1E_Yd2C1xQJsxyMNPtcVQgzgc4PqpUEHLwR8w7PYFQUIB6X5E51CzArELc5ZBMqkp0vemzofatyCmigF_-jFUaR56aHZ58hnJ87dZ4MvkyaRZS9E

Requested by

Host: b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com
URL: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Feb 2022 15:07:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 3F58 2 KB
3 KB 23ms
22ms Script
text/javascript 37.157.4.25
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=40760430;click=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CXgpHs3sGYuTbFvqK7_UP3_-ckA634IGyYe_VyuffDZHVnIPMKhABIKqAwyJglfrwgYwHoAHTxpiYA8gBCakCdRcF0ycdsz6oAwGqBPcBT9AbEqv1WeuFkYi5tSci4Vg_FhtUIesWiLaitipWDlwT8TkqBhx4hv5hUqLusdy0QJAzWsV0pErh8fdq6p7HxwhZrTCmdCmNI8BhldhF9bHGsPLjZVsIVBhzkIOzoqMB8soGBK_Lh80JJnJt3G9L6DN6nmRdQ31xYpnGLRlTxnTu6a7HtIOnbZYkJI9bRMG6yEBOwZMAMp4TDTU9PqpgyrMvMrtsGNdsbWeomZY5gx1ULemmdHB0aS3PB8YcV7SXClfU3ZZvnaUkxp_6P5K4qOGirQso3WGpztD4Kp519n66WBt27c3aLL2Gv45lzb0hoJ7SKLdcfcAEu7m71bYD4AQDkAYBoAZNgAeVuednqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi03OTQ0NzI2NzAwNjA0NzAxgAoDmAsByAsBgAwBsBOUx4gO2BMLiBQB2BQB0BUB-BYBgBcB&ae=1&num=1&cid=CAASEuRosQ2jiBJvGwBu7FLTyTPKDw&sig=AOD64_3Xshm8mCqFRaQ_QefezjxHsdFqlA&client=ca-pub-5512390705137507&dbm_c=AKAmf-DQyLLEQ45f3oNgKbk_1wSo_R9_uMdH4r6M1J1zLgm9GdSolq_Mp30mDZ5QywDU-ernjWJ_ZWtF6_YSm-TCRzkvlFUKs3V0HBtRh_aPgkQmwswtZfiiwSBMfdZsS_htQsZ7rdm93Oebo-EC5AnO5Eiy5q2ojg&cry=1&dbm_d=AKAmf-BsAh_FVU2cJdT2gTCRqaIQp1p-qUp5Oh2Q99XxTI1sNgdENB4RU2w30bDC0TMI2SzErtCoXqo-SiJ2Fa9X0BbnHXUKdlFy1ADeR2-ARPc2FdjE_Yyw55hgNRytfAxcK2eG9-VSpoG7rbdotn3R_CLx4Kw6ltrwQRdhsD70WYPjHQxfGZ6bMCJL7Jmbo7lmQjylFFK1pmLRja8QqblWtuF0fUAuANNLHk2rHtI_EYJPeJQUyRARiNG897Z2vURl2pYQodHhLBSUb8oB_g5I94LjsJ134wgXvwEK9Qd8cMHhBxnOBFQxqCu2vN4X0udwFX8oRl7H00AAwb5agdj67iIeifMIvsHVovnyJOK-cRrY_6jHMpX3nqgOyg4kVbU9t6gs6Ml5POQWOl9o56e9Crd5VEczJN4Kz78u_GihXjNQtNXul6onnh34G-_IKDwFpZ1r5srgoTqVF3GKZOTU2-1112hrS1c4Yx4HUg0SrXey-9TfRstMSdLl_RcilnELZHiE8GFi&adurl=

Requested by

Host: b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com
URL: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.25 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

bc32b244ac4e9a0a33691bb9109b82a1778c8bda69e3a580e460107243108e0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Feb 2022 15:07:31 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 2161
expires: -1

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/ Frame 3F58 2 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/window_focus_fy2019.js

Requested by

Host: b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com
URL: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:05:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 138
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 25 Feb 2022 15:05:13 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3F58 124 KB
38 KB 52ms
16ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com
URL: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

096ebe5196b95f66c1c0b9f3dcea9e6e3f40f2d55cd5933af5e4942adb232593

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38562
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1644410386637351"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 11 Feb 2022 15:07:31 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/ Frame 3F58 15 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com
URL: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1460e4ba5d8a29324c75f80802081c73d2143d8c9581a84ca3df707fbc6e477c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:04:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 182
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6367
x-xss-protection: 0
server: cafe
etag: 17798303060702513824
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 25 Feb 2022 15:04:29 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 3F58 0
0 33ms
16ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ7ek_7T1lJduuwvO2KkzgJ4J-ImmC732FJFZOS3DHyCPC2CjoJTcpBbLGYmUypH4hw7zUJxIZwUIkaFDAossp0P3p0AQ
Requested by: Host: b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com
URL: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame FE2E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKvszsyUVNql_0WHPIDAryc&google_cver=1

43 B
894 B

25ms
25ms

Image
image/gif

184.30.24.241
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKvszsyUVNql_0WHPIDAryc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMwDENi0ZBi6qpSTATAB&v=APEucNURoMg265eIlmGM596VfxtOVT8CPX02LTrb9MGznFuTBrBfFkTt3ZflY-VHS2Mp1NnvD8gX880Art2POOwnA9jz5VwZsMg56L21rfZPhkM-8HZMHk0maP3bG67ZPi9s17jKdIxbhwrfLrl3QFoKQnEW90NATb0FDtr7w712sWQFa2JtOP69JZBstnI8YMbOxdA6SFfqsgELNTbDJaRkxpPKfgUGDg
Protocol: HTTP/1.1
Server: 184.30.24.241 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-24-241.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 11 Feb 2022 15:07:31 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 11 Feb 2022 15:07:31 GMT

Redirect headers

pragma: no-cache
date: Fri, 11 Feb 2022 15:07:31 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKvszsyUVNql_0WHPIDAryc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame FE2E
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YgZ7s09t3Q9Tq1FJijSRgAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKvszsyUVNql_0WHPIDAryc&google_cver=1

43 B
894 B

12ms
12ms

Image
image/gif

184.30.24.241
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKvszsyUVNql_0WHPIDAryc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMwDENi0ZBi6qpSTATAB&v=APEucNURoMg265eIlmGM596VfxtOVT8CPX02LTrb9MGznFuTBrBfFkTt3ZflY-VHS2Mp1NnvD8gX880Art2POOwnA9jz5VwZsMg56L21rfZPhkM-8HZMHk0maP3bG67ZPi9s17jKdIxbhwrfLrl3QFoKQnEW90NATb0FDtr7w712sWQFa2JtOP69JZBstnI8YMbOxdA6SFfqsgELNTbDJaRkxpPKfgUGDg
Protocol: HTTP/1.1
Server: 184.30.24.241 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-24-241.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 11 Feb 2022 15:07:31 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 11 Feb 2022 15:07:31 GMT

Redirect headers

pragma: no-cache
date: Fri, 11 Feb 2022 15:07:31 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKvszsyUVNql_0WHPIDAryc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame FE2E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEG_o9vbUMxofzKnmsm8MjqQ&google_cver=1

43 B
1002 B

45ms
45ms

Image
image/gif

185.33.220.100
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEG_o9vbUMxofzKnmsm8MjqQ&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMwDENi0ZBi6qpSTATAB&v=APEucNURoMg265eIlmGM596VfxtOVT8CPX02LTrb9MGznFuTBrBfFkTt3ZflY-VHS2Mp1NnvD8gX880Art2POOwnA9jz5VwZsMg56L21rfZPhkM-8HZMHk0maP3bG67ZPi9s17jKdIxbhwrfLrl3QFoKQnEW90NATb0FDtr7w712sWQFa2JtOP69JZBstnI8YMbOxdA6SFfqsgELNTbDJaRkxpPKfgUGDg

Protocol

HTTP/1.1

Server

185.33.220.100 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

399.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 11 Feb 2022 15:07:31 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 399.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 4ac581d6-55cb-488b-be75-084a53180082
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 11 Feb 2022 15:07:31 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEG_o9vbUMxofzKnmsm8MjqQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame FE2E
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTQ0MTEyNDAwNDM4NjQ4NDc5NA%3D%3D

170 B
243 B

32ms
32ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTQ0MTEyNDAwNDM4NjQ4NDc5NA%3D%3D

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Feb 2022 15:07:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 11 Feb 2022 15:07:31 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 399.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 11915add-fe50-4365-a73b-a922abd1c009
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTQ0MTEyNDAwNDM4NjQ4NDc5NA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220209/r20110914/ Frame 3F58 24 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220209/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BTwu2Oktw-hOWFqeI7L2PP2iB3JrnWRO5A8EU0SX_VuZwuY5RerV_zCVXscn6SyCfb4bVFXMdtc66C5KcYF_uX_iY5aMkxHVHIogGjTfRotJGojJxwGVvSyZyqP00p-j_xOtXSCTTRxxe1QXAICD_vfx-aPw&cry=1&dbm_d=AKAmf-AztYtnO0KWXrrV9FsCskRCUIYI7uexJKqBuhfKubIyPcWN1iur8_z4KE2vAuj_7An9aHm2q7krgCDTMgAmiWrTkzPwViZgjxoRSogTpDroIUdwdMok2vPd_cozOSO4E9hm34kGCMEk_3m5ZZqkDN6jjIpsUMEQJpgs2aXW_Ojsagw6mFeXyUm2v2IV-tPp6DCI-5KFcrasmXR7rVn4qV-xGJ5TqJZqDZkeejoDF03R_O4j9P8v3ijnL-HPBJ7yn_9o-dUtqzLwn2gAC-LAOQZIDlNwuFCIpgLgHqlz-R9JKxHmIobdnkBxLk9_7s8lIBFI3JmjA53jzLscfT1IfERVL5dXdiKOcpRcESH_kp8nkSa2dcR4L4xmwL8Ys9pJeZebMKMWZosV7ekmPIBPzuuxAMbVxzKRQ5yvQM2JX4zyGE_8H1NwOF_rO0fS9y1tlOnO9Q4lcGR0L67imvl41a-c7ZZNem363kvSu-9TVZodutcVzRWyfu1FbRKtKD4yupvd9twi29xQ43p5GRVQLZWvkFjLY8GPZ2SPfEVCARUqEqLtMBEtDlFQGl30I33Z7cHQKq79BAMTP8KLN-iGR1WjwLbvAvpW-spOeuzxCzDLFQE4K-px3skx0sk6BSSl74PgV5h_yhWy8gpVeM0ntgZmR8284QjWcftkmtoYpMZcgKPGDNrGGnybYMRHO3NJw7aPvMsSBdJTYJ8imVVtm2f0YJ1FT3yJyB7ukerPA2wKUAUZtJVYu4DMWEVIZry3rhVcHUQ2Gwwiyf1sdv4-9mw2D91bvfiyuXMZ18nK8_-11lWivx1cKNPevny6FA68IEzphIm2BCeRAJxRfYsXHQR2TaOzZ_cgTFS6Dt5997Pu2oZDKwzavGoeMsbQ_MgjF1MDmbDuik1W_o-m3Q9O8EhZyNNMbrRBFlbToykSlUpz7jIffBMwPWdBaiWaq7J_PJNMWOKpSYu0UV4PAOfPEN_vLUBRC_y3b3kJ7hEOEfThwwmPeX357ypu-tlFC0sJ9A9esXFZiB3XnQU3IkPuB5aTezyF2v9ZhK8w97RP025rabrzxO7-ukOOtFZD-5XSmWq180ji49LshUObEFq3aKdyYP5H7igif3IruQQG2vFwUKXzUX7M5q6X52f3LwJnhjxdf7IXIMULqGv_H_K44vibfco6qNvH3Bl7V3Jvg3sjzNW9v56UpI1wt71yvWi01Z-w7ksfkBHna4ZpUBcnX_mKzCUnRT3ak5Buq6MMb-darHtHHm6aE5hsMya_eQ-d97qLFxSfsQGD63fdMWvIOriA_VqYHzlOG7UF-9-0uG0GbPGmEA1guikM-TuxkTJ8L0i2xbvPVCh1YVpRrCOqhpPk8Ipun10JrVFQ5S7OTWMCD3_NLyImBkzqlYGycYo9CaxmehEbHhlMzrRecMfRBgEeVS32WsI3JbA7SFMEOjpfQ6U1u6phnQEapuPqdnvHs63B-7J1OjJypNM3oxK87isO9yiCOppda2W085B39VJeLuyx4Iu_LZ7C6t3GeVQKpMCIxHJkZRbUIZOZkmTTl3axgW3PEbOBDFUKp8PsmjxYOyrHB8Bk8hQuYtQ6IndxcjPLMc1S6ZqNQiyHtTJm5TaVjEqvDdJiQgIax03TmVT4bky5EejhL-Iz2F2mSp1r4ym4GRe-NOWIC0_92FNlMBqPBqqW4zuGfXtHJVFzBUXTmfQHGafn8btekcI1xIEQKoBJAc-QuLG8J_nGx--iVBqzfxCXnuxvjziWn9nf5boToj1cV1k88qbRW8lkLYQDsl4lrgwBqoMfAg2dO_Y_fJrJtN3cjCZfvE0asU4FD_xEZ7VECQsovU5bVJeIyeEPBwDNG2QUr5DuSMN4m3VKokSznhaLsYaA4X2AfJHfDR4sVU4JllZf5e8TUsi41O0OIs1itsK2OJpllhhXk0Fb_3OihiKeQHqOP7Ye6Fn7gbsSozRciK5PqcZwWnaJ942flk8kvSnKaAEI0VBIjP4TJIiIBfTUms268rOGYv_4peX13GqWSaQbxJF7MHjKVXLerdzf4vSljr2aDg8t-770B_cyij7FrEGXvLBgKm2u8MIV6KySjkXX1xZ-_iqmufhcAeRX5i27qQW2gNFf_UE19bh5akZpFh-v_Q8tFPLTmXi5SrGiHuAbJhxm8NYA1Uqi14n1-UQaSrPaxjjlVIKSPPWUfCFHIssu6p3s78bMBxHffnhu7h03toXntz5ZY0ruiKMHr5UeCFgO8Zf1Y88_tAE6x-pJzWj-NAGq6j5eWGvm0H8t2dQjLTkT8SkdRq_Usik6cWedemBy3Y-iPtQNhByVh1j3u1_Ptbe07QalFpz39CP-tKxnHOCeG75mja5bQaLS0800aX_10k-EE9VlNWgfdqtkCTiOFhxtNakNjqGS9_P_tkMPWNB-1CzCpWpIuyLi3yZqnNL5sbTx5Jxm92GLY4Tbo7rrxS76nZR_ekXbsfZztY8sVnsHo9sMtInrITKhKh70kjcnXoPPCDDirOWUS1moAKI0W-oNpGvv0dkE9exwinaJLAFvcTHI3I9t0y6Af38qZ4-eXBTfhE7fBgJ9IJmLxSbMaD6bw7RJbyOK_aThlfsp6QRYHZcO7VORwf_m7IMQJelJ9tYlL38mSnWwx-RLgZOvOHN_LH-W47AIiTmRUnJzpw_f5dNMdAOXKxcF_smAJVTUQLchziodX-XaL5owfphegKzeSzjZhkidJ9qzYHRyEUjMixo91IBWpZiobPzq4bLHwzuaRuUXntd_Be5Yj0nE9pY7vtyVk5eZLRORMoSR68o6Ra3hcKAPhkr3QAVrdhXWeuab26Nw70QTvyjvde4DCvto-xxmXuwwc56SJonsBTzogXGvIKvkmZ-q33pJ0UUvoH4OYkXXxC2GjvyLxg87oZBkLbcD6gZBx8QDbfAn8ZvPP_Y6lCx9SXlcGmpeU0B8XtPJjrTp76EapvnyOZEe4SsqSl4lnawPwvyfA69YJMgCOPA72LBxs9z9kfEwMLmP2B5bmuNP568ZIR4VRojfEYDjoKdXw6kezBtoA6ep_DBbFSmcJxBJIy9q5dth9oy7_wgmwvElQrbddR2KSeo2P-cEU__ZybGMQU4bUJAPwUKW1ebgKozic-6kWkuWH0wSkWLPDdSu_-iUXZLbTCnGOhOxGiRMrCl3ZVxxXQBIGvBCUqR83KiU0AegxfykwPLAZCkgUpWEK1Af9azWE4_cAau-TOfkXdae7_YUd38Kreamisug4IGpQ2Nc8ci0gZ0s2GsuQw8J5dmo2mbgXlOAv931xFBwmuttSWeXmQU&cid=CAASEuRosQ2jiBJvGwBu7FLTyTPKDw&rfl=1%2Chttps%253A%252F%252Fhr.chicadventureit.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

406dae81a8e95037a3bca53ca771f446df097cf86084d76de62fd308e2bf32a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:05:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 135
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9577
x-xss-protection: 0
server: cafe
etag: 11201793935764353180
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 25 Feb 2022 15:05:16 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 3F58 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 10 Feb 2022 17:40:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77214
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 10 Feb 2023 17:40:37 GMT

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 3F58 33 KB
16 KB 161ms
18ms Script
text/javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=40760430;click=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CXgpHs3sGYuTbFvqK7_UP3_-ckA634IGyYe_VyuffDZHVnIPMKhABIKqAwyJglfrwgYwHoAHTxpiYA8gBCakCdRcF0ycdsz6oAwGqBPcBT9AbEqv1WeuFkYi5tSci4Vg_FhtUIesWiLaitipWDlwT8TkqBhx4hv5hUqLusdy0QJAzWsV0pErh8fdq6p7HxwhZrTCmdCmNI8BhldhF9bHGsPLjZVsIVBhzkIOzoqMB8soGBK_Lh80JJnJt3G9L6DN6nmRdQ31xYpnGLRlTxnTu6a7HtIOnbZYkJI9bRMG6yEBOwZMAMp4TDTU9PqpgyrMvMrtsGNdsbWeomZY5gx1ULemmdHB0aS3PB8YcV7SXClfU3ZZvnaUkxp_6P5K4qOGirQso3WGpztD4Kp519n66WBt27c3aLL2Gv45lzb0hoJ7SKLdcfcAEu7m71bYD4AQDkAYBoAZNgAeVuednqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi03OTQ0NzI2NzAwNjA0NzAxgAoDmAsByAsBgAwBsBOUx4gO2BMLiBQB2BQB0BUB-BYBgBcB&ae=1&num=1&cid=CAASEuRosQ2jiBJvGwBu7FLTyTPKDw&sig=AOD64_3Xshm8mCqFRaQ_QefezjxHsdFqlA&client=ca-pub-5512390705137507&dbm_c=AKAmf-DQyLLEQ45f3oNgKbk_1wSo_R9_uMdH4r6M1J1zLgm9GdSolq_Mp30mDZ5QywDU-ernjWJ_ZWtF6_YSm-TCRzkvlFUKs3V0HBtRh_aPgkQmwswtZfiiwSBMfdZsS_htQsZ7rdm93Oebo-EC5AnO5Eiy5q2ojg&cry=1&dbm_d=AKAmf-BsAh_FVU2cJdT2gTCRqaIQp1p-qUp5Oh2Q99XxTI1sNgdENB4RU2w30bDC0TMI2SzErtCoXqo-SiJ2Fa9X0BbnHXUKdlFy1ADeR2-ARPc2FdjE_Yyw55hgNRytfAxcK2eG9-VSpoG7rbdotn3R_CLx4Kw6ltrwQRdhsD70WYPjHQxfGZ6bMCJL7Jmbo7lmQjylFFK1pmLRja8QqblWtuF0fUAuANNLHk2rHtI_EYJPeJQUyRARiNG897Z2vURl2pYQodHhLBSUb8oB_g5I94LjsJ134wgXvwEK9Qd8cMHhBxnOBFQxqCu2vN4X0udwFX8oRl7H00AAwb5agdj67iIeifMIvsHVovnyJOK-cRrY_6jHMpX3nqgOyg4kVbU9t6gs6Ml5POQWOl9o56e9Crd5VEczJN4Kz78u_GihXjNQtNXul6onnh34G-_IKDwFpZ1r5srgoTqVF3GKZOTU2-1112hrS1c4Yx4HUg0SrXey-9TfRstMSdLl_RcilnELZHiE8GFi&adurl=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 3d0bf782b47dcd079eedf6bb34ecb0742c114a4e4b90e37a58a412482101b475

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:31 GMT
content-encoding: gzip
last-modified: Thu, 10 Feb 2022 15:16:56 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Sat, 12 Feb 2022 18:42:57 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 9E81 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Feb 2022 14:25:50 GMT
expires: Fri, 10 Feb 2023 14:25:50 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 88901
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 O0zcrAsc3s2SKI8Tuz5umMJoYZUI79PNRri5GeZhfeg.js Show response
pagead2.googlesyndication.com/bg/ Frame 9E81 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/O0zcrAsc3s2SKI8Tuz5umMJoYZUI79PNRri5GeZhfeg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b4cdcac0b1cdecd92288f13bb3e6e98c268619508efd3cd46b8b919e6617de8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 12:45:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8511
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13545
x-xss-protection: 0
last-modified: Tue, 08 Feb 2022 16:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 11 Feb 2023 12:45:40 GMT

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 3F58 12 KB
4 KB 24ms
24ms Script
text/javascript 37.157.4.25
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?CC=1&bn=40760430;click=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CXgpHs3sGYuTbFvqK7_UP3_-ckA634IGyYe_VyuffDZHVnIPMKhABIKqAwyJglfrwgYwHoAHTxpiYA8gBCakCdRcF0ycdsz6oAwGqBPcBT9AbEqv1WeuFkYi5tSci4Vg_FhtUIesWiLaitipWDlwT8TkqBhx4hv5hUqLusdy0QJAzWsV0pErh8fdq6p7HxwhZrTCmdCmNI8BhldhF9bHGsPLjZVsIVBhzkIOzoqMB8soGBK_Lh80JJnJt3G9L6DN6nmRdQ31xYpnGLRlTxnTu6a7HtIOnbZYkJI9bRMG6yEBOwZMAMp4TDTU9PqpgyrMvMrtsGNdsbWeomZY5gx1ULemmdHB0aS3PB8YcV7SXClfU3ZZvnaUkxp_6P5K4qOGirQso3WGpztD4Kp519n66WBt27c3aLL2Gv45lzb0hoJ7SKLdcfcAEu7m71bYD4AQDkAYBoAZNgAeVuednqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi03OTQ0NzI2NzAwNjA0NzAxgAoDmAsByAsBgAwBsBOUx4gO2BMLiBQB2BQB0BUB-BYBgBcB&ae=1&num=1&cid=CAASEuRosQ2jiBJvGwBu7FLTyTPKDw&sig=AOD64_3Xshm8mCqFRaQ_QefezjxHsdFqlA&client=ca-pub-5512390705137507&dbm_c=AKAmf-DQyLLEQ45f3oNgKbk_1wSo_R9_uMdH4r6M1J1zLgm9GdSolq_Mp30mDZ5QywDU-ernjWJ_ZWtF6_YSm-TCRzkvlFUKs3V0HBtRh_aPgkQmwswtZfiiwSBMfdZsS_htQsZ7rdm93Oebo-EC5AnO5Eiy5q2ojg&cry=1&dbm_d=AKAmf-BsAh_FVU2cJdT2gTCRqaIQp1p-qUp5Oh2Q99XxTI1sNgdENB4RU2w30bDC0TMI2SzErtCoXqo-SiJ2Fa9X0BbnHXUKdlFy1ADeR2-ARPc2FdjE_Yyw55hgNRytfAxcK2eG9-VSpoG7rbdotn3R_CLx4Kw6ltrwQRdhsD70WYPjHQxfGZ6bMCJL7Jmbo7lmQjylFFK1pmLRja8QqblWtuF0fUAuANNLHk2rHtI_EYJPeJQUyRARiNG897Z2vURl2pYQodHhLBSUb8oB_g5I94LjsJ134wgXvwEK9Qd8cMHhBxnOBFQxqCu2vN4X0udwFX8oRl7H00AAwb5agdj67iIeifMIvsHVovnyJOK-cRrY_6jHMpX3nqgOyg4kVbU9t6gs6Ml5POQWOl9o56e9Crd5VEczJN4Kz78u_GihXjNQtNXul6onnh34G-_IKDwFpZ1r5srgoTqVF3GKZOTU2-1112hrS1c4Yx4HUg0SrXey-9TfRstMSdLl_RcilnELZHiE8GFi&adurl=;js=1;adfxid=1x;10337;set=en-US|en-US|1600X1200|0|350|300|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;fd=0|0&CREFURL=https%3A%2F%2Fhr.chicadventureit.com

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.25 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

d88ce218f8e38ee2a915eaee465c31478577ad4350b61aee77d86ae5ed754815

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Feb 2022 15:07:32 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 3774
expires: -1

GET
H2 200 /
track.adform.net/jsmetrics/ Frame 3F58 43 B
208 B 20ms
20ms Image
image/gif 37.157.4.25
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.adform.net/jsmetrics/?adfserve=30&asset=167&sid=276&rid=10436&cid=35175

Requested by

Host: b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com
URL: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.25 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:32 GMT
last-modified: Wed, 11 Oct 2017 14:26:30 GMT
server: nginx
etag: "59de2a16-2b"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
accept-ranges: bytes
content-length: 43

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 63E1 1 KB
749 B 8ms
7ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com
URL: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Fri, 11 Feb 2022 05:53:44 GMT
expires: Sat, 12 Feb 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 33228
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 3F58 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3c042ede6fcbb114fdd58a8e1e4cda99444cea8d3d45ba4cf0f316120345df7e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 63E1 0
173 B 180ms
14ms Image
text/plain 34.96.105.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEEdouZTi_79q4vv6i0t9fos&google_cver=1&google_push=AYg5qPLF0UwBO3wKTx7HD_qP-K8RrawL6N6yut6WSdI94PXgZFnd6j_JLR4Q0igvsrVOa3QA0ksQA72gRqTlDv9uFpDVNGkWijHF
Requested by: Host: b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com
URL: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:32 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 63E1
Redirect Chain

https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESEDsTo-KkhX8FmhKQ2DvUHpo&google_cver=1&google_push=AYg5qPL6d9afBI2k6q0mGltXiWNfMM5jW3SmHsREmZu3RwrzqS63DhlVjVI1D6nIV06GPuIBAjPOW5vhUiV...
https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPL6d9afBI2k6q0mGltXiWNfMM5jW3SmHsREmZu3RwrzqS63DhlVjVI1D6nIV06GPuIBAjPOW5vhUiVohgL0hqtdTmxFbfUA

170 B
188 B

33ms
33ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPL6d9afBI2k6q0mGltXiWNfMM5jW3SmHsREmZu3RwrzqS63DhlVjVI1D6nIV06GPuIBAjPOW5vhUiVohgL0hqtdTmxFbfUA

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Feb 2022 15:07:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AYg5qPL6d9afBI2k6q0mGltXiWNfMM5jW3SmHsREmZu3RwrzqS63DhlVjVI1D6nIV06GPuIBAjPOW5vhUiVohgL0hqtdTmxFbfUA
Date: Fri, 11 Feb 2022 15:07:32 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET us
sync.go.sonobi.com/ Frame 63E1 0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 63E1
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEGr2y3HRqdLsP6VTT8hmFrI&google_cver=1&google_push=AYg5qPIRcC2SVeLa3HCVB90-e6_HLmBUNXd2dx5mUIEEv_44oXgwQRSggHuVEyK0guNockuPWSAp9loRN2riu2iQh99iEjv2bmHC
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AYg5qPIRcC2SVeLa3HCVB90-e6_HLmBUNXd2dx5mUIEEv_44oXgwQRSggHuVEyK0guNockuPWSAp9loRN2riu2iQh99iEjv2bmHC&goog...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NTY4NDczNjIzMjg0OTgyOTkyMzA4&google_push=AYg5qPIRcC2SVeLa3HCVB90-e6_HLmBUNXd2dx5mUIEEv_44oXgwQRSggHuVEyK0...

170 B
188 B

35ms
34ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NTY4NDczNjIzMjg0OTgyOTkyMzA4&google_push=AYg5qPIRcC2SVeLa3HCVB90-e6_HLmBUNXd2dx5mUIEEv_44oXgwQRSggHuVEyK0guNockuPWSAp9loRN2riu2iQh99iEjv2bmHC

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Feb 2022 15:07:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NTY4NDczNjIzMjg0OTgyOTkyMzA4&google_push=AYg5qPIRcC2SVeLa3HCVB90-e6_HLmBUNXd2dx5mUIEEv_44oXgwQRSggHuVEyK0guNockuPWSAp9loRN2riu2iQh99iEjv2bmHC
date: Fri, 11 Feb 2022 15:07:32 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 204 pub
cs.chocolateplatform.com/ Frame 63E1 0
122 B 327ms
96ms Image
text/plain 35.212.101.174
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESELl15Wt__T8T2lBRt2Jdo-Y&google_cver=1&google_push=AYg5qPKj8Rhj1V5fwmLcLjno5VKBvmYpCbFwtO_6HuV1tWbUp--1cnZaKHURbk0RMglLz-0Mzs_mwZhPQ49I1DqGzvIgDgQ_7hDD
Requested by: Host: b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com
URL: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.212.101.174 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 174.101.212.35.bc.googleusercontent.com
Software: Chocolate Cookie Sync Powered by Vdopia /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:32 GMT
via: 1.1 google
server: Chocolate Cookie Sync Powered by Vdopia
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 63E1
Redirect Chain

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEHr7BKX0qzBbw_GzfBUOzZA&google_cver=1&google_push=AYg5qPJoGc3BBEgIrkeWCvIYEWGmH83cDJh3ZHciL3SKNsFrGctN05mv...
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEHr7BKX0qzBbw_GzfBUOzZA&google_cver=1&google_push=AYg5qPJoGc3BBEgIrkeWCvIYEWGmH83cDJh3ZHciL3SKNsFrGctN05mv...
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEHr7BKX0qzBbw_GzfBUOzZA&google_cver=1&google_push=AYg5qPJoGc3BBEgIrkeWCvIYEWGmH83cDJh3ZHciL3SKNsFrGctN05...
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEHr7BKX0qzBbw_GzfBUOzZA&google_cver=1&google_push=AYg5qPJoGc3BBEgIrkeWCvIYEWGmH83cDJh3ZHciL3SKNsFrGctN05...
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVA1NjQ0M2IxMS04YjRjLTExZWMtOGI3YS0wMmIyNzEzNGI1ODA%3D&google_push=AYg5qPJoGc3BBEgIrkeWCvIYEWGmH83cDJh3ZHciL3SKNsFrGctN05mv-txSA-kucO...

170 B
188 B

33ms
33ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVA1NjQ0M2IxMS04YjRjLTExZWMtOGI3YS0wMmIyNzEzNGI1ODA%3D&google_push=AYg5qPJoGc3BBEgIrkeWCvIYEWGmH83cDJh3ZHciL3SKNsFrGctN05mv-txSA-kucOVlgrAp5_J6xyWOSAV4vrETAq9LvN_g1Iripw

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Feb 2022 15:07:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVA1NjQ0M2IxMS04YjRjLTExZWMtOGI3YS0wMmIyNzEzNGI1ODA%3D&google_push=AYg5qPJoGc3BBEgIrkeWCvIYEWGmH83cDJh3ZHciL3SKNsFrGctN05mv-txSA-kucOVlgrAp5_J6xyWOSAV4vrETAq9LvN_g1Iripw
date: Fri, 11 Feb 2022 15:07:32 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 63E1
Redirect Chain

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEPbKDGKA15VmXYtBZF5HlwQ&google_cver=1&google_push=AYg5qPKKMrGGbxaR72AwOg0m5FguIZJ6redK4utqVRC1HrEzog1fdkVRuQpBvnTyLRQYKNPiazP8zcbMpyAZnEqzOI5R7T5...
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPKKMrGGbxaR72AwOg0m5FguIZJ6redK4utqVRC1HrEzog1fdkVRuQpBvnTyLRQYKNPiazP8zcbMpyAZnEqzOI5R7T567bminw&google_hm=NzQyNzUzM...

170 B
188 B

33ms
33ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPKKMrGGbxaR72AwOg0m5FguIZJ6redK4utqVRC1HrEzog1fdkVRuQpBvnTyLRQYKNPiazP8zcbMpyAZnEqzOI5R7T567bminw&google_hm=NzQyNzUzMzQ3MDkyNTk5OTY5OA==

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Feb 2022 15:07:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AYg5qPKKMrGGbxaR72AwOg0m5FguIZJ6redK4utqVRC1HrEzog1fdkVRuQpBvnTyLRQYKNPiazP8zcbMpyAZnEqzOI5R7T567bminw&google_hm=NzQyNzUzMzQ3MDkyNTk5OTY5OA==
Date: Fri, 11 Feb 2022 15:07:32 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 63E1 0
12 B 45ms
29ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KukaubIsVH_z7t6F7RJnHxb-ylYIyX9l7H1IT8demrpA_IJQ_ZhBCnKNkfxl5Kwj-xAv_GF1g

Requested by

Host: b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com
URL: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:32 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/ Frame 3F58 90 KB
39 KB 44ms
43ms Script
text/javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: f7e06ae449bdd4ebece6e26cdb36840f7cb19f28b57bbb6b8647a54535557d3f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:32 GMT
content-encoding: gzip
last-modified: Thu, 10 Feb 2022 15:16:56 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Sat, 12 Feb 2022 18:42:57 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9E81 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B-3Ios3sGYt6RL7HE7_UPmYuSiA0AAAAAOAHgBAI&bg=!4uGl4aXNAAbAtJCDwLQ7ACkAdvg8Wg0FjlxtVgvWZTRVS_pS1XaJqtnCwT_1qLBrg1Elr8jh7m1-WQIAAACiUgAAAAJoAQeZAwUHvxOPLjWtxjrOHEZCHj1HW1MwRk_dSPbMFskwgkxuog7c1nFN8nQKSsRXQIxk_qpyabu1qstr4v4Dy6G5Em-xM0omF_wdObdvxZaw3JhFCLLkERyeUIcU_K0yDqeJm4S0EIh58jwjEQ7yYwpbVBqjhJ5JoN_u49MwKV6JY_JBmZ7rqeUClcsZQ5CWc1HkpkxTKrHcXugQXVJzHZdewO5oYXbgDkm5Y-q4lspmSVSyb_-H5TMPaD_EqfoWNmGFqP_ugJikwLzgErn2vMjAgSrHKwkSeAtl9iTbEyBwcFuUuCUV1Sqh2eOBxnEigtw33iSA6krSfXyhsRi_TuKdGwS5R1kCANtJaeKnA5PWWVhqwsgs1ka5z8RR_iVSMBcK2dhYtr-p1KkEJEn0Gxam2i_UFtlaAP4ScckbUJzF58svAqrivK4e6Ksq5ZwlQTGWyFOKl20bNkFaafiSWdQja3OB4eGvLri_O--UIZ9rw6t7th9odjM9UQWJLznkxZ6RrNQOOEUiWOilcH197WCRLf6gCUdcpjXMPYcIAd136H96nVcKFMdIFknMlDEIzP4I34cv42V6Plw7vbLWh_NxLi0LMugFdpkgVr9_8CQv4EaXd2CgcH1tDYyVie4f4Y_7jU3rx2NlEIoacZtjdnmRvS6QvttDdR2pUidHwAm_rtfvsM_4VGXumay049_D9MrAZTNgenPtyd7LvrdzqmJ1qFju_0wQv1jnHtPLxgiXs5tvhMt7bsaT37JLgbXoHzWJK5wtL9EpGBfOfmkSpGkVFgkRMBbQxes8TgmLIPbtZr22C43UH8PhQWjN0XkmK918WimXXrX9o57NpuVZerOo7ctTgJFQChf_4SETd7AXdVU6Y03oF7R1h6zKP1aHTgOH9gtTUBBJyuTnReVu_PaAJlZlOStiEi7CGYiasgYuYDPqGw3Dk3rJNOwEkcDAq0iAsb7kopR13FRXd8rRLeOmglJONZMEywMHUc2RXKK96BomG2JFjgEl8t8DvT0_TV0KCGyWlteCDw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Feb 2022 15:07:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 /
track.adform.net/csimpr/ Frame 3F58 35 B
503 B 21ms
20ms Ping
image/gif 37.157.4.25
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=40760430&csi=lWYhcIn6bqnQeCACOlw5Jz3MsfcS7ivxqqomCW4HGlzrygPkIxxfkxsqyTQg62uWjk5BV5i33IdO_PsFeQ5gCN6vWmW1dlSa0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.25 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 11 Feb 2022 15:07:32 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 10866327.js Show response
s1.adform.net/Banners/Elements/Files/133175/10866327/ Frame E136 3 KB
1 KB 32ms
31ms Script
application/x-javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://s1.adform.net/Banners/Elements/Files/133175/10866327/10866327.js?ADFassetID=10866327&bv=514

Requested by

Host: hr.chicadventureit.com
URL: https://hr.chicadventureit.com/50-compassionate-condolence-messages

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

dfc68a85504ec8216fcb61a85d9c168a81b965a24b38d3c8714ada71a8842dfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:32 GMT
content-encoding: gzip
last-modified: Mon, 07 Feb 2022 17:34:38 GMT
server: nginx
etag: W/"6201582e-cbd"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2 200 Adform.DHTML.js Show response
s1.adform.net/banners/scripts/rmb/ Frame E136 30 KB
13 KB 22ms
22ms Script
application/x-javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=626
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:32 GMT
content-encoding: gzip
last-modified: Fri, 14 May 2021 12:35:21 GMT
server: nginx
etag: W/"609e6e89-76d9"
x-cache-status: HIT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2 200 336x280.gif
s1.adform.net/Banners/Elements/Files/133175/10866327/bvpath_514/assets/ Frame E136 67 KB
67 KB 29ms
29ms Image
image/gif 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/133175/10866327/bvpath_514/assets/336x280.gif

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

421d191244da6627830370375d5d2a24638e91263e5ac23b3ada92159959c912

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Fri, 11 Feb 2022 15:07:32 GMT
last-modified: Mon, 07 Feb 2022 17:34:39 GMT
server: nginx
etag: "6201582f-10c00"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/gif
content-length: 68608

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 3F58 42 B
0 92ms
76ms Fetch
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvu4EPodJAX4SwBsWznwS46J2cpKsk_mRcgkUUyLDs9nUjZx_05YbZCfGs9S8aqdotaenMqko6p5nrFxiyyH3T244IBubpYQQuqt4gWmQ1BBc_9YWhJWw&sai=AMfl-YQftd9a4G974XJedqBA-O0sUtEhbRriQYpZvLutNh1ZeB4k1_VQEGC-Klg3zEpmBPquGOaY7fzphJS_FzyfT67m9KWgPsbESrbW5t9P-nWuQng2iUc1xd-18CA&sig=Cg0ArKJSzAEiT8fo-S6ZEAE&cid=CAASEuRosQ2jiBJvGwBu7FLTyTPKDw&id=lidar2&mcvt=1000&p=669,457,953,793&mtos=211,1000,1000,1000,1000&tos=211,789,0,0,0&v=20220209&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2109172079&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1644592051646&rpt=422&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Feb 2022 15:07:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: chicadventureit.com
URL: https://chicadventureit.com/template/fonts/fontawesome-webfont.woff2?v=4.7.0

Domain: chicadventureit.com
URL: https://chicadventureit.com/template/fonts/fontawesome-webfont.woff?v=4.7.0

Domain: chicadventureit.com
URL: https://chicadventureit.com/template/fonts/fontawesome-webfont.ttf?v=4.7.0

Domain: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAYg5qPLz0fPIZ6VGVcJwuNpLjl5e0hm7haMFngenyhC_lWmAA8E2Aybq0JWSjrjh8e4fxsAnnopviyNWj-VrMCzzGvb-zMSQbt7F%26google_hm%3D%5BUID%5D&google_gid=CAESEBv7_PYEKMcWj120SrBNQ7Y&google_cver=1

Verdicts & Comments Add Verdict or Comment

53 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

28 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.go5s.biz/	1970-01-20 01:33:04	Name: uuid Value: 13abad5a-5cb4-4811-929a-bac8e2ee70ca
hr.chicadventureit.com/	1970-01-20 00:59:56	Name: __oagr Value: true
hr.chicadventureit.com/	1970-01-20 01:33:04	Name: _pbjs_userid_consent_data Value: 6683316680106290
hr.chicadventureit.com/	1970-01-20 09:35:28	Name: _sharedID Value: 84a24b38-65cd-4b32-817e-bd8d532e6b54
.adnxs.com/	1970-01-20 02:59:28	Name: uuid2 Value: 5441124004386484794
.adnxs.com/	1970-01-20 02:59:28	Name: icu Value: ChgI8Jt7EAoYAiACKAIwsveZkAY4AkACSAIQsveZkAYYAQ..
prebid.a-mo.net/	1970-01-20 09:35:28	Name: __amc Value: 2_1644592050_1644592050
.doubleclick.net/	1970-01-20 10:11:28	Name: IDE Value: AHWqTUmx6VyQQftYDGvJdQvJdbp2SCcuh4CVFqTlp_f1MS9kl4hxe0fr-SZfbfJnY6g
.chicadventureit.com/	1970-01-20 10:11:28	Name: __gads Value: ID=7497a47c867ea7b2:T=1644592050:S=ALNI_MaqzzKyBlpERCEwJYxFoayUmGrI_Q
.adform.net/	1970-01-20 01:30:11	Name: C Value: 1
.casalemedia.com/	1970-01-20 09:35:28	Name: CMID Value: YgZ7s09t3Q9Tq1FJijSRgAAA
.casalemedia.com/	1970-01-20 02:59:28	Name: CMPS Value: 3219
.casalemedia.com/	1970-01-20 02:59:28	Name: CMPRO Value: 1198
.casalemedia.com/	1970-01-20 00:51:18	Name: CMST Value: YgZ7s2IGe7MA
.casalemedia.com/	1970-01-20 09:35:28	Name: CMRUM3 Value: 2d62067bb32760CAESEKvszsyUVNql_0WHPIDAryc
.adnxs.com/	1970-01-20 02:59:28	Name: anj Value: dTM7k!M41.D>6NRF']wIg2In>m@#q)!]tbPl1M>e)ZlrFUfJ+tGXxoiM*o2u?U.Q(MXn#aCBfghOq>#$X^Xc^4JOGz3If)y3KL9D3I?+r:5P]]
.adform.net/	1970-01-20 02:16:12	Name: uid Value: 427945770961694670
.adform.net/	1970-01-20 00:59:56	Name: TPC Value: 1644592052015
.3lift.com/	1970-01-20 02:59:28	Name: tluid Value: 568473623284982992308
.advertising.com/	1970-01-20 09:36:54	Name: APID Value: UP56443b11-8b4c-11ec-8b7a-02b27134b580
.blismedia.com/	1970-01-20 09:35:32	Name: b Value: 62067BB47EC3F66286DAC608BLIS
.rfihub.com/	1969-12-31 23:59:59	Name: euds Value: H4sIAAAAAAAAAOOSMXR2dA12DUjydnH3djQ0DcuNiCxxinIz9cgpDwQASjrWfx4AAAA
.rfihub.com/	1970-01-20 10:11:28	Name: rud Value: H4sIAAAAAAAAAOMSNjcxMjc1NjYxN7A0MrW0tDSztBDiM9Qt83XNTTTMqDC3MPWT4jU0MzExtTQyMDUysjQFAIqacdU0AAAA
.rfihub.com/	1970-01-20 10:11:28	Name: eud Value: H4sIAAAAAAAAAOOSMXR2dA12DUjydnH3djQ0DcuNiCxxinIz9cgpDwziNTQzMTG1NDIwNTKyNH3FiMoHAO2PpoU9AAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNjcxMjc1NjYxN7A0MrW0tDSztBDiM9Qt83XNTTTMqDC3MPUDAKsVUbklAAAA
.adsby.bidtheatre.com/	1970-01-20 00:59:56	Name: __kuid Value: 5e6307fc-915e-4e19-b250-0d67fde9b73d.413806052
.yahoo.com/	1970-01-20 09:35:49	Name: A3 Value: d=AQABBLR7BmICEOOQm-ayhNSb-iPgKlLRGeIFEgEBAQHNB2IQYgAAAAAA_eMAAA&S=AQAAAnnrgmLcVu7Zo7FRQK6PoLM
.analytics.yahoo.com/	1970-01-20 09:36:54	Name: IDSYNC Value: 18wq~236f

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://hr.chicadventureit.com/50-compassionate-condolence-messages Message: Access to font at 'https://chicadventureit.com/template/fonts/fontawesome-webfont.woff2?v=4.7.0' from origin 'https://hr.chicadventureit.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://chicadventureit.com/template/fonts/fontawesome-webfont.woff2?v=4.7.0 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://hr.chicadventureit.com/50-compassionate-condolence-messages Message: Access to font at 'https://chicadventureit.com/template/fonts/fontawesome-webfont.woff?v=4.7.0' from origin 'https://hr.chicadventureit.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://chicadventureit.com/template/fonts/fontawesome-webfont.woff?v=4.7.0 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://hr.chicadventureit.com/50-compassionate-condolence-messages Message: Access to font at 'https://chicadventureit.com/template/fonts/fontawesome-webfont.ttf?v=4.7.0' from origin 'https://hr.chicadventureit.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://chicadventureit.com/template/fonts/fontawesome-webfont.ttf?v=4.7.0 Message: Failed to load resource: net::ERR_FAILED
network	error	Message: A bad HTTP response code (404) was received when fetching the script.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9873bb2aa8.85e954452d.com
a.rfihub.com
adservice.google.com
adservice.google.de
adx.adform.net
ajax.googleapis.com
b417495c4606256bdad370e0b66587b6.safeframe.googlesyndication.com
cdn.jsdelivr.net
chicadventureit.com
cm.g.doubleclick.net
cmp.optad360.io
cs.chocolateplatform.com
dsum-sec.casalemedia.com
eb2.3lift.com
get.optad360.io
go5s.biz
googleads.g.doubleclick.net
hr.chicadventureit.com
ib.adnxs.com
js.wpadmngr.com
js.wpshsdk.com
js.wpushsdk.com
match.adsby.bidtheatre.com
na.nawpush.com
notification.tubecup.net
p.skimresources.com
pagead2.googlesyndication.com
pixel.advertising.com
prebid-eu.creativecdn.com
prebid.a-mo.net
r.skimresources.com
s.skimresources.com
s1.adform.net
script.4dex.io
securepubads.g.doubleclick.net
sync.go.sonobi.com
t.skimresources.com
tpc.googlesyndication.com
tr.blismedia.com
track.adform.net
ups.analytics.yahoo.com
www.google.com
www.googletagservices.com
chicadventureit.com
sync.go.sonobi.com
142.250.184.226
142.250.185.194
147.75.38.124
151.139.128.11
159.65.197.210
184.30.24.241
185.184.8.65
185.33.220.100
188.166.135.13
193.0.160.129
2600:9000:223c:8a00:6:b871:4f00:93a1
2600:9000:225e:ba00:11:a4de:2580:93a1
2606:4700:20::681a:8a9
2606:4700:3033::ac43:b333
2606:4700::6810:5614
2a00:1450:4001:800::2002
2a00:1450:4001:801::2002
2a00:1450:4001:808::2001
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2004
2a00:1450:4001:828::2002
2a00:1450:4001:828::200a
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::2002
3.126.56.137
34.96.105.8
35.158.233.132
35.190.59.101
35.190.91.160
35.201.67.47
35.212.101.174
37.157.4.25
37.157.6.235
45.133.44.24
45.133.44.25
76.223.111.18
78.47.199.218
032c26a514768ff5c8079b7360e32656b45eca3fff802b1ec28d4185666e5886
040dfe48ef90ff97af8555676f9ad8e1287141a644c639f0b21cd25fa3ff9c4e
058a5858062d1a54e13e75a1489b8fe1caf92be57230271a7f704014b814929a
066834a3134ff801b713ae5f6404b3e6db0e320a49a7a5eadcc2e0146dd07cf4
096ebe5196b95f66c1c0b9f3dcea9e6e3f40f2d55cd5933af5e4942adb232593
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0be502b9446e16b338d36ccadac232f4a68ab74655f98fec415ccdbbccbf5729
0e1e83978ce85a1e05e73059aff03eccece8a18795f23f24a9811acb00f99a27
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
1460e4ba5d8a29324c75f80802081c73d2143d8c9581a84ca3df707fbc6e477c
1530691d7096753c4a33ff3d11be983fbec896774cffe9a3555c2c81e6f18906
2f499c632d806f66b96dda6cbd4cac0363d331885476a8ac1d9e8ac60954d720
31f5fbaa1ce56a0458779f6dc2b2f6532e8140755656e3fe852d84d609173897
32aa954c3520b1e7d84171524b0b57a0e6102d208155f0d0b07c19802721d5c7
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
3ad8b49b6936db89f1fbe3a01cd9ce28dcd12ad298e68135ca520a26312d8baf
3b4967adae332efd52187674d4335bd9ac73bb99229ff088c18eaadb115e82f9
3b4cdcac0b1cdecd92288f13bb3e6e98c268619508efd3cd46b8b919e6617de8
3c042ede6fcbb114fdd58a8e1e4cda99444cea8d3d45ba4cf0f316120345df7e
3d0bf782b47dcd079eedf6bb34ecb0742c114a4e4b90e37a58a412482101b475
406dae81a8e95037a3bca53ca771f446df097cf86084d76de62fd308e2bf32a5
421d191244da6627830370375d5d2a24638e91263e5ac23b3ada92159959c912
4720daad8daba83ee3b0e5e453f6b9d6d021b2ed5ef662c7dd801998c133b96d
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
6003b311e3ab12f52cd097fbd0ae3c2ed0c015406cb7d2863761f956ff4026e6
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
649157c8db813c0d1e6c8963bf25c369fc1bc62891e1d3c14c4d898b870287f8
6bd8e5080672ee5955ef342243439d7c7f38bcd8bfb9dcd0b55b74e0e22949b5
7109518959a6958168f639860050324f4f063fd1697f32677cf9d0180ab02453
7447c1664f6a06328cd895a4914acad40ad47827ebe00becbd570138ff7e785c
76b2296e484c72f06bf4d7f6373650df576a461806c5fa0f6abc410880f6ef36
7fc4669514762ea623a6e40f9518ae7189fd0bc72a61fb6dca3ac833ea27598a
80c0452c91c457644e83321a9dbb9fb7525bbc0a091508a7abd1d57440acb4a4
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
836426ff9e38252f442e810fb0c3fe47f693a2e6f69637a29b02feaf6ecf10ef
8365ad50a44341d8858863fec236793a9b4074461b61cae8aaa25343b47d7ce3
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
8d8ae2ab15e0f0e6ff4a44916643400e40552edb95207df9fd026a4aa549cf28
8f4b70778aa21c1c093c6acbad70c70b2e69d4d22e47d9405ee137db16ca050b
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
af754d85ab6ff3cf3846a303045964ff02f14b7342d6851699af6443abb32f4a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b27a9ea837d00e183738cf490640331e665fa051b94ed12b30a568abf4ac0517
bc32b244ac4e9a0a33691bb9109b82a1778c8bda69e3a580e460107243108e0d
bd7680f0d4768bf17b38b5834d7671e6e456d9655b4ae3cb39186d1fcd93f5c2
bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a
c900cdfd1286918aef120e91f4e664aba4b1eabeb6a4c5f68a06acd446783ad8
ca0dda6309ab37e30114ef9b9368c57e9a530f3831fcc235743041e5c4119947
d1472778577caace5c7a3134a6f2cef7f73c5d76227e92269e3e87c1006e43cc
d88ce218f8e38ee2a915eaee465c31478577ad4350b61aee77d86ae5ed754815
da0d24aee71e49f30d6f5368c0821fef9dcda1f83a9c3eaf5bdcd2643cfdf99e
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dfc68a85504ec8216fcb61a85d9c168a81b965a24b38d3c8714ada71a8842dfb
e18225f8b8c8a22af705b17ee37ce75a4251ae8f144a183f984d96401876b993
e245d239a8f9a9bfc1f8a0ea889d8fcf9f591c04c5ac73aefefb70724911ff38
e24ee213782f6ed0de472f2a8b9374799b9a79643d466133d7a10a81383aa039
e291f67dc3e643bfde7604e48a75e17298a3868ebc0c4554b9e8c17355fd6115
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
e9124d28bdab8091945d1e180f104e75fa4aac60ef629bd1abcf3715babee8c6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4d78a6ce0918a34aa9c2cdcde3fe4604231c53a7f1aae1be9627c3c6c0ad586
f55cc93d826e66d7def2a0144ee454980c69ac16728e65da781401ed9a30fa3e
f7e06ae449bdd4ebece6e26cdb36840f7cb19f28b57bbb6b8647a54535557d3f
fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

hr.chicadventureit.com Open in urlscan Pro 2606:4700:3033::ac43:b333 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

119 Requests

88 %HTTPS

38 %IPv6

31 Domains

43 Subdomains

33 IPs

4 Countries

984 kBTransfer

2656 kBSize

28 Cookies

28 Outgoing links

Redirected requests

119 HTTP transactions Everything HTML Script AJAX CSS Image Expand all -1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

hr.chicadventureit.com Open in urlscan Pro
2606:4700:3033::ac43:b333 Public Scan

Screenshot
Live screenshot

Full Image

119
Requests

88 %
HTTPS

38 %
IPv6

31
Domains

43
Subdomains

33
IPs

4
Countries

984 kB
Transfer

2656 kB
Size

28
Cookies

119 HTTP transactions
-1 data transactions