gruposdewhatsapp.bar Open in urlscan Pro
173.236.179.96 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://gruposdewhatsapp.bar/
Submission: On October 31 via automatic, source rescanner (October 31st 2021, 1:38:38 am UTC) — Scanned from DE

Summary HTTP 667 Redirects Links 26 Behaviour Indicators

Summary

This website contacted 60 IPs in 11 countries across 57 domains to perform 667 HTTP transactions. The main IP is 173.236.179.96, located in Brea, United States and belongs to DREAMHOST-AS, US. The main domain is gruposdewhatsapp.bar.
TLS certificate: Issued by R3 on October 30th 2021. Valid for: 3 months.

This is the only time gruposdewhatsapp.bar was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3	173.236.179.96 173.236.179.96	26347 (DREAMHOST-AS) (DREAMHOST-AS)
112	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	52.222.214.85 52.222.214.85	16509 (AMAZON-02) (AMAZON-02)
2	23.111.9.67 23.111.9.67	33438 (HIGHWINDS2) (HIGHWINDS2)
39	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
14	2620:1ec:46::45 2620:1ec:46::45	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2620:1ec:bdf::45 2620:1ec:bdf::45	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2606:4700:10:... 2606:4700:10::6816:4c5b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
3	35.201.123.184 35.201.123.184	15169 (GOOGLE) (GOOGLE)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3b	20446 (HIGHWINDS3) (HIGHWINDS3)
22	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	148.69.64.76 148.69.64.76	12353 (VODAFONE-...) (VODAFONE-PT Vodafone Portugal)
2	23.111.9.64 23.111.9.64	33438 (HIGHWINDS2) (HIGHWINDS2)
13	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
92	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2 16	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
75	2a00:1450:400... 2a00:1450:4001:80e::2006	15169 (GOOGLE) (GOOGLE)
1 6	54.154.149.33 54.154.149.33	16509 (AMAZON-02) (AMAZON-02)
21 103	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
4 10	23.218.208.246 23.218.208.246	16625 (AKAMAI-AS) (AKAMAI-AS)
7 10	185.33.221.90 185.33.221.90	29990 (ASN-APPNEX) (ASN-APPNEX)
16	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
7 10	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
6	104.92.106.130 104.92.106.130	16625 (AKAMAI-AS) (AKAMAI-AS)
4 6	185.94.180.125 185.94.180.125	35220 (SPOTX-AMS) (SPOTX-AMS)
2	2a00:1288:80:... 2a00:1288:80:800::7000	203220 (YAHOO-DEB) (YAHOO-DEB)
1 2	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
7	63.32.255.93 63.32.255.93	16509 (AMAZON-02) (AMAZON-02)
1	178.63.52.121 178.63.52.121	24940 (HETZNER-AS) (HETZNER-AS)
3	151.101.194.133 151.101.194.133	54113 (FASTLY) (FASTLY)
1	54.229.249.145 54.229.249.145	16509 (AMAZON-02) (AMAZON-02)
2	213.202.235.10 213.202.235.10	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 4	78.46.90.238 78.46.90.238	24940 (HETZNER-AS) (HETZNER-AS)
1	2a02:26f0:f7:... 2a02:26f0:f7::5c7b:e033	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3 3	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
3	2620:112:f000... 2620:112:f000:bbbb::11	6336 (TURN-US-ASN) (TURN-US-ASN)
8 9	2620:116:800d... 2620:116:800d:21:f916:5049:f87f:108e	16509 (AMAZON-02) (AMAZON-02)
1 1	185.29.134.244 185.29.134.244	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2 2	72.251.244.142 72.251.244.142	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
11 11	198.47.127.19 198.47.127.19	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
12	54.224.22.215 54.224.22.215	14618 (AMAZON-AES) (AMAZON-AES)
3 3	52.18.11.109 52.18.11.109	16509 (AMAZON-02) (AMAZON-02)
5 5	184.30.16.79 184.30.16.79	16625 (AKAMAI-AS) (AKAMAI-AS)
6 6	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
9 9	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	3.124.136.236 3.124.136.236	16509 (AMAZON-02) (AMAZON-02)
2 2	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
2 4	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1 4	142.250.186.166 142.250.186.166	15169 (GOOGLE) (GOOGLE)
2	52.211.234.106 52.211.234.106	16509 (AMAZON-02) (AMAZON-02)
3	66.155.71.149 66.155.71.149	13768 (COGECO-PEER1) (COGECO-PEER1)
2 2	213.19.147.45 213.19.147.45	3356 (LEVEL3) (LEVEL3)
4 4	18.184.201.8 18.184.201.8	16509 (AMAZON-02) (AMAZON-02)
4 5	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
2 2	217.182.200.20 217.182.200.20	16276 (OVH) (OVH)
3	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:1f14:d24... 2600:1f14:d24:9300:e494:24e3:c795:8468	16509 (AMAZON-02) (AMAZON-02)
1	54.36.108.3 54.36.108.3	16276 (OVH) (OVH)
1	2a00:1450:400... 2a00:1450:4001:6d::9	15169 (GOOGLE) (GOOGLE)
1 2	2606:4700::68... 2606:4700::6812:d05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
2 2	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
2 2	37.157.6.253 37.157.6.253	198622 (ADFORM) (ADFORM)
3 3	2600:9000:223... 2600:9000:223f:de00:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
1 1	185.86.138.132 185.86.138.132	201081 (SMARTADSE...) (SMARTADSERVER)
1	82.113.101.132 82.113.101.132	6805 (TDDE-ASN1) (TDDE-ASN1)
4	34.102.185.99 34.102.185.99	15169 (GOOGLE) (GOOGLE)
1	18.223.141.84 18.223.141.84	16509 (AMAZON-02) (AMAZON-02)
1	34.96.105.8 34.96.105.8	15169 (GOOGLE) (GOOGLE)
1 1	2a05:d018:d29... 2a05:d018:d29:3601:f879:a4cf:9cbb:9098	16509 (AMAZON-02) (AMAZON-02)
667	60

3 173.236.179.96 (Brea, United States)

ASN26347 (DREAMHOST-AS, US)
PTR: apache2-pat.clam.dreamhost.com

gruposdewhatsapp.bar	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

112 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.214.85 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-85.fra56.r.cloudfront.net

arc.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.111.9.67 (Phoenix, United States)

ASN33438 (HIGHWINDS2, US)

tag.ageureka.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

39 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2620:1ec:46::45 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

static.arc.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:bdf::45 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

core.arc.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:4c5b (United States)

ASN13335 (CLOUDFLARENET, US)

scripts.cleverwebserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ui.cleverwebserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.201.123.184 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 184.123.201.35.bc.googleusercontent.com

tags.t.tailtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
d.tailtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3b (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f98.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 148.69.64.76 (Porto, Portugal)

ASN12353 (VODAFONE-PT Vodafone Portugal, PT)
PTR: are.clevernt.com

sender.clevernt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.111.9.64 (Phoenix, United States)

ASN33438 (HIGHWINDS2, US)

frame.ageureka.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

06f335b3e8106d77cc8287d47841ca5e.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

92 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

75 2a00:1450:4001:80e::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 54.154.149.33 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-149-33.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

103 142.250.186.66 (United States) 21 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 23.218.208.246 (United States) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-208-246.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 185.33.221.90 (Netherlands) 7 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 34.98.64.218 (United States) 7 redirects

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.92.106.130 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-106-130.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.94.180.125 (Netherlands) 4 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:80:800::7000 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

encrypted-tbn1.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 63.32.255.93 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-255-93.eu-west-1.compute.amazonaws.com

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.63.52.121 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.121.52.63.178.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.194.133 (United States)

ASN54113 (FASTLY, US)

cdn.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
consumer.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.229.249.145 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-229-249-145.eu-west-1.compute.amazonaws.com

secure-gg.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.202.235.10 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 78.46.90.238 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.238.90.46.78.clients.your-server.de

hal900019.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:f7::5c7b:e033 (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

code.createjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:678:cb4:bbbb::11 (None, ) 3 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:112:f000:bbbb::11 (United States)

ASN6336 (TURN-US-ASN, US)

r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2620:116:800d:21:f916:5049:f87f:108e (United States) 8 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.134.244 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.251.244.142 (Amsterdam, Netherlands) 2 redirects

ASN29791 (VOXEL-DOT-NET, US)

tracking.m6r.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 198.47.127.19 (United States) 11 redirects

ASN3257 (GTT-BACKBONE GTT, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 54.224.22.215 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-224-22-215.compute-1.amazonaws.com

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.18.11.109 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-11-109.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 184.30.16.79 (United States) 5 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-16-79.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.227.252.103 (Mountain View, United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 69.173.144.138 (Frankfurt am Main, Germany) 9 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.124.136.236 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-136-236.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.67.61 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.244.174.68 (Mountain View, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.166 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f6.1e100.net

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.211.234.106 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-211-234-106.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 66.155.71.149 (Southampton, United Kingdom)

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.19.147.45 (United Kingdom) 2 redirects

ASN3356 (LEVEL3, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.184.201.8 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-201-8.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 3.126.56.137 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 217.182.200.20 (Poland) 2 redirects

ASN16276 (OVH, FR)
PTR: gcm6.host.hit.gemius.pl

googlecm.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f14:d24:9300:e494:24e3:c795:8468 (Boardman, United States)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.36.108.3 (Germany)

ASN16276 (OVH, FR)
PTR: ns3112796.ip-54-36-108.eu

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:6d::9 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

r4---sn-4g5edns6.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:d05 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.71.131.137 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.0.66 (Mountain View, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.6.253 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)
PTR: s1.adform.net

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:223f:de00:1b:5138:8a40:93a1 (United States) 3 redirects

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.138.132 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 82.113.101.132 (Ingelheim am Rhein, Germany)

ASN6805 (TDDE-ASN1, DE)
PTR: portal.o2online.de

portal.o2online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.102.185.99 (United States)

ASN15169 (GOOGLE, US)
PTR: 99.185.102.34.bc.googleusercontent.com

b.t.tailtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tt-11382-4.seg.t.tailtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
t.tailtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.223.141.84 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-223-141-84.us-east-2.compute.amazonaws.com

warden.arc.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (United States)

ASN15169 (GOOGLE, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3601:f879:a4cf:9cbb:9098 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
218	googlesyndication.com pagead2.googlesyndication.com 06f335b3e8106d77cc8287d47841ca5e.safeframe.googlesyndication.com a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com 2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com tpc.googlesyndication.com ade.googlesyndication.com 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com	1 MB
182	doubleclick.net 22 redirects googleads.g.doubleclick.net securepubads.g.doubleclick.net cm.g.doubleclick.net googleads4.g.doubleclick.net 5994599.fls.doubleclick.net ad.doubleclick.net	2 MB
77	2mdn.net 1 redirects s0.2mdn.net gcdn.2mdn.net r4---sn-4g5edns6.c.2mdn.net	3 MB
26	gstatic.com www.gstatic.com fonts.gstatic.com encrypted-tbn1.gstatic.com	355 KB
26	google.com 2 redirects adservice.google.com www.google.com	8 KB
25	adsafeprotected.com 1 redirects pixel.adsafeprotected.com static.adsafeprotected.com fw.adsafeprotected.com dt.adsafeprotected.com	286 KB
17	arc.io arc.io static.arc.io core.arc.io tracker.arc.io Failed warden.arc.io	233 KB
16	openx.net 13 redirects us-u.openx.net rtb.openx.net	4 KB
16	googletagservices.com www.googletagservices.com	586 KB
11	pubmatic.com 11 redirects image6.pubmatic.com	4 KB
10	adnxs.com 7 redirects ib.adnxs.com	9 KB
10	casalemedia.com 4 redirects dsum-sec.casalemedia.com	9 KB
9	rubiconproject.com 9 redirects pixel.rubiconproject.com	4 KB
9	quantserve.com 8 redirects cms.quantserve.com	3 KB
9	googleapis.com fonts.googleapis.com	7 KB
9	google.de adservice.google.de	2 KB
8	yahoo.com 5 redirects ads.yahoo.com ups.analytics.yahoo.com pr-bh.ybp.yahoo.com	7 KB
7	tailtarget.com tags.t.tailtarget.com d.tailtarget.com b.t.tailtarget.com tt-11382-4.seg.t.tailtarget.com t.tailtarget.com	31 KB
6	turn.com 3 redirects ad.turn.com r.turn.com	3 KB
6	spotxchange.com 4 redirects sync.search.spotxchange.com	4 KB
6	teads.tv sync.teads.tv	1 KB
5	addthis.com 5 redirects e.dlx.addthis.com	4 KB
5	krxd.net cdn.krxd.net beacon.krxd.net consumer.krxd.net	88 KB
5	redintelligence.net 1 redirects hal9000.redintelligence.net hal900019.redintelligence.net	10 KB
4	advertising.com 4 redirects pixel.advertising.com	2 KB
4	rlcdn.com 2 redirects id.rlcdn.com	1 KB
4	ageureka.com tag.ageureka.com frame.ageureka.com	11 KB
3	smaato.net 3 redirects s.ad.smaato.net	1 KB
3	cloudflare.com cdnjs.cloudflare.com	36 KB
3	sitescout.com pixel-sync.sitescout.com	573 B
3	everesttech.net 3 redirects pixel.everesttech.net	1 KB
3	gruposdewhatsapp.bar gruposdewhatsapp.bar	11 KB
2	adform.net 2 redirects c1.adform.net	1 KB
2	travelaudience.com 2 redirects ads.travelaudience.com	900 B
2	adsrvr.org match.adsrvr.org	529 B
2	tribalfusion.com 1 redirects a.tribalfusion.com s.tribalfusion.com	1 KB
2	gemius.pl 2 redirects googlecm.hit.gemius.pl	498 B
2	mookie1.com 2 redirects odr.mookie1.com	1 KB
2	agkn.com 2 redirects d.agkn.com	1 KB
2	m6r.eu 2 redirects tracking.m6r.eu	1 KB
2	exactag.com m.exactag.com	2 KB
2	google-analytics.com www.google-analytics.com	20 KB
2	cleverwebserver.com scripts.cleverwebserver.com ui.cleverwebserver.com	51 KB
1	blismedia.com tr.blismedia.com	141 B
1	o2online.de portal.o2online.de	609 B
1	smartadserver.com 1 redirects ssbsync.smartadserver.com	457 B
1	contentspread.net cdn.contentspread.net	74 KB
1	innovid.com ag.innovid.com	296 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	584 B
1	1rx.io 1 redirects sync.1rx.io	699 B
1	mathtag.com 1 redirects sync.mathtag.com	830 B
1	createjs.com code.createjs.com	63 KB
1	imrworldwide.com secure-gg.imrworldwide.com	297 B
1	clevernt.com sender.clevernt.com	354 B
1	googleadservices.com partner.googleadservices.com	644 B
1	jquery.com code.jquery.com	24 KB
0	netmng.com Failed google2waycm.netmng.com Failed
667	57

	Domain	Requested by
112	pagead2.googlesyndication.com	gruposdewhatsapp.bar pagead2.googlesyndication.com securepubads.g.doubleclick.net aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com 2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com www.googletagservices.com s0.2mdn.net 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
102	cm.g.doubleclick.net	21 redirects googleads.g.doubleclick.net aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com gruposdewhatsapp.bar e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com 2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
92	tpc.googlesyndication.com	googleads.g.doubleclick.net securepubads.g.doubleclick.net tpc.googlesyndication.com gruposdewhatsapp.bar aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com 2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com s0.2mdn.net pagead2.googlesyndication.com 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
75	s0.2mdn.net	gruposdewhatsapp.bar s0.2mdn.net aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
39	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net gruposdewhatsapp.bar aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com 2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
21	securepubads.g.doubleclick.net	tag.ageureka.com securepubads.g.doubleclick.net
16	googleads4.g.doubleclick.net	gruposdewhatsapp.bar
16	www.google.com	2 redirects tpc.googlesyndication.com aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com googleads.g.doubleclick.net
16	www.googletagservices.com	googleads.g.doubleclick.net gruposdewhatsapp.bar aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com 2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
14	fonts.gstatic.com	fonts.googleapis.com
14	static.arc.io	arc.io core.arc.io static.arc.io
12	dt.adsafeprotected.com	googleads.g.doubleclick.net 2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com gruposdewhatsapp.bar
11	image6.pubmatic.com	11 redirects
11	www.gstatic.com	googleads.g.doubleclick.net
10	us-u.openx.net	7 redirects googleads.g.doubleclick.net
10	ib.adnxs.com	7 redirects googleads.g.doubleclick.net
10	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
10	adservice.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net 5994599.fls.doubleclick.net
9	pixel.rubiconproject.com	9 redirects
9	cms.quantserve.com	8 redirects aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com
9	fonts.googleapis.com	googleads.g.doubleclick.net s0.2mdn.net
9	adservice.google.de	pagead2.googlesyndication.com securepubads.g.doubleclick.net
7	static.adsafeprotected.com	pixel.adsafeprotected.com googleads.g.doubleclick.net fw.adsafeprotected.com 2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com
6	rtb.openx.net	6 redirects
6	sync.search.spotxchange.com	4 redirects googleads.g.doubleclick.net
6	sync.teads.tv	googleads.g.doubleclick.net
5	ups.analytics.yahoo.com	4 redirects googleads.g.doubleclick.net
5	e.dlx.addthis.com	5 redirects
4	pixel.advertising.com	4 redirects
4	id.rlcdn.com	2 redirects googleads.g.doubleclick.net
4	hal900019.redintelligence.net	1 redirects a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com hal900019.redintelligence.net
4	pixel.adsafeprotected.com	googleads.g.doubleclick.net
3	s.ad.smaato.net	3 redirects
3	cdnjs.cloudflare.com	s0.2mdn.net static.arc.io
3	pixel-sync.sitescout.com	e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
3	pixel.everesttech.net	3 redirects
3	r.turn.com	aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
3	ad.turn.com	3 redirects
3	gruposdewhatsapp.bar	gruposdewhatsapp.bar
2	4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	b.t.tailtarget.com	d.tailtarget.com
2	ad.doubleclick.net
2	d.tailtarget.com	gruposdewhatsapp.bar d.tailtarget.com
2	c1.adform.net	2 redirects
2	ads.travelaudience.com	2 redirects
2	match.adsrvr.org	2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
2	googlecm.hit.gemius.pl	2 redirects
2	beacon.krxd.net	aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com cdn.krxd.net
2	5994599.fls.doubleclick.net	1 redirects gruposdewhatsapp.bar
2	odr.mookie1.com	2 redirects
2	d.agkn.com	2 redirects
2	tracking.m6r.eu	2 redirects
2	fw.adsafeprotected.com	1 redirects gruposdewhatsapp.bar
2	m.exactag.com	googleads.g.doubleclick.net gruposdewhatsapp.bar
2	cdn.krxd.net	s0.2mdn.net cdn.krxd.net
2	ads.yahoo.com	googleads.g.doubleclick.net
2	97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	frame.ageureka.com	tag.ageureka.com
2	www.google-analytics.com	tag.ageureka.com static.arc.io
2	tag.ageureka.com	gruposdewhatsapp.bar tag.ageureka.com
1	pr-bh.ybp.yahoo.com	1 redirects
1	tr.blismedia.com	4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
1	t.tailtarget.com
1	warden.arc.io	static.arc.io
1	tt-11382-4.seg.t.tailtarget.com	d.tailtarget.com
1	ade.googlesyndication.com
1	portal.o2online.de
1	ssbsync.smartadserver.com	1 redirects
1	s.tribalfusion.com	2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com
1	a.tribalfusion.com	1 redirects
1	r4---sn-4g5edns6.c.2mdn.net	gruposdewhatsapp.bar
1	gcdn.2mdn.net	1 redirects
1	cdn.contentspread.net	hal900019.redintelligence.net
1	ag.innovid.com	googleads.g.doubleclick.net
1	consumer.krxd.net	cdn.krxd.net
1	sync.targeting.unrulymedia.com	1 redirects
1	sync.1rx.io	1 redirects
1	sync.mathtag.com	1 redirects
1	code.createjs.com	s0.2mdn.net
1	secure-gg.imrworldwide.com	e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com
1	hal9000.redintelligence.net	a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com
1	encrypted-tbn1.gstatic.com	googleads.g.doubleclick.net
1	06f335b3e8106d77cc8287d47841ca5e.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	sender.clevernt.com	gruposdewhatsapp.bar
1	ui.cleverwebserver.com	gruposdewhatsapp.bar
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	code.jquery.com	tag.ageureka.com
1	tags.t.tailtarget.com	tag.ageureka.com
1	scripts.cleverwebserver.com	gruposdewhatsapp.bar
1	core.arc.io	arc.io
1	arc.io	gruposdewhatsapp.bar
0	tracker.arc.io Failed	static.arc.io
0	google2waycm.netmng.com Failed	aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com
667	97

This site contains links to these domains. Also see Links.

Domain
g1.globo.com
solion.app
www.horariosdeonibus.org

Subject Issuer	Validity	Valid
www.gruposdewhatsapp.bar R3	`2021-10-30` - `2022-01-28`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
arc.io Amazon	`2021-04-22` - `2022-05-21`	a year	crt.sh
*.ageureka.com Sectigo RSA Domain Validation Secure Server CA	`2021-06-07` - `2022-06-08`	a year	crt.sh
static.arc.io DigiCert TLS RSA SHA256 2020 CA1	`2021-09-14` - `2022-09-14`	a year	crt.sh
core.arc.io DigiCert TLS RSA SHA256 2020 CA1	`2021-09-14` - `2022-09-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-24` - `2022-06-23`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.tailtarget.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-26` - `2022-06-25`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.clevernt.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-23` - `2022-02-23`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2021-08-11` - `2022-09-09`	a year	crt.sh
teads.tv R3	`2021-08-23` - `2021-11-21`	3 months	crt.sh
ui.aps.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-10-25` - `2021-12-15`	2 months	crt.sh
static.adsafeprotected.com Amazon	`2021-01-06` - `2022-02-04`	a year	crt.sh
redintelligence.net R3	`2021-10-21` - `2022-01-19`	3 months	crt.sh
cdn.krxd.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2021-02-08` - `2022-02-07`	a year	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-28` - `2022-02-01`	a year	crt.sh
*.exactag.com Sectigo RSA Organization Validation Secure Server CA	`2020-01-22` - `2022-04-21`	2 years	crt.sh
tls.adobe.com DigiCert SHA2 Secure Server CA	`2020-06-01` - `2022-06-06`	2 years	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
dt.adsafeprotected.com Amazon	`2021-04-22` - `2022-05-21`	a year	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-01-13` - `2022-01-07`	a year	crt.sh
*.sitescout.com RapidSSL RSA CA 2018	`2020-01-15` - `2022-02-02`	2 years	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
consumer.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-07-13` - `2022-07-12`	a year	crt.sh
*.innovid.com RapidSSL RSA CA 2018	`2020-02-07` - `2022-04-07`	2 years	crt.sh
contentspread.net R3	`2021-10-04` - `2022-01-02`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.o2online.de DigiCert TLS RSA SHA256 2020 CA1	`2021-01-19` - `2022-02-19`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2021-10-25` - `2022-01-23`	3 months	crt.sh

This page contains 113 frames:

Primary Page: https://gruposdewhatsapp.bar/
Frame ID: 531D66D73E5731D0534E27F60CDA55D8
Requests: 39 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211026/r20190131/zrt_lookup.html
Frame ID: 82D1F61F5C35A6241AD5F4B6DF59CD28
Requests: 1 HTTP requests in this frame

Frame: https://core.arc.io/broker.html?2326f2d
Frame ID: 874ADACBEF991D53169B9A3FE287D5E5
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&adk=1812271804&adf=3025194257&lmt=1635644308&plat=3%3A32%2C4%3A32%2C9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644308384&bpp=3&bdt=167&idt=73&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=605116957689&frm=20&pv=2&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=87
Frame ID: 435C1C7F4A758C7362D95E4ECD57BDC9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&slotname=9618899174&adk=3482220690&adf=2896993837&pi=t.ma~as.9618899174&w=1200&fwrn=4&fwrnh=100&lmt=1635644308&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644308387&bpp=3&bdt=170&idt=92&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=25&ady=223&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=dWwncumfB1&p=https%3A//gruposdewhatsapp.bar&dtd=99
Frame ID: 94F87774A470A386CBA5365962183068
Requests: 15 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 05A0098DFE9DC441B53AC1818E04392A
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 3483A9008A0863E2A53710162E3C522B
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 420218B372EBC7D571ADF11018879657
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 6D50247DE605B0616B2DC1D0D3E2D96D
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: B18EBAE1D7A534FAEB39DAD0E004B1AA
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 899B3094124EC04A4934C81D2C4A4A96
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: CEBB18D079AB96176DE84B71FABEC553
Requests: 8 HTTP requests in this frame

Frame: https://06f335b3e8106d77cc8287d47841ca5e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 6B85DF4119AFD600F9130D96591B0A4F
Requests: 1 HTTP requests in this frame

Frame: https://a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: F0B2BCD48A163D779AFA1D0CD72871A8
Requests: 1 HTTP requests in this frame

Frame: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 09D198D384DFAE770AD3BC9FAB21C27D
Requests: 1 HTTP requests in this frame

Frame: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 19200CE1D1B4AA8FB0693176F7FE2BFD
Requests: 1 HTTP requests in this frame

Frame: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 4CCFED65277D96B8EB42021F515CE8B7
Requests: 1 HTTP requests in this frame

Frame: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: E110D3FEE64AAEEF2CCF15B57D0F08E3
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=1749763963&adf=1023529928&pi=t.aa~a.851271261~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280&nras=2&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=1993&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=wnUtz5zACY&p=https%3A//gruposdewhatsapp.bar&dtd=14
Frame ID: 76F5AB8F1F4E83BF892F24075564C08A
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=1749763963&adf=1227958693&pi=t.aa~a.851271261~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=3&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2309&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=22ZO10pvNk&p=https%3A//gruposdewhatsapp.bar&dtd=17
Frame ID: 2A02BF1CACDD26117A84F60079B6812A
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=909805614&adf=22827039&pi=t.aa~a.851264418~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=4&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2858&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=wt21vC1GN7&p=https%3A//gruposdewhatsapp.bar&dtd=19
Frame ID: 4F2CFA99E464FF89882D8FE4B7CA7D94
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=909805614&adf=1512048447&pi=t.aa~a.851264418~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=5&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=3174&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=wV4BikZI72&p=https%3A//gruposdewhatsapp.bar&dtd=22
Frame ID: 2BE67700614EBE49E4F077EA66B05759
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=1577641129&adf=2908228819&pi=t.aa~a.851277323~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=6&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=3723&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=TpAeDOe1y7&p=https%3A//gruposdewhatsapp.bar&dtd=24
Frame ID: A362204AAA3881E389641EB418810C08
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=90&adk=2080251364&adf=4033036980&pi=t.aa~a.851277323~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x90&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=7&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=4039&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=6&fsb=1&xpc=ixelTRTOKD&p=https%3A//gruposdewhatsapp.bar&dtd=27
Frame ID: AC0EB94C90C5B78B22FAE415B19D3CD4
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=90&adk=1365112950&adf=133147881&pi=t.aa~a.851278768~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x90&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=1&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x90&nras=8&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=4414&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=9&uci=a!9&btvi=7&fsb=1&xpc=nkL63vxrOo&p=https%3A//gruposdewhatsapp.bar&dtd=30
Frame ID: 25B53372338E1F1258A12FA4870EDA26
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: CA00CA785E0432055C53B30B41A29048
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 1118FE72496EB56D4FF7EA1A9E1CD09B
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: BF6206D44383338BC968E5096E78AFC8
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211026/r20110914/zrt_lookup.html?fsb=1
Frame ID: 794BCAE6E475B389DF4CD6D0CDF1EDB5
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211026/r20110914/zrt_lookup.html?fsb=1
Frame ID: 685C40BDB82DD9EDD9C6AEFCFA7CB9AF
Requests: 1 HTTP requests in this frame

Frame: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 891A8C8D755F1DAB9DD1D97AF2115310
Requests: 20 HTTP requests in this frame

Frame: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: AE26D93A5F610887EEF6FFEB09AFFEC8
Requests: 19 HTTP requests in this frame

Frame: https://a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 6FEB323E2C81347C70209714C9B4539A
Requests: 12 HTTP requests in this frame

Frame: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 4F2F23991DD23052AB9ACFD854976F1D
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL3EGxCGqhwY1Lq4ZjAB&v=APEucNVZSEIEDCMLR0x76pEq2AS_fVM7He_HVDqqm1gmR0SrbfLN7wGWPxwIWr2MKi3hqd6bzQLYi1UHIJ4v22IrBNEsHKDgNEsDya1LxTEV3syjI0XUbrp4i7gSq8TF0Eoip0OiHnllwsX7fYRvD_56ANMkwzXFpVvax_ydBOGXmjzTfb-7Cc4
Frame ID: 053E5355B60EA231CE0690DAA73F28CC
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Frame ID: F9352D0E1249EFD32651B619DF628B21
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY7YDTtQEwAQ&v=APEucNXTTUgdk4W9oKvkVhs75VgOwBOJwfkMGkY9A2Vi29qt4Eyf18LZw2GdbmITonMhCYzWjJvTaeWJ7dHvdPri74udYKzhbbEuDC2KKSShPikL4hRLQA4jClINxTkv33Lb4YDf9PThIPhzOpV3C5QT8LuXavN0Y1P2e2XarK5lHgkafS4H620
Frame ID: 08F63311735ABD4B88A2E00EB57E3C80
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYhs3FlQEwAQ&v=APEucNUxjOFDVDvfhbSVnW4peWp13TtX1OiFhQrHiAGt0ZGeI88ZZZBVQYSahUKx7CVMkk-dSHrtV5DWYaIErPCLHl2DL-WD5fjhRKa2OsXmXsClQywbKslsr5tXUurgtlIADXmxOeiQaEgRjclUO4w1oFxyVc0vhtaK_5wdwy7Cm1fc2TPQoOs
Frame ID: CA69C32F95817FAB38E5B86E21276436
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI2fnwEQxLOfARichL23ATAB&v=APEucNW5V6g85ThJGsfeTIKdflAUsy96UeG-CIsS0CL6yFIsRTLp2Z90I21N3SvO5MVxwuaz4xABlMK2tkDbzeRmnVR6DdaDFKzsVVXT2d9G5T70Aam5K5W13dpXXR4EV_bEMng_gEgJXWlkM5UBcI4rKmRV5uQ3ZaNqz5AfNxlZE7V4yJP8WqQ
Frame ID: 6C1DE8B8E4D3CB935677C3D26EC88BFD
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 06BBD287200984BA7B0DDBF5FA5CD00C
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9EBEDC5C864850AB01BE63F92428DD7C
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js
Frame ID: 27DD237E0F26E5C957F5C149453735DE
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 51223156938BCE2CD59F53405B5A6803
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 3B1C83564ADB6A06C24D187ACB5BE467
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKCQWhCBwFsY6KXNmgEwAQ&v=APEucNUy0SyErKG2gepoGV75C4jY5s9xqhoq3LENla5dZD3gs0xmlMl_kHu3o7DTzKTThMZWt0sg92M1l3xNn4ax52sOXGCdT45_isg6q39b4s7CXkVfAq0hNR7MLnU75rYt4RqIs524F3-vEBy8jaW6QvshW5CfkzdgzyNb5iT8BoFc5ljKltY
Frame ID: 1C63C06ED6C15291D67BB2799067A503
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CBTy8oPQjA4ePcQVunASW9SyBnGqdJmCCc3nJPffyykoH3puPFJOtblfa50XaxxvRfnWDrk97LGDWkQhJ4QqwkazmPHTnEaqE_Lygs8dsL0FEjXk0VCOXLp-dsuaQs9gNqFER943yL6lu7KR6cVI_dBw_dBw&dbm_d=AKAmf-Aus6z2jyxx0OrX3fY1eqUapiVDByK9U0zzY3korV0gvNF6MRkKiKPolxMSnLX29ykrLoBrJwQiKJOvlxrGdXO4QeNPWsRWH2EuT7htFHPUeM8qzf-wq2-OcBXtvOsE0W-6TA0__9LTYMif7oIU0Ksr82it8aFye_Y5GfppOlEZBM2kYexK9mBPZZfdzX1Zh18EokUqvvEGNHxUny4iQgQyadntfyZWXHkOgGyRyjlv2SNL9j7TeONq49bYzS5orFl6FNNkjtnuL_Y9OszPzfbyH6ElB-QG4w0uq3lAsj0VwduajN5wBEhXXg3Fjq6f1NHaGRQGuHUzXp9zoEiYFIVbr2aP094MFO7WpjdQv-nvr6b-rkVKndoFiEiYxdTuQJU7Q3dhQV9WXuePqVOkczYajEclLO8cf6AHsvi_pOKplin7dDbE7jAn86RSY0DKTSpF8Vzj5gvW8CF-gwUZ3GdL65e7O0i5coKgsWcjdP3PmzOLt7GwXVMt7u3BYsRNE_Pkgaazqie1hc-zGKpjn2cwHL_USNwkmRD1dPdQngeb62oiCZBv0GDm_HUHCtxJ0euZR-iyvLz1C6yHkla-w2IGVLd5Cyvtjst5njmdS1w8wC_6qBG1Ue4q2GT4bpI0rZ97HsmJJ5I0HlcrUuYsgfiFmXcc5drul5nFU_9jJMKgR05ZzeLKx9JIi3lZ8PWZGRfJAhpoTNitp0s42Ys11hG_gclg_jMaCEoZNeI5Qf9HzVIGMej_5uQgm6XFWFv61YJn2u_b2DvkD4D96Yi0WNo2PVOsvOrP8jJ-J9zd33EFTzT83tV8OLUizqEmtAuaCUacPPg_2aFP2QJ7if1KPbOtCt2IyhMDRpFrVas5OYywlmkoQ0c4dfPxUcoAnycqDzVYiVIjrw2O4PznSfxT5Gnk-T3UvZ-t1gv0sNZiKoJIYxcys_8Oy4OzPZs2nCQIQtmSVUicAzVd6YFh_JbF3Zy5I_kmRJj3dO00CNjjoxCT8ulyEb2jQJqfQeYrNrTglaPCnpgzASi_3SSw6I0SDEZm3TKjmtDCYgZCecDr0C547Ll3DcejMP0oLBtTJruafCNTZQq0QobmEo8EgQVCdXIdvBoMWnBxwZwcEPPuv9Uxm5g0qOUSb6pN01iWRy_B83AKQ5J4qHXj9C49F-e_9dqNoS96ARykxsYKrYOj44EOcZ7DIFNEk_ZaU9BFRuYMDwgjlIT6HuCe6c62qMz-wwEeXd8yjCLGvb-GARtN_H9L4ktLf9zah_Q6Zqea0jZNjroXWAp34kuuIBqtuRoXstTLLlK1g9BuhloLt5XkxLQ0tZ411pQEnIav2YFspSy80ZnOWnAjnGttaIBMHj50TVNw6YTSQnp9Hb-58fEpLkNp6ZLnt6C6gyZ_3XUDWdi4-epdcFpH0nrD2qO81QNr5MTD4AY5AyZWuqSNx0c4N-OEYprsLCSTVOkVhmVX4krEBm5j2lA2h-pOUQbkY9MEp22vvVL4dykBPRttBb5KCsnKm2wQQN4ONzec3xhVSwSYCKls4qibDbMdZRljU8avQpyW1_ISkeTcn-MXPicj5YfuNGNoK_Vbe02bgTFWq8wehFYstdwhTqpttFDPUWODGkJIYRNzuOL_7t9kK_DnyyWmHFCrEWCA7qh2QpFRIeDhctTJTGawvNLVYi6GopLGcuc4U5fh4bhDMwBtLJl3a-gSB3jzRxFndb81e6AA7z6a7GqTOgQA3Lbl_TZ1EyrW61CH4QFYaS_EkAw-vDxzYxp876FuTj1t4y7wJm3REELX32kbI4_eIhmzWuKFqUCnDLpQlvUQ_o9vxzDwNHqsjceWhnBZLWuQn4ZqHYLKCLIln6FeDWO-7pmQVdVmSDRoVmZH64vIwHgl8RIS_NcxiC6WUbltLbT0HbLNh-8HtrDf7mbjjN63x7SEBz4Dx9hlop32Jb2p2VsbtNrQyJAT9uL-QQIMP0OMJW_x32daZiYvQ0WCPlezzJTWivmPlVPf5yomjH74MRA0yjFKfWuGCJ-wr6UAIFFHdof7kg_gpEpLr2w_DPqCcqTfrWL9p9OkAkMUhObJICDjbCAXShTF1WWUVzi8KGF_d4lE7-vs1RRM5LlCs2bPJkuiGwBQNZzclt5H86GLets6kH1kAHF3Kur7GHYkYKUV9naArDYHByUgeqOMKWrNYJMCP6VWVUYHQUYVwqPW8hIqWHeM-G32zKL7LLx6L6HakY-knvSrTVYdt4O4X2Wwp2JJb1VShz6-PR1rDdHusoGuSIBiiXLuhCso-oKIHAU_p63AWcDdBGhxXmQSCXtravdRukycKazFOYRwwFPnPQTC8dwpbVNShoEED_o02xfEkb_ns1sH8amz_ZF-DmEKjEN_HaurwJweorDKWxVjYPZFeKn33NDYmYly4faADu1oS7_-e_cLJu25LUcK2PN7wgMHbg2euMOhEWWROCztN2_iDc1tyZumzxN9BZp1EmRaJNY3bwmjG1gBiwsthWTYXF6T5gk1oG-sZtYtj0b4m8EJBu4WkusxTr2mGsP6SpxMqk4lqw7dANhMRQxc3TnHaC0teaPmIxLNmFZRDLTr-G5ggGoRTyYXjtynC5LLsXeBk5UvVu-oyD-1M7i7BHuLEHSMkq0nYOK0GNPoPr6AUVkPBs--9IxaIswu9ajSD9DgJGgsmYrXnhzm9siAv-_reKpdK4A_-shn0ITx3fJVC9Up1b00fr7XICC-yonajuKCvhifnXfNhPBRp27vlPukHbA-K_VZZMwOLtjNTGuRzre1SF7fxE4Q3Va8n3GlGow-KJ8hff4rWmZ_Wgx94ppx6XUQUd-dji97AUzlghAVIrcwoP6ImbxFANYO3smRgeBzcrPMANyr_zfjoThl_EtBJDInSY1Mdp6EFh4MQVKwtorFok4ZueBN-7Pf_8xFh_ssmKBKxNfWhJOZoWm73-k3FnKg7tvUVmLjHSwUmtmBvsdlOh8i8oZma5cYkmc0tNiM2rcnybYlgdCXgfDbAIBYvcyUYOwj-pd9GgbW0u0f4Z7aXRoNE4MX0LGNYYWRncLPEcxNRr3Xq6ufRxgTxQL1HCrZ62mWCFjXuepltnKgwuBMPriiIYU87JQ5bjKCddZ7DR6aSu6DkkR9jrsCT7YKSGJwE2oy43lIaB8iiXpvXi01OOk7ioPZnKJpq6tYNWukeduOi0YhTi0-mbdCoyktkMPoj0OAZvj2_OmRQp2AKVpCoW9j_BiOR0Hnylr4XP_ub-jd6Ct1V82Qkmzu1gG7d8STm_abd3DjEApWsViR9lAHVfxIUp8VEML5hBeRbrwqDH6H_K3R1HgJ_3oftRSY&cid=CAASEuRopQVwQZ74Hjex5K7Z-SSs_Q&rfl=2%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%252F%240
Frame ID: 997209F39CC445057E0D67D0ACF67FB2
Requests: 21 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 5FA3FDCFB4A3BF8CF6E4F170BF2A1FC3
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 84389FDDE079BF69E861E214625BA995
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: F0BBEF6781D1AFD63A157A290F4EFE0E
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 90E141C24C02FC7252265FCA2D103DB8
Requests: 2 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: C1A74A45736954A10FC1749C45F30D24
Requests: 7 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/4173881934964850688/index.html
Frame ID: 5DA40261BC7D40CF2AB1C357743A25AA
Requests: 6 HTTP requests in this frame

Frame: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: E83DAA29BCDD7E8AF2CCA045F41ED1F0
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKCQWhCBwFsY6KXNmgEwAQ&v=APEucNXQm9-g1_8gI0hpAlMnF9zElHd2tQaz81IYTTuLMEUu0UtZW6pMNQEpWz7E79-xmEDhNhGiTbrxUsuqD1vIpwsFx517EAa7Vo8hfV52Ts4oyB4iccsGXD8eSaKgrSvUhaeMA5XsjsQ9WdAJ39ogFps-AnWFoYckb20ghgsvkBb7uRwQVRg
Frame ID: 32372ACA5BC827717721E443E21DDE30
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ANBVtmgELb4vYh2ANvPCWFbB10FOFLc1gHBO3mnVrpdRYiTwopxuHklWNVntu8XIc4L7cVHvA06MBQFVc0MDQUUPBXbZrLP0I_-Q3h2p86H05mcBATj0hWDHRhfOZ9aWtMfTruVyX3mxe2ZLk4DzQsvFCmRg&dbm_d=AKAmf-CjCNTIxgulXYOQrk8BvEYT7d_SFN0rRAhu_Bue0ZlOZ885bGBnlWRFvUvUqYLdcim19gWVh6OYivxXy4i1AqdnQVmS5gasQD4CxnV83S9b71-ftoQq9iw7LnRqmACjYwcF3jNJD5ufPiocamt5yYeZ8Reu-6bCuSadvM6D-oJE6MggoXP3qpfgVc4quFxOAUx5OvbYr7YvfrT_jJMzbOSEXySZ8uVmXfBfNqZwGSo3D--CWvLZJnXhgMNwchYSwwX5hrUt6IXRHCoTDFtzl0aEWhfHj3YlpadqRaQmJFcO4T4kmKazr2vrwvc8k12sH1KQpKm4MNI81sYhkmcpcQ0GCG55lo291gNQYwnocL2hsaq1S_GOitJsxeIunEORukqLAcr9L22p7-57rXvIhP7kzeedk7zgmNBweU3Xw7vJd75VRzdDLFHdVQqb4or3qDp4WozpDEDv9oP1D1nF4eJK5bgFSSMwGQrfTn9jOqiB0JZliwF4tJCSofw3fNc1xqWca9NInOMxDyWVtkdHpaxAabzUhcsNZiDNuvSpAb0sUCkwwIRCF-23tjsy6DgbV_LFmM25VCtrHBoIYWfYmjqowc9TgwCM80VyniJEJo8SaNBzK7oO83db0UiYum5bsmsblyqkTH8pCdFS6enu-Sczl2MG-xdXDwgM6UDEzsZ7yPwQzwiHzAKwY61F41l6IlDPWnkiRW76J4YFkGwW6CSrjQnyvroSmFAwwvE69J_DoyJKJQVyWCCQGsUf4dRQ4WKU6y5HxlScqaOSx1IBx0jttAQdNgXNmusXbdOtHY9gtExG5O2X37dtq9iOratMp6bj3mWvgdr7uokZF977-bcf4ofcq3F6YD0NtJp8qD2hgp0RyQiqyfGrnSkelViAdtpupkpA6KWxCYT8f8HCCxBqX29OiptLHF2Lvg3o_rPf2UGA5tW2DBmjo39XVE3L6-YUewUvMeC2MmIpUtRPCTf3mi7hZSMBQNjGisawC6MtKSU2JPgnKSCTlFD_n6FeEkVY47nOl5pBT7O4XhNvPLRB6dXWfzYG5gCY6EsI1iW6mJTIilX03krVVWgL_5a6mxGwldYuePgTlIOld-AEnmPxUPaNn5mXvhxaf50GWoYOQT2TQ6Oa8bh8udXTGIf1MKapXDKbFkKO7AA1ylPaFCYbtpfMqt89ImC35KKjbBjDuo4iJnpaYgUXFOvI4BfXOVjAmsyQ5vVxfNvAj4oKyyQ8_gmK128Sk6oIOke9Zv6UNeXtK8wM883OA6pIS250QU9dvyTDbAF5kBjYtWu7tD-0dIL0GblfAq0Ex59SkGwX64FgPiAv3b18RlSOGlNdqrnGBv2YCDZv0bd_xfEBk1S4ewtgowdcsI-y8DPGBR9U3yFfaLKNaF31vTWyJ14Ly7tGcWRVnzN3aDQR9KzPV8y7Es2UTIHJ5KIqTgHZ8slhzzpy395BlLbu3P_wM3uZrHz5YXkMG47y07H36qaOu_MbCwobW3lfPojjX-Wt6WG3A0bcTYJiUD2soe-5MAbFBw1H36a7CzJ0x8QTLNpH40SiiwfM1R2yEQz6FApKAQ4_wccG04redKl3D0Xs1ahq8bWNPD5dJfI-X-aj31MIAadOth2kui0s6XUH-6I-ZVnPS8eeQXOoNApa9GA0FTCkjS7J4NpXBBvpMCLioHx3TZyBTwB3z98726vCkOO_BJPmNIZepC3nc6jHpDRN6FPXjA6MVHv27TCSJFkxSXJIjzLNnUbCZkXcz46w9j_UBYWQU_CWwSsSl_uIl7z72ljn4QBZ5tsqDdmJkuTc_MaskQItBgCjJ-UKf4f7EUIWFbFIv3ilDqp1MzklxzkDSq2oN2CPH8njZ0iePvGxdycoNSORJDLWXoaF1KxBvYOmra1TNRLvxuJhfWotmRuEGtsd7AsO_xd3rDgucQeHTcrOhlvmprCXmtEIdQBaLlQeBra7-V5a4o854V8-cCmEtG3bM5VmND8TvM7QFM7ILaPqFMOfugShCYB3YknaNf4syPQgk7X_iV-A4RhG2UqzsgiI-llrEcIxjvSSbX45vvL0DlqhbTG1opG0gv9tnr08JbzWITWY4k22eY0mwuztnAFYgWWGjRogXTaTZ9ESeO2ZXxGkXD9C-lTeMoVSLHVkaGGS4XGQXzpL5aJdteupeRSogHS05lfdKx4eZQOXk8gQTz80B-BfV9IL0EtCUZ6KfyHCSRmjai4MyacUpc5dSMOkMlPJruA513Du8LX8cb9aZ_arcX9GQulacDP1fisdYwUKGORMB3ncQlA1esntJpsDC6leMIRTqwZAm89VwL1N8zTLxyacwu2jJxytNNPnBtVbABovpsE365ATEWYTvPfY6bCgrJzrlf-km_fYSEylLYEH-lMcv-NxeDD0gTpQ5yYsOz7bqmlymAfF9EBGxgLJIBvEaohmTJiPAwtYSAYUvlO2iITyiTV8HwTlVgXNoFXTI2zjaNwezKgvd3aNANttfHrHTqV3rq9IJ5vJHCa8hQlBm9cD0b65Oi2bib6pITmwp_QEL5gg1Vp19r_CKDliP7veQcBJ2izTTVK6WMAbYUsWGGbMafcPJMrwir4JPRH3JZj59vbU3Mk2XSArEsiqTglUWdsCOx8V7jFPN2bgt5sc9HC0-q64--7BR7Yxc9vgrjfJ4mh4uisGikAl6QC4xrACGwTD3ecoIFuxKFUTo2owuud9RMGdB_e34eWfebmHkXD8MErBnHpAO4IrRgTtL3Z9U40b-G_k257tzrUXm3b7HPVVp9ZkjIRP1uiVY76vA-AuJ15bUXtaGv_w57kXfyA107-EkGemB81INXvpsgXlwFxJv_-8clGI_ty2yhFFGOiiwlNXsQTrdgfWGiOXxJFxBcuM62QJu06vcHw-HJFTVgEZXz-F6o49iIQM4wtg17d-jL1EQL7a0gpCyUb1DSzKGCM2qWdLzjxF0gzuyED5W3PPXu6viqSfan7omYwPV0Lu3g8iuEy7xQJsuwnw373kQCKQKk8hj3_PVwl-5nmD6jwUGb7zjVbE7w8U5MNGz8QxLG9eV4n4uuEDnyyjNsdTQny_oQ9a3_Pzo7rakaDYvqOeShB3WJLwdIGi6X1f_3kzMaD5hDvpXfZr7uTY2luqhyvwXA751o3-s-Q3KqvPBf18sd_8GHCTB8RVkXe_pZ6kS29oRkcJJ5SWQmjTkKH-DP43cyIWgEyYRmWBPzOrU6_PivTWPUTgW-idnI3ibDb_uJ_HmsVQhHGutTJMHoX2-R7cHAvLNeGLLiNDYCwLbdUGYbK5jJEcDJMCXW5LnZGWhPM&cid=CAASEuRo4anwwtcxoNcssFY35gZeFQ&rfl=2%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%252F%240
Frame ID: CF94F3493623477CD7F41B2B5F5E382F
Requests: 22 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 49932917EC2210CBE2B572AC0B9F3BBA
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: B0E41E9D023C52A243D16A025EE02930
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E92EF74BE8708FAE417099B8FE6EE924
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiV2d-3ATAB&v=APEucNWgsSf1haxhutYtpvHadbzWTdGFGd4-fTXHBVcRpqSgEKsampfQxVQAYJbg2UcEYU5CG-i_gtcpolkMMnLqL1GPrDNt8xuHvkv5MjYGSKE1UO3qJYAObXlNX-MDvugH0AZWhuEI6EVE8RNzYcNhpZoTGBDlTuaTBfZNqaL1CYq_pt_4W_Q
Frame ID: 008854075840493753E46F1CBBC837B1
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: D2E809715C9D611D232161E20362E25C
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 1B77FA61DA12F032576202AB606F37B8
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 724665B316F11D262D76E7E16462D306
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COvS1gIQ5su2qgIYyvyctwEwAQ&v=APEucNUQBF-NIn2OhzsmhTZrRoew2cTtAxTHt9Lt6ee_O-iQk90Hfpg9rKJiXSSfuAl5l_7JdKeCSdDl-lmUSNctaUXgMKfw49neLe_VGxQ57nAJ67wnqhiZX8evD4mbHD01UyTMn0dw6STogUblFeJw7sxF3_ZM7ZHd78jvxfY30ZfJ1g7PBM4
Frame ID: F6BDF06FE6ECBFF41B47E7F8C7D25496
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 908197A4E153D0BCF3E863723991B0D8
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/4528516/1039192214543590/index.html
Frame ID: C9EE59994E5D161FD5863E2187204882
Requests: 7 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61937826/20211018020328837/index.html?e=69&leftOffset=0&topOffset=0&c=IfbE7g68ds&t=1&renderingType=2
Frame ID: 1A495E180989B2A7063FEA4A81FEBEE7
Requests: 11 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/60488576/20210603021707961/index.html?e=69&leftOffset=0&topOffset=0&c=su6QfSbCio&t=1&renderingType=2
Frame ID: 801FB1D5747821E28B4D087683170F49
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D5A55966EF7D622218580BD7357E327F
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: C1AEEFDBA28A951E49BC4FADFC6E1ABF
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C21C3CB215072FF1233D06A0B00CC1DB
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 310AB0EF759A2CEE2522567FC838BB20
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E256AF6BBD107C420AD84DD46335EA65
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 3222967E824D852EB84CBC8D5AFB5AFB
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/60488576/20210603021707961/index.html?e=69&leftOffset=0&topOffset=0&c=JKUBp5Vtvo&t=1&renderingType=2
Frame ID: 40CEE23D8D5EAD16C0FEFAD120F218AA
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 4C8DA29ED58D68703E0883421FEE446A
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: CD451B31D05D623570EEE3D769299F47
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 9B40F7196420188910A95F0CC5C7740D
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js
Frame ID: FE2911D996720A59FAC1F6B6E1663F9A
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: F10C06CFF213A319A6A23568503BD7EE
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8A53FE11821C2D67D3794F5361AC7863
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/index.html
Frame ID: 8AEB3BF182B77A56411038E90D6E6434
Requests: 17 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8A634920773C0E668FD5071FD07A35C1
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61551629/20210616054624412/300x250.html?e=69&leftOffset=0&topOffset=0&c=eb08ByMTnh&t=1&renderingType=2
Frame ID: B0795F04D5C37362C30444BB7497A423
Requests: 9 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CP2kjPHB8_MCFTXSEQgd79kCPg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=717486480055.0807
Frame ID: 0E48FCE7ADD7780BED7F2085F05519C4
Requests: 2 HTTP requests in this frame

Frame: https://hal900019.redintelligence.net/request_content.php?s=59320200010508600710622011764019&a=b9ed1b94
Frame ID: FC92875E68AE946706B1276205C5F2A1
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js
Frame ID: BD8DD56B2D340EADC19CB3C70C093106
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js
Frame ID: CBAD324E63F4A01780A3611DBBCB7D32
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: CA27DC7CE37A573806805E0CB5DD8415
Requests: 9 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: AF9EF22BCB9F835C657045686E8F7E84
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 45A429649202B22070BB63C3F703755B
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js
Frame ID: A154F50E8DA093A444EE666075A8BDCE
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js
Frame ID: 6280474F58EE9F46BE84D76F17C9E19B
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: B086A307582A5DA434553908DDCC3B67
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js
Frame ID: 2841833BD4351DE0A8C6AD4157A93CED
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: B4F13AFA3077738793C1FF4407B1F10B
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: C20FC0CD7E46C8E4567ECB268423468A
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js
Frame ID: 26458CE74B8AD6B8765B2A6C3A9DF38C
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js
Frame ID: CC138FA39C3B935B00A1C335A59CF333
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js
Frame ID: 3BC77332AB8370755508106763466F0F
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js
Frame ID: CC793A94FD10090887C16A5649E0DB0E
Requests: 1 HTTP requests in this frame

Frame: https://static.arc.io/widget/css/widget.css?2326f2d
Frame ID: 48775764F9116E5424705B7AD63999E9
Requests: 3 HTTP requests in this frame

Frame: https://static.arc.io/widget/css/widget.css?2326f2d
Frame ID: E0D921D1B4221610D62B31E494988A86
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js
Frame ID: 0EAD953379876C1069661421B8521A2B
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: AD8F7DB5FD9DF2EE88F5F6D71398E976
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C81A3A184F137988F9E0628D75045444
Requests: 2 HTTP requests in this frame

Frame: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: C21D0B3E039752F6CBDB8433DA82A895
Requests: 1 HTTP requests in this frame

Frame: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 139F6E57B4983449D8E5F89410D52DE0
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNj8mwIQq6iuAhiqoueuATAB&v=APEucNXkijgGT5gD7SBCM-V5O5ouWiEBYwz0Kzb45ruqgF3ZyJYplGEKnxjOWknvtyQBTYYuR1Ey05TSRS5jfRW22yRCEovx8aftBkOhbsKjFKnJyhvOiZ57emqFQKtmfnuD79UmoqZWpCFzey5E7-vR_rE6Tcm1ux6P2dG7rcQ6AblA7kKphAQ
Frame ID: C3EEAF6674165CB144A3D4DA715ADB98
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 06E5A9C8E97E573B9427A29EDFBFF367
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 27F7A1695ADB12289EE71B6B0660817A
Requests: 2 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/14735266241682150625/index.html
Frame ID: 80096C07F7CA5DBDC7E3177F0DE0D1B0
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: FE95A155E516B73F81F08FE43CB44B82
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 7B50C176E4CFCEFEED7806D62EAA2870
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Links de WhastApp - Baixar App grátis - Grupos de WhatsAppLinks de WhastApp - Baixar App grátis - Grupos de WhatsApp

Page Statistics

667
Requests

84 %
HTTPS

38 %
IPv6

57
Domains

97
Subdomains

60
IPs

11
Countries

7776 kB
Transfer

18067 kB
Size

76
Cookies

26 Outgoing links

These are links going to different origins than the main page.

URL: https://g1.globo.com/pa/para/playlist/videos-jl2-de-sabado-30-de-outubro-de-2021.ghtml
Title: VÍDEOS: JL2 de sábado, 30 de outubro de 2021

Search URL Search Domain Scan URL

URL: https://g1.globo.com/ba/bahia/noticia/2021/10/30/quatro-pessoas-morrem-e-tres-ficam-feridas-apos-serem-baleadas-dentro-de-barraco-no-sul-da-ba.ghtml
Title: Quatro pessoas morrem e três ficam feridas após serem baleadas dentro de barraco no sul da BA

Search URL Search Domain Scan URL

URL: https://g1.globo.com/jornal-nacional/noticia/2021/10/30/aniversario-de-paulo-gustavo-se-torna-dia-do-humor-no-rio-de-janeiro.ghtml
Title: Aniversário de Paulo Gustavo se torna Dia do Humor no Rio de Janeiro

Search URL Search Domain Scan URL

URL: https://g1.globo.com/rj/rio-de-janeiro/carnaval/2022/selecao-do-samba/noticia/2021/10/30/no-dia-do-humor-sao-clemente-presta-homenagem-a-paulo-gustavo.ghtml
Title: No Dia do Humor, São Clemente presta homenagem a Paulo Gustavo

Search URL Search Domain Scan URL

URL: https://g1.globo.com/jornal-nacional/noticia/2021/10/30/em-encontro-com-presidente-da-turquia-bolsonaro-mente-sobre-situacao-da-economia-brasileira.ghtml
Title: Em encontro com presidente da Turquia, Bolsonaro mente sobre situação da economia brasileira

Search URL Search Domain Scan URL

URL: https://g1.globo.com/ba/bahia/noticia/2021/10/30/apos-uma-semana-onibus-voltam-a-circular-normalmente-em-feira-de-santana-moradores-da-zona-rural-encerram-protesto.ghtml
Title: Após uma semana, ônibus voltam a circular normalmente em Feira de Santana; moradores da zona rural encerram protesto

Search URL Search Domain Scan URL

URL: https://g1.globo.com/sp/santos-regiao/mais-saude/noticia/2021/10/30/baixada-santista-registra-133-novos-casos-e-duas-mortes-por-covid-19-em-24h.ghtml
Title: Baixada Santista registra 133 novos casos e duas mortes por Covid-19 em 24h

Search URL Search Domain Scan URL

URL: https://g1.globo.com/pa/para/noticia/2021/10/30/video-flagra-agressao-contra-jovem-abordado-pela-policia-civil-no-pa.ghtml
Title: Vídeo flagra agressão contra jovem abordado pela Polícia Civil, no PA

Search URL Search Domain Scan URL

URL: https://g1.globo.com/jornal-nacional/noticia/2021/10/30/lideres-do-g20-defendem-mais-cooperacao-entre-as-nacoes-para-enfrentar-pandemia-e-mudancas-climaticas.ghtml
Title: Líderes do G20 defendem mais cooperação entre as nações para enfrentar pandemia e mudanças climáticas

Search URL Search Domain Scan URL

URL: https://g1.globo.com/ba/bahia/noticia/2021/10/30/professor-encontrado-morto-apos-desaparecer-em-feira-de-santana-e-enterrado-sob-forte-comocao.ghtml
Title: Professor encontrado morto após desaparecer em Feira de Santana é enterrado sob forte comoção

Search URL Search Domain Scan URL

URL: https://g1.globo.com/rr/roraima/noticia/2021/10/30/forca-aerea-encerra-buscas-por-piloto-do-rj-desaparecido-apos-voo-na-terra-yanomami.ghtml
Title: Força Aérea encerra buscas por piloto do RJ desaparecido após voo na Terra Yanomami

Search URL Search Domain Scan URL

URL: https://g1.globo.com/ce/ceara/noticia/2021/10/30/fiacao-pega-fogo-e-poste-fica-preso-apenas-por-ferro-apos-ser-atingido-por-veiculo-no-centro-de-fortaleza.ghtml
Title: Fiação pega fogo e poste fica preso apenas por ferro após ser atingido por veículo no Centro de Fortaleza

Search URL Search Domain Scan URL

URL: https://g1.globo.com/mg/triangulo-mineiro/noticia/2021/10/30/caminhao-carregado-com-10-toneladas-de-cebola-tomba-na-mg-233-em-araguari.ghtml
Title: Caminhão carregado com 10 toneladas de cebola tomba na MG-233 em Araguari

Search URL Search Domain Scan URL

URL: https://g1.globo.com/saude/noticia/2021/10/30/banho-frio-e-mesmo-bom-para-a-saude.ghtml
Title: Banho frio é mesmo bom para a saúde?

Search URL Search Domain Scan URL

URL: https://g1.globo.com/pr/oeste-sudoeste/noticia/2021/10/30/uma-crianca-morre-uma-fica-ferida-e-outra-desaparece-apos-serem-atingidas-por-correnteza-em-rio-de-cascavel.ghtml
Title: Uma criança morre, uma fica ferida e outra desaparece após serem atingidas por correnteza em rio de Cascavel

Search URL Search Domain Scan URL

URL: https://g1.globo.com/ro/rondonia/noticia/2021/10/30/boletim-covid-rondonia-registra-124-novos-casos-e-duas-mortes-neste-sabado-30.ghtml
Title: Boletim Covid: Rondônia registra 124 novos casos e duas mortes neste sábado (30)

Search URL Search Domain Scan URL

URL: https://g1.globo.com/rj/sul-do-rio-costa-verde/noticia/2021/10/30/suspeitos-invadem-imovel-agridem-casal-de-idosos-e-roubam-r-70-para-comprar-drogas-vitimas-estao-em-coma.ghtml
Title: Suspeitos invadem imóvel, agridem casal de idosos e roubam R$ 70 para comprar drogas; vítimas estão em coma

Search URL Search Domain Scan URL

URL: https://g1.globo.com/es/espirito-santo/noticia/2021/10/30/es-chega-a-12915-mortes-e-606950-casos-confirmados-de-covid-19.ghtml
Title: ES chega a 12.915 mortes e 606.950 casos confirmados de Covid-19

Search URL Search Domain Scan URL

URL: https://g1.globo.com/mg/centro-oeste/noticia/2021/10/30/policia-civil-investiga-circunstancias-de-incendio-registrado-em-uma-casa-no-bairro-interlagos-em-divinopolis.ghtml
Title: Polícia Civil investiga circunstâncias de incêndio registrado em uma casa no Bairro Interlagos em Divinópolis

Search URL Search Domain Scan URL

URL: https://g1.globo.com/mg/minas-gerais/videos-mg2/playlist/videos-mg2-de-sabado-30-de-outubro-de-2021.ghtml
Title: VÍDEOS: MG2 de sábado, 30 de outubro de 2021

Search URL Search Domain Scan URL

URL: https://g1.globo.com/pb/paraiba/noticia/2021/10/30/dupla-e-presa-apos-perseguicao-por-assalto-a-acougue-em-joao-pessoa.ghtml
Title: Dupla é presa após perseguição por assalto a açougue em João Pessoa

Search URL Search Domain Scan URL

URL: https://g1.globo.com/pr/parana/edicao/2021/10/30/videos-boa-noite-parana-de-sabado-30-de-outubro.ghtml
Title: VÍDEOS: Boa Noite Paraná de sábado, 30 de outubro

Search URL Search Domain Scan URL

URL: https://g1.globo.com/rj/rio-de-janeiro/noticia/2021/10/30/pai-de-henry-borel-faz-desabafo-em-redes-sociais-quem-tinha-obrigacao-de-proteger-optou-em-lhe-vender-para-pagar-as-contas-pessoais.ghtml
Title: Pai de Henry Borel faz desabafo em redes sociais: 'Quem tinha obrigação de proteger optou em lhe 'vender' para pagar as contas pessoais'

Search URL Search Domain Scan URL

URL: https://g1.globo.com/go/goias/edicao/2021/10/30/videos-jornal-anhanguera-2-edicao-de-sabado-30-de-outubro-de-2021.ghtml
Title: VÍDEOS: Jornal Anhanguera 2ª edição de sábado, 30 de outubro de 2021

Search URL Search Domain Scan URL

URL: https://solion.app/
Title: Grupos para WhatsApp

Search URL Search Domain Scan URL

URL: https://www.horariosdeonibus.org/
Title: Horários de ônibus

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 145

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 161

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN1zOlrWV9GB7o-_ERgW138&google_cver=1

Request Chain 162

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YX3zlbtJTfjVXfVMmN-7igAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECyDErByL_gaLrg0c_Y2wnY&google_cver=1

Request Chain 163

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEExwlYJ3XmWDXb2WIgQERjU&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEExwlYJ3XmWDXb2WIgQERjU%26google_cver%3D1

Request Chain 164

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTExNDQ4NDM4Mjc5MDQzMjk1Mw%3D%3D

Request Chain 183

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJLzsMCw1qWLDSlVnNQmpjE&google_cver=1 HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEJLzsMCw1qWLDSlVnNQmpjE&google_cver=1

Request Chain 184

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NTVlZmM1ZjktYWEyYS0yYThlLWM2MGMtMzc0OTI5ZmZhN2Y3

Request Chain 185

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEN-Q1a2XjFHm9ISh4JSa6xk&google_cver=1

Request Chain 190

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC2y-uZlLUdGUilga6cC1Z0&google_cver=1

Request Chain 191

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YX3zlbtJTfjVXfVMmN-7igAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECyDErByL_gaLrg0c_Y2wnY&google_cver=1

Request Chain 192

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEGsYx5rWfzjVhKgzxgFMWS0&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEGsYx5rWfzjVhKgzxgFMWS0%26google_cver%3D1

Request Chain 193

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTExNDQ4NDM4Mjc5MDQzMjk1Mw%3D%3D

Request Chain 199

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPzThSthoUYBiHuSam_eHOw&google_cver=1 HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEPzThSthoUYBiHuSam_eHOw&google_cver=1

Request Chain 200

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NTVlZmM1ZjktYWEyYS0yYThlLWM2MGMtMzc0OTI5ZmZhN2Y3

Request Chain 201

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEN-Q1a2XjFHm9ISh4JSa6xk&google_cver=1

Request Chain 210

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGqP4t0raSAvLt4_yEo9cps&google_cver=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGqP4t0raSAvLt4_yEo9cps&google_cver=1&__user_check__=1&sync_id=40386451-39eb-11ec-92d9-1bf0cf250306

Request Chain 211

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=4037f71b-39eb-11ec-a5e9-160292010206 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NDAzODYzZmItMzllYi0xMWVjLTkyZDktMWJmMGNmMjUwMzA2

Request Chain 263

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECyDErByL_gaLrg0c_Y2wnY&google_cver=1

Request Chain 264

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YX3zlbtJTfjVXfVMmN-7igAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECyDErByL_gaLrg0c_Y2wnY&google_cver=1

Request Chain 265

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEGsYx5rWfzjVhKgzxgFMWS0&google_cver=1

Request Chain 266

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTExNDQ4NDM4Mjc5MDQzMjk1Mw%3D%3D

Request Chain 332

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGOt5t8zfiVGn_w9CH4geUI&google_cver=1

Request Chain 333

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NTVlZmM1ZjktYWEyYS0yYThlLWM2MGMtMzc0OTI5ZmZhN2Y3

Request Chain 334

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEN-Q1a2XjFHm9ISh4JSa6xk&google_cver=1

Request Chain 343

https://hal900019.redintelligence.net/request.php?zone=fa7i8f5ue3r6&nw=20&renderingType=javascript&namespace=4e71422600&subid=&uid=4d1e72399095e450&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=640x480&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCxtMulPN9Yar2Oo_C-gb6hY7IDbXN-YNXjNK5q-UM8C4QASCBi_ZoYJUCyAEJqQIugvQvkWWzPqgDAaoE9AFP0KWLyR4GBqxiOV8JL-6nloxX6PtO-f0hrsfNoDRb9602Ead3vqoj2veqk0OsngnhOSEMUpXcL5F44LypFdvbXIzou_g81RZ3emtRzBN6FTMIG6AAwjl5vnapjXaLVBYz93xp_w785YU8rjy-FSAU9j_qgwVb0eb8KZXDfVyLCSMJzpaUqMZDqg1APOFh4Npnvak-qne__vUyC57H_xiV8QNtP7c2C4VFrWLYdytuhd0bOI3HgNcs8OYJC_5N-FNR7ZPnf7p4Ov7Bz-0-qWi_1h5XNFUz_koLPaVwvP-aOd74RG14vrhqMUcixEXcHZYtDv25wASqnfy-zwHgBAOQBgGgBk2AB-vn6F6oB_DZG6gH8tkbqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi03NDIyMzU3NzYwMDI0MzgygAoDmAsByAsBgAwBsBPCmtoK0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRoWHuknKQwd3-rRfxKul6Pfpqp1A%26sig%3DAOD64_0xWZtlrjFc6Egv32aqCzXXNMXpoA%26client%3Dca-pub-7808843510208819%26dbm_c%3DAKAmf-CFLdEMZlUaSTpOwmj7lxr0vQdjxLsJPBLm8YC0kVQ-y-uF2P6ZhaO0VveXy4QS1F6qQXy8nsqQn702rmMvZTfaK-OVXLlxUoAukb6qaQr__nzXm2MlXgBAnyRgyn-B5sCphB6cxMJbMGAwtcx5kTiqAD763Q%26cry%3D1%26dbm_d%3DAKAmf-BaOuCdB8XAjPVGJdsuFJOJUsEbu8FCw-Fqmwf0OxySvo3eCpb16f9yUy6cuITAdvsUpzHZQql7MnFdDB6hZIpXpYi66MGERtl0qPj5ZRJu-iTjCKEk_2gC5w8rJwSbk5eDw9ekczkPRZX56CMoZz1Nei-J_XMfHtKqr8Rf7qXv37_Y95sLjX94OLJvaiwYxflbpB4xWqpl3mvYCRWc6ldWu1ncMXjVY1VYf3SYx9j4a7kKWUQgRyKJ5G91GDGeJhgAvJ0AYU7dnDJHuLHeJMsswev6SqLJBAEggx69ncuqjmv8QxcYMjcmiZkf3egRemYABs3F4d-F16aJePnIFhO70Wo3T83fLB7tUn2TtAhsTj7xMHMH5Wz8DUPe-sRGI77xyaDg0RwIyNJgCLlWKaSSnDbTSdxtM0kqt1sjYy5fRyoD6uk3VJ_syZDjjNC8fl5E75kLzj1AdSxoS6tvJwqRr7fIBQ%26adurl%3D&documentReferer=https%3A%2F%2Fgruposdewhatsapp.bar%2F&ancestorOrigins=https%3A%2F%2Fgruposdewhatsapp.bar%2Chttps%3A%2F%2Fgruposdewhatsapp.bar&random=1531181916826&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900019.redintelligence.net/request.php?zone=fa7i8f5ue3r6&nw=20&renderingType=javascript&namespace=4e71422600&subid=&uid=4d1e72399095e450&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=640x480&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCxtMulPN9Yar2Oo_C-gb6hY7IDbXN-YNXjNK5q-UM8C4QASCBi_ZoYJUCyAEJqQIugvQvkWWzPqgDAaoE9AFP0KWLyR4GBqxiOV8JL-6nloxX6PtO-f0hrsfNoDRb9602Ead3vqoj2veqk0OsngnhOSEMUpXcL5F44LypFdvbXIzou_g81RZ3emtRzBN6FTMIG6AAwjl5vnapjXaLVBYz93xp_w785YU8rjy-FSAU9j_qgwVb0eb8KZXDfVyLCSMJzpaUqMZDqg1APOFh4Npnvak-qne__vUyC57H_xiV8QNtP7c2C4VFrWLYdytuhd0bOI3HgNcs8OYJC_5N-FNR7ZPnf7p4Ov7Bz-0-qWi_1h5XNFUz_koLPaVwvP-aOd74RG14vrhqMUcixEXcHZYtDv25wASqnfy-zwHgBAOQBgGgBk2AB-vn6F6oB_DZG6gH8tkbqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi03NDIyMzU3NzYwMDI0MzgygAoDmAsByAsBgAwBsBPCmtoK0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRoWHuknKQwd3-rRfxKul6Pfpqp1A%26sig%3DAOD64_0xWZtlrjFc6Egv32aqCzXXNMXpoA%26client%3Dca-pub-7808843510208819%26dbm_c%3DAKAmf-CFLdEMZlUaSTpOwmj7lxr0vQdjxLsJPBLm8YC0kVQ-y-uF2P6ZhaO0VveXy4QS1F6qQXy8nsqQn702rmMvZTfaK-OVXLlxUoAukb6qaQr__nzXm2MlXgBAnyRgyn-B5sCphB6cxMJbMGAwtcx5kTiqAD763Q%26cry%3D1%26dbm_d%3DAKAmf-BaOuCdB8XAjPVGJdsuFJOJUsEbu8FCw-Fqmwf0OxySvo3eCpb16f9yUy6cuITAdvsUpzHZQql7MnFdDB6hZIpXpYi66MGERtl0qPj5ZRJu-iTjCKEk_2gC5w8rJwSbk5eDw9ekczkPRZX56CMoZz1Nei-J_XMfHtKqr8Rf7qXv37_Y95sLjX94OLJvaiwYxflbpB4xWqpl3mvYCRWc6ldWu1ncMXjVY1VYf3SYx9j4a7kKWUQgRyKJ5G91GDGeJhgAvJ0AYU7dnDJHuLHeJMsswev6SqLJBAEggx69ncuqjmv8QxcYMjcmiZkf3egRemYABs3F4d-F16aJePnIFhO70Wo3T83fLB7tUn2TtAhsTj7xMHMH5Wz8DUPe-sRGI77xyaDg0RwIyNJgCLlWKaSSnDbTSdxtM0kqt1sjYy5fRyoD6uk3VJ_syZDjjNC8fl5E75kLzj1AdSxoS6tvJwqRr7fIBQ%26adurl%3D&documentReferer=https%3A%2F%2Fgruposdewhatsapp.bar%2F&ancestorOrigins=https%3A%2F%2Fgruposdewhatsapp.bar%2Chttps%3A%2F%2Fgruposdewhatsapp.bar&random=1531181916826&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 348

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 356

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGqP4t0raSAvLt4_yEo9cps&google_cver=1

Request Chain 357

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NDAzODYzZmItMzllYi0xMWVjLTkyZDktMWJmMGNmMjUwMzA2

Request Chain 373

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEBztHkH4KUxqkYensOvM_1I&google_cver=1&google_push=AYg5qPJvF1nVHPVL7gbP-oPG2mVTqETad5Ia5ijWFCp5qgKtpIEH1yzyIo85Sq1KDzJPpGjN1YGQPyqnTDzCcD8Ci3L21Cz5P1sQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MjgwMTgwMTMzMDYxNjU3MTY1Mw==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEDAmT2_ja65L6UvbHEF2zxA&google_cver=1

Request Chain 375

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEKbmMe9HjRt6d9HqYVNO2EM&google_cver=1&google_push=AYg5qPJ3EeXYRGut2b6DUa7EQ1G_wbx9dewZI6pRejrOWFuaYEuGiNrXi3MocLPCGwoezw07qD-G3wgRLJ5KML-ufr5cGFLbhEos HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPJ3EeXYRGut2b6DUa7EQ1G_wbx9dewZI6pRejrOWFuaYEuGiNrXi3MocLPCGwoezw07qD-G3wgRLJ5KML-ufr5cGFLbhEos

Request Chain 376

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEGJBucwhe2OvbLItkwnsl7I&google_cver=1&google_push=AYg5qPIBEFYsL7E_56RbJSYvOON8bpEi3hty52UUAgaPJuPL9bHriA7_12T4CtFIH0lf5NI4ddRxOeMkvip033Z_XJN64M7j-8Jq HTTP 302
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEGJBucwhe2OvbLItkwnsl7I&google_cver=1&google_push=AYg5qPIBEFYsL7E_56RbJSYvOON8bpEi3hty52UUAgaPJuPL9bHriA7_12T4CtFIH0lf5NI4ddRxOeMkvip033Z_XJN64M7j-8Jq&checkcookies=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=sXdNw4LDb_lzaFWlTT41vA&google_push=AYg5qPIBEFYsL7E_56RbJSYvOON8bpEi3hty52UUAgaPJuPL9bHriA7_12T4CtFIH0lf5NI4ddRxOeMkvip033Z_XJN64M7j-8Jq

Request Chain 377

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESECxDQ0nrIHZWO6y7_bxxy3Q&google_cver=1&google_push=AYg5qPLqXeQ2u3mCIlbm0aSfLaUymV0Ly-rSzQpuulZju87RcstenAKCwFbHqRGufvLZDyPlbDpnu9MLzkRSpdGbUUsfRVhJiN7g HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESECxDQ0nrIHZWO6y7_bxxy3Q&google_cver=1&google_push=AYg5qPLqXeQ2u3mCIlbm0aSfLaUymV0Ly-rSzQpuulZju87RcstenAKCwFbHqRGufvLZDyPlbDpnu9MLzkRSpdGbUUsfRVhJiN7g&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=WnAbpBlDQjS7TEy7LrKH9Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLqXeQ2u3mCIlbm0aSfLaUymV0Ly-rSzQpuulZju87RcstenAKCwFbHqRGufvLZDyPlbDpnu9MLzkRSpdGbUUsfRVhJiN7g

Request Chain 396

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESENs3h9O4Nt5HKbrVuVKPJ3w&google_cver=1&google_push=AYg5qPKbz1G7OYmY-ziUUn2nr3D3iiqBpgNUQAcQDn1Zte3ocQzzU6BFYglp_Zyb_VJUcARmdystohjvT2T6dOaznxR5Yff6e9VyCg HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKbz1G7OYmY-ziUUn2nr3D3iiqBpgNUQAcQDn1Zte3ocQzzU6BFYglp_Zyb_VJUcARmdystohjvT2T6dOaznxR5Yff6e9VyCg&google_hm=2RmaCPWRgpW-EVcgew-znQ

Request Chain 397

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPL32uZSzj_Ku5caFaGqM1E3ViJLLwt3S2qdS8FsaQhtq9yvS61Ta47UZgB1cSNTecxLe9t3hcEMpnQFUEfxP4lDO1Qp6lKSYQ&google_gid=CAESEKkKgbrUz9fATXX6beM0oww&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVgzemx3QUFBSThFcFdIMw&google_push=AYg5qPL32uZSzj_Ku5caFaGqM1E3ViJLLwt3S2qdS8FsaQhtq9yvS61Ta47UZgB1cSNTecxLe9t3hcEMpnQFUEfxP4lDO1Qp6lKSYQ

Request Chain 398

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPIRqurz24NoyLj2s2oPQEr6FwdmxEDApKay-8nBNcyR36br6Qxg1pukWnTE86hu4BG03_-Eg04_e4UaZ8Cx_ppQ9B8j8Cbx&google_gid=CAESEO_lYmWIhMSt0wJBFltcQsc&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPIRqurz24NoyLj2s2oPQEr6FwdmxEDApKay-8nBNcyR36br6Qxg1pukWnTE86hu4BG03_-Eg04_e4UaZ8Cx_ppQ9B8j8Cbx&google_gid=CAESEO_lYmWIhMSt0wJBFltcQsc&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEwMzEwMTM4MzEwMDA0MDc0MTQ4NTg2NA%3D%3D&google_push=AYg5qPIRqurz24NoyLj2s2oPQEr6FwdmxEDApKay-8nBNcyR36br6Qxg1pukWnTE86hu4BG03_-Eg04_e4UaZ8Cx_ppQ9B8j8Cbx

Request Chain 399

https://rtb.openx.net/sync/dds?google_gid=CAESEKhJd9QX6agt7SlKNKYIr1A&google_cver=1&google_push=AYg5qPLOTrC808ucybVl_DBroDKn5woTf_3xtQTAm14xKlX5b1rtayD2n8C3y9MMIV5L0sxPF6h_uR3Z6e7Px69KqYMHAUqnDuQ6ng HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLOTrC808ucybVl_DBroDKn5woTf_3xtQTAm14xKlX5b1rtayD2n8C3y9MMIV5L0sxPF6h_uR3Z6e7Px69KqYMHAUqnDuQ6ng&google_hm=ptacD8rbzQQ1mCFHMARTLQ==

Request Chain 400

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEJrJHYTfk028myu4b0yJGDE&google_cver=1&google_push=AYg5qPI4zoxhP2fQiTpBpFHmrLJixgAaDcknEApEicoQMdtivaHK0RTlCyQIfj5GU_jBRBMAd8JbQNuuptIpgJuapCD4K4dkKErbgg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI4zoxhP2fQiTpBpFHmrLJixgAaDcknEApEicoQMdtivaHK0RTlCyQIfj5GU_jBRBMAd8JbQNuuptIpgJuapCD4K4dkKErbgg

Request Chain 401

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEO9s2MpQ63gPvFFNin8cu94&google_cver=1&google_push=AYg5qPKCO2NKYLz1mA9lIPToGpwragdDkzoLtRnTo98AvqihllzYDbTtFMQ4nHqHSvUcJRVCF0lsSvG646I2FSvEV735MHNhTy21fQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0UzSFgtTC1GV1Q0&google_push=AYg5qPKCO2NKYLz1mA9lIPToGpwragdDkzoLtRnTo98AvqihllzYDbTtFMQ4nHqHSvUcJRVCF0lsSvG646I2FSvEV735MHNhTy21fQ

Request Chain 402

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPok39eb_THqR2742tbB_S0&google_cver=1&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw16593-n-q14 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw16593-n-q14&google_gid=CAESEPok39eb_THqR2742tbB_S0&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw16593-n-q14&google_gid=CAESEPok39eb_THqR2742tbB_S0&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw16593-n-q14&google_gid=CAESEPok39eb_THqR2742tbB_S0&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw16593-n-q14&google_gid=CAESEPok39eb_THqR2742tbB_S0&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw16593-n-q14&google_gid=CAESEPok39eb_THqR2742tbB_S0&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw16593-n-q14&google_gid=CAESEPok39eb_THqR2742tbB_S0&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw16593-n-q14&google_gid=CAESEPok39eb_THqR2742tbB_S0&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw16593-n-q14&google_gid=CAESEPok39eb_THqR2742tbB_S0&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw16593-n-q14&google_gid=CAESEPok39eb_THqR2742tbB_S0&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw16593-n-q14&google_gid=CAESEPok39eb_THqR2742tbB_S0&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw16593-n-q14&google_gid=CAESEPok39eb_THqR2742tbB_S0&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw16593-n-q14&google_gid=CAESEPok39eb_THqR2742tbB_S0&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw16593-n-q14&google_gid=CAESEPok39eb_THqR2742tbB_S0&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw16593-n-q14&google_gid=CAESEPok39eb_THqR2742tbB_S0&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw16593-n-q14&google_gid=CAESEPok39eb_THqR2742tbB_S0&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw16593-n-q14&google_gid=CAESEPok39eb_THqR2742tbB_S0&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw16593-n-q14&google_gid=CAESEPok39eb_THqR2742tbB_S0&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw16593-n-q14&google_gid=CAESEPok39eb_THqR2742tbB_S0&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw16593-n-q14&google_gid=CAESEPok39eb_THqR2742tbB_S0&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw16593-n-q14&google_gid=CAESEPok39eb_THqR2742tbB_S0&google_cver=1

Request Chain 404

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEK5wrYo646SQgVtHuYGEE8s&google_cver=1&google_push=AYg5qPLShVKqNCUNnFoCtxwhuobElFiRQMEmONmTSoVoP7V2QpZ6__5HaaVqnd3qjzPiKlZ6hq0XXr0uf-Ba5gFwumcMF589_3LDYg HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPLShVKqNCUNnFoCtxwhuobElFiRQMEmONmTSoVoP7V2QpZ6__5HaaVqnd3qjzPiKlZ6hq0XXr0uf-Ba5gFwumcMF589_3LDYg&google_hm=2RmaCPWRgpW-EVcgew-znQ

Request Chain 405

https://d.agkn.com/pixel/2175/?google_gid=CAESENXxlq2QyBcWxzdnqFEhNeg&google_cver=1&google_push=AYg5qPI_DuZWbRDRb9rF_YMN7ZeFqBF86ZRBNABCMiSr00Q4YybkmjShnevwinyhb3mFByy0YXFcgac28IG5ekZGqVNycD2lZCGJHA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPI_DuZWbRDRb9rF_YMN7ZeFqBF86ZRBNABCMiSr00Q4YybkmjShnevwinyhb3mFByy0YXFcgac28IG5ekZGqVNycD2lZCGJHA&google_hm=Q0FFU0VOWHhscTJReUJjV3h6ZG5xRkVoTmVn

Request Chain 406

https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESELL6ffbjTXu2hkBbTvwxhSQ&google_push=AYg5qPL_TCnUO6kIjEHkypB5JZFioIbGVT83uj5f-ufgl-6Fb1olaPZbFmD2OuYACdoo01k4yhbJIHIj-hh56YqCEfy_Q7mEWpuEEQ&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dmp&google_push=AYg5qPL_TCnUO6kIjEHkypB5JZFioIbGVT83uj5f-ufgl-6Fb1olaPZbFmD2OuYACdoo01k4yhbJIHIj-hh56YqCEfy_Q7mEWpuEEQ&google_hm=MTA4MTAzMjc5NTY4NjMyODA1ODc

Request Chain 407

https://rtb.openx.net/sync/dds?google_gid=CAESEKNyF1D3kfkf2YcZ6Cr7Wbk&google_cver=1&google_push=AYg5qPKr1UeXxa_nBJhALOEFmx7n3rwTRLuu3plAkyBtRCBhT0CZ5JAFEKMnoww57C-Ijwq4xNRPf1NEg-vvrGmC6Sp8TziYBx4YsA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKr1UeXxa_nBJhALOEFmx7n3rwTRLuu3plAkyBtRCBhT0CZ5JAFEKMnoww57C-Ijwq4xNRPf1NEg-vvrGmC6Sp8TziYBx4YsA&google_hm=ptacD8rbzQQ1mCFHMARTLQ==

Request Chain 408

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEOFznA_bVmoTnqMRk0WGUIo&google_cver=1&google_push=AYg5qPJi2legOATkOxqPoZdTiUUvcNrwJo5l0wRTJbUSnwZJP6PwyL4dZWLiJOWsuKgE5Nl0A3cNL_DUccrHdW820zZiF9xHZJFrrw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=WnAbpBlDQjS7TEy7LrKH9Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJi2legOATkOxqPoZdTiUUvcNrwJo5l0wRTJbUSnwZJP6PwyL4dZWLiJOWsuKgE5Nl0A3cNL_DUccrHdW820zZiF9xHZJFrrw

Request Chain 409

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEF9QG2L8lX6kGIhRqISxVVc&google_cver=1&google_push=AYg5qPLfoA5FxECHy7HT3XI_U8r0S4emYFIvS9wUvZYcvICf0_YpEpsYYcoQvFsp3DZfD-0QwtyAVTPOGdMJqtQ1fq_f3fsZ4OHH HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0UzSTEtMi1LQThE&google_push=AYg5qPLfoA5FxECHy7HT3XI_U8r0S4emYFIvS9wUvZYcvICf0_YpEpsYYcoQvFsp3DZfD-0QwtyAVTPOGdMJqtQ1fq_f3fsZ4OHH

Request Chain 410

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf3HYWe2T9Owni2mnog2wqGipxNwsoq12ncTzc4iw9AaegGK9Ltg5g1HKtdLykRo8hw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf3HYWe2T9Owni2mnog2wqGipxNwsoq12ncTzc4iw9AaegGK9Ltg5g1HKtdLykRo8hw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf3HYWe2T9Owni2mnog2wqGipxNwsoq12ncTzc4iw9AaegGK9Ltg5g1HKtdLykRo8hw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf3HYWe2T9Owni2mnog2wqGipxNwsoq12ncTzc4iw9AaegGK9Ltg5g1HKtdLykRo8hw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf3HYWe2T9Owni2mnog2wqGipxNwsoq12ncTzc4iw9AaegGK9Ltg5g1HKtdLykRo8hw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf3HYWe2T9Owni2mnog2wqGipxNwsoq12ncTzc4iw9AaegGK9Ltg5g1HKtdLykRo8hw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf3HYWe2T9Owni2mnog2wqGipxNwsoq12ncTzc4iw9AaegGK9Ltg5g1HKtdLykRo8hw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf3HYWe2T9Owni2mnog2wqGipxNwsoq12ncTzc4iw9AaegGK9Ltg5g1HKtdLykRo8hw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf3HYWe2T9Owni2mnog2wqGipxNwsoq12ncTzc4iw9AaegGK9Ltg5g1HKtdLykRo8hw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf3HYWe2T9Owni2mnog2wqGipxNwsoq12ncTzc4iw9AaegGK9Ltg5g1HKtdLykRo8hw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf3HYWe2T9Owni2mnog2wqGipxNwsoq12ncTzc4iw9AaegGK9Ltg5g1HKtdLykRo8hw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf3HYWe2T9Owni2mnog2wqGipxNwsoq12ncTzc4iw9AaegGK9Ltg5g1HKtdLykRo8hw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf3HYWe2T9Owni2mnog2wqGipxNwsoq12ncTzc4iw9AaegGK9Ltg5g1HKtdLykRo8hw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf3HYWe2T9Owni2mnog2wqGipxNwsoq12ncTzc4iw9AaegGK9Ltg5g1HKtdLykRo8hw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf3HYWe2T9Owni2mnog2wqGipxNwsoq12ncTzc4iw9AaegGK9Ltg5g1HKtdLykRo8hw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf3HYWe2T9Owni2mnog2wqGipxNwsoq12ncTzc4iw9AaegGK9Ltg5g1HKtdLykRo8hw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf3HYWe2T9Owni2mnog2wqGipxNwsoq12ncTzc4iw9AaegGK9Ltg5g1HKtdLykRo8hw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf3HYWe2T9Owni2mnog2wqGipxNwsoq12ncTzc4iw9AaegGK9Ltg5g1HKtdLykRo8hw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf3HYWe2T9Owni2mnog2wqGipxNwsoq12ncTzc4iw9AaegGK9Ltg5g1HKtdLykRo8hw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf3HYWe2T9Owni2mnog2wqGipxNwsoq12ncTzc4iw9AaegGK9Ltg5g1HKtdLykRo8hw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf3HYWe2T9Owni2mnog2wqGipxNwsoq12ncTzc4iw9AaegGK9Ltg5g1HKtdLykRo8hw

Request Chain 414

https://d.agkn.com/pixel/2175/?google_gid=CAESELqBFBVOwAY1So_qg4ZQ6Us&google_cver=1&google_push=AYg5qPLxp4MRDjor-i2W4x4zvYaUegmhEo_3OX1-81TM6nwk5E2rmjIUpKT6Xy3V6wB73nh4pJO3wfBP1QLKXUzjurhYsow6iHZy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPLxp4MRDjor-i2W4x4zvYaUegmhEo_3OX1-81TM6nwk5E2rmjIUpKT6Xy3V6wB73nh4pJO3wfBP1QLKXUzjurhYsow6iHZy&google_hm=Q0FFU0VMcUJGQlZPd0FZMVNvX3FnNFpRNlVz

Request Chain 415

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPK9aetZo6jmH1gMpIYRZSh1jDPFWIEDmKMfy-udjKJ3v0s1hrmpTvLFNM4ehv5ZtzlH0ETVqKTdaZVTlRL1dqmKUJWlXPTy&google_gid=CAESEMEGAeuZQjIkmE8bnjFz4WU&google_cver=1 HTTP 307
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCJbn94sGEgUI6AcQAEIASnBnb29nbGVfcHVzaD1BWWc1cVBLOWFldFpvNmptSDFnTXBJWVJaU2gxakRQRldJRURtS01meS11ZGpLSjN2MHMxaHJtcFR2TEZOTTRlaHY1WnR6bEgwRVRWcUtUZGFaVlRsUkwxZHFtS1VKV2xYUFR5 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwVkFnVkZoM3ZyMVVPU0xWNVV3ZHZ0S1lycXNNUGVQOHFhSHNhSWJQcDFXMA==&google_push

Request Chain 416

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPLqvJIUdqxt3WX6HD-QhhrfW8MAZbKJL5mqQc1kXKBMaSMKCIDbS0g78XfkOWvVm3AaG6VgP__G03rps4M5kQof6ih7CxaU&google_gid=CAESEB43GEcxTOd4OxTehCBsFBc&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPLqvJIUdqxt3WX6HD-QhhrfW8MAZbKJL5mqQc1kXKBMaSMKCIDbS0g78XfkOWvVm3AaG6VgP__G03rps4M5kQof6ih7CxaU&google_gid=CAESEB43GEcxTOd4OxTehCBsFBc&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEwMzEwMTM4MzEwMDA3NDg2MDYwNTM5NQ%3D%3D&google_push=AYg5qPLqvJIUdqxt3WX6HD-QhhrfW8MAZbKJL5mqQc1kXKBMaSMKCIDbS0g78XfkOWvVm3AaG6VgP__G03rps4M5kQof6ih7CxaU

Request Chain 417

https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEIHuJJMMuHSMp9d48rrX_oQ&google_push=AYg5qPLGDUT0W6sDJrAk5spXKb9ZrSIi8Dxr5UUSqRMCYaImmAMrilbkG_mI9vF6sgUEp9g_PL3uogjL0bXor5ZCxH6YEefW2mN6&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dmp&google_push=AYg5qPLGDUT0W6sDJrAk5spXKb9ZrSIi8Dxr5UUSqRMCYaImmAMrilbkG_mI9vF6sgUEp9g_PL3uogjL0bXor5ZCxH6YEefW2mN6&google_hm=MTA4MjE0NDYyMTcyMzY3OTI4NDg

Request Chain 418

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEJBULm8T05vDuexCMsp9Avg&google_cver=1&google_push=AYg5qPIm4FY8gzVEl4UEu24cJPicTb8Ih2uCodmwQwN89_xPbQSRleTMX8xneBcHZJ1oYnm1N17rQAKBhk02iIYAu9J4jTgjwIP2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIm4FY8gzVEl4UEu24cJPicTb8Ih2uCodmwQwN89_xPbQSRleTMX8xneBcHZJ1oYnm1N17rQAKBhk02iIYAu9J4jTgjwIP2

Request Chain 419

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEpMXZFdpJ160nx5FB1Z6BE&google_cver=1&google_push=AYg5qPKhVfNXwB8PELuOF9tMx5wlG2624mQ9P-t0TvQ8NtQMKBotG4W_nSrdhvJPJvhajoYHW0wfIcNwRaw7pV3pqC_U9Vi0UNo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0UzSUktMUotM1RDWg==&google_push=AYg5qPKhVfNXwB8PELuOF9tMx5wlG2624mQ9P-t0TvQ8NtQMKBotG4W_nSrdhvJPJvhajoYHW0wfIcNwRaw7pV3pqC_U9Vi0UNo

Request Chain 420

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESECcqWczW73mJIPEbUc_K6Fg&google_cver=1&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-RPKYNJhoK_ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-RPKYNJhoK_&google_gid=CAESECcqWczW73mJIPEbUc_K6Fg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-RPKYNJhoK_&google_gid=CAESECcqWczW73mJIPEbUc_K6Fg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-RPKYNJhoK_&google_gid=CAESECcqWczW73mJIPEbUc_K6Fg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-RPKYNJhoK_&google_gid=CAESECcqWczW73mJIPEbUc_K6Fg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-RPKYNJhoK_&google_gid=CAESECcqWczW73mJIPEbUc_K6Fg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-RPKYNJhoK_&google_gid=CAESECcqWczW73mJIPEbUc_K6Fg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-RPKYNJhoK_&google_gid=CAESECcqWczW73mJIPEbUc_K6Fg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-RPKYNJhoK_&google_gid=CAESECcqWczW73mJIPEbUc_K6Fg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-RPKYNJhoK_&google_gid=CAESECcqWczW73mJIPEbUc_K6Fg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-RPKYNJhoK_&google_gid=CAESECcqWczW73mJIPEbUc_K6Fg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-RPKYNJhoK_&google_gid=CAESECcqWczW73mJIPEbUc_K6Fg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-RPKYNJhoK_&google_gid=CAESECcqWczW73mJIPEbUc_K6Fg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-RPKYNJhoK_&google_gid=CAESECcqWczW73mJIPEbUc_K6Fg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-RPKYNJhoK_&google_gid=CAESECcqWczW73mJIPEbUc_K6Fg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-RPKYNJhoK_&google_gid=CAESECcqWczW73mJIPEbUc_K6Fg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-RPKYNJhoK_&google_gid=CAESECcqWczW73mJIPEbUc_K6Fg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-RPKYNJhoK_&google_gid=CAESECcqWczW73mJIPEbUc_K6Fg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-RPKYNJhoK_&google_gid=CAESECcqWczW73mJIPEbUc_K6Fg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-RPKYNJhoK_&google_gid=CAESECcqWczW73mJIPEbUc_K6Fg&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-RPKYNJhoK_&google_gid=CAESECcqWczW73mJIPEbUc_K6Fg&google_cver=1

Request Chain 429

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=717486480055.0807 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CP2kjPHB8_MCFTXSEQgd79kCPg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=717486480055.0807

Request Chain 436

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEFXiiEQV4Nmg-vIalGCqWJ0&google_cver=1&google_push=AYg5qPK2Nfb6I51kNjCvvDbHaik9L10RblzYGpoMOmCPXTM424l_1wysUa83iMhika8HzeTOa3ODTe2uzec8mqF4Dca05OF1WK8V-g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MjgwMTgwMTMzMDYxNjU3MTY1Mw==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEDAmT2_ja65L6UvbHEF2zxA&google_cver=1

Request Chain 437

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESELWK9uD9NTsr0e6mLOCdoP0&google_cver=1&google_push=AYg5qPJqopQp5SP2Ri52ux_4dtLe94ahU3KMgnNoqFMm7iYuKRpTa7EHYBNRp2oBO4Hg69CZlrzV0l0-V1MNhzlhrGSFXUdo6ZoueQ HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJqopQp5SP2Ri52ux_4dtLe94ahU3KMgnNoqFMm7iYuKRpTa7EHYBNRp2oBO4Hg69CZlrzV0l0-V1MNhzlhrGSFXUdo6ZoueQ&google_hm=2RmaCPWRgpW-EVcgew-znQ

Request Chain 439

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEHzJyinzHydqPkBLCR_XGsM&google_cver=1&google_push=AYg5qPIhcxExn2wJXILlS8iNLAKTbHBGdWFleTtN_BFlMT947dS04RP_4yGsBPt55z8sM23IZDGwUlJZIJ-ajjuY9vbDMuVUiEGUEQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIhcxExn2wJXILlS8iNLAKTbHBGdWFleTtN_BFlMT947dS04RP_4yGsBPt55z8sM23IZDGwUlJZIJ-ajjuY9vbDMuVUiEGUEQ

Request Chain 440

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEOjK6OZZsOOlHSpXXvMKz9o&google_cver=1&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu7uwBnLsCzhcQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu7uwBnLsCzhcQ&google_gid=CAESEOjK6OZZsOOlHSpXXvMKz9o&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu7uwBnLsCzhcQ&google_gid=CAESEOjK6OZZsOOlHSpXXvMKz9o&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu7uwBnLsCzhcQ&google_gid=CAESEOjK6OZZsOOlHSpXXvMKz9o&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu7uwBnLsCzhcQ&google_gid=CAESEOjK6OZZsOOlHSpXXvMKz9o&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu7uwBnLsCzhcQ&google_gid=CAESEOjK6OZZsOOlHSpXXvMKz9o&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu7uwBnLsCzhcQ&google_gid=CAESEOjK6OZZsOOlHSpXXvMKz9o&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu7uwBnLsCzhcQ&google_gid=CAESEOjK6OZZsOOlHSpXXvMKz9o&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu7uwBnLsCzhcQ&google_gid=CAESEOjK6OZZsOOlHSpXXvMKz9o&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu7uwBnLsCzhcQ&google_gid=CAESEOjK6OZZsOOlHSpXXvMKz9o&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu7uwBnLsCzhcQ&google_gid=CAESEOjK6OZZsOOlHSpXXvMKz9o&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu7uwBnLsCzhcQ&google_gid=CAESEOjK6OZZsOOlHSpXXvMKz9o&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu7uwBnLsCzhcQ&google_gid=CAESEOjK6OZZsOOlHSpXXvMKz9o&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu7uwBnLsCzhcQ&google_gid=CAESEOjK6OZZsOOlHSpXXvMKz9o&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu7uwBnLsCzhcQ&google_gid=CAESEOjK6OZZsOOlHSpXXvMKz9o&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu7uwBnLsCzhcQ&google_gid=CAESEOjK6OZZsOOlHSpXXvMKz9o&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu7uwBnLsCzhcQ&google_gid=CAESEOjK6OZZsOOlHSpXXvMKz9o&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu7uwBnLsCzhcQ&google_gid=CAESEOjK6OZZsOOlHSpXXvMKz9o&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu7uwBnLsCzhcQ&google_gid=CAESEOjK6OZZsOOlHSpXXvMKz9o&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu7uwBnLsCzhcQ&google_gid=CAESEOjK6OZZsOOlHSpXXvMKz9o&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu7uwBnLsCzhcQ&google_gid=CAESEOjK6OZZsOOlHSpXXvMKz9o&google_cver=1

Request Chain 441

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEIzq7ESsLLYjv-I6tJDA_YA&google_cver=1&google_push=AYg5qPKEYHCZ41CoF81WgYRLLVtgH2qxNn8J7o7EWiPfE9IweCBcBXzvIXU_mbXNHBTtDTfu0CGvTKLjJB5N0HkR8uEIlG2dmlGWtA HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-b134b67d-23aa-4b5b-a01b-41bc511ad974-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPKEYHCZ41CoF81WgYRLLVtgH2qxNn8J7o7EWiPfE9IweCBcBXzvIXU_mbXNHBTtDTfu0CGvTKLjJB5N0HkR8uEIlG2dmlGWtA%26google_hm%3DA7E0tn0jqktboBtBvFEa2XQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPKEYHCZ41CoF81WgYRLLVtgH2qxNn8J7o7EWiPfE9IweCBcBXzvIXU_mbXNHBTtDTfu0CGvTKLjJB5N0HkR8uEIlG2dmlGWtA&google_hm=A7E0tn0jqktboBtBvFEa2XQ

Request Chain 442

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEAD76gtBi5gJ-4wG03WfE9g&google_cver=1&google_push=AYg5qPJZTv3HZq8aTSmpL4_zlv5bi4yzvWoDaws8ijXgZ_YXnn7j2uPetNeAdjkvYvDcNhiDNWhpKkZxl-10DogbIQ4lMsqLPDXzY4o HTTP 302
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEAD76gtBi5gJ-4wG03WfE9g&google_cver=1&google_push=AYg5qPJZTv3HZq8aTSmpL4_zlv5bi4yzvWoDaws8ijXgZ_YXnn7j2uPetNeAdjkvYvDcNhiDNWhpKkZxl-10DogbIQ4lMsqLPDXzY4o&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEAD76gtBi5gJ-4wG03WfE9g&google_cver=1&google_push=AYg5qPJZTv3HZq8aTSmpL4_zlv5bi4yzvWoDaws8ijXgZ_YXnn7j2uPetNeAdjkvYvDcNhiDNWhpKkZxl-10DogbIQ4lMsqLPDXzY4o&apid=UP40ed6440-39eb-11ec-b616-024c40ea4836 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVA0MGVkNjQ0MC0zOWViLTExZWMtYjYxNi0wMjRjNDBlYTQ4MzY%3D&google_push=AYg5qPJZTv3HZq8aTSmpL4_zlv5bi4yzvWoDaws8ijXgZ_YXnn7j2uPetNeAdjkvYvDcNhiDNWhpKkZxl-10DogbIQ4lMsqLPDXzY4o

Request Chain 450

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEEZP5XvRr0l8xUBEDr5MI1k&google_cver=1&google_push=AYg5qPKQD_8LedXNy2tCqAbuGOV-3CngFhnww6WNGF_TZ8F0waqkxDL8d2N55wQvAze5IYFg4y_7d2LvJAGWNseLtkrJ1ht3YV6c HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKQD_8LedXNy2tCqAbuGOV-3CngFhnww6WNGF_TZ8F0waqkxDL8d2N55wQvAze5IYFg4y_7d2LvJAGWNseLtkrJ1ht3YV6c&google_hm=2RmaCPWRgpW-EVcgew-znQ

Request Chain 451

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPJoESrGWW9nH-upodBXhm8qWN_kfAy6oxoiB7KbLX_arE8Q15E4UY_tcgr4Xo7H7Lu9zZyQbCg3s1yEsBk7XKZBrFcA4lZX&google_gid=CAESEFjYdlltntY03bAKw6Prad8&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVgzemx3QUFBZlltYXc3LQ&google_push=AYg5qPJoESrGWW9nH-upodBXhm8qWN_kfAy6oxoiB7KbLX_arE8Q15E4UY_tcgr4Xo7H7Lu9zZyQbCg3s1yEsBk7XKZBrFcA4lZX

Request Chain 452

https://rtb.openx.net/sync/dds?google_gid=CAESEETeUoaXlnw956h8lgCa8Vk&google_cver=1&google_push=AYg5qPIC-zUbSSIsgofF0AfNfqWYYZv2GqIutvpM2Mh7avi1tTcShB4pVm0US05FeWKfPB9lIuZsTy4xKi01mGFG3eE95dQQ1MbB HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPIC-zUbSSIsgofF0AfNfqWYYZv2GqIutvpM2Mh7avi1tTcShB4pVm0US05FeWKfPB9lIuZsTy4xKi01mGFG3eE95dQQ1MbB&google_hm=ptacD8rbzQQ1mCFHMARTLQ==

Request Chain 453

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEFG5dDe46KWX--VKPr1RBF4&google_cver=1&google_push=AYg5qPLyIBSs7Q55vvmvlTyvEFa5PqR3hKChhyt7BREvecgdUr02XYV2A97se5e0UqMIyCiEIHhS126jI2cXooIqdSLVyN1U-LQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLyIBSs7Q55vvmvlTyvEFa5PqR3hKChhyt7BREvecgdUr02XYV2A97se5e0UqMIyCiEIHhS126jI2cXooIqdSLVyN1U-LQ

Request Chain 454

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJ4RRy7LXj4HLJUJo7PSBgY&google_cver=1&google_push=AYg5qPK9RHDa4hjOg-17Kxn1gTK7dE7Y9rxdXAhjHaLmSf7vHRv15C7EFuiIxSCacwpGr8SzXmx5jO7eZJc4oBucav9uqA2o8co HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0UzUUotSy1RQVY=&google_push=AYg5qPK9RHDa4hjOg-17Kxn1gTK7dE7Y9rxdXAhjHaLmSf7vHRv15C7EFuiIxSCacwpGr8SzXmx5jO7eZJc4oBucav9uqA2o8co

Request Chain 455

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_cver=1&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktSPijaMo76k2DAuiNYQ82s2BS4BPhttqsNFsZaCJs5d8I8rfDoid37xZpW-wbZw4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktSPijaMo76k2DAuiNYQ82s2BS4BPhttqsNFsZaCJs5d8I8rfDoid37xZpW-wbZw4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktSPijaMo76k2DAuiNYQ82s2BS4BPhttqsNFsZaCJs5d8I8rfDoid37xZpW-wbZw4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktSPijaMo76k2DAuiNYQ82s2BS4BPhttqsNFsZaCJs5d8I8rfDoid37xZpW-wbZw4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktSPijaMo76k2DAuiNYQ82s2BS4BPhttqsNFsZaCJs5d8I8rfDoid37xZpW-wbZw4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktSPijaMo76k2DAuiNYQ82s2BS4BPhttqsNFsZaCJs5d8I8rfDoid37xZpW-wbZw4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktSPijaMo76k2DAuiNYQ82s2BS4BPhttqsNFsZaCJs5d8I8rfDoid37xZpW-wbZw4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktSPijaMo76k2DAuiNYQ82s2BS4BPhttqsNFsZaCJs5d8I8rfDoid37xZpW-wbZw4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktSPijaMo76k2DAuiNYQ82s2BS4BPhttqsNFsZaCJs5d8I8rfDoid37xZpW-wbZw4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktSPijaMo76k2DAuiNYQ82s2BS4BPhttqsNFsZaCJs5d8I8rfDoid37xZpW-wbZw4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktSPijaMo76k2DAuiNYQ82s2BS4BPhttqsNFsZaCJs5d8I8rfDoid37xZpW-wbZw4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktSPijaMo76k2DAuiNYQ82s2BS4BPhttqsNFsZaCJs5d8I8rfDoid37xZpW-wbZw4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktSPijaMo76k2DAuiNYQ82s2BS4BPhttqsNFsZaCJs5d8I8rfDoid37xZpW-wbZw4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktSPijaMo76k2DAuiNYQ82s2BS4BPhttqsNFsZaCJs5d8I8rfDoid37xZpW-wbZw4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktSPijaMo76k2DAuiNYQ82s2BS4BPhttqsNFsZaCJs5d8I8rfDoid37xZpW-wbZw4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktSPijaMo76k2DAuiNYQ82s2BS4BPhttqsNFsZaCJs5d8I8rfDoid37xZpW-wbZw4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktSPijaMo76k2DAuiNYQ82s2BS4BPhttqsNFsZaCJs5d8I8rfDoid37xZpW-wbZw4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktSPijaMo76k2DAuiNYQ82s2BS4BPhttqsNFsZaCJs5d8I8rfDoid37xZpW-wbZw4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktSPijaMo76k2DAuiNYQ82s2BS4BPhttqsNFsZaCJs5d8I8rfDoid37xZpW-wbZw4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktSPijaMo76k2DAuiNYQ82s2BS4BPhttqsNFsZaCJs5d8I8rfDoid37xZpW-wbZw4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktSPijaMo76k2DAuiNYQ82s2BS4BPhttqsNFsZaCJs5d8I8rfDoid37xZpW-wbZw4

Request Chain 456

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEFlsEw8oQzSCvuFqKHk6jIs&google_cver=1&google_push=AYg5qPJIJuaxsKbNkqc8praShjfe3iqo2C8dPNCfoAJaB-BmIBqY3dxWfA92OXs28ctIgcaRCszZscU0s7X_Jx6xAIN3rFSjY_BZrA HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPJIJuaxsKbNkqc8praShjfe3iqo2C8dPNCfoAJaB-BmIBqY3dxWfA92OXs28ctIgcaRCszZscU0s7X_Jx6xAIN3rFSjY_BZrA&google_hm=

Request Chain 458

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESELgOu1RkqQlZLvs_4DdWliw&google_cver=1&google_push=AYg5qPKo5dppTfy3P8-v4xIoBorbMrgM0ozSIn7gKfKGGOJxYHjGFvAfL6Zl1M51SmOkdzehNb4g8Vzm1eKzuibnegMCmsm_8Q HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKo5dppTfy3P8-v4xIoBorbMrgM0ozSIn7gKfKGGOJxYHjGFvAfL6Zl1M51SmOkdzehNb4g8Vzm1eKzuibnegMCmsm_8Q&google_hm=2RmaCPWRgpW-EVcgew-znQ

Request Chain 460

https://rtb.openx.net/sync/dds?google_gid=CAESEJ9XxrMx69J1D5rSHwUzF14&google_cver=1&google_push=AYg5qPJy8hbP-epBiwDV67FwAwb7VMaQV6b4CaoNQwjWKWFLPjtoXKkO-3n4Maze1GmbyI-5nL1lcny5-01ZfvEfjJOZ2XUIoSM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJy8hbP-epBiwDV67FwAwb7VMaQV6b4CaoNQwjWKWFLPjtoXKkO-3n4Maze1GmbyI-5nL1lcny5-01ZfvEfjJOZ2XUIoSM&google_hm=ptacD8rbzQQ1mCFHMARTLQ==

Request Chain 461

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEC33aTPdp24p74q0chONQsw&google_cver=1&google_push=AYg5qPIRjUEwEkBQqJcux3-SRSdfhUcCEF-_ad1BWdAO1iomoilJeGUy9N6osl5VzgNorotO9TyrG18hg4gWNxxikBA6IctTtg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIRjUEwEkBQqJcux3-SRSdfhUcCEF-_ad1BWdAO1iomoilJeGUy9N6osl5VzgNorotO9TyrG18hg4gWNxxikBA6IctTtg

Request Chain 462

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEF5WbyRI5b1rwslwO5Ex0Y4&google_cver=1&google_push=AYg5qPJc_FHSQhVrtslOe6YBuvGwaAf4NEDpJS4SxVSxNdxr0qzRI_7PevrX9lOyDlWHq72HHez3Xot5Qo3gKtGtD4VSwxEzIA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0UzUVotMUItTTZQQw==&google_push=AYg5qPJc_FHSQhVrtslOe6YBuvGwaAf4NEDpJS4SxVSxNdxr0qzRI_7PevrX9lOyDlWHq72HHez3Xot5Qo3gKtGtD4VSwxEzIA

Request Chain 463

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_cver=1&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV1MLmeHtD1pcSLTndT70ag9K2DiZl2eHRt7M9n4Vd3dguu0DnLS3c295VrcNAw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV1MLmeHtD1pcSLTndT70ag9K2DiZl2eHRt7M9n4Vd3dguu0DnLS3c295VrcNAw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV1MLmeHtD1pcSLTndT70ag9K2DiZl2eHRt7M9n4Vd3dguu0DnLS3c295VrcNAw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV1MLmeHtD1pcSLTndT70ag9K2DiZl2eHRt7M9n4Vd3dguu0DnLS3c295VrcNAw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV1MLmeHtD1pcSLTndT70ag9K2DiZl2eHRt7M9n4Vd3dguu0DnLS3c295VrcNAw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV1MLmeHtD1pcSLTndT70ag9K2DiZl2eHRt7M9n4Vd3dguu0DnLS3c295VrcNAw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV1MLmeHtD1pcSLTndT70ag9K2DiZl2eHRt7M9n4Vd3dguu0DnLS3c295VrcNAw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV1MLmeHtD1pcSLTndT70ag9K2DiZl2eHRt7M9n4Vd3dguu0DnLS3c295VrcNAw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV1MLmeHtD1pcSLTndT70ag9K2DiZl2eHRt7M9n4Vd3dguu0DnLS3c295VrcNAw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV1MLmeHtD1pcSLTndT70ag9K2DiZl2eHRt7M9n4Vd3dguu0DnLS3c295VrcNAw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV1MLmeHtD1pcSLTndT70ag9K2DiZl2eHRt7M9n4Vd3dguu0DnLS3c295VrcNAw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV1MLmeHtD1pcSLTndT70ag9K2DiZl2eHRt7M9n4Vd3dguu0DnLS3c295VrcNAw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV1MLmeHtD1pcSLTndT70ag9K2DiZl2eHRt7M9n4Vd3dguu0DnLS3c295VrcNAw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV1MLmeHtD1pcSLTndT70ag9K2DiZl2eHRt7M9n4Vd3dguu0DnLS3c295VrcNAw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV1MLmeHtD1pcSLTndT70ag9K2DiZl2eHRt7M9n4Vd3dguu0DnLS3c295VrcNAw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV1MLmeHtD1pcSLTndT70ag9K2DiZl2eHRt7M9n4Vd3dguu0DnLS3c295VrcNAw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV1MLmeHtD1pcSLTndT70ag9K2DiZl2eHRt7M9n4Vd3dguu0DnLS3c295VrcNAw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV1MLmeHtD1pcSLTndT70ag9K2DiZl2eHRt7M9n4Vd3dguu0DnLS3c295VrcNAw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV1MLmeHtD1pcSLTndT70ag9K2DiZl2eHRt7M9n4Vd3dguu0DnLS3c295VrcNAw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV1MLmeHtD1pcSLTndT70ag9K2DiZl2eHRt7M9n4Vd3dguu0DnLS3c295VrcNAw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV1MLmeHtD1pcSLTndT70ag9K2DiZl2eHRt7M9n4Vd3dguu0DnLS3c295VrcNAw

Request Chain 464

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEAPuvsFySAcjDhAQtUyPVf0&google_cver=1&google_push=AYg5qPL3yolqSJpmuwjzG6N2krmRceo7WTom1e4mVq3HdnW-s4A1BnoHfTIdaSOttzAvSLokK9zp6SVco3ndtEQp8l78ONSxm8I HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPL3yolqSJpmuwjzG6N2krmRceo7WTom1e4mVq3HdnW-s4A1BnoHfTIdaSOttzAvSLokK9zp6SVco3ndtEQp8l78ONSxm8I&google_hm=

Request Chain 467

https://fw.adsafeprotected.com/rfw/st/769474/57793853/skeleton.js?adsafe_url=https%3A%2F%2Fgruposdewhatsapp.bar&adsafe_type=g&adsafe_url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:8cd53e58-fb44-0305-4902-be118c72d005,c:sA63BP,sl:outOfView,em:true,fr:false,thd:1,mn:app02ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,nbld:0,mtim:480,fm:sNnuQ2J+11%7C12%7C13%7C141%7C142%7C15%7C161%7C1621%7C163%7C171%7C1721%7C1722%7C1723%7C1724%7C1731%7C174%7C181%7C1821%7C1822%7C1823%7C1824%7C1831%7C184%7C191%7C1921%7C1922%7C1923%7C1924%7C1931%7C194%7C1a1%7C1a2*.769474-57793853%7C1a21%7C1a22%7C1a23%7C1a31%7C1a4%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g1%7C1g21%7C1g22%7C1g3%7C1g4%7C1h1%7C1h2%7C1i1%7C1i2%7C1j1%7C1j2%7C1k1%7C1k2%7C1l1%7C1m11%7C1m12%7C1m13%7C1m14%7C1n11%7C1n12%7C1n13%7C1n14%7C1n15%7C1o11%7C1o12%7C1p11%7C1p12%7C1p131,idMap:1a2*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:493,oid:40752722-39eb-11ec-bf6c-02c790015d1e,v:19.8.258,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js

Request Chain 476

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESENI9HSFPCenPGKUy7mYV5cw&google_cver=1&google_push=AYg5qPI9PjxbGSrgtcGqeyYUometkfhKBvy_6gwMdB6d33AzCxmk_9BSraiUTU1fHUkL-n7qRq_IwdsakWNgm5JUHcre481eSErf HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPI9PjxbGSrgtcGqeyYUometkfhKBvy_6gwMdB6d33AzCxmk_9BSraiUTU1fHUkL-n7qRq_IwdsakWNgm5JUHcre481eSErf&google_hm=2RmaCPWRgpW-EVcgew-znQ

Request Chain 477

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPKGyhdRcLmDzfj68F9HMOGW3zrgnE11bwIEuBex7VWhtwCrb7-d05FhxverEJvw5vhq3-xT07Bo-tOtp80bJfZeJWM_eX56ZA&google_gid=CAESEJ_FeNqpKeDsIYmqXDntvYI&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVgzemx3QUFCUnIxNzJAbA&google_push=AYg5qPKGyhdRcLmDzfj68F9HMOGW3zrgnE11bwIEuBex7VWhtwCrb7-d05FhxverEJvw5vhq3-xT07Bo-tOtp80bJfZeJWM_eX56ZA

Request Chain 478

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKcjEQ3vDT71tEHg5pSQtry4NyYr_qsUJ8W37U4zmb7zJdrvTRzWj8oykUjZ7l6AnWTR6xMQjbA9CHgX23fW25ubpZd96l8DQ&google_gid=CAESEGqm537JzQCxQESSxy4VwUA&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEwMzEwMTM4MzEwMDA0MDc0MTQ4NTg2NA%3D%3D&google_push=AYg5qPKcjEQ3vDT71tEHg5pSQtry4NyYr_qsUJ8W37U4zmb7zJdrvTRzWj8oykUjZ7l6AnWTR6xMQjbA9CHgX23fW25ubpZd96l8DQ

Request Chain 479

https://rtb.openx.net/sync/dds?google_gid=CAESEN-u9_PuMuSsl9mF09v7jPw&google_cver=1&google_push=AYg5qPLXEvOSisYdzzdmw11uAIO3DnOgEDuDke4UolCR56g3alZzZYwuwr9RqTyYdOd1ISJqGQt2E9dHxwdGkHGLHFLaPjd6krzMvw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLXEvOSisYdzzdmw11uAIO3DnOgEDuDke4UolCR56g3alZzZYwuwr9RqTyYdOd1ISJqGQt2E9dHxwdGkHGLHFLaPjd6krzMvw&google_hm=ptacD8rbzQQ1mCFHMARTLQ==

Request Chain 480

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESENafksbtvDmHFoORFZfHmwo&google_cver=1&google_push=AYg5qPIS3N16I6pL1S4vVZ7SOe58JamIoaKyItnkvgAPaOo7_b4KeAK7SzI4L3mLci-EOHIhjobaEz_TuxW5qAJqe4d1nJzP6YNAeQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIS3N16I6pL1S4vVZ7SOe58JamIoaKyItnkvgAPaOo7_b4KeAK7SzI4L3mLci-EOHIhjobaEz_TuxW5qAJqe4d1nJzP6YNAeQ

Request Chain 481

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPFIeKcfzqazYUH-0cH2yEg&google_cver=1&google_push=AYg5qPJERp7lNEfJa-nprJBoOUYqeK15r7lNp9ZM64ksH43aNIKNSuxIIQaQyO2c8fA2ClW0kYzRK42NekA1TCavDGnKR1cY6izKmQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0UzVVktQy02STgw&google_push=AYg5qPJERp7lNEfJa-nprJBoOUYqeK15r7lNp9ZM64ksH43aNIKNSuxIIQaQyO2c8fA2ClW0kYzRK42NekA1TCavDGnKR1cY6izKmQ

Request Chain 482

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEM6pfD0GILacsYvbb5N7xNM&google_cver=1&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruAGqS9k7D74P HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruAGqS9k7D74P&google_gid=CAESEM6pfD0GILacsYvbb5N7xNM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruAGqS9k7D74P&google_gid=CAESEM6pfD0GILacsYvbb5N7xNM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruAGqS9k7D74P&google_gid=CAESEM6pfD0GILacsYvbb5N7xNM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruAGqS9k7D74P&google_gid=CAESEM6pfD0GILacsYvbb5N7xNM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruAGqS9k7D74P&google_gid=CAESEM6pfD0GILacsYvbb5N7xNM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruAGqS9k7D74P&google_gid=CAESEM6pfD0GILacsYvbb5N7xNM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruAGqS9k7D74P&google_gid=CAESEM6pfD0GILacsYvbb5N7xNM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruAGqS9k7D74P&google_gid=CAESEM6pfD0GILacsYvbb5N7xNM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruAGqS9k7D74P&google_gid=CAESEM6pfD0GILacsYvbb5N7xNM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruAGqS9k7D74P&google_gid=CAESEM6pfD0GILacsYvbb5N7xNM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruAGqS9k7D74P&google_gid=CAESEM6pfD0GILacsYvbb5N7xNM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruAGqS9k7D74P&google_gid=CAESEM6pfD0GILacsYvbb5N7xNM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruAGqS9k7D74P&google_gid=CAESEM6pfD0GILacsYvbb5N7xNM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruAGqS9k7D74P&google_gid=CAESEM6pfD0GILacsYvbb5N7xNM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruAGqS9k7D74P&google_gid=CAESEM6pfD0GILacsYvbb5N7xNM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruAGqS9k7D74P&google_gid=CAESEM6pfD0GILacsYvbb5N7xNM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruAGqS9k7D74P&google_gid=CAESEM6pfD0GILacsYvbb5N7xNM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruAGqS9k7D74P&google_gid=CAESEM6pfD0GILacsYvbb5N7xNM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruAGqS9k7D74P&google_gid=CAESEM6pfD0GILacsYvbb5N7xNM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruAGqS9k7D74P&google_gid=CAESEM6pfD0GILacsYvbb5N7xNM&google_cver=1

Request Chain 486

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESELWyId9zcIzvVKi8b_AaZ-I&google_cver=1&google_push=AYg5qPKJ9WOWi7UCQQ9aN8uPzPI9jBBU6xmnkGNiVpcldWl_JIR2ubwiJH8rxn5GYctF1Fq5MN9Rq75DF5hTZZ52YWi9Ou4PKLtc4A HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKJ9WOWi7UCQQ9aN8uPzPI9jBBU6xmnkGNiVpcldWl_JIR2ubwiJH8rxn5GYctF1Fq5MN9Rq75DF5hTZZ52YWi9Ou4PKLtc4A&google_hm=2RmaCPWRgpW-EVcgew-znQ

Request Chain 488

https://rtb.openx.net/sync/dds?google_gid=CAESEC1v8ULqc7RtIeGkiG2DR1Q&google_cver=1&google_push=AYg5qPIJsIoL0royrchCFfFd697zszc0KWbQf0V9ibPMdv1p_d3g2ZEiCv_LMzynT4yUrmcqj764MRP9EFBjbOK-JXYy71Rne28- HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPIJsIoL0royrchCFfFd697zszc0KWbQf0V9ibPMdv1p_d3g2ZEiCv_LMzynT4yUrmcqj764MRP9EFBjbOK-JXYy71Rne28-&google_hm=ptacD8rbzQQ1mCFHMARTLQ==

Request Chain 489

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEOp2Het2aj9MJk1n6nK5FS8&google_cver=1&google_push=AYg5qPLIl-H1-_9cvCfJDBmYLWIQbU9PYA3n6LC3xc5AJ6rIDjENc1EH8n6Pg731ElmBUMhuzB5iZ3AXjRa7g61yg9_aN_Zq129GDA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLIl-H1-_9cvCfJDBmYLWIQbU9PYA3n6LC3xc5AJ6rIDjENc1EH8n6Pg731ElmBUMhuzB5iZ3AXjRa7g61yg9_aN_Zq129GDA

Request Chain 490

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEO9QzyUwQ5F9inoRoeQPh0E&google_cver=1&google_push=AYg5qPJn3-V4DdG1mNESXZvsPmVa1cKRQbGanBCBIr9kSMWVjUKi5nFlnIdj11Vi825kLUULTyrvD7wn6vUTYH8Fs-PTSfIgIrRn HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0UzVlgtMjUtODUxQQ==&google_push=AYg5qPJn3-V4DdG1mNESXZvsPmVa1cKRQbGanBCBIr9kSMWVjUKi5nFlnIdj11Vi825kLUULTyrvD7wn6vUTYH8Fs-PTSfIgIrRn

Request Chain 491

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJOjQSJpSvWK0D3mskFbJlw&google_cver=1&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy9mzAWdzgm3DA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy9mzAWdzgm3DA&google_cver=1&google_gid=CAESEJOjQSJpSvWK0D3mskFbJlw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy9mzAWdzgm3DA&google_cver=1&google_gid=CAESEJOjQSJpSvWK0D3mskFbJlw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy9mzAWdzgm3DA&google_cver=1&google_gid=CAESEJOjQSJpSvWK0D3mskFbJlw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy9mzAWdzgm3DA&google_cver=1&google_gid=CAESEJOjQSJpSvWK0D3mskFbJlw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy9mzAWdzgm3DA&google_cver=1&google_gid=CAESEJOjQSJpSvWK0D3mskFbJlw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy9mzAWdzgm3DA&google_cver=1&google_gid=CAESEJOjQSJpSvWK0D3mskFbJlw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy9mzAWdzgm3DA&google_cver=1&google_gid=CAESEJOjQSJpSvWK0D3mskFbJlw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy9mzAWdzgm3DA&google_cver=1&google_gid=CAESEJOjQSJpSvWK0D3mskFbJlw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy9mzAWdzgm3DA&google_cver=1&google_gid=CAESEJOjQSJpSvWK0D3mskFbJlw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy9mzAWdzgm3DA&google_cver=1&google_gid=CAESEJOjQSJpSvWK0D3mskFbJlw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy9mzAWdzgm3DA&google_cver=1&google_gid=CAESEJOjQSJpSvWK0D3mskFbJlw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy9mzAWdzgm3DA&google_cver=1&google_gid=CAESEJOjQSJpSvWK0D3mskFbJlw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy9mzAWdzgm3DA&google_cver=1&google_gid=CAESEJOjQSJpSvWK0D3mskFbJlw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy9mzAWdzgm3DA&google_cver=1&google_gid=CAESEJOjQSJpSvWK0D3mskFbJlw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy9mzAWdzgm3DA&google_cver=1&google_gid=CAESEJOjQSJpSvWK0D3mskFbJlw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy9mzAWdzgm3DA&google_cver=1&google_gid=CAESEJOjQSJpSvWK0D3mskFbJlw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy9mzAWdzgm3DA&google_cver=1&google_gid=CAESEJOjQSJpSvWK0D3mskFbJlw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy9mzAWdzgm3DA&google_cver=1&google_gid=CAESEJOjQSJpSvWK0D3mskFbJlw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy9mzAWdzgm3DA&google_cver=1&google_gid=CAESEJOjQSJpSvWK0D3mskFbJlw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy9mzAWdzgm3DA&google_cver=1&google_gid=CAESEJOjQSJpSvWK0D3mskFbJlw

Request Chain 547

https://gcdn.2mdn.net/videoplayback/id/25307fc9a81d2e4f/itag/15/source/doubleclick/ratebypass/yes/mime/video%2Fmp4/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778996502/sparams/id,itag,source,ratebypass,mime,acao,ip,ipbits,expire/signature/66C2A3966F68DE1367AA8A273858AD5E49F0985E.16A0ACA45C510B8A315C7AD3953FA36C7EB7B452/key/ck2/file/file.mp4 HTTP 302
https://r4---sn-4g5edns6.c.2mdn.net/videoplayback/id/25307fc9a81d2e4f/itag/15/source/doubleclick/ratebypass/yes/mime/video%2Fmp4/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778996502/sparams/acao,expire,id,ip,ipbits,itag,mh,mime,mip,mm,mn,ms,mv,mvi,pl,ratebypass,source/signature/1C78A64A0863ADB7F1758416F8E4AD25A68E5E44.583176120F5C0DD233D07460F9106A44C2623398/key/cms1/cms_redirect/yes/mh/fR/mip/2a01:4f8:a1:1a1:84::1/mm/42/mn/sn-4g5edns6/ms/onc/mt/1635643173/mv/u/mvi/4/pl/48/file/file.mp4

Request Chain 548

https://a.tribalfusion.com/i.match?p=b6&u=CAESEGrN5KL99d9SMwIBX5YrHNA&google_cver=1&google_push=AYg5qPK4BIm7z4kN-haJGeGxrGePswgBPXxwbAb1Jgtj68umzRg-rLHr_4OnfnNe1jDZLA92VUvwwGjGGYRxBml_KVAla_WSfbzC&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPK4BIm7z4kN-haJGeGxrGePswgBPXxwbAb1Jgtj68umzRg-rLHr_4OnfnNe1jDZLA92VUvwwGjGGYRxBml_KVAla_WSfbzC%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEGrN5KL99d9SMwIBX5YrHNA&google_cver=1&google_push=AYg5qPK4BIm7z4kN-haJGeGxrGePswgBPXxwbAb1Jgtj68umzRg-rLHr_4OnfnNe1jDZLA92VUvwwGjGGYRxBml_KVAla_WSfbzC&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPK4BIm7z4kN-haJGeGxrGePswgBPXxwbAb1Jgtj68umzRg-rLHr_4OnfnNe1jDZLA92VUvwwGjGGYRxBml_KVAla_WSfbzC%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 550

https://ads.travelaudience.com/google_pixel?google_gid=CAESEOhCMer4YjNLdIKb44BRN5w&google_cver=1&google_push=AYg5qPK-t-CRjqB9gu71sm7zfAB44rxAIyherMeZIbgyhGHDIegC_ezKPOuljGiCjbmv37dZF76L5N9FHUTeDGnkFHBFTHftpawA HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=x_wD-GPvQN2rdR3GBYBt9w2&google_push=AYg5qPK-t-CRjqB9gu71sm7zfAB44rxAIyherMeZIbgyhGHDIegC_ezKPOuljGiCjbmv37dZF76L5N9FHUTeDGnkFHBFTHftpawA

Request Chain 551

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEDPS_01W7ygjREzx8E-aLPI&google_cver=1&google_push=AYg5qPKxnSD_AY4frRq3fIqMwLZQPTGnCR0oE3zzmm4XkHHLfRzrx6v0vGaE6B7RPulM-xnjIt2hyews-WNIR77X-LrMocHrMhgy HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEDPS_01W7ygjREzx8E-aLPI&google_cver=1&google_push=AYg5qPKxnSD_AY4frRq3fIqMwLZQPTGnCR0oE3zzmm4XkHHLfRzrx6v0vGaE6B7RPulM-xnjIt2hyews-WNIR77X-LrMocHrMhgy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTQzODg2MTMwNjY5MjQwMjM1OA&google_push=AYg5qPKxnSD_AY4frRq3fIqMwLZQPTGnCR0oE3zzmm4XkHHLfRzrx6v0vGaE6B7RPulM-xnjIt2hyews-WNIR77X-LrMocHrMhgy

Request Chain 552

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEHPvQCT-sYhgWO4Tp3i2rkk&google_cver=1&google_push=AYg5qPIxzy4oCuKMiOF8qsTd7tvQIQ4BsrcKUHaAfwv5vmm2nBNTWtOCwzRFmMKik6NFE2jMI_ImnopB7-De3OhhUiXUvpa9WelS HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIxzy4oCuKMiOF8qsTd7tvQIQ4BsrcKUHaAfwv5vmm2nBNTWtOCwzRFmMKik6NFE2jMI_ImnopB7-De3OhhUiXUvpa9WelS

Request Chain 553

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEI9ra8La1otYnMWkOIDcIlE&google_cver=1&google_push=AYg5qPKWklK-UgZwDj6_vOfnoT7vKoizxK8zALaJF_LC-thj33n-DT5HsdwRrxyn27qs5iM7VWo0cC3C37_vt0fWVvdJdEfQewnt HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPKWklK-UgZwDj6_vOfnoT7vKoizxK8zALaJF_LC-thj33n-DT5HsdwRrxyn27qs5iM7VWo0cC3C37_vt0fWVvdJdEfQewnt

Request Chain 554

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEJNdECnmeRp23nYUkYdo60M&google_cver=1&google_push=AYg5qPLNhaG5IaLyl0NxMPVNiHxXbjeIAAyx9PucrXtyNVlqXbb61m0BVhg_hALFWEVRkJPeLY3LAK4vVWrywS7N7mbQcJOEnv_l HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPLNhaG5IaLyl0NxMPVNiHxXbjeIAAyx9PucrXtyNVlqXbb61m0BVhg_hALFWEVRkJPeLY3LAK4vVWrywS7N7mbQcJOEnv_l&google_hm=MTgyNDQ4NTg5NDA4NTkwMjk2NA%3D%3D

Request Chain 559

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEE_Zxq-Q39j8Q0ugVFzhzJ0&google_cver=1&google_push=AYg5qPKHCACili3wcLgQDhJ0n-QaU5s5v-Co9-svhhxmIqMXFFjMxSf0YUoPl7gK6eb6uyuQFy3D_i9Jn5-nmtTJtnWNbeeiejJO2w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MjgwMTgwMTMzMDYxNjU3MTY1Mw==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEDAmT2_ja65L6UvbHEF2zxA&google_cver=1

Request Chain 560

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEKrxzFjMQ-gRWu3i4jnwmF8&google_cver=1&google_push=AYg5qPJE5ryvVT74gx1sMdpPGOt3QSZuKXbtJU54w5pL1xWwq3Us5lg7ToEWahizVfXShoU4InmOYSK6xqO-gcfQ5kHMoOEQAryQCg HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJE5ryvVT74gx1sMdpPGOt3QSZuKXbtJU54w5pL1xWwq3Us5lg7ToEWahizVfXShoU4InmOYSK6xqO-gcfQ5kHMoOEQAryQCg&google_hm=2RmaCPWRgpW-EVcgew-znQ

Request Chain 562

https://ads.travelaudience.com/google_pixel?google_gid=CAESEIYLWlyn_SClZDdztobg07k&google_cver=1&google_push=AYg5qPIgf8smrNxTHMjtohiJysn7cs3qQKDdu4J93o0CtqHBQoZzwMfSYECXZgwRQVDfedlyvgS0oefKhLQcVJWy8Kt6sTgztElGcA HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=zqMd1CRcQpuMX29w9nizgA2&google_push=AYg5qPIgf8smrNxTHMjtohiJysn7cs3qQKDdu4J93o0CtqHBQoZzwMfSYECXZgwRQVDfedlyvgS0oefKhLQcVJWy8Kt6sTgztElGcA

Request Chain 564

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEKHdHzAHukWaHB7FBvydGmY&google_cver=1&google_push=AYg5qPLfo-s-i6ctIPl5EkLylFVVCIXmLGAXjwJ_WRuP7C1wiptG-AJ31Q-67H1Cb4VIhb7xty0iymZwaQnPWhtK7iy6zHRLMtaKdw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0U0S0QtMTUtNTZDTw==&google_push=AYg5qPLfo-s-i6ctIPl5EkLylFVVCIXmLGAXjwJ_WRuP7C1wiptG-AJ31Q-67H1Cb4VIhb7xty0iymZwaQnPWhtK7iy6zHRLMtaKdw

Request Chain 565

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESELrVNww_e_Fy2kSOQbL_Dp0&google_cver=1&google_push=AYg5qPLII7hvBbl740qSV1CF7G_2kvPgRX4eIVNfELe5QSR4f_6mUQkixjHun2cnSTGfANbT1xTRbuBe2D8bx9RBuFUXRNo8xjVubg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPLII7hvBbl740qSV1CF7G_2kvPgRX4eIVNfELe5QSR4f_6mUQkixjHun2cnSTGfANbT1xTRbuBe2D8bx9RBuFUXRNo8xjVubg

Request Chain 657

https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_cm&google_dbm&_origin=1 HTTP 302
https://pixel.advertising.com/ups/55946/sync?uid=CAESED6I_8Il-9H6nXXqf3CcxpM&_origin=1&google_cver=1 HTTP 302
https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESED6I_8Il-9H6nXXqf3CcxpM&_origin=1&google_cver=1&apid=UP40ed6440-39eb-11ec-b616-024c40ea4836

Request Chain 658

https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/55946/sync?_origin=1&redir=true&apid=UP40ed6440-39eb-11ec-b616-024c40ea4836 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVA0MGVkNjQ0MC0zOWViLTExZWMtYjYxNi0wMjRjNDBlYTQ4MzY%3D

Request Chain 659

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1oWHd3OU1GRTJ1RjhHN1JUZ20xX1JLSy5WdTIwOFZFY35B

Request Chain 675

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEBaWkr8fYbf8BXa9CD3hVYc&google_cver=1&google_push=AYg5qPJB6qoxgRB1uZX7BLGShspd_iv9PgtNIodRpcKmjKoZkUvIxUoclwdKrvHYYqdvZfqwdFZLOMacwOkZSQ4as8SQSXakrEa51g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPJB6qoxgRB1uZX7BLGShspd_iv9PgtNIodRpcKmjKoZkUvIxUoclwdKrvHYYqdvZfqwdFZLOMacwOkZSQ4as8SQSXakrEa51g&google_hm=NDgwMzYyNjM3OTE2MzMzMTQyOQ%3D%3D

Request Chain 676

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEF5WbyRI5b1rwslwO5Ex0Y4&google_cver=1&google_push=AYg5qPJwfJqXGWmf8KKK_sQ5Nryl8bT6rxwgHRcR4GYhR5g1ne0lh_aQIg5vCIPQFxokrcj6uQv7t4HAla0TfF4w9k7pvstFYadA0Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0U2M1gtMVctRUlNSQ==&google_push=AYg5qPJwfJqXGWmf8KKK_sQ5Nryl8bT6rxwgHRcR4GYhR5g1ne0lh_aQIg5vCIPQFxokrcj6uQv7t4HAla0TfF4w9k7pvstFYadA0Q

Request Chain 677

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEIaPrgRtU3-jaCVR8DEFx4c&google_cver=1&google_push=AYg5qPKTPbTfK6ChqdZ08PqvZQP1bBq0tEKKFthMmuL8Ovc_CkD-xQcSAI3KCLCuoekrt5VF1To8zh0dPDJV4aUnIe51J6Jvy4W4LA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPKTPbTfK6ChqdZ08PqvZQP1bBq0tEKKFthMmuL8Ovc_CkD-xQcSAI3KCLCuoekrt5VF1To8zh0dPDJV4aUnIe51J6Jvy4W4LA

Request Chain 678

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEN_LUKgHx6n8d31Na2yW7Nw&google_cver=1&google_push=AYg5qPIBmmb3Pjqxz27KEle1Ru97VQ7AWYmWKcdZ-e_gBWuSrIjSywH3kt1g1d54zJgjCedgfVt8m7kdZnB-k5Xtb_NPSQdve8z4MKM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS13by44VEN0RTJ1SGpHQ0dOUEY0NlZWaTdxVmpzWldHRH5B&google_push=AYg5qPIBmmb3Pjqxz27KEle1Ru97VQ7AWYmWKcdZ-e_gBWuSrIjSywH3kt1g1d54zJgjCedgfVt8m7kdZnB-k5Xtb_NPSQdve8z4MKM

667 HTTP transactions
28 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
gruposdewhatsapp.bar/ 20 KB
6 KB 2240ms
1755ms Document
text/html 173.236.179.96
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://gruposdewhatsapp.bar/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.236.179.96 Brea, United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-pat.clam.dreamhost.com
Software: Apache /
Resource Hash: a9e6082bea565f92e7d344131babb21a5aa9036288b25b4a145f20c98d379880

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Sun, 31 Oct 2021 01:38:26 GMT
server: Apache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
cache-control: max-age=600
expires: Sun, 31 Oct 2021 01:48:26 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 6117
content-type: text/html; charset=UTF-8

GET
H2 200 main.css
gruposdewhatsapp.bar/assets/ 5 KB
2 KB 118ms
118ms Stylesheet
text/css 173.236.179.96
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://gruposdewhatsapp.bar/assets/main.css
Requested by: Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.236.179.96 Brea, United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-pat.clam.dreamhost.com
Software: Apache /
Resource Hash: a69ba7b00246d812d6023132ad38944a8bc93933dc805c9bcb512d04a383fb55

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding,User-Agent
content-type: text/css; charset: UTF-8;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2592000
access-control-allow-headers: Content-Type
content-length: 1523
expires: Tue, 30 Nov 2021 01:38:28 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 144 KB
51 KB 57ms
34ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

92fd4a755e535332f1ee8f4876f155dcbd98f8a5dfb45b0b61c464cdf8431fd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51582
x-xss-protection: 0
server: cafe
etag: 2637496082549541259
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 31 Oct 2021 01:38:28 GMT

GET
H2 200 widget.min.js Show response
arc.io/ 7 KB
3 KB 44ms
7ms Script
application/javascript 52.222.214.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://arc.io/widget.min.js

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.85 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-214-85.fra56.r.cloudfront.net

Software

Resource Hash

1e68cbacbe27a32e9d10df40b6cc724e9c29abed6152c7b454426d5b76c5a5db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: br
last-modified: Thu, 28 Oct 2021 19:32:15 GMT
age: 1179
etag: "617afabf-b73"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600, stale-while-revalidate=864000
date: Sun, 31 Oct 2021 01:18:49 GMT
x-amz-cf-pop: FRA56-P3
content-length: 2931
via: 1.1 122731c1a09cfba14dfeeff504946134.cloudfront.net (CloudFront)
x-amz-cf-id: eFy5WFWsE-R-zkAEDVuBQgvRYm1m5v-4pjVfW-pvInF8AgKl3Mgw4Q==

GET
H2 200 eureka_ads.js Show response
tag.ageureka.com/ 3 KB
2 KB 52ms
7ms Script
application/javascript 23.111.9.67
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.ageureka.com/eureka_ads.js?v=0.0.2
Requested by: Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.9.67 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: e4a31566b5d0ce7aee7fd533563b30f3fd7ebb8a46567f06bdd8c3cbf8699098

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: gzip
last-modified: Mon, 09 Aug 2021 18:45:08 GMT
server: NetDNA-cache/2.2
x-amz-request-id: X8JJBQMFHJ8VMVDA
etag: W/"02672e2a8c575de0c12cda3c58d4571a"
x-cache: HIT
content-type: application/javascript
cache-control: max-age=604800
x-amz-id-2: D1U5qujR/5nBEx/681Hdiz2a9O8/vc34QobBoKN6sYHZdNEckkitGhXBmAB02PCuLx6HWnLzlf4=
expires: Sun, 07 Nov 2021 01:38:28 GMT

GET
H2 200 whatsapp.svg
gruposdewhatsapp.bar/assets/ 8 KB
3 KB 102ms
102ms Image
image/svg+xml 173.236.179.96
DREAMHOST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gruposdewhatsapp.bar/assets/whatsapp.svg
Requested by: Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.236.179.96 Brea, United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS: apache2-pat.clam.dreamhost.com
Software: Apache /
Resource Hash: 62758a2fe5b802f8f861ac931b348d29cfa4c1bece4b86c79dfe54e199ef3388

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: gzip
last-modified: Thu, 21 Nov 2019 12:52:29 GMT
server: Apache
etag: "1efb-597dac5197d40-gzip"
vary: Accept-Encoding,User-Agent
content-type: image/svg+xml
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 3423
expires: Tue, 30 Nov 2021 01:38:28 GMT

GET
H2 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110260101/ 269 KB
97 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110260101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8340557401284022&plah=gruposdewhatsapp.bar

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6a9a5bafa80bff7a29351962671bfafad98917892a6ae4830b45fc7aa4d11bcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 98743
x-xss-protection: 0
server: cafe
etag: 4242715592925228197
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 31 Oct 2021 01:38:28 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211026/r20190131/ Frame 82D1 10 KB
5 KB 30ms
7ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211026/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1437cdd25532919299784f840c613a46dbcf783903d558bcf5386defd7cceb1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 30 Oct 2021 16:23:50 GMT
expires: Sat, 13 Nov 2021 16:23:50 GMT
content-type: text/html; charset=UTF-8
etag: 15765991816257340444
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4703
x-xss-protection: 0
age: 33278
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 core.js Show response
static.arc.io/widget/js/ 310 KB
90 KB 143ms
21ms Script
application/javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/widget/js/core.js?2326f2d
Requested by: Host: arc.io
URL: https://arc.io/widget.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 076b222b1d056f5506eea927973c18c7d736195002f105e918b86481db21e20a

Request headers

Referer
Origin: https://gruposdewhatsapp.bar
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: br
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-azure-ref-originshield: 0vZ58YQAAAABRNoNXZ39IRJj62aJ4jhZATE9OMjFFREdFMDExMABhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
x-amz-request-id: YN4Y9JKNRT7P0QC5
x-cache: TCP_HIT
x-azure-ref: 0lPN9YQAAAACSOZObV4rLQou0BR07NDc4QlJVMzBFREdFMDcwNwBhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
x-amz-id-2: eIH61yX4+VrYedvjF6onCqRMvSBmV+Oeq/e93fcmEFRasfnqRFiC+LU//yAc12snMGUw7jPPJo8=
last-modified: Thu, 28 Oct 2021 19:32:37 GMT
server: AmazonS3
etag: "c7cf763875a0e672861cec14368fa787"
access-control-max-age: 86400
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
cache-control: public, max-age=2592000, stale-while-revalidate=864000
accept-ranges: bytes

GET
H2 200 broker.html Show response
core.arc.io/ Frame 874A 2 KB
906 B 133ms
16ms Document
text/html 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://core.arc.io/broker.html?2326f2d

Requested by

Host: arc.io
URL: https://arc.io/widget.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:bdf::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

aff60aab429342ca14acac768a91f1877a51c6e7bf9d96f07f421f26f90bb9d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

cache-control: public
content-length: 509
content-type: text/html
content-encoding: br
expires: Sat, 27 Nov 2021 19:34:57 GMT
last-modified: Sat, 14 Aug 2021 05:03:50 GMT
etag: "61174eb6-1fd"
vary: Accept-Encoding
x-cache: TCP_HIT
access-control-allow-origin: *
strict-transport-security: max-age=15724800; includeSubDomains
x-azure-ref-originshield: 05md8YQAAAADhbOeW0Za1QYJa0TCr7RT/TE9OMjFFREdFMDExMABhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
x-azure-ref: 0lPN9YQAAAACh1tdnZcjgR6Szu1QZKL6bQU1TMDRFREdFMTgxOABhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
date: Sun, 31 Oct 2021 01:38:28 GMT

GET
H2 200 1b6300c90c22cec852da53ce580e1a9b.js Show response
scripts.cleverwebserver.com/ 125 KB
51 KB 48ms
19ms Script
application/javascript 2606:4700:10::6816:4c5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.cleverwebserver.com/1b6300c90c22cec852da53ce580e1a9b.js
Requested by: Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4c5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: deaca6282c048bb3fdae63b3158bb0f93b2755ed07ba852a54b5bf56e9bc3e86

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 30 Oct 2021 00:32:50 GMT
server: cloudflare
age: 80
etag: W/"17e2def1e527b06c7a2c563d26a83923"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: _01QutRSdOi3o5plLM3wR1cMmgtkWeWv
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 6a6929ffbc726993-FRA
x-amz-request-id: BM6W5PWH45GZAJ3Y
x-amz-id-2: AUi6A5qKu9F18w5SxM3KHLWpDugP/Zy7ncc0qKN2z1I8ciZ3ZtjbefhyCbXQ4j64ABL3xtTp9LM=

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 32ms
7ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: tag.ageureka.com
URL: https://tag.ageureka.com/eureka_ads.js?v=0.0.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 26 Oct 2021 23:24:02 GMT
server: Golfe2
age: 5874
date: Sun, 31 Oct 2021 00:00:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Sun, 31 Oct 2021 02:00:34 GMT

GET
H2 200 t3m.js Show response
tags.t.tailtarget.com/ 15 KB
15 KB 33ms
7ms Script
application/javascript 35.201.123.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.t.tailtarget.com/t3m.js?i=TT-11382-4/CT-1249
Requested by: Host: tag.ageureka.com
URL: https://tag.ageureka.com/eureka_ads.js?v=0.0.2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.123.184 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 184.123.201.35.bc.googleusercontent.com
Software: nginx/1.8.1 /
Resource Hash: 6fdd4e9b40aca531e10530f776c3fbb6ef8c74d360d93a75a23cb22153fbecbc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:35:42 GMT
via: 1.1 google
age: 166
x-guploader-uploadid: ADPycdv5zr429KMV63OFuoR7KVATH5i8u--3OLDfZ8dB0zAP869GFGA2pPwlI_VqbFcarK5H4d8f1FtqCvvYVEaz_0Q
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 15001
last-modified: Thu, 19 Dec 2019 17:12:55 GMT
server: nginx/1.8.1
vary: Accept-Encoding, Accept-Encoding
x-goog-hash: md5=CqkkyYa2DGg0W+K2RKI33w==
x-goog-generation: 1576775575233105
cache-control: max-age=7200,public
x-goog-stored-content-length: 6184
content-type: application/javascript
expires: Sun, 31 Oct 2021 03:35:42 GMT

GET
H2 200 jquery-3.5.1.slim.min.js Show response
code.jquery.com/ 71 KB
24 KB 37ms
14ms Script
application/javascript 2001:4de0:ac18::1:a:3b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.5.1.slim.min.js
Requested by: Host: tag.ageureka.com
URL: https://tag.ageureka.com/eureka_ads.js?v=0.0.2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: gzip
last-modified: Mon, 04 May 2020 23:02:39 GMT
server: nginx
etag: W/"5eb09f0f-11abc"
vary: Accept-Encoding
x-hw: 1635644308.dop230.fr8.t,1635644308.cds264.fr8.hn,1635644308.cds240.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 24606

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 210 B
644 B 45ms
16ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=gruposdewhatsapp.bar&callback=_gfp_s_&client=ca-pub-8340557401284022

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110260101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8340557401284022&plah=gruposdewhatsapp.bar

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

72112391117dac0ad750bc347974b7cf574070e6801d0b458d46c3ec492eb8e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 199
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 40ms
15ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=gruposdewhatsapp.bar

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 40ms
16ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=gruposdewhatsapp.bar

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 435C 247 KB
69 KB 463ms
462ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&adk=1812271804&adf=3025194257&lmt=1635644308&plat=3%3A32%2C4%3A32%2C9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644308384&bpp=3&bdt=167&idt=73&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=605116957689&frm=20&pv=2&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=87

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5b85d1fd2022391164cdf06047740161c67231b13de578b70280b03e4e54bc0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 31 Oct 2021 01:38:28 GMT
server: cafe
content-length: 70715
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 31 Oct 2021 01:38:28 GMT
cache-control: private

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 94F8 90 KB
30 KB 550ms
549ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&slotname=9618899174&adk=3482220690&adf=2896993837&pi=t.ma~as.9618899174&w=1200&fwrn=4&fwrnh=100&lmt=1635644308&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644308387&bpp=3&bdt=170&idt=92&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=25&ady=223&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=dWwncumfB1&p=https%3A//gruposdewhatsapp.bar&dtd=99

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1000b7d7d1a3eafb517dff8af1747033f0d0885570b0b37af3d653b726d4ec17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 31 Oct 2021 01:38:29 GMT
server: cafe
content-length: 30964
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 31 Oct 2021 01:38:29 GMT
cache-control: private

GET
H2 200 / Show response
ui.cleverwebserver.com/3fb71065e38842a2b8e766d4ad87d4d5/ 161 B
228 B 110ms
101ms Script
text/javascript 2606:4700:10::6816:4c5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ui.cleverwebserver.com/3fb71065e38842a2b8e766d4ad87d4d5/
Requested by: Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4c5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.19
Resource Hash: ae8fc06de3bf41915d227c897a89b47a0f32a3a75c09dde8d39ea1dc27d95318

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: PHP/7.4.19
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: text/javascript;charset=UTF-8
cf-ray: 6a692a004d4f6993-FRA

GET
H2 200 eureka_live.2021.08-09-1.js Show response
tag.ageureka.com/ 9 KB
3 KB 7ms
7ms Script
application/javascript 23.111.9.67
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.ageureka.com/eureka_live.2021.08-09-1.js
Requested by: Host: tag.ageureka.com
URL: https://tag.ageureka.com/eureka_ads.js?v=0.0.2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.9.67 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: d7d84b52ad69af4ad3a3c9866a03a9f5f006b8c391254ce8d26639067f7a5a7e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: gzip
last-modified: Mon, 09 Aug 2021 18:45:08 GMT
server: NetDNA-cache/2.2
x-amz-request-id: ANJ21V035EFCB8PH
etag: W/"1b54c5ded98abc0c177093cffd825231"
x-cache: HIT
content-type: application/javascript
cache-control: max-age=604800
x-amz-id-2: EAcpF86VpHl+UH7wyAaOgYtHzJPKBu2vFw/cKXYv3TrmbXDM9QzAg/8yGw05/d/YBsCkchVTZtc=
expires: Sun, 07 Nov 2021 01:38:28 GMT

GET
H2 200 52736.php
sender.clevernt.com/transporter/ 43 B
354 B 172ms
64ms Image
image/gif 148.69.64.76
VODAFONE-PT Vodaf...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sender.clevernt.com/transporter/52736.php?ppuc=0&ppu=0&id=0&ref=aHR0cHM6Ly9ncnVwb3NkZXdoYXRzYXBwLmJhci8%3D&ruri=&r=103942177&tok=33419711310201791433&op=called&wn=null&res=1600x1200&ts=0.004&cc=1&iv=-1
Requested by: Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 148.69.64.76 Porto, Portugal, ASN12353 (VODAFONE-PT Vodafone Portugal, PT),
Reverse DNS: are.clevernt.com
Software: nginx /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
server: nginx
content-type: image/gif

GET
H2 200 2fe0a2f3c1b1be95772ea227d115c8be_2311.json Show response
frame.ageureka.com/config/ 18 KB
5 KB 68ms
7ms XHR
application/json 23.111.9.64
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://frame.ageureka.com/config/2fe0a2f3c1b1be95772ea227d115c8be_2311.json
Requested by: Host: tag.ageureka.com
URL: https://tag.ageureka.com/eureka_live.2021.08-09-1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.9.64 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: 3176406817d7d64c95cefe214cad4ec7287c7636f2c98caa92dbed8b4cd02f61

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: gzip
last-modified: Wed, 20 Oct 2021 12:27:39 GMT
server: NetDNA-cache/2.2
etag: W/"4634-5cec7e7656a1a"
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT
content-type: application/json
access-control-allow-origin: *
x-cache: HIT
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Access-Control-Max-Age, Access-Control-Allow-Methods, x-requested-with, Content-Type, origin, authorization, accept, client-security-token

GET
H2 200 broker.dcd0e0f1.js Show response
static.arc.io/broker/js/ Frame 874A 24 KB
9 KB 31ms
30ms Script
application/javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/broker/js/broker.dcd0e0f1.js
Requested by: Host: core.arc.io
URL: https://core.arc.io/broker.html?2326f2d
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8ff1ba9168acd72b164d43b76293ebc0dd85bb6ead45bc4eafc573cca190987a

Request headers

Referer: https://core.arc.io/
Origin: https://core.arc.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: br
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-azure-ref-originshield: 0Zp98YQAAAAAUkC9Js6ylTI+Km6ay0sOBTE9OMjFFREdFMDEwNgBhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
x-amz-request-id: P7HHEVF389JQH50D
x-cache: TCP_HIT
x-azure-ref: 0lPN9YQAAAAC/LeNNh3n7RavK+nPUWhTIQlJVMzBFREdFMDcwNwBhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
x-amz-id-2: kvXcOu13yxNiYbWq0gcgDzXMh6zvkmS243xRn8B/KX9avzkOd3lVwpajL3wsKW6kkomHewWkPws=
last-modified: Sat, 14 Aug 2021 05:04:21 GMT
server: AmazonS3
etag: "b9bd4615b13b095520ab7444cbff4593"
access-control-max-age: 86400
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
cache-control: public, max-age=2592000
accept-ranges: bytes

GET
H2 200 chunk-vendors.5e1d8045.js Show response
static.arc.io/broker/js/ Frame 874A 49 KB
17 KB 31ms
31ms Script
application/javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/broker/js/chunk-vendors.5e1d8045.js
Requested by: Host: core.arc.io
URL: https://core.arc.io/broker.html?2326f2d
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3082b0f5d766f08f34a2077d48da01d41c9283376883472fa0965bf1b77283e0

Request headers

Referer: https://core.arc.io/
Origin: https://core.arc.io
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: br
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-azure-ref-originshield: 0oJ57YQAAAAAjwb0E/1IgRpyWLmi5OG6wTE9OMjFFREdFMDEyMgBhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
x-amz-request-id: 9STTYNXJ1Q7Y7NJ4
x-cache: TCP_HIT
x-azure-ref: 0lPN9YQAAAADL/B6uQF0bRYXZIYlCCfp7QlJVMzBFREdFMDcwNwBhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
x-amz-id-2: JZG6R0Eb677s8r/OxSg9jec/Ue9U8KUHQQfZJ0q3GAG8g/IWL0ULjfnJu6y+0VK5eP3cW9Dyk1Y=
last-modified: Sat, 14 Aug 2021 05:04:21 GMT
server: AmazonS3
etag: "7baaa27cb0e1201fe90ecc5efca8fbcf"
access-control-max-age: 86400
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
cache-control: public, max-age=2592000
accept-ranges: bytes

GET
H2 200 lazy-iwc.9b430e25.js
static.arc.io/broker/js/ Frame 874A 0
5 KB 52ms
18ms Other
application/javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/broker/js/lazy-iwc.9b430e25.js
Requested by: Host: core.arc.io
URL: https://core.arc.io/broker.html?2326f2d
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://core.arc.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: br
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-azure-ref-originshield: 02T58YQAAAACFpIdC2Z2WTbFLkwrZ6EE2TE9OMjFFREdFMTUxNwBhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
x-amz-request-id: 2DBZ3D15J2VFVZ1F
x-cache: TCP_HIT
x-azure-ref: 0lPN9YQAAAACYR08WGvCeQ4nE0Rd/n86WQU1TMDRFREdFMTkxOQBhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
x-amz-id-2: 5/TeCReNO3hhmMtbYF+M6tdm0PB9jiQ4LESFu9Q1cZNinHUvym0cE394ifYUDflpqS7kKEp+Yc8=
last-modified: Sat, 14 Aug 2021 05:04:21 GMT
server: AmazonS3
etag: "7fd8734437dbdc553c3513d10d0c0a97"
access-control-max-age: 86400
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
cache-control: public, max-age=2592000
accept-ranges: bytes

GET
H2 200 lazy-modules.a169b1ec.js
static.arc.io/broker/js/ Frame 874A 0
14 KB 54ms
20ms Other
application/javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/broker/js/lazy-modules.a169b1ec.js
Requested by: Host: core.arc.io
URL: https://core.arc.io/broker.html?2326f2d
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://core.arc.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: br
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-azure-ref-originshield: 0S258YQAAAABGW9ASz6e0QIbqskSdR9ROTE9OMjFFREdFMTUxNwBhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
x-amz-request-id: X6DXXC4F7RXKJ74D
x-cache: TCP_HIT
x-azure-ref: 0lPN9YQAAAAABVHtgVpGiS7d/wfZV3AI1QU1TMDRFREdFMTkxOQBhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
x-amz-id-2: sO7ViCEK3jn28L/GwzfzS/5MXIjgC1Fm9S4+kqji4tbEEcm7OJw9m6+PFQ+XSOPZI341M3byvOc=
last-modified: Sat, 14 Aug 2021 05:04:21 GMT
server: AmazonS3
etag: "32ab6174f553ec44ff554a5a2406b76d"
access-control-max-age: 86400
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
cache-control: public, max-age=2592000
accept-ranges: bytes

GET
H2 200 vendors~widget-ui.js Show response
static.arc.io/widget/js/ 94 KB
31 KB 18ms
17ms Script
application/javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/widget/js/vendors~widget-ui.js?c9b0de53
Requested by: Host: static.arc.io
URL: https://static.arc.io/widget/js/core.js?2326f2d
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 84f8061a68058b0dd35d1c7c2bd4b475e6ab38d4374dc9f8394257be457570cb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: br
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-azure-ref-originshield: 0v158YQAAAADQ9g32yHHaR4Q4Tc0+yQyBTE9OMjFFREdFMDEwOQBhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
x-amz-request-id: J3ZJCSEPNHZD2506
x-cache: TCP_HIT
x-azure-ref: 0lPN9YQAAAACTFoD5J8bTT6+NrYKjvwNRQU1TMDRFREdFMTkxOQBhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
x-amz-id-2: cwzuCojdlx2S3A5q5BWyCa+WHNJKp5XXM6T0tUPQYYQ+9MB6xshrJX2tl4jZxdCrpBHV53p19pw=
last-modified: Thu, 28 Oct 2021 19:32:37 GMT
server: AmazonS3
etag: "5f5181a44cab6b9ccdc03f0d9f46e177"
access-control-max-age: 86400
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
cache-control: public, max-age=2592000, stale-while-revalidate=864000
accept-ranges: bytes

GET
H2 200 widget.css
static.arc.io/widget/css/ 85 KB
6 KB 16ms
16ms Stylesheet
text/css 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/widget/css/widget.css?2326f2d
Requested by: Host: static.arc.io
URL: https://static.arc.io/widget/js/core.js?2326f2d
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2a0d5016c9be45fd2d7534bf47f3b2c67d3d1d47e64e31572c28a94b984e7014

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: br
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-azure-ref-originshield: 0sUN8YQAAAABbQVPUhvXHTI0kPY27YUufTE9OMjFFREdFMDExMgBhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
x-amz-request-id: EAXBNGW7D4Z48757
x-cache: TCP_HIT
x-azure-ref: 0lPN9YQAAAAB8V0R+bLr4Q6WphI64K2uiQU1TMDRFREdFMTkxOQBhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
x-amz-id-2: 4Fg6MJ/qnvzx4vJLLTvTYIf20gqGGCbU74AlT/Fm0Ek7L3zB9ji7wbsQ01MHuOrM7OA6TEixh38=
last-modified: Thu, 28 Oct 2021 19:32:37 GMT
server: AmazonS3
etag: "ce66dd39d9339eebd65264a9ecc334be"
access-control-max-age: 86400
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
cache-control: public, max-age=2592000, stale-while-revalidate=864000
accept-ranges: bytes

GET
H2 200 widget-ui.js Show response
static.arc.io/widget/js/ 40 KB
12 KB 16ms
16ms Script
application/javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/widget/js/widget-ui.js?c729574a
Requested by: Host: static.arc.io
URL: https://static.arc.io/widget/js/core.js?2326f2d
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a14c5bd9b77327adfa00669612c289eec1ef14d28cd1843301f069d237a1339e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: br
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-azure-ref-originshield: 0BIV8YQAAAAAvuR1ltSPYT6dJXuHhVkOyTE9OMjFFREdFMDExNABhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
x-amz-request-id: 53K9CSMDEC98BCS1
x-cache: TCP_HIT
x-azure-ref: 0lPN9YQAAAAAwBr5bQkanS4/De0XWIDUJQU1TMDRFREdFMTkxOQBhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
x-amz-id-2: YULSxFsBh5a5lQPxO+HBXmubcvcVmOKWyFMW19m3xwajmvNJcbf21RxhexKTgoK2/zWfpFtLEeQ=
last-modified: Thu, 28 Oct 2021 19:32:37 GMT
server: AmazonS3
etag: "662d0f009df66a80b2998de512b22d1e"
access-control-max-age: 86400
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
cache-control: public, max-age=2592000, stale-while-revalidate=864000
accept-ranges: bytes

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 05A0 81 KB
27 KB 41ms
17ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: tag.ageureka.com
URL: https://tag.ageureka.com/eureka_live.2021.08-09-1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

sffe /

Resource Hash

8acf26e5da31fbcf97b58ad60baa4121ab276efd4ab78661e842fee1ff975071

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1029 / 554 of 1000 / last-modified: 1635545117"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27325
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 31 Oct 2021 01:38:28 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 3483 81 KB
27 KB 21ms
20ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: tag.ageureka.com
URL: https://tag.ageureka.com/eureka_live.2021.08-09-1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

sffe /

Resource Hash

c0ad5608f211342564118d3b5249a7fe5d40f709ddab2f2079cd8c6cc8a8df67

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1029 / 203 of 1000 / last-modified: 1635545117"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27325
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 31 Oct 2021 01:38:28 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 4202 81 KB
27 KB 38ms
37ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: tag.ageureka.com
URL: https://tag.ageureka.com/eureka_live.2021.08-09-1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

sffe /

Resource Hash

068a10c134968f5b4e31e5bbbe09435b445e451903424098699c484b7d1b25ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1029 / 370 of 1000 / last-modified: 1635545117"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27295
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 31 Oct 2021 01:38:28 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 6D50 81 KB
27 KB 38ms
38ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: tag.ageureka.com
URL: https://tag.ageureka.com/eureka_live.2021.08-09-1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

sffe /

Resource Hash

8acf26e5da31fbcf97b58ad60baa4121ab276efd4ab78661e842fee1ff975071

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1029 / 654 of 1000 / last-modified: 1635545117"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27325
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 31 Oct 2021 01:38:28 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame B18E 81 KB
27 KB 34ms
34ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: tag.ageureka.com
URL: https://tag.ageureka.com/eureka_live.2021.08-09-1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

sffe /

Resource Hash

4dba1e011745c1bec0b32691b466bf85c8972935bdb186a45fc96296136b23d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1029 / 934 of 1000 / last-modified: 1635545062"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27294
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 31 Oct 2021 01:38:28 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 899B 81 KB
27 KB 39ms
39ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: tag.ageureka.com
URL: https://tag.ageureka.com/eureka_live.2021.08-09-1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

sffe /

Resource Hash

9d72dece8ed48f4ba9c11e021a9cec5bc4e698ff95da7e378d71bca8a18c5667

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1029 / 168 of 1000 / last-modified: 1635545117"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27325
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 31 Oct 2021 01:38:28 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame CEBB 81 KB
27 KB 33ms
33ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: tag.ageureka.com
URL: https://tag.ageureka.com/eureka_live.2021.08-09-1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

sffe /

Resource Hash

9d72dece8ed48f4ba9c11e021a9cec5bc4e698ff95da7e378d71bca8a18c5667

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1029 / 230 of 1000 / last-modified: 1635545117"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27325
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 31 Oct 2021 01:38:28 GMT

GET
H3 200 pubads_impl_2021102701.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 05A0 353 KB
119 KB 16ms
15ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102701.js?31063350

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

sffe /

Resource Hash

9d07f01e075074db0154aae1cd5fc2f2f3ffe87d787783f686444f5583503437

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121586
x-xss-protection: 0
last-modified: Wed, 27 Oct 2021 08:34:36 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 31 Oct 2021 01:38:28 GMT

GET
H3 200 pubads_impl_2021102701.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 3483 353 KB
119 KB 24ms
24ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102701.js?31063339

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

sffe /

Resource Hash

9d07f01e075074db0154aae1cd5fc2f2f3ffe87d787783f686444f5583503437

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121586
x-xss-protection: 0
last-modified: Wed, 27 Oct 2021 08:34:36 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 31 Oct 2021 01:38:28 GMT

GET
H3 200 pubads_impl_2021102501.js Show response
securepubads.g.doubleclick.net/gpt/ Frame B18E 356 KB
120 KB 24ms
23ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102501.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

sffe /

Resource Hash

dcd346804a786db16b40af2672924a5b8787623f71d648a017da7e236e1b19b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122594
x-xss-protection: 0
last-modified: Mon, 25 Oct 2021 08:35:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 31 Oct 2021 01:38:28 GMT

GET
H3 200 pubads_impl_2021102501.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 4202 356 KB
120 KB 25ms
25ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102501.js?31063318

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

sffe /

Resource Hash

dcd346804a786db16b40af2672924a5b8787623f71d648a017da7e236e1b19b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122594
x-xss-protection: 0
last-modified: Mon, 25 Oct 2021 08:35:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 31 Oct 2021 01:38:28 GMT

GET
H3 200 pubads_impl_2021102601.js Show response
securepubads.g.doubleclick.net/gpt/ Frame CEBB 353 KB
119 KB 24ms
24ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102601.js?31063338

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

sffe /

Resource Hash

8156274be416705f770f8d4e0338e9886f99a863f433e105dc497f2e998f1812

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121587
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 08:35:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 31 Oct 2021 01:38:28 GMT

GET
H3 200 pubads_impl_2021102601.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 899B 353 KB
119 KB 29ms
29ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102601.js?31063338

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

sffe /

Resource Hash

8156274be416705f770f8d4e0338e9886f99a863f433e105dc497f2e998f1812

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121587
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 08:35:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 31 Oct 2021 01:38:28 GMT

GET
H3 200 pubads_impl_2021102701.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 6D50 353 KB
119 KB 16ms
15ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102701.js?31063350

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

sffe /

Resource Hash

9d07f01e075074db0154aae1cd5fc2f2f3ffe87d787783f686444f5583503437

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121586
x-xss-protection: 0
last-modified: Wed, 27 Oct 2021 08:34:36 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 31 Oct 2021 01:38:28 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 3483 107 B
165 B 318ms
16ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=gruposdewhatsapp.bar

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102701.js?31063339

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 3483 107 B
165 B 318ms
16ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=gruposdewhatsapp.bar

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102701.js?31063339

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 3483 490 B
297 B 37ms
37ms XHR
text/plain 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2878135317469018&correlator=2390454680064487&output=ldjh&impl=fif&eid=31063339%2C31063166&vrg=2021102701&ptt=17&sc=1&sfv=1-0-38&ecs=20211031&iu_parts=4676908%2C2fe0a2f3c1b1be95772ea227d115c8be_2311&enc_prev_ius=%2F0%2F1&prev_iu_szs=250x250%7C300x250%7C336x280%7C580x400%7C640x480%7C728x280%7C728x250%7C900x600%7C980x600%7C728x90%7C970x90%7C970x250&prev_scp=adformat%3Dinpage&eri=4&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3ART%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&cdm=gruposdewhatsapp.bar&bc=31&abxe=1&lmt=1635644308&dt=1635644308889&dlt=1635644308639&idt=232&frm=23&biw=1600&bih=1200&isw=1550&ish=1&oid=2&adxs=25&adys=670&adks=475162452&ucis=3uubb1aohd8q&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&top=gruposdewhatsapp.bar&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1550x1&msz=1550x1&ga_vid=134582782.1635644309&ga_sid=1635644309&ga_hid=1546946354&ga_fc=false&fws=260&ohw=1550&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102701.js?31063339

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

7f2f64ba75042bdb3dffcbf33c695c84f2ee9883ae6f314951f528a5700d964b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 267
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://gruposdewhatsapp.bar
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
06f335b3e8106d77cc8287d47841ca5e.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6B85 6 KB
4 KB 91ms
15ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://06f335b3e8106d77cc8287d47841ca5e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102701.js?31063339

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 31 Oct 2021 01:38:28 GMT
expires: Mon, 31 Oct 2022 01:38:28 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame B18E 107 B
165 B 291ms
24ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=gruposdewhatsapp.bar

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame B18E 107 B
165 B 292ms
25ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=gruposdewhatsapp.bar

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame B18E 15 KB
9 KB 356ms
356ms XHR
text/plain 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1997484346019433&correlator=4071886635935878&output=ldjh&impl=fif&eid=31063213&vrg=2021102501&ptt=17&sc=1&sfv=1-0-38&ecs=20211031&iu_parts=4676908%2C2fe0a2f3c1b1be95772ea227d115c8be_2311&enc_prev_ius=%2F0%2F1&prev_iu_szs=250x250%7C300x250%7C336x280%7C580x400%7C640x480%7C728x280%7C728x250%7C900x600%7C980x600%7C728x90%7C970x90%7C970x250&prev_scp=adformat%3Dinpage&eri=4&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3ART%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&cdm=gruposdewhatsapp.bar&bc=31&abxe=1&lmt=1635644308&dt=1635644308923&dlt=1635644308658&idt=249&frm=23&biw=1600&bih=1200&isw=1550&ish=1&oid=2&adxs=25&adys=1465&adks=475162452&ucis=ng0u0nxmmbqf&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&top=gruposdewhatsapp.bar&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1550x1&msz=1550x1&ga_vid=339825845.1635644309&ga_sid=1635644309&ga_hid=2011102689&ga_fc=false&fws=260&ohw=1550&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102501.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

fcc1440384916e24bfba896ac169c4bd8d59b2463e999a4b85a577069e19eb4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8883
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://gruposdewhatsapp.bar
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F0B2 6 KB
3 KB 61ms
15ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 31 Oct 2021 01:38:28 GMT
expires: Mon, 31 Oct 2022 01:38:28 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 6D50 107 B
165 B 275ms
33ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=gruposdewhatsapp.bar

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102701.js?31063350

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 6D50 107 B
165 B 277ms
35ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=gruposdewhatsapp.bar

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102701.js?31063350

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 6D50 16 KB
9 KB 283ms
282ms XHR
text/plain 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3345433076437205&correlator=799299371707249&output=ldjh&impl=fif&eid=31063280%2C31063283%2C31063313%2C31063350%2C21068030&vrg=2021102701&ptt=17&sc=1&sfv=1-0-38&ecs=20211031&iu_parts=4676908%2C2fe0a2f3c1b1be95772ea227d115c8be_2311&enc_prev_ius=%2F0%2F1&prev_iu_szs=250x250%7C300x250%7C336x280%7C580x400%7C640x480%7C728x280%7C728x250%7C900x600%7C980x600%7C728x90%7C970x90%7C970x250&prev_scp=adformat%3Dinpage&eri=4&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3ART%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&cdm=gruposdewhatsapp.bar&bc=31&abxe=1&lmt=1635644308&dt=1635644308949&dlt=1635644308651&idt=284&frm=23&biw=1600&bih=1200&isw=1550&ish=1&oid=2&adxs=25&adys=1200&adks=475162452&ucis=ug13fr37vx9i&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&top=gruposdewhatsapp.bar&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1550x1&msz=1550x1&ga_vid=1311538654.1635644309&ga_sid=1635644309&ga_hid=908277272&ga_fc=false&fws=260&ohw=1550&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102701.js?31063350

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

2a570c9f841ac209406cf22612c7d383941480fd2a9ce43fd53e4d43448ff5f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9644
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://gruposdewhatsapp.bar
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 09D1 6 KB
3 KB 70ms
15ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102701.js?31063350

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 31 Oct 2021 01:38:29 GMT
expires: Mon, 31 Oct 2022 01:38:29 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 899B 107 B
165 B 251ms
34ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=gruposdewhatsapp.bar

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102601.js?31063338

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 899B 107 B
165 B 253ms
36ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=gruposdewhatsapp.bar

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102601.js?31063338

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 899B 16 KB
9 KB 248ms
247ms XHR
text/plain 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3036079568268128&correlator=4194420903369649&output=ldjh&impl=fif&eid=31063136%2C31063283%2C31063338%2C21065725&vrg=2021102601&ptt=17&sc=1&sfv=1-0-38&ecs=20211031&iu_parts=4676908%2C2fe0a2f3c1b1be95772ea227d115c8be_2311&enc_prev_ius=%2F0%2F1&prev_iu_szs=250x250%7C300x250%7C336x280%7C580x400%7C640x480%7C728x280%7C728x250%7C900x600%7C980x600%7C728x90%7C970x90%7C970x250&prev_scp=adformat%3Dinpage&eri=4&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3ART%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&cdm=gruposdewhatsapp.bar&bc=31&abxe=1&lmt=1635644308&dt=1635644308977&dlt=1635644308666&idt=293&frm=23&biw=1600&bih=1200&isw=1550&ish=1&oid=2&adxs=25&adys=1730&adks=475162452&ucis=lkkutum2x8iz&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&top=gruposdewhatsapp.bar&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1550x1&msz=1550x1&ga_vid=1489469813.1635644309&ga_sid=1635644309&ga_hid=1206095592&ga_fc=false&fws=260&ohw=1550&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102601.js?31063338

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

ccd14dda4c2d3d47ad9a99644b1bd3b9fba62e24f7a3d450f4f190dcfb5d9566

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9344
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://gruposdewhatsapp.bar
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 1920 6 KB
3 KB 64ms
15ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102601.js?31063338

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 31 Oct 2021 01:38:29 GMT
expires: Mon, 31 Oct 2022 01:38:29 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 4202 107 B
165 B 221ms
34ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=gruposdewhatsapp.bar

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102501.js?31063318

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 4202 107 B
165 B 222ms
35ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=gruposdewhatsapp.bar

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102501.js?31063318

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 4202 16 KB
9 KB 275ms
275ms XHR
text/plain 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=848841332571682&correlator=1748041531177368&output=ldjh&impl=fif&eid=31063318%2C31061690&vrg=2021102501&ptt=17&sc=1&sfv=1-0-38&ecs=20211031&iu_parts=4676908%2C2fe0a2f3c1b1be95772ea227d115c8be_2311&enc_prev_ius=%2F0%2F1&prev_iu_szs=250x250%7C300x250%7C336x280%7C580x400%7C640x480%7C728x280%7C728x250%7C900x600%7C980x600%7C728x90%7C970x90%7C970x250&prev_scp=adformat%3Dinpage&eri=4&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3ART%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&cdm=gruposdewhatsapp.bar&bc=31&abxe=1&lmt=1635644309&dt=1635644309003&dlt=1635644308645&idt=343&frm=23&biw=1600&bih=1200&isw=1550&ish=1&oid=2&adxs=25&adys=935&adks=475162452&ucis=y6yp686nt17f&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&top=gruposdewhatsapp.bar&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1550x1&msz=1550x1&ga_vid=2123604578.1635644309&ga_sid=1635644309&ga_hid=766041915&ga_fc=false&fws=260&ohw=1550&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102501.js?31063318

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

ebd46e76988d8286060ccab9ea7424878d810904da05e4e37eb57c1614c3dab3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9382
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://gruposdewhatsapp.bar
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4CCF 6 KB
3 KB 60ms
15ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102501.js?31063318

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 31 Oct 2021 01:38:29 GMT
expires: Mon, 31 Oct 2022 01:38:29 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame CEBB 107 B
165 B 201ms
33ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=gruposdewhatsapp.bar

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102601.js?31063338

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame CEBB 107 B
165 B 202ms
35ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=gruposdewhatsapp.bar

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102601.js?31063338

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame CEBB 15 KB
9 KB 632ms
631ms XHR
text/plain 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2375784301372285&correlator=2766385335860902&output=ldjh&impl=fif&eid=31063338%2C21068030&vrg=2021102601&ptt=17&sc=1&sfv=1-0-38&ecs=20211031&iu_parts=4676908%2C2fe0a2f3c1b1be95772ea227d115c8be_2311&enc_prev_ius=%2F0%2F1&prev_iu_szs=250x250%7C300x250%7C336x280%7C580x400%7C640x480%7C728x280%7C728x250%7C900x600%7C980x600%7C728x90%7C970x90%7C970x250&prev_scp=adformat%3Dinpage&eri=4&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3ART%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&cdm=gruposdewhatsapp.bar&bc=31&abxe=1&lmt=1635644309&dt=1635644309020&dlt=1635644308705&idt=310&frm=23&biw=1600&bih=1200&isw=1550&ish=1&oid=2&adxs=25&adys=228&adks=475162452&ucis=8syj43hn85jt&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&top=gruposdewhatsapp.bar&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1550x1&msz=1550x1&ga_vid=1796590846.1635644309&ga_sid=1635644309&ga_hid=1061284218&ga_fc=false&fws=260&ohw=1550&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102601.js?31063338

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

bf6fb3ef177aa1402800cb8b2c3fed81553af4d0099295a6690538f82c1e3461

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9397
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://gruposdewhatsapp.bar
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E110 6 KB
3 KB 61ms
14ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102601.js?31063338

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 31 Oct 2021 01:38:29 GMT
expires: Mon, 31 Oct 2022 01:38:29 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 3483 11 KB
9 KB 39ms
19ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021102701&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102701.js?31063339

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cfae236a298e8dbb945b2a0fbce027a47e90262f256eab639014f11a145831f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8516
x-xss-protection: 0

GET
H2 200 lazy-modules.a169b1ec.js Show response
static.arc.io/broker/js/ Frame 874A 45 KB
14 KB 17ms
16ms Script
application/javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/broker/js/lazy-modules.a169b1ec.js
Requested by: Host: static.arc.io
URL: https://static.arc.io/broker/js/broker.dcd0e0f1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 45344ec706e661760887e42f8797c4dd446805b24657d99318b08d211f2e549b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://core.arc.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:28 GMT
content-encoding: br
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-azure-ref-originshield: 0S258YQAAAABGW9ASz6e0QIbqskSdR9ROTE9OMjFFREdFMTUxNwBhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
x-amz-request-id: X6DXXC4F7RXKJ74D
x-cache: TCP_HIT
x-azure-ref: 0lfN9YQAAAAAC7Rbv+6eqRoQ0WWK5l+vAQU1TMDRFREdFMTkxOQBhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
x-amz-id-2: sO7ViCEK3jn28L/GwzfzS/5MXIjgC1Fm9S4+kqji4tbEEcm7OJw9m6+PFQ+XSOPZI341M3byvOc=
last-modified: Sat, 14 Aug 2021 05:04:21 GMT
server: AmazonS3
etag: "32ab6174f553ec44ff554a5a2406b76d"
access-control-max-age: 86400
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
cache-control: public, max-age=2592000
accept-ranges: bytes

GET
H2 200 9703f06907c5d574db4d8eade29cba29.js Show response
www.gstatic.com/mysidia/ Frame 94F8 8 KB
4 KB 32ms
7ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/9703f06907c5d574db4d8eade29cba29.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&slotname=9618899174&adk=3482220690&adf=2896993837&pi=t.ma~as.9618899174&w=1200&fwrn=4&fwrnh=100&lmt=1635644308&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644308387&bpp=3&bdt=170&idt=92&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=25&ady=223&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=dWwncumfB1&p=https%3A//gruposdewhatsapp.bar&dtd=99

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b1ea339daaa89b586a011d5bd1950ac69401da87ac9b364d631847cf3e2cd7ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 05:01:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 247016
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3339
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 04:53:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="mysidia"
expires: Wed, 26 Jan 2022 05:01:33 GMT

GET
H2 200 8a67d772edd96b36f2855b74b7c31d82.js Show response
www.gstatic.com/mysidia/ Frame 94F8 8 KB
3 KB 33ms
8ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/8a67d772edd96b36f2855b74b7c31d82.js?tag=text/vanilla_highlight

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7a6c57be84a2088f7cdfd0d3a289ced1e5097cc8a6ced0de0185d4943267f52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 05:17:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 246081
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3479
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 04:53:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="mysidia"
expires: Wed, 26 Jan 2022 05:17:08 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 94F8 3 KB
1 KB 39ms
16ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 31 Oct 2021 01:09:33 GMT
server: ESF
date: Sun, 31 Oct 2021 01:38:29 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Sun, 31 Oct 2021 01:38:29 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 94F8 2 KB
991 B 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1b4e852fde612daeb72f1f4cca801a99cc2730875048c5ac3faa9f5ca5854155

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:12:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1537
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 885
x-xss-protection: 0
server: cafe
etag: 638833322182864030
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:12:52 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/ Frame 94F8 19 KB
8 KB 44ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9098bce32fa311e967ba3bae1f3c4763801acf08ba95c67fb477f468e42a69a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:13:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1516
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7760
x-xss-protection: 0
server: cafe
etag: 2659786357195577193
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:13:13 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 94F8 3 KB
2 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4af635698cb6488a8df86b99febedbc979c76e04f675f3a9cdc66f7b4d86aff6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 00:36:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3707
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1470
x-xss-protection: 0
server: cafe
etag: 9165589572046851897
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 00:36:42 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 94F8 120 KB
37 KB 45ms
15ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eaaa6059ef4c9ca12e78fcc03ae77ad4cbf05dc73c1fedf64b28a632868bd829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37344
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1635161763799786"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 31 Oct 2021 01:38:29 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 94F8 14 KB
6 KB 44ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7155d8dd40ece849d72213770b3a5b84467de8c6cab5c3bda3266808502cb69b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:32:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 356
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6337
x-xss-protection: 0
server: cafe
etag: 7721474052657771746
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:32:33 GMT

GET
H2 200 5193475774055ccce470a7af02e48ef6.js Show response
www.gstatic.com/mysidia/ Frame 94F8 27 KB
11 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/5193475774055ccce470a7af02e48ef6.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

024bf58839434bcdbb669f44e683ecbb58be25cde0d0e721d68031a67a40dd40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 05:01:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 247016
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11340
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 04:53:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="mysidia"
expires: Wed, 26 Jan 2022 05:01:33 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 3483 17 KB
7 KB 50ms
15ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102701.js?31063339

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sun, 31 Oct 2021 01:38:29 GMT

GET
H2 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110260101/ 143 KB
52 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110260101/reactive_library_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9c894588132662e56bfd636ab19a57831c4fe106a207a453f20b3be316732b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52781
x-xss-protection: 0
server: cafe
etag: 15138605428841842935
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Oct 2021 01:38:29 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 95ms
34ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=gruposdewhatsapp.bar

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 96ms
35ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=gruposdewhatsapp.bar

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 76F5 89 KB
30 KB 577ms
577ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=1749763963&adf=1023529928&pi=t.aa~a.851271261~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280&nras=2&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=1993&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=wnUtz5zACY&p=https%3A//gruposdewhatsapp.bar&dtd=14

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

66a40c269af4405d2119e9e1614938c53b62e52e46bad28eeb6a4af38041476d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 31 Oct 2021 01:38:29 GMT
server: cafe
content-length: 30486
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 31 Oct 2021 01:38:29 GMT
cache-control: private

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2A02 94 KB
32 KB 645ms
645ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=1749763963&adf=1227958693&pi=t.aa~a.851271261~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=3&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2309&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=22ZO10pvNk&p=https%3A//gruposdewhatsapp.bar&dtd=17

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ac16dcb2069f804fdd08720f5e6ad56b53b456576394a01f1536f8dfab0b3d2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 31 Oct 2021 01:38:29 GMT
server: cafe
content-length: 32159
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 31 Oct 2021 01:38:29 GMT
cache-control: private

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4F2C 86 KB
31 KB 371ms
371ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=909805614&adf=22827039&pi=t.aa~a.851264418~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=4&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2858&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=wt21vC1GN7&p=https%3A//gruposdewhatsapp.bar&dtd=19

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

44fbf6d6ad72224ebcef63f7c8e2280fdf1b5a2f15d1749115ea41ee76b76f66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 31 Oct 2021 01:38:29 GMT
server: cafe
content-length: 31053
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 31 Oct 2021 01:38:29 GMT
cache-control: private

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2BE6 91 KB
31 KB 318ms
317ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=909805614&adf=1512048447&pi=t.aa~a.851264418~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=5&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=3174&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=wV4BikZI72&p=https%3A//gruposdewhatsapp.bar&dtd=22

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5271a09f674120f3162f5fbff8afbde580258b5a52ad05aa24f2eb44ee4870e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 31 Oct 2021 01:38:29 GMT
server: cafe
content-length: 31824
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 31 Oct 2021 01:38:29 GMT
cache-control: private

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A362 96 KB
31 KB 433ms
432ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=1577641129&adf=2908228819&pi=t.aa~a.851277323~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=6&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=3723&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=TpAeDOe1y7&p=https%3A//gruposdewhatsapp.bar&dtd=24

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6af01199741c29eb5a39480ce0f027872dad0cbe236a949d0b453794df042a3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 31 Oct 2021 01:38:29 GMT
server: cafe
content-length: 31486
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 31 Oct 2021 01:38:29 GMT
cache-control: private

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame AC0E 19 KB
10 KB 390ms
389ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=90&adk=2080251364&adf=4033036980&pi=t.aa~a.851277323~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x90&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=7&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=4039&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=6&fsb=1&xpc=ixelTRTOKD&p=https%3A//gruposdewhatsapp.bar&dtd=27

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

822417f3e1ffd4b0b0f13e20c0d28ddc16471fefbc05917c24bc6245c23ac68c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 31 Oct 2021 01:38:29 GMT
server: cafe
content-length: 10103
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 31 Oct 2021 01:38:29 GMT
cache-control: private

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 25B5 21 KB
11 KB 231ms
230ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=90&adk=1365112950&adf=133147881&pi=t.aa~a.851278768~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x90&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=1&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x90&nras=8&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=4414&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=9&uci=a!9&btvi=7&fsb=1&xpc=nkL63vxrOo&p=https%3A//gruposdewhatsapp.bar&dtd=30

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bb8d29797644e3e1a87f7ec24a8fc106e59751e0159f0c7a0510ed0ec0f867b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 31 Oct 2021 01:38:29 GMT
server: cafe
content-length: 10604
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 31 Oct 2021 01:38:29 GMT
cache-control: private

GET
H2 200 adview
googleads.g.doubleclick.net/pagead/ Frame 94F8 0
0 26ms
26ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CEGP9lPN9YajgHsy07_UP8OCc6A21rLmPZvPPj8PGDuy7672UHhABIIGn93dglfL9gZQHoAHw9u6RA8gBAakCLoL0L5Flsz6oAwHIA8sEqgTdAU_Q9WnYHmNubc2-tq6DujJ4vCbZ0o67m4DjVaVQhK4dERnjabVF5wTIymAZzviJWjUUO67-KSPwwxpABU8zT7sQiw-WTqiXVtCXNX9gJIruLtVFt3N-UuVYMSNJlnJKsRUMlDsTIitM36iApCbASjyI_apGiiSg57-zjcMc93WkJpg0Li0MGk0Rb-tRoKiOtn0X-MBl6tr8BWD0Q_uLhnAZ1I1O0sr4wAb4V5SCxuBv4b9xNrMd2oe-be8qPeDDSEsUMpEfZqSYQ0RCwHXu0vcxiV6h9VOsaaeDZdwQwATc7Ni7iwOSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAYAH-IiRbqgH8NkbqAfy2RuoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBC7riLSCAkIgOGAEBABGF-ACgHICwHYEwyIFAfQFQGYFgGAFwGyFxwKGggAEhRwdWItODM0MDU1NzQwMTI4NDAyMhgA&sigh=gpeqsSamjWM&uach_m=[UACH]

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&slotname=9618899174&adk=3482220690&adf=2896993837&pi=t.ma~as.9618899174&w=1200&fwrn=4&fwrnh=100&lmt=1635644308&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644308387&bpp=3&bdt=170&idt=92&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=25&ady=223&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=dWwncumfB1&p=https%3A//gruposdewhatsapp.bar&dtd=99
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 31 Oct 2021 01:38:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 31 Oct 2021 01:38:29 GMT

GET
H2 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CA00 143 B
221 B 7ms
7ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&slotname=9618899174&adk=3482220690&adf=2896993837&pi=t.ma~as.9618899174&w=1200&fwrn=4&fwrnh=100&lmt=1635644308&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644308387&bpp=3&bdt=170&idt=92&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=25&ady=223&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=dWwncumfB1&p=https%3A//gruposdewhatsapp.bar&dtd=99

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 31 Oct 2021 01:37:38 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 51
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 94F8 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5209704cbc1cb533211db54cd28d32624c2a4f70852d181f5e61915b49156557

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 1118 12 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Sat, 30 Oct 2021 22:31:15 GMT
expires: Sun, 30 Oct 2022 22:31:15 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 11234
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame BF62 783 B
1 KB 40ms
17ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

9646082bc88855cb4ed8d308ce7104a23f09d029d1772d57f00470aa35ad16ef

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-RUyctV3pVuXk15kL2Mp1ag' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sun, 31 Oct 2021 01:38:29 GMT
date: Sun, 31 Oct 2021 01:38:29 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-RUyctV3pVuXk15kL2Mp1ag' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211026/r20110914/ Frame 794B 10 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211026/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1437cdd25532919299784f840c613a46dbcf783903d558bcf5386defd7cceb1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 30 Oct 2021 16:35:44 GMT
expires: Sat, 13 Nov 2021 16:35:44 GMT
content-type: text/html; charset=UTF-8
etag: 15765991816257340444
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4703
x-xss-protection: 0
age: 32565
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211026/r20110914/ Frame 685C 10 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211026/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1437cdd25532919299784f840c613a46dbcf783903d558bcf5386defd7cceb1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 30 Oct 2021 16:35:44 GMT
expires: Sat, 13 Nov 2021 16:35:44 GMT
content-type: text/html; charset=UTF-8
etag: 15765991816257340444
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4703
x-xss-protection: 0
age: 32565
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 container.html Show response
2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 891A 6 KB
3 KB 309ms
7ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102601.js?31063338

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 31 Oct 2021 01:38:29 GMT
expires: Mon, 31 Oct 2022 01:38:29 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 899B 11 KB
8 KB 18ms
18ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021102601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102601.js?31063338

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c270fc7accd11519a2045bad5b2c060dc5d20893a62f59c11320f2123ca6a62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8500
x-xss-protection: 0

GET
H2 200 container.html Show response
aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame AE26 6 KB
3 KB 8ms
8ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102701.js?31063350

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 31 Oct 2021 01:38:29 GMT
expires: Mon, 31 Oct 2022 01:38:29 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 6D50 11 KB
8 KB 20ms
19ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021102701&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102701.js?31063350

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c271a4ac1499269ed566e50e5f5ff63d0fe849196bed4096228e544dd7720116

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8398
x-xss-protection: 0

GET
H2 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 94F8 21 KB
22 KB 31ms
7ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 02:15:39 GMT
x-content-type-options: nosniff
age: 256970
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21660
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:07:18 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 28 Oct 2022 02:15:39 GMT

GET
H2 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 94F8 21 KB
21 KB 33ms
11ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 25 Oct 2021 18:21:26 GMT
x-content-type-options: nosniff
age: 458223
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21424
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:08:24 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 25 Oct 2022 18:21:26 GMT

GET
H2 200 container.html Show response
a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6FEB 6 KB
3 KB 8ms
8ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 31 Oct 2021 01:38:28 GMT
expires: Mon, 31 Oct 2022 01:38:28 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame B18E 11 KB
8 KB 18ms
18ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021102501&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b987ccce88aa8270b5d5c31459cababbaf8d62e3986e3b9d3b837a4df342e3b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8516
x-xss-protection: 0

GET
H2 200 container.html Show response
e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4F2F 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102501.js?31063318

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 31 Oct 2021 01:38:29 GMT
expires: Mon, 31 Oct 2022 01:38:29 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 4202 11 KB
8 KB 19ms
19ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021102501&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102501.js?31063318

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ac99a7e078d69db7c7d7b6abdeb6f4ec954dfa3c78855db52c87d163612acc31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8511
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 899B 17 KB
6 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102601.js?31063338

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sun, 31 Oct 2021 01:38:29 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 6D50 17 KB
6 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102701.js?31063350

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sun, 31 Oct 2021 01:38:29 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame B18E 17 KB
6 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sun, 31 Oct 2021 01:38:29 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 4202 17 KB
6 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102501.js?31063318

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sun, 31 Oct 2021 01:38:29 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame 794B 4 KB
708 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211026/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 31 Oct 2021 01:09:17 GMT
server: ESF
date: Sun, 31 Oct 2021 01:38:29 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Sun, 31 Oct 2021 01:38:29 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 794B 205 B
492 B 8ms
7ms Image
image/png 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211026/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 10:24:27 GMT
x-content-type-options: nosniff
age: 54842
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 30 Oct 2022 10:24:27 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 794B 604 B
695 B 8ms
7ms Image
image/png 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211026/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 14:02:58 GMT
x-content-type-options: nosniff
age: 41731
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 30 Oct 2022 14:02:58 GMT

GET
H2 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/elements/html/ Frame 794B 18 KB
8 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211026/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0d708e6899a77c81a9547e6d36f81d91d4391f1202c6cc973df9f5c106ece767

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 23:41:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7032
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8007
x-xss-protection: 0
server: cafe
etag: 16949158767468107603
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 13 Nov 2021 23:41:17 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 053E 624 B
344 B 17ms
17ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL3EGxCGqhwY1Lq4ZjAB&v=APEucNVZSEIEDCMLR0x76pEq2AS_fVM7He_HVDqqm1gmR0SrbfLN7wGWPxwIWr2MKi3hqd6bzQLYi1UHIJ4v22IrBNEsHKDgNEsDya1LxTEV3syjI0XUbrp4i7gSq8TF0Eoip0OiHnllwsX7fYRvD_56ANMkwzXFpVvax_ydBOGXmjzTfb-7Cc4

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20211026/r20110914/zrt_lookup.html?fsb=1

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 31 Oct 2021 01:38:29 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame F935 106 KB
38 KB 39ms
10ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 14:19:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40725
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 14:19:44 GMT

GET
H2 200 omrhp_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/elements/html/ Frame F935 6 KB
3 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/elements/html/omrhp_fy2019.js

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fb9268e99659f17a183de7aa0d4e27453f96c159a7ba99d6482522f8f72d1009

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:03:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2087
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2631
x-xss-protection: 0
server: cafe
etag: 10983085961369067521
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:03:42 GMT

GET
H2 200 abg_lite_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/ Frame F935 19 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/abg_lite_fy2019.js

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9098bce32fa311e967ba3bae1f3c4763801acf08ba95c67fb477f468e42a69a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 00:56:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2532
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7760
x-xss-protection: 0
server: cafe
etag: 2659786357195577193
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 00:56:17 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame F935 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/window_focus_fy2019.js

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4af635698cb6488a8df86b99febedbc979c76e04f675f3a9cdc66f7b4d86aff6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 00:36:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3707
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1470
x-xss-protection: 0
server: cafe
etag: 9165589572046851897
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 00:36:42 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F935 120 KB
37 KB 324ms
22ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eaaa6059ef4c9ca12e78fcc03ae77ad4cbf05dc73c1fedf64b28a632868bd829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37344
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1635161763799786"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 31 Oct 2021 01:38:29 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame F935 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7155d8dd40ece849d72213770b3a5b84467de8c6cab5c3bda3266808502cb69b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:32:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 356
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6337
x-xss-protection: 0
server: cafe
etag: 7721474052657771746
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:32:33 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F935 42 B
173 B 15ms
15ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Ddrhg3hm6v_rtAMKZ9ClZigoduwjqkuWv8996kZgx1i8sg8NEl7QTHg8b09ApBfDdRI7xxWPup_epOl9SjPYlerCMZYUZI-1_aixXFN8T8kqwXB9I

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 08F6 640 B
363 B 19ms
18ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY7YDTtQEwAQ&v=APEucNXTTUgdk4W9oKvkVhs75VgOwBOJwfkMGkY9A2Vi29qt4Eyf18LZw2GdbmITonMhCYzWjJvTaeWJ7dHvdPri74udYKzhbbEuDC2KKSShPikL4hRLQA4jClINxTkv33Lb4YDf9PThIPhzOpV3C5QT8LuXavN0Y1P2e2XarK5lHgkafS4H620

Requested by

Host: aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com
URL: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 31 Oct 2021 01:38:29 GMT
server: cafe
cache-control: private
content-length: 295
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame AE26 73 KB
29 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BB2TlP8KX2EOjJuAer0oQ4biZyPjmfdNJooYgU0FzwCSRB0YmZMOZ_9KmYrm33Ado97OteXkspE5RJI6x4_muAtSle3PzfgEK4SoNj7WzFd2lje6V7UCmPJoTxjLUSLheuoc5GxoHQDdjWyN1S3PB1XEQe_A&dbm_d=AKAmf-CeRauTrl4dH6tOxzk9GP5Yp-EnJGhAnQfJJfiFFsO9Vt6EcqZFTCvx02AdJTLYgUxrvheLA9uqK2LVOTZLiB4WbU6AHWk_pVcw5MMaREcaNgdDvyvTi0V-sKJ_bIMQwgog0Dy4lM8OzjLCxWZpd6PAKnr9CnObvuJUJVMoDKYv5WVqYJv8f2_RP_xkSVgvD564nWEABeDS7Syku-52kZpxkUGnE7Sk0qQPgQ5auKSWX2k93VRfofnF3oxb2ERwKsoQO1-ZhbYRZtTSy9CN00JZFeEnyrqnz2wL0ma7KpiXWUUKtom7xNs5Hh2YOACAQDkHlxg_10M5yT4ONSnISICmno5G7JtJfJbINIMncTnFMqZBcLwGRHFTxu1Aa4HGWF5a8UKFxdAKRiIdCKpya-rY2UfUE1YmenyHEM_g3LigVoE1F8QxYiyMT-sBSHCMfDwsNEeIRAmj9aZUE9l1sWyKuttbHCXmSTTpLZP5wPSLA4XPU8GWjbLbRIEzwXABBre8bSGyZp-vMekoGHKrmn5tt7CbrudDMonCv_NGbXczKec7axfD9-hTvo0nW6V2SoH3m0XIc3EiuoR0KKmZeOsPRk8FqAUKrr4XshZerH2EfjMRIDelHj674e3nCnLA7Bg7O7KytyWLNTkwEYz6h8QU2o9BMQqBgOmLi9BJr-VggI0EvKdTVuKjeRZGq5YSveIy_diQG9Sjbpdq3sK5SUuHXe0AsADa-iwVn6PjQz38A4Nz989kDH_Ty8FyjLoGHA2gWn4f9zU5Dar5uT1iYNxnITjMrIsXUPCiwfGFJC-MBH3qZ1nWT0CbmcJZXU9jYVjgPVr2rjbG2rB6bskBag3ANQQfThTtrkGJbR5H5AlJC2ynyK7guYgWAd6oHaUfVsgJgM4hyjHRBc9zDwGLc_RAm0CBL1_tjmIKc-L9XhR2Oxk65zBCg2yntbAZQYyQ0txm8-pteQH5HJn62QXEm_y3gwpTgIuD0uR68YaUn1w7LcOOuMgWtbpaWP0y_GirVhHkRTudHRp5-66bfdJRjZbbMxM7BVEwgjoyCmLzbJDQHhC_sBuTaUxQPuZsqkaI7p4w3NFqAuj-on7TlzFX_HeV1tlOT5qxHiijkTN8n22z8ge5iyccCpNZfYp7pL_5T2DBdnKUThfk3Zvd1eXM_i2pjTlbAkRcbMuL3WwtrSnvW8rqTO73AKHP1y_h5GlHQsHC2zqZnx_0hovWjcnE8pNMtbDdyLoj10o2HHWC-DAgWeAcd7r1miDoB30Mtz5ZFWjxfjQPo1vOkywBnUQByMWMIh4D5xDHn1LRMR7-34VaOguAHzs1flZ38Z9yP5DWH6trjRNPRFL_3cMz8gU0fIZid52hVHa6dU-V5p3nLLnF-8kf3Z5VEa0XATT267mQNiW31DnER00PzKZ6DXRuCyIfnkN-ATbRjmPSyc9eTeF-D044P2vWb-Zv85SsJWDkioSCNwfMpVqsrqOxjcWT-JQxEqC6ixguq9Jb1P0efwwGQatEVKsc_jiZMGC_TU_KPH6wbNbQCCrtOJSRIrx1g5SPT7FHKLszbGS4QgelZCxsu3iPNDsKsnPn3OaakL4-78GB5VcKhygJOp3gYTUEXvlTCVvgat9xVOn25-jEP_4XA9WPgaj4Jy6j4wMDfCyLA8OzEGyDbjAE1rGTRt5sE9eXG3UEENdriL7Jvw4lXfga_V1sHZldJm-suQbI9ClEf36UtVijKmnLKgS1VE9Yg8vCg3w_VW96MWQbuszWOGna_PDxjsIyALTekh5kT4T9fyYekBcYbrEwh0HWcZ5KacplP06i6KlkMfHV3IlwsLBIWaPS9ZpcK2_IhFYM8GjJpoOXxP6aaCSnyMIf5vxdNGabZXA6FG10IlrZ2jgiwb6k7inuUwP8DN3VeFrCmvGpDBoBZ8sARiLMU8XIG_2b6LKxDrJGeNtpqtwMKBLMJ9BnuqK-bCzV9pluZzWZBcGu2_tnh0tYPdTLmoOTGtFftFqOCVu2atZDfWVCYC8r2HvgXfHj6MamlUdpef8WQUxY9X8pOrhZOjk9QRYewYPon_muKQ9e8qYNHIUq5giGt1wxIwVI7T33nZ71b2Q1nqyezgQ2rFD1dxF-yD-f7oTl0tBVi7xiL9HeErytX2uzealN7wydhawfbjyOzGPzwpSpt0eYwtqVdcBfm3krRSCEGcdSQLbxvgJWd1A4LkRqdFurQ4fXMPMXVPKr65AF971vkTN2J8bjuQTlgO7ZtYf7DzZE2D1oXbSXg3FJ_0zQxYkvKlTpyd8-8La_jceyIeRSArXoROGYztgfB9yhktUo1QzT1qSFxZMqoJ2Mcjn_xajrz1c5HwHtafVPkAWXd6hDbcOPq_I2dtxDPOYRUPsStJ8KP7ff5a-ricB1Rr8V2eGyFXRMN_G79bupwoVW7aCeOGIy8I7oSMEn7lQy3PAmaMYK6Jyn0AwNO83fgJAOoiXD0U4mG74rA9P23MVtjSIwUth7hUqlqUBU6ru3l75VXHCEb1Lh06VKgrtxoqp8UQ5aDcPbFy8nJzlcFn_qx0Wcb1Nq3B9EFxd2jpmicZBRgpJWsojJOOH8YhKtVofB4I4-5laLryN-wY8W2zAPPnNFffk5y4MnPI_CuRTeBikIE8N3HPwoFfl7EicAEFgh9I2NLmc5SDbDAWzTDI-a2d8Rf2eg1TZfok29lWi2Y1mob4M74T-Z9LBurC8QQ3FcCMFd3H9jLvm0QNVb5at06bFJBqvVxNw_VnlgXrqnDOsg_A4lg3tKDx4FSGG7ep4bbTN5DiSKVC1XuoYg45A3k36D1pvECD7M2UnqZBVRuVz3eR9yxH0RCghNbwcqGM_h6rZeX5cUGlYlHz-8dI4zWTfzTv2RwXuPSOWTuixaRQLHn1G7Vy6Ki0fi-Rhx9hsM5TT4i9bfQA_vF7GZIlytzEd2FvevHH8CfbvrbnJkx7q15qEtLVVp_9Y4cQ1ZOm6ObADsIlpqkfRtTbf9GgG0uSvRVKYyMDYY_WT73twGVz7WVId2pqlbO-5z5r6bh-RWkxVZXwWtJ3jOeEqIMsZJoC9tBgmejTJFwwC1sGhZoqNFo4Y_HFTKmrrhr2xWOLDF7CZzrflaR6JAtLDNVOYzeYRbS3SBJ2rPGWfSEYReVhOI8bblc7yZrUB7-1FQqYb8sZnsl-6Dp9__kOR-GC4vG00o4ffwKortu9FBe6JpIoa5MIEtUqDsUstA_2pk4ii5RtAb9OM5p9SGkS7ivCwxilumepHXHHqfhK2-iwok5WuZ5g3Xpx2eGg&cid=CAASEuRol7hSs1uCausB65ZYJ0IV2w&rfl=2%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%242%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%252F%240

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c6332686191be692c9e3123f851619c97f699084560e4370a00a8d1b5e5cb32a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29922
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame AE26 42 B
107 B 18ms
17ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ATjI-E2oawtSaRR473638oYjb9vc0VaJMIcLsDEsqgd6hOeMoip7ED3bU0lZTG6svVWYXGCOk60_9Ggf7Pa0Rxqdn4wBgdPu7hePG8PiDh2IQTRUY

Requested by

Host: aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com
URL: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame AE26 3 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/window_focus_fy2019.js

Requested by

Host: aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com
URL: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4af635698cb6488a8df86b99febedbc979c76e04f675f3a9cdc66f7b4d86aff6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 00:36:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3707
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1470
x-xss-protection: 0
server: cafe
etag: 9165589572046851897
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 00:36:42 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame AE26 120 KB
37 KB 333ms
44ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com
URL: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eaaa6059ef4c9ca12e78fcc03ae77ad4cbf05dc73c1fedf64b28a632868bd829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37344
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1635161763799786"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 31 Oct 2021 01:38:29 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame AE26 14 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com
URL: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7155d8dd40ece849d72213770b3a5b84467de8c6cab5c3bda3266808502cb69b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:32:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 356
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6337
x-xss-protection: 0
server: cafe
etag: 7721474052657771746
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:32:33 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame AE26 0
0 17ms
16ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS2HwIMezU1rnLhn8CCF4KUB0_LHorB6KKR4ZB0nsqYp4af4929NwUhVOUJIqzPHXpYJ6YHXULq3FaQe40O4PuWmceqAA
Requested by: Host: aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com
URL: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame CA69 624 B
340 B 18ms
17ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYhs3FlQEwAQ&v=APEucNUxjOFDVDvfhbSVnW4peWp13TtX1OiFhQrHiAGt0ZGeI88ZZZBVQYSahUKx7CVMkk-dSHrtV5DWYaIErPCLHl2DL-WD5fjhRKa2OsXmXsClQywbKslsr5tXUurgtlIADXmxOeiQaEgRjclUO4w1oFxyVc0vhtaK_5wdwy7Cm1fc2TPQoOs

Requested by

Host: a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com
URL: https://a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 31 Oct 2021 01:38:29 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 6FEB 26 KB
13 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DzYwZMWYxsAW22tFp6GuIhP7LakP-SnpoSXdfC46D_gOo3ECjYMIjUNkUsUnKIiMrUlqpoVwrzOe-U01PvNoPzrqweSqeHaYzCzacaqjtn10x30qMJaPlikXjymkw87aDS6EA_r03qSvc7LOjXnNRSY4yUdg&cry=1&dbm_d=AKAmf-AK5c8y1pf2fY243t-R8_xi1aDUmKLHlS0uEs2UZ8OBEy4oNyQcUmO0QDw2d2BJ9Lqz6uF9T-tG9qWAgHj3YF1sZhhGx1JFgSXXKf6UqnE5TGHdBjyJflsI0giU0cDxeDssI6IV5LMf3m6heYKqzUcIXc0kwF-VSkkcpBr6iQ2ykh630KeSzkCvRdO01JXgPIbL3JKyfD9DPt0erCfn3p4Iq9HZltTLYKrXhpdYCY1z2GxC_etbdRBvKUiyUDy3mk18Wt1jo5CXA1FfBPmYOBfXZINNMVnraM3_2uRc69qVFX4n5rNuduFymatSOYLmhXWHOzAiHRMg33Qi9k6HIRqTpJFJLSj22KOW5lLSr0Av4QN01165mnjiPCDzvFj1mC_CajywaK_FcBZstXOwhM2LIEdYd2sciLqu9uP4U6HmEEt-vJgUOXWCF33I-ODaibxI8daDf72FSNRBRZ6b_lTKc-dgaI4eICTK3bFCTG_6lp9aORWmCe9Byk8RFIhviS8V01fYn4lx78XSzgOI-U8Q8V-N6Zm5DJ5_bETN3Ayu3ThQprchh9S5WoPXrTLHbidsmYqD5lcDxFmZiboi2achvRQYE5IB2OEDj4zxjLahcovXmoVhOKMGYxX7WHSK0ZhPeoK-G30PUpem7chMZtX-wW78WJxC5TB0tAVS714zkBD6MkkXj7N_YglsMGC-jKT-s2U5Zorz6lJL5fRngvJqvwY2stYcGC3h1j8Wny8hTW8Fz4AMU2STGA3to7w5PZIYhqskaiFuG9cQwwCH80xmlpVgqccpT1F6KJEN2QwdwsU-p5orPvL_9B7l7nLz4kdPZWg5qSzvM6h3Wkp_78BHWwCTBEmG6qUH2_ZRR6EmiE_tebo7nrUKuFwbk4w_H2DsB2PVzF76z3DbFvChzY9xIUUPolvabkokgg0MXlWzTp88Rui1xJYAbUa6U-UtlsAvkM7VFWnew0Kwjbq7EkLPQo9bma4jt0xDnsJGEKDjJHmCRnLxndz4qPsyKqcIf7HetvgAHQ53m_2IYmz3_aC0e2_ZnK47G0udbdyRPsO0pwU6RKS2S0fkXdctLX7raMZfL6tVeNeAEibzm9GA8XlytkkQwqvrZ84DwHolRUeHGT9YJQxnbsCiyiseh4Z3ORfmB8XwGav0LD24KyMZdHCOLqNPRqCenvNve0V7r5ZwvkLWJeNeiGqhLGcN2-VE4KL05heWeoW48ebliHRIV9V4MaTk_DL-2MEaZnw2u7x3w6_KfhkrieAcUgoV8HDoG89MN7C0BFR7aJhRcjk3S-62gZ-TRR8rXxAi-_wNz8tvUDaqwdeYoPpZHDJekttVfDMNV_g6ci4l4PcIXf_imWk4iXu31FkRu0SLWbtQDTVPBKDYqV8tGOkqb57MdDDuYdGE1Ff_AdFoixoqohSqP7ChsiOS282-BukkgHV0Cn1niftKCO8h1zCqM4cjmlfogT0o3V0eSiXapXrIdO4F_gL0UP2ISjZlNjkV5N3uNJ7Dt7kBZuHDzdMDz-2V2MSg5g-m_vlCxhPKjNBOayVMa9KA3gs1j5jvk4zIt1xewLncSFtiEabw4QsCH44Z-jCRJ_B_47R8lwM8L_d0suY7PFHCL8JIWJuR3A83I2dCkC6vNcnoJXzYcfYXkaYEwMpt6z0uP8etMwzq22KH0dKgQWDe7uZtjUH13iRx8W1Orv-dhth4LFbNL2GFl0O7zvCPxinh77ICiO85HCtOAWMJe26XT53M7x87UgAp7Zh3Sbgim2BUgSBmo58nkZKkbIpTeeSg6oRSlq5PfVbDptbY3ksXPuh1uuwclaZiSrdC1j7HcFud2NNOumDMk52pSuiBPhK2PdedIGbXy0Bmeq9Onpmafoyv23qkAs_e9xELJp97plaS-tEzcdYbzMQ7Rszh6V87RBQgDnUn1_24eLnLQZN_PIkxUpTTbo7CUoCnqfpP0oeFiihCe5uREx7zqSdy7UYfRpYVmV2vogjW6Sq6M2WLGaTDYobGlRqoBvu46D03NnB1_a5s4Sm6kxqg9qfSxggxsgiZe-pmsZZens4I29heqNkolL5O3EzsxK22o8UtpxrVtBtPCGOivKGTWVvdMa1M1h_g7jECIEN4BAwIXtcoPOZKX29p1opjdTdFd2P9V6_SR-yeOMzxBm62TQqUA6nf2S_Xz6vPiNox73uC2xwx3r_krixBnJ7GusAIUHpmS_fUfe1Whsw-7gl5LxvJ-quHw77jnBQTtpI5WKnbGpoqicF6xHcLaywaLYr6lX56-7QN1Odrxza8PRrwZtjWffqFfzuZaYtqDexgE0GbLChKDNLtqug9ayAkanCHuLs6PaADxIOoMOweHKt7EQXH2XSDlA849_DbTJBiVHqorrt2Iv4k2NRYQktTjiieGpYNM3Feib20hBQAmvEiU53OT6SYL7JLV3FXoszi4IihcWMWIKepCFMZQp3uGDmzpGQimRgUeoibbRjL1pNUHjdx1X0kF9Prl9dbyz43A1fog22tgi5A26D5wAYHgEV_mbEWIjoHKRI40mlTdyxu7dn2yUpNzrjbuh1-AwBprpSNsoOpwZLuNabcupLFEyu6x2qN08vcl2501b55y5RwlFMXwmnTVz_Q64GOWmMu9SCehLScs3SCmXbgHYO_MD4ASktmttGllsyC7-CuA57-6t-UzXuD84i8UTiaV5LHVSLGA5ovzs-HDI-BCA8eTGWA9k3gDbh5mvMHF-i-BPwdVZx9WTsSmV_d3zxp3L9jfR5C3XCEkUJxLRrKtoSXjb2GJLJlofd7ESBBB_ToncCWRd06orh-Mx7pkHaiN1MsQhg-uJMhwtSipT_QjPZ9hHl-l_lnoFef9RWbD40atZFVw4ZSARX8DlfvN0Lyymn_OdU0NpIwMkJ8HQ6H8Zv7IR_09BU1vrNDfmYzeyrbnG6VI27mZWlUmrLOUO0HF5Vq8czU_9-iGtJcVqe8I92CMcdj4g8yLqXMBjZSI3P-XWF7ZsO_ZKOhf9zDBCi8BIIje3TuJDM8OSBnML6mh62_IizUUBJ1aXZuAvgmtWNJGg3k_b1-bzdV2jQWySwanDtwvEJbRN6WK4SD9GaIhOQXuhi-PWkv0rTjGkXeDjBiIm6qKoSYd4hhQbUMkANIB6Ov1eYyi6EOn8s-1_ZZa13I3sk9xav7eHFvjZDnnh3D2bXW0J67uMXJDHFhtVoiEm97bVfQUqUFOksz7ayYPi3jIafcJ2FyyCFNVWaHSNAAm_pFVFszP79v2JGIHv3RjMTk54uPxAeNsbsBtXNxfWrPMLnAfW6MNPhI7W3LR6qcF61HboccExcnyrkUt50PlIFYUERo7N01kIF1JA&cid=CAASFeRoWHuknKQwd3-rRfxKul6Pfpqp1A&rfl=2%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%242%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%252F%240

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e12f8dc7ef1dc835c5ff78bf2b0a5dfe3da5804498489494fcf095ef61b72303

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13694
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6FEB 42 B
107 B 16ms
15ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Cr9RaR0tdTViJp5-mIYMw8vSPdXDhS_epbBjvzHUVokOp7NTd8xqUNziQ4rTQGn7Hi9K4XzulA8LK3ll8ylb9ryIRObzvntLxIS4wGOgXlCQgkPkg

Requested by

Host: a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com
URL: https://a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 6FEB 3 KB
1 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/window_focus_fy2019.js

Requested by

Host: a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com
URL: https://a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4af635698cb6488a8df86b99febedbc979c76e04f675f3a9cdc66f7b4d86aff6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 00:36:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3707
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1470
x-xss-protection: 0
server: cafe
etag: 9165589572046851897
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 00:36:42 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6FEB 120 KB
37 KB 306ms
39ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com
URL: https://a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eaaa6059ef4c9ca12e78fcc03ae77ad4cbf05dc73c1fedf64b28a632868bd829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37344
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1635161763799786"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 31 Oct 2021 01:38:29 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 6FEB 14 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com
URL: https://a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7155d8dd40ece849d72213770b3a5b84467de8c6cab5c3bda3266808502cb69b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:32:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 356
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6337
x-xss-protection: 0
server: cafe
etag: 7721474052657771746
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:32:33 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 6FEB 0
0 15ms
14ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS6K6y8CMX0XpUaMw2d3dHPBg0QEnePFlAo6R3KSdc4fEMda836OgT61BgwHcnUU3LyctqjQH7aOHnhy71Pmkvo3jcAtg
Requested by: Host: a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com
URL: https://a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6C1D 640 B
359 B 20ms
20ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CI2fnwEQxLOfARichL23ATAB&v=APEucNW5V6g85ThJGsfeTIKdflAUsy96UeG-CIsS0CL6yFIsRTLp2Z90I21N3SvO5MVxwuaz4xABlMK2tkDbzeRmnVR6DdaDFKzsVVXT2d9G5T70Aam5K5W13dpXXR4EV_bEMng_gEgJXWlkM5UBcI4rKmRV5uQ3ZaNqz5AfNxlZE7V4yJP8WqQ

Requested by

Host: e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com
URL: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 31 Oct 2021 01:38:29 GMT
server: cafe
cache-control: private
content-length: 295
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 4F2F 76 KB
30 KB 78ms
78ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BHEwgJFyDPz8LWDALu05U0ga_LyduUcl9xBaQG_D-zP4KN4OmhGpNoH5QdaZntgrvdJHANVL2QFDMrpm5lOPeUbG8x1Y2DEZ05w0dfjHHS1RbBANNC1adMpnDmNS9zDQAdYiANQFcXFYS0BHm5UDiSAxuZTA&dbm_d=AKAmf-CiUfdJcM9T1aFEGVP0eB-1hQyKV45cKxdGK86GbwpCRxFFbav-8gDin2zjE7gWY5tqrjZkqJ4WeswnLCUqtJ6HUpJyF3_Q4Y_YCe03XyhQakrBUoRF2hmSX3S0R6KDjYdPJUaLjzyTFYpgcWLPIDvJTQ72wAq6amBYa3_rsLYZ3-pAaWUniawWNzsjjvqEsm1ye4XXumdvEl9m9mqXtm5wDe-uFR7-fifxxSnUtmSUj77-vy7uNLmvgLUtAOQrDxBh1j4ioa8_-iVJndOvho87qAa4gLGOS0m3GSGZhWctI1t7983Zt2wlhuOLwvYw3UdXveIcDMpGbAnNtoiPhDuqUCz559r4gFcGjvWHWGzKVz0i1FYwB4VNRjFIXTjiP1t_v2rtSZTsaHr1Au7GdManRnRiTO6BZ4JQ1vygMSQ-MNiN42w_8cyD4vfhjtlSLxLa6AoF03xssUgiDGzD7WiIIHfoB4oyE5RxgH9Tc4gOQ2V8uVosf6fisA9sG0MMlLnBwY7aBZJWt71PzKEbBPt6B87fndhy9u8IA7BkCTEJzL6O5qS7b1Lf52mwHUK2--JfIo5PjhpDw4hYSf4pn4GRnbPvXsB7_WP5J6U56yuf25tZSTYqRfuLR1VloEGki6RT3nHrON_p5iDho30LNOqUDAWsY49tzaUuI4h9OTODx7Vg6xVrQ6PKaovkPv9XguWyA2gwPscnBmhsyxitxEXBaZCgsxBG1xpo-qCj4Igtzisk42lgd1UY3H7FBPJ5ajxw8FQOB34_hsXvT60ko04Hi3TAXRHdIdzBCu-WPN_UsdsuFaYPYfvDkw9SDHTJZH8ika-Wm8MpSJJakQGaFnZ4Nq_zVhHp2RY3f4GUqnZcPU0HlSz7EFUruOI_t7tAFX7VhmrKC84waXrvvsui2y9uVJSrIxzK8hbit1Bn6YVTtXoRzxBnhFz3NM5Cf1T7_KvM7RYzJFOfUXSMGo2rGSd--cMKHIQrTSVwN1a6hw0dbPNyRnrd9w5Oj1lPsItAZ1AdCymEwcns5v654Wdct9E6KIkjRh-oAM1Gn30sIN8vIzvfvpUSmpDm9CaKbL5F8EZ5XO38pTpz5IO5bz0YkqUlGIAMuP5_OAtW2oLfmnyWJ5Sc3F-Yfrx_WDuX-EbmlV7ImG5wZr2dkuN-6ia9VDYjAZLooHqFttxjVvLeH6-c5sTuShmLf-qu4YmsM_1K1X1U2H5WVLiqg_B_jOVqd4P0a1qtEdy65sCVHNHb6AocW9yqa2Pq7_rs7a046ZH55Hrhmu849dHb8NBkDkK6RMRJyQjbLNJ93_OmIU3gBFm59zTz6A7sKmr8-hzsKRMatCAZpCKOGGdxmp9tW5xBBaz-3W3X9bg9Nem3Y3JwaDsQ0BEpnMKFMJHVMgc1MBnLz9oudX8GVfjOtCAJMzkqBLmJDIyB9yIYSYUGaQvzPHoafw53KMlZmjq00DPhDGL2gPwJJci_NjgMrSyvya-2wxYwMUYCEx0U9dUPNC180i1ZT5x3K5w0mZhz4ObCxV6WyPcwTgjh6pSWtbg9xacBQ4xJMinVB8o4d6ZgDs5frmOeFrbewEdLr2ENHrPrnhyaN-VHSiZsPFW7_Hs4zBj2sc1kEkRX5s5yPOiXIv_nLEGA5VWZlaNAEJ_r4Gk8sQwLOTKWqmlXHSoWnc3MF2dLV7kFkpf8-AWxxcZ3XIUmayxWiE_uOKaDLl6PUutkKuEV_64zoFmQ1FiUnJK0qXJvcbmNnpGjArVtT22BilMwOnZg9AQBe7dcS0_ubLI6ok9C42yoIBVy1c9PzJFQKo4SzMbW487sJoCh1F9Hjp2cKXBCicvQB6fTNlzwvE_tTPEKIrb3bJiKisu-HDKHaI_EjtFkfj922WljgDb1srUYRkvq4BWCnbabnbqhOykAccd_XE5P-Vaou6hlzin5SwJ3DakgWDLmrTmuVslViHEg7waC8u6mo_-kJiMUY8hfBxsMQE7UYVgKK3yqsV9HpVAQpZAhu1yxaDQG2PDFaXgTFmgTBfbvACFm7EGG7A7MzVZGv3damhY5sETER9ybak6TcQlccrg3fSxAzRwHA4eURk90RDk3CvtO796n9Oijey9njcGugUYum3gwGjpP9deWzHXotyFeWFZM3iPjhfDuujGNSryGbyuVr0mAIeMUXmKb8gdhE5_jeekIFZRLVCY5ZGd1dlCIuois9xYxubctHeJO8GwJrwaUfVDjNbf60lNHOBmytZgb89a8QzEKD8i6TIeRC88PF8oyRXzbE-SCwPt6cX1YQWLyxhOKaKuuyFcS1t-TnvxUjkqphYMng6RHOCKt1ENvJ_G871bL8yyqGIf7dY801l3HnOqou0Qrqb6LB8EK5pcFefIF-YydedvkawkxhtTNqy6dnaLsnf7lLs81Xs_FmwNknW-Mg2e1gFshvQT6viuoueqhKds2pYlOJIQvF38vCjcKdqIlbRLuV0oJOUMMoHMXOd6WI6Kj6bOga6SgdcwjsKrP9FYKb6-5F1oa3DMbMCaPSpArPemCY0KqSZx9l6ul_h0vH_BYru9-imc7kH_vhbYThbuQsnl7Y5ot02NaIhozYIuO4DW6FN5zDVQ7CyWo-TU_-1L6xZtmENksn-ZZCCOhYOd5ogZB5KaWyFc8sGT6HZvDvrLJGQNcY94jWl0pd8lrr4FotFAwRfahU4vyAbFtkUjoIPSZQ9_xWUnCrngCt22lp71aZEBarZDP-mb0BHzLkE-uJpzA9N7r4COJRTJ--CW_pzwMnBhLuPc3SrnGu7mONWccbCKXUC5lRfcFR9vajA2Hdd7AYsp0jLO7KHnaL_9bOdcQInufFPCAofU5AtGnF4mlEFvVY-jbVNMW81s40-Q4nGKvhLr4Zy9dv7C1AaXOgCpjJv67ujXrpE0g0h4Pw56_Dv5ALK1hThWQTLKjbAA7bkdAJnFVR4UqevbeC9QyiCp3xEzYIaSCOBRM90TG9mwdZZPAUIENCjuhWJcMvBZCSbhZS9BnLdk8fgefebxtuXyQ48Tzvgz-NyRQJF95593Utr_Ju3jWE4_NLevygxPslvepYbPHVrtMpuQsFW9RA-hBXDhWq79HwQFKNy8FePNvBZ25O2JaTzR3XBbeN6wlbO1Oc5Maoqj-1HnWcU60eOz00nvItUyCtw&cid=CAASEuRoB_KC0vaNTo16XUvSNre2eA&rfl=2%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%242%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%252F%240

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fb1ec483c57494c1fab03ad45072746064a7fc84fe66d8c1b07aeb1edf3c6acf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30541
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4F2F 42 B
107 B 18ms
17ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DYC7skDrWF05QKXbmeFugJwoXStnZViVgnRtBqBiMni-MmjEzXA9geiUTLqrKy-zgBuG4rmiO5WTka5ezGFFSIFSP4-S3LfwEa02me8Q0-z_byUic

Requested by

Host: e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com
URL: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 4F2F 3 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/window_focus_fy2019.js

Requested by

Host: e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com
URL: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4af635698cb6488a8df86b99febedbc979c76e04f675f3a9cdc66f7b4d86aff6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 00:36:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3707
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1470
x-xss-protection: 0
server: cafe
etag: 9165589572046851897
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 00:36:42 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4F2F 120 KB
37 KB 301ms
40ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com
URL: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eaaa6059ef4c9ca12e78fcc03ae77ad4cbf05dc73c1fedf64b28a632868bd829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37344
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1635161763799786"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 31 Oct 2021 01:38:29 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 4F2F 14 KB
6 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com
URL: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7155d8dd40ece849d72213770b3a5b84467de8c6cab5c3bda3266808502cb69b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:32:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 356
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6337
x-xss-protection: 0
server: cafe
etag: 7721474052657771746
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:32:33 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 4F2F 0
0 16ms
15ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTFfsqSfZjXRwQzBgdb5ZIxo4xkDaUc6DLJQ5zPGN3JRBkmHNP65og4fo4ZWxYcUv4seFyMUOGOYU_t77vxzKfc9CF0Rg
Requested by: Host: e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com
URL: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 06BB 12 KB
5 KB 9ms
5ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Sat, 30 Oct 2021 22:31:15 GMT
expires: Sun, 30 Oct 2022 22:31:15 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 11234
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9EBE 783 B
741 B 20ms
16ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b27a895783d81dc3f25cbc7c638264fdcaa56844aa8d874aef77fb5cdc80c9fe

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-mYV8MKJy4YYzRlyOCT3fug' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sun, 31 Oct 2021 01:38:29 GMT
date: Sun, 31 Oct 2021 01:38:29 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-mYV8MKJy4YYzRlyOCT3fug' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame CA00
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
144 B

23ms
22ms

Document
text/html

2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 31 Oct 2021 01:38:29 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 31 Oct 2021 01:38:29 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 31 Oct 2021 01:38:29 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js Show response
pagead2.googlesyndication.com/bg/ Frame 27DD 35 KB
13 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e7b8ddc2df8ad1ef42f7846f30e92a666b4a79d319fa52405745b6c99f4abaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 21:11:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 275202
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13394
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 18:58:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Thu, 27 Oct 2022 21:11:47 GMT

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame BF62 0
0 25ms
23ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021102701&jk=2878135317469018&rc=
Requested by: Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 5122 12 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Sat, 30 Oct 2021 22:31:15 GMT
expires: Sun, 30 Oct 2022 22:31:15 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 11234
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 3B1C 783 B
738 B 16ms
16ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0b0cde6cfa913a4ae74911c4638f0ec6898d21f4f733f7f6bb9b14a04a6d4924

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-kILf16EZapNvgWvpgjGxoQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sun, 31 Oct 2021 01:38:29 GMT
date: Sun, 31 Oct 2021 01:38:29 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-kILf16EZapNvgWvpgjGxoQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 1C63 499 B
381 B 17ms
17ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKCQWhCBwFsY6KXNmgEwAQ&v=APEucNUy0SyErKG2gepoGV75C4jY5s9xqhoq3LENla5dZD3gs0xmlMl_kHu3o7DTzKTThMZWt0sg92M1l3xNn4ax52sOXGCdT45_isg6q39b4s7CXkVfAq0hNR7MLnU75rYt4RqIs524F3-vEBy8jaW6QvshW5CfkzdgzyNb5iT8BoFc5ljKltY

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=90&adk=1365112950&adf=133147881&pi=t.aa~a.851278768~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x90&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=1&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x90&nras=8&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=4414&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=9&uci=a!9&btvi=7&fsb=1&xpc=nkL63vxrOo&p=https%3A//gruposdewhatsapp.bar&dtd=30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

583eda12fed77c078f7391866e53eedd80aec5b9b178a3537a3c4c3b09575485

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=90&adk=1365112950&adf=133147881&pi=t.aa~a.851278768~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x90&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=1&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x90&nras=8&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=4414&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=9&uci=a!9&btvi=7&fsb=1&xpc=nkL63vxrOo&p=https%3A//gruposdewhatsapp.bar&dtd=30

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 31 Oct 2021 01:38:29 GMT
server: cafe
cache-control: private
content-length: 313
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9972 78 KB
30 KB 63ms
63ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CBTy8oPQjA4ePcQVunASW9SyBnGqdJmCCc3nJPffyykoH3puPFJOtblfa50XaxxvRfnWDrk97LGDWkQhJ4QqwkazmPHTnEaqE_Lygs8dsL0FEjXk0VCOXLp-dsuaQs9gNqFER943yL6lu7KR6cVI_dBw_dBw&dbm_d=AKAmf-Aus6z2jyxx0OrX3fY1eqUapiVDByK9U0zzY3korV0gvNF6MRkKiKPolxMSnLX29ykrLoBrJwQiKJOvlxrGdXO4QeNPWsRWH2EuT7htFHPUeM8qzf-wq2-OcBXtvOsE0W-6TA0__9LTYMif7oIU0Ksr82it8aFye_Y5GfppOlEZBM2kYexK9mBPZZfdzX1Zh18EokUqvvEGNHxUny4iQgQyadntfyZWXHkOgGyRyjlv2SNL9j7TeONq49bYzS5orFl6FNNkjtnuL_Y9OszPzfbyH6ElB-QG4w0uq3lAsj0VwduajN5wBEhXXg3Fjq6f1NHaGRQGuHUzXp9zoEiYFIVbr2aP094MFO7WpjdQv-nvr6b-rkVKndoFiEiYxdTuQJU7Q3dhQV9WXuePqVOkczYajEclLO8cf6AHsvi_pOKplin7dDbE7jAn86RSY0DKTSpF8Vzj5gvW8CF-gwUZ3GdL65e7O0i5coKgsWcjdP3PmzOLt7GwXVMt7u3BYsRNE_Pkgaazqie1hc-zGKpjn2cwHL_USNwkmRD1dPdQngeb62oiCZBv0GDm_HUHCtxJ0euZR-iyvLz1C6yHkla-w2IGVLd5Cyvtjst5njmdS1w8wC_6qBG1Ue4q2GT4bpI0rZ97HsmJJ5I0HlcrUuYsgfiFmXcc5drul5nFU_9jJMKgR05ZzeLKx9JIi3lZ8PWZGRfJAhpoTNitp0s42Ys11hG_gclg_jMaCEoZNeI5Qf9HzVIGMej_5uQgm6XFWFv61YJn2u_b2DvkD4D96Yi0WNo2PVOsvOrP8jJ-J9zd33EFTzT83tV8OLUizqEmtAuaCUacPPg_2aFP2QJ7if1KPbOtCt2IyhMDRpFrVas5OYywlmkoQ0c4dfPxUcoAnycqDzVYiVIjrw2O4PznSfxT5Gnk-T3UvZ-t1gv0sNZiKoJIYxcys_8Oy4OzPZs2nCQIQtmSVUicAzVd6YFh_JbF3Zy5I_kmRJj3dO00CNjjoxCT8ulyEb2jQJqfQeYrNrTglaPCnpgzASi_3SSw6I0SDEZm3TKjmtDCYgZCecDr0C547Ll3DcejMP0oLBtTJruafCNTZQq0QobmEo8EgQVCdXIdvBoMWnBxwZwcEPPuv9Uxm5g0qOUSb6pN01iWRy_B83AKQ5J4qHXj9C49F-e_9dqNoS96ARykxsYKrYOj44EOcZ7DIFNEk_ZaU9BFRuYMDwgjlIT6HuCe6c62qMz-wwEeXd8yjCLGvb-GARtN_H9L4ktLf9zah_Q6Zqea0jZNjroXWAp34kuuIBqtuRoXstTLLlK1g9BuhloLt5XkxLQ0tZ411pQEnIav2YFspSy80ZnOWnAjnGttaIBMHj50TVNw6YTSQnp9Hb-58fEpLkNp6ZLnt6C6gyZ_3XUDWdi4-epdcFpH0nrD2qO81QNr5MTD4AY5AyZWuqSNx0c4N-OEYprsLCSTVOkVhmVX4krEBm5j2lA2h-pOUQbkY9MEp22vvVL4dykBPRttBb5KCsnKm2wQQN4ONzec3xhVSwSYCKls4qibDbMdZRljU8avQpyW1_ISkeTcn-MXPicj5YfuNGNoK_Vbe02bgTFWq8wehFYstdwhTqpttFDPUWODGkJIYRNzuOL_7t9kK_DnyyWmHFCrEWCA7qh2QpFRIeDhctTJTGawvNLVYi6GopLGcuc4U5fh4bhDMwBtLJl3a-gSB3jzRxFndb81e6AA7z6a7GqTOgQA3Lbl_TZ1EyrW61CH4QFYaS_EkAw-vDxzYxp876FuTj1t4y7wJm3REELX32kbI4_eIhmzWuKFqUCnDLpQlvUQ_o9vxzDwNHqsjceWhnBZLWuQn4ZqHYLKCLIln6FeDWO-7pmQVdVmSDRoVmZH64vIwHgl8RIS_NcxiC6WUbltLbT0HbLNh-8HtrDf7mbjjN63x7SEBz4Dx9hlop32Jb2p2VsbtNrQyJAT9uL-QQIMP0OMJW_x32daZiYvQ0WCPlezzJTWivmPlVPf5yomjH74MRA0yjFKfWuGCJ-wr6UAIFFHdof7kg_gpEpLr2w_DPqCcqTfrWL9p9OkAkMUhObJICDjbCAXShTF1WWUVzi8KGF_d4lE7-vs1RRM5LlCs2bPJkuiGwBQNZzclt5H86GLets6kH1kAHF3Kur7GHYkYKUV9naArDYHByUgeqOMKWrNYJMCP6VWVUYHQUYVwqPW8hIqWHeM-G32zKL7LLx6L6HakY-knvSrTVYdt4O4X2Wwp2JJb1VShz6-PR1rDdHusoGuSIBiiXLuhCso-oKIHAU_p63AWcDdBGhxXmQSCXtravdRukycKazFOYRwwFPnPQTC8dwpbVNShoEED_o02xfEkb_ns1sH8amz_ZF-DmEKjEN_HaurwJweorDKWxVjYPZFeKn33NDYmYly4faADu1oS7_-e_cLJu25LUcK2PN7wgMHbg2euMOhEWWROCztN2_iDc1tyZumzxN9BZp1EmRaJNY3bwmjG1gBiwsthWTYXF6T5gk1oG-sZtYtj0b4m8EJBu4WkusxTr2mGsP6SpxMqk4lqw7dANhMRQxc3TnHaC0teaPmIxLNmFZRDLTr-G5ggGoRTyYXjtynC5LLsXeBk5UvVu-oyD-1M7i7BHuLEHSMkq0nYOK0GNPoPr6AUVkPBs--9IxaIswu9ajSD9DgJGgsmYrXnhzm9siAv-_reKpdK4A_-shn0ITx3fJVC9Up1b00fr7XICC-yonajuKCvhifnXfNhPBRp27vlPukHbA-K_VZZMwOLtjNTGuRzre1SF7fxE4Q3Va8n3GlGow-KJ8hff4rWmZ_Wgx94ppx6XUQUd-dji97AUzlghAVIrcwoP6ImbxFANYO3smRgeBzcrPMANyr_zfjoThl_EtBJDInSY1Mdp6EFh4MQVKwtorFok4ZueBN-7Pf_8xFh_ssmKBKxNfWhJOZoWm73-k3FnKg7tvUVmLjHSwUmtmBvsdlOh8i8oZma5cYkmc0tNiM2rcnybYlgdCXgfDbAIBYvcyUYOwj-pd9GgbW0u0f4Z7aXRoNE4MX0LGNYYWRncLPEcxNRr3Xq6ufRxgTxQL1HCrZ62mWCFjXuepltnKgwuBMPriiIYU87JQ5bjKCddZ7DR6aSu6DkkR9jrsCT7YKSGJwE2oy43lIaB8iiXpvXi01OOk7ioPZnKJpq6tYNWukeduOi0YhTi0-mbdCoyktkMPoj0OAZvj2_OmRQp2AKVpCoW9j_BiOR0Hnylr4XP_ub-jd6Ct1V82Qkmzu1gG7d8STm_abd3DjEApWsViR9lAHVfxIUp8VEML5hBeRbrwqDH6H_K3R1HgJ_3oftRSY&cid=CAASEuRopQVwQZ74Hjex5K7Z-SSs_Q&rfl=2%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%252F%240

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

832a6fb3e7801ed064d4533e56f0d444284e8d92793a3184639425aced41fbd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=90&adk=1365112950&adf=133147881&pi=t.aa~a.851278768~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x90&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=1&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x90&nras=8&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=4414&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=9&uci=a!9&btvi=7&fsb=1&xpc=nkL63vxrOo&p=https%3A//gruposdewhatsapp.bar&dtd=30
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30463
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame 9972 48 KB
14 KB 157ms
61ms Script
application/javascript 54.154.149.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=925113&advId=1499137&campId=38981544&pubId=1&placementId=324227816&adsafe_par&bundleId=&dealId=&bidurl=https://gruposdewhatsapp.bar/
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=90&adk=1365112950&adf=133147881&pi=t.aa~a.851278768~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x90&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=1&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x90&nras=8&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=4414&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=9&uci=a!9&btvi=7&fsb=1&xpc=nkL63vxrOo&p=https%3A//gruposdewhatsapp.bar&dtd=30
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.154.149.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-154-149-33.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 526d16b4f5bdbd079227dbef6dbc47f8e7ba4c71aaa901394f0c0e77dd26a778

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-server-name: app14.ie.303net.net
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 9972 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4af635698cb6488a8df86b99febedbc979c76e04f675f3a9cdc66f7b4d86aff6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 00:36:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3707
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1470
x-xss-protection: 0
server: cafe
etag: 9165589572046851897
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 00:36:42 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9972 120 KB
37 KB 270ms
35ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eaaa6059ef4c9ca12e78fcc03ae77ad4cbf05dc73c1fedf64b28a632868bd829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37344
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1635161763799786"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 31 Oct 2021 01:38:29 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 9972 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7155d8dd40ece849d72213770b3a5b84467de8c6cab5c3bda3266808502cb69b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:32:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 356
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6337
x-xss-protection: 0
server: cafe
etag: 7721474052657771746
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:32:33 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9972 42 B
107 B 16ms
16ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ArLK_cMVyt9Bqx6ajAxgj4CgTOqdoxyBHN-9e0rSy1KCf3nD-9t-_AupQftcpqaCUyqb6AKqG_wsBu2f0aMp_oe6B1zYVf3UNHYBXTIQ9qo7pB6pM

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 5FA3 12 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Sat, 30 Oct 2021 22:31:15 GMT
expires: Sun, 30 Oct 2022 22:31:15 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 11234
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 8438 783 B
739 B 17ms
17ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

09afb3aa2916598b8cf8a3a0961403053a21fc846ef212574528bf62875cc36d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-uMlUtAHLom/yD3EVMVZfxw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sun, 31 Oct 2021 01:38:29 GMT
date: Sun, 31 Oct 2021 01:38:29 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-uMlUtAHLom/yD3EVMVZfxw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 511
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame F0BB 12 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Sat, 30 Oct 2021 22:31:15 GMT
expires: Sun, 30 Oct 2022 22:31:15 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 11234
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 90E1 783 B
737 B 18ms
17ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c31fbf9b444b488ab8ad169b089d4fbc3b6bc7ece221cfcac3c95f843ef72b33

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-bykRyPt2/c/f0gEalalGbg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sun, 31 Oct 2021 01:38:29 GMT
date: Sun, 31 Oct 2021 01:38:29 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-bykRyPt2/c/f0gEalalGbg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 510
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 053E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN1zOlrWV9GB7o-_ERgW138&google_cver=1

43 B
1014 B

28ms
13ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN1zOlrWV9GB7o-_ERgW138&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL3EGxCGqhwY1Lq4ZjAB&v=APEucNVZSEIEDCMLR0x76pEq2AS_fVM7He_HVDqqm1gmR0SrbfLN7wGWPxwIWr2MKi3hqd6bzQLYi1UHIJ4v22IrBNEsHKDgNEsDya1LxTEV3syjI0XUbrp4i7gSq8TF0Eoip0OiHnllwsX7fYRvD_56ANMkwzXFpVvax_ydBOGXmjzTfb-7Cc4
Protocol: HTTP/1.1
Server: 23.218.208.246 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 01:38:29 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 31 Oct 2021 01:38:29 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:29 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEN1zOlrWV9GB7o-_ERgW138&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 053E
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YX3zlbtJTfjVXfVMmN-7igAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECyDErByL_gaLrg0c_Y2wnY&google_cver=1

43 B
894 B

14ms
13ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECyDErByL_gaLrg0c_Y2wnY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL3EGxCGqhwY1Lq4ZjAB&v=APEucNVZSEIEDCMLR0x76pEq2AS_fVM7He_HVDqqm1gmR0SrbfLN7wGWPxwIWr2MKi3hqd6bzQLYi1UHIJ4v22IrBNEsHKDgNEsDya1LxTEV3syjI0XUbrp4i7gSq8TF0Eoip0OiHnllwsX7fYRvD_56ANMkwzXFpVvax_ydBOGXmjzTfb-7Cc4
Protocol: HTTP/1.1
Server: 23.218.208.246 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 01:38:29 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 31 Oct 2021 01:38:29 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:29 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECyDErByL_gaLrg0c_Y2wnY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 053E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEExwlYJ3XmWDXb2WIgQERjU&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEExwlYJ3XmWDXb2WIgQERjU%26google_cver%3D1

43 B
1 KB

13ms
13ms

Image
image/gif

185.33.221.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEExwlYJ3XmWDXb2WIgQERjU%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL3EGxCGqhwY1Lq4ZjAB&v=APEucNVZSEIEDCMLR0x76pEq2AS_fVM7He_HVDqqm1gmR0SrbfLN7wGWPxwIWr2MKi3hqd6bzQLYi1UHIJ4v22IrBNEsHKDgNEsDya1LxTEV3syjI0XUbrp4i7gSq8TF0Eoip0OiHnllwsX7fYRvD_56ANMkwzXFpVvax_ydBOGXmjzTfb-7Cc4

Protocol

HTTP/1.1

Server

185.33.221.90 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 01:38:29 GMT
X-Proxy-Origin: 168.119.25.193; 168.119.25.193; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: d89dd00c-1a24-43fd-937a-64324c55b802
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 01:38:29 GMT
X-Proxy-Origin: 168.119.25.193; 168.119.25.193; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: a0b64334-0b50-4826-bc52-7379fe13e67d
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEExwlYJ3XmWDXb2WIgQERjU%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 053E
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTExNDQ4NDM4Mjc5MDQzMjk1Mw%3D%3D

170 B
188 B

17ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTExNDQ4NDM4Mjc5MDQzMjk1Mw%3D%3D

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 01:38:29 GMT
X-Proxy-Origin: 168.119.25.193; 168.119.25.193; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 26c3935e-07f5-46f4-becf-bff0e4e64cfc
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTExNDQ4NDM4Mjc5MDQzMjk1Mw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame C1A7 3 KB
653 B 17ms
17ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211026/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 31 Oct 2021 01:08:13 GMT
server: ESF
date: Sun, 31 Oct 2021 01:38:29 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Sun, 31 Oct 2021 01:38:29 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame C1A7 2 KB
946 B 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211026/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1b4e852fde612daeb72f1f4cca801a99cc2730875048c5ac3faa9f5ca5854155

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:12:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1537
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 885
x-xss-protection: 0
server: cafe
etag: 638833322182864030
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:12:52 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/ Frame C1A7 19 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211026/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9098bce32fa311e967ba3bae1f3c4763801acf08ba95c67fb477f468e42a69a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:13:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1516
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7760
x-xss-protection: 0
server: cafe
etag: 2659786357195577193
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:13:13 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame C1A7 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211026/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4af635698cb6488a8df86b99febedbc979c76e04f675f3a9cdc66f7b4d86aff6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 00:36:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3707
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1470
x-xss-protection: 0
server: cafe
etag: 9165589572046851897
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 00:36:42 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C1A7 120 KB
37 KB 132ms
38ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211026/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eaaa6059ef4c9ca12e78fcc03ae77ad4cbf05dc73c1fedf64b28a632868bd829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37344
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1635161763799786"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 31 Oct 2021 01:38:29 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame C1A7 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211026/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7155d8dd40ece849d72213770b3a5b84467de8c6cab5c3bda3266808502cb69b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:32:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 356
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6337
x-xss-protection: 0
server: cafe
etag: 7721474052657771746
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:32:33 GMT

GET
H2 200 5193475774055ccce470a7af02e48ef6.js Show response
www.gstatic.com/mysidia/ Frame C1A7 27 KB
11 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/5193475774055ccce470a7af02e48ef6.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211026/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

024bf58839434bcdbb669f44e683ecbb58be25cde0d0e721d68031a67a40dd40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 05:01:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 247016
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11340
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 04:53:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="mysidia"
expires: Wed, 26 Jan 2022 05:01:33 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame F935 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211026/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 14:15:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 386565
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Wed, 26 Oct 2022 14:15:44 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame AE26 106 KB
37 KB 309ms
7ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/
Origin: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 14:19:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40725
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 14:19:44 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/elements/html/ Frame AE26 8 KB
3 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BB2TlP8KX2EOjJuAer0oQ4biZyPjmfdNJooYgU0FzwCSRB0YmZMOZ_9KmYrm33Ado97OteXkspE5RJI6x4_muAtSle3PzfgEK4SoNj7WzFd2lje6V7UCmPJoTxjLUSLheuoc5GxoHQDdjWyN1S3PB1XEQe_A&dbm_d=AKAmf-CeRauTrl4dH6tOxzk9GP5Yp-EnJGhAnQfJJfiFFsO9Vt6EcqZFTCvx02AdJTLYgUxrvheLA9uqK2LVOTZLiB4WbU6AHWk_pVcw5MMaREcaNgdDvyvTi0V-sKJ_bIMQwgog0Dy4lM8OzjLCxWZpd6PAKnr9CnObvuJUJVMoDKYv5WVqYJv8f2_RP_xkSVgvD564nWEABeDS7Syku-52kZpxkUGnE7Sk0qQPgQ5auKSWX2k93VRfofnF3oxb2ERwKsoQO1-ZhbYRZtTSy9CN00JZFeEnyrqnz2wL0ma7KpiXWUUKtom7xNs5Hh2YOACAQDkHlxg_10M5yT4ONSnISICmno5G7JtJfJbINIMncTnFMqZBcLwGRHFTxu1Aa4HGWF5a8UKFxdAKRiIdCKpya-rY2UfUE1YmenyHEM_g3LigVoE1F8QxYiyMT-sBSHCMfDwsNEeIRAmj9aZUE9l1sWyKuttbHCXmSTTpLZP5wPSLA4XPU8GWjbLbRIEzwXABBre8bSGyZp-vMekoGHKrmn5tt7CbrudDMonCv_NGbXczKec7axfD9-hTvo0nW6V2SoH3m0XIc3EiuoR0KKmZeOsPRk8FqAUKrr4XshZerH2EfjMRIDelHj674e3nCnLA7Bg7O7KytyWLNTkwEYz6h8QU2o9BMQqBgOmLi9BJr-VggI0EvKdTVuKjeRZGq5YSveIy_diQG9Sjbpdq3sK5SUuHXe0AsADa-iwVn6PjQz38A4Nz989kDH_Ty8FyjLoGHA2gWn4f9zU5Dar5uT1iYNxnITjMrIsXUPCiwfGFJC-MBH3qZ1nWT0CbmcJZXU9jYVjgPVr2rjbG2rB6bskBag3ANQQfThTtrkGJbR5H5AlJC2ynyK7guYgWAd6oHaUfVsgJgM4hyjHRBc9zDwGLc_RAm0CBL1_tjmIKc-L9XhR2Oxk65zBCg2yntbAZQYyQ0txm8-pteQH5HJn62QXEm_y3gwpTgIuD0uR68YaUn1w7LcOOuMgWtbpaWP0y_GirVhHkRTudHRp5-66bfdJRjZbbMxM7BVEwgjoyCmLzbJDQHhC_sBuTaUxQPuZsqkaI7p4w3NFqAuj-on7TlzFX_HeV1tlOT5qxHiijkTN8n22z8ge5iyccCpNZfYp7pL_5T2DBdnKUThfk3Zvd1eXM_i2pjTlbAkRcbMuL3WwtrSnvW8rqTO73AKHP1y_h5GlHQsHC2zqZnx_0hovWjcnE8pNMtbDdyLoj10o2HHWC-DAgWeAcd7r1miDoB30Mtz5ZFWjxfjQPo1vOkywBnUQByMWMIh4D5xDHn1LRMR7-34VaOguAHzs1flZ38Z9yP5DWH6trjRNPRFL_3cMz8gU0fIZid52hVHa6dU-V5p3nLLnF-8kf3Z5VEa0XATT267mQNiW31DnER00PzKZ6DXRuCyIfnkN-ATbRjmPSyc9eTeF-D044P2vWb-Zv85SsJWDkioSCNwfMpVqsrqOxjcWT-JQxEqC6ixguq9Jb1P0efwwGQatEVKsc_jiZMGC_TU_KPH6wbNbQCCrtOJSRIrx1g5SPT7FHKLszbGS4QgelZCxsu3iPNDsKsnPn3OaakL4-78GB5VcKhygJOp3gYTUEXvlTCVvgat9xVOn25-jEP_4XA9WPgaj4Jy6j4wMDfCyLA8OzEGyDbjAE1rGTRt5sE9eXG3UEENdriL7Jvw4lXfga_V1sHZldJm-suQbI9ClEf36UtVijKmnLKgS1VE9Yg8vCg3w_VW96MWQbuszWOGna_PDxjsIyALTekh5kT4T9fyYekBcYbrEwh0HWcZ5KacplP06i6KlkMfHV3IlwsLBIWaPS9ZpcK2_IhFYM8GjJpoOXxP6aaCSnyMIf5vxdNGabZXA6FG10IlrZ2jgiwb6k7inuUwP8DN3VeFrCmvGpDBoBZ8sARiLMU8XIG_2b6LKxDrJGeNtpqtwMKBLMJ9BnuqK-bCzV9pluZzWZBcGu2_tnh0tYPdTLmoOTGtFftFqOCVu2atZDfWVCYC8r2HvgXfHj6MamlUdpef8WQUxY9X8pOrhZOjk9QRYewYPon_muKQ9e8qYNHIUq5giGt1wxIwVI7T33nZ71b2Q1nqyezgQ2rFD1dxF-yD-f7oTl0tBVi7xiL9HeErytX2uzealN7wydhawfbjyOzGPzwpSpt0eYwtqVdcBfm3krRSCEGcdSQLbxvgJWd1A4LkRqdFurQ4fXMPMXVPKr65AF971vkTN2J8bjuQTlgO7ZtYf7DzZE2D1oXbSXg3FJ_0zQxYkvKlTpyd8-8La_jceyIeRSArXoROGYztgfB9yhktUo1QzT1qSFxZMqoJ2Mcjn_xajrz1c5HwHtafVPkAWXd6hDbcOPq_I2dtxDPOYRUPsStJ8KP7ff5a-ricB1Rr8V2eGyFXRMN_G79bupwoVW7aCeOGIy8I7oSMEn7lQy3PAmaMYK6Jyn0AwNO83fgJAOoiXD0U4mG74rA9P23MVtjSIwUth7hUqlqUBU6ru3l75VXHCEb1Lh06VKgrtxoqp8UQ5aDcPbFy8nJzlcFn_qx0Wcb1Nq3B9EFxd2jpmicZBRgpJWsojJOOH8YhKtVofB4I4-5laLryN-wY8W2zAPPnNFffk5y4MnPI_CuRTeBikIE8N3HPwoFfl7EicAEFgh9I2NLmc5SDbDAWzTDI-a2d8Rf2eg1TZfok29lWi2Y1mob4M74T-Z9LBurC8QQ3FcCMFd3H9jLvm0QNVb5at06bFJBqvVxNw_VnlgXrqnDOsg_A4lg3tKDx4FSGG7ep4bbTN5DiSKVC1XuoYg45A3k36D1pvECD7M2UnqZBVRuVz3eR9yxH0RCghNbwcqGM_h6rZeX5cUGlYlHz-8dI4zWTfzTv2RwXuPSOWTuixaRQLHn1G7Vy6Ki0fi-Rhx9hsM5TT4i9bfQA_vF7GZIlytzEd2FvevHH8CfbvrbnJkx7q15qEtLVVp_9Y4cQ1ZOm6ObADsIlpqkfRtTbf9GgG0uSvRVKYyMDYY_WT73twGVz7WVId2pqlbO-5z5r6bh-RWkxVZXwWtJ3jOeEqIMsZJoC9tBgmejTJFwwC1sGhZoqNFo4Y_HFTKmrrhr2xWOLDF7CZzrflaR6JAtLDNVOYzeYRbS3SBJ2rPGWfSEYReVhOI8bblc7yZrUB7-1FQqYb8sZnsl-6Dp9__kOR-GC4vG00o4ffwKortu9FBe6JpIoa5MIEtUqDsUstA_2pk4ii5RtAb9OM5p9SGkS7ivCwxilumepHXHHqfhK2-iwok5WuZ5g3Xpx2eGg&cid=CAASEuRol7hSs1uCausB65ZYJ0IV2w&rfl=2%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%242%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

67cf5c21bfc71ee46210832792237e4a6ccd99e5c7bc198b046a38c9167fd0ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:26:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 736
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3128
x-xss-protection: 0
server: cafe
etag: 3658073882064373855
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:26:13 GMT

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/ Frame AE26 24 KB
9 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/abg_lite.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df660fd3ad4168b7c32eadc3b588ee90334003a7ea1af3299536be4e6697fcd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:03:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2125
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9375
x-xss-protection: 0
server: cafe
etag: 6887285106501176819
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:03:04 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 2BE6 6 KB
744 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=909805614&adf=1512048447&pi=t.aa~a.851264418~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=5&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=3174&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=wV4BikZI72&p=https%3A//gruposdewhatsapp.bar&dtd=22

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 31 Oct 2021 01:11:05 GMT
server: ESF
date: Sun, 31 Oct 2021 01:38:29 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Sun, 31 Oct 2021 01:38:29 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 2BE6 2 KB
946 B 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1b4e852fde612daeb72f1f4cca801a99cc2730875048c5ac3faa9f5ca5854155

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:12:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1537
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 885
x-xss-protection: 0
server: cafe
etag: 638833322182864030
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:12:52 GMT

GET
H2 200 rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js Show response
pagead2.googlesyndication.com/bg/ Frame 1118 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad8b12962ae8e7b1e5a90d30d5daf381777909bcc20b06faa9d148b888f6cc8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 15:10:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 210473
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13232
x-xss-protection: 0
last-modified: Tue, 19 Oct 2021 13:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 28 Oct 2022 15:10:36 GMT

GET
H2 200 index.html Show response
s0.2mdn.net/sadbundle/4173881934964850688/ Frame 5DA4 65 KB
18 KB 28ms
8ms Document
text/html 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/4173881934964850688/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dc4a6f94ef60d217d41f440b35753db8a1af821246bf762c2aac722ded27903

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
date: Wed, 27 Oct 2021 13:15:40 GMT
expires: Thu, 27 Oct 2022 13:15:40 GMT
last-modified: Tue, 17 Dec 2019 13:41:40 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
content-length: 17610
age: 303769
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame F935 0
571 B 263ms
54ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvGTJaV-6UbzL7aykegGQ1Gjc_Mt85gPDqZl694sBpm4DZYigAeVU6sR2p_jAwkMqeEwPpMWMBiOFgQgkXHZ4chduSJxtObEBtDid2XTbLKnVPCjQ_8FR-6bPRN_pHrwgxtmJHOJb9DWqGhMCO7P9EEFrzu-MiukoaNne43eJB3Wtuj2Zq2e86Qs76nrTrrtocKphtXc7yc4kToPambH3-HMU-HyKzH7pISAw-DkH07tQkhJmKkO_tZvfw6V-N5baGf2hfke-YqZiMoOveXtIIgk01tayRYJk4lrwuopD8fFEfyHgJffzeG-rXNFVLOEoYNWnVrQ87IGdEtcKhFj6gL_0Y6k5gMCw6m_f6ADw2sUYto_WYpRhWlhoH4OdSekzeLgBT46J1XpgtNPHdW9Fzo56gPAEM9T-5X7sQMKyHJ6Blpk8wvO9XnxEJP1JozvbIVfMssYbQnAiKeQ-SrtMQLvvcFp_oz7HqqZq7bh9YBAronSzIeYVHs9yTTpP4Mu292I-8MbSG-atx0odQkxo-ndCH3S6A7unOJGphNzECAGufYhhHAbi6PUNrLMovAbr5v00kTXzR0dx7XmQ9S54WUXXIPcDusLgcjbKfHdS9SDd_OHu5mVyXld1PlhJi8N1vgj-NNm9KnWrWNBRM3PqfdHF4giJDB7tDxeyG_Gv7kveDUTwq_PduAysX8pDKKsOqA8F-cVg7ZEcIS5mbYJYkQJifyJsRBFGLbdYVY8P8yYTFN6OpxZDtUab8t-rKkHpY14sqSU20-8k5PiT7J_M5Zqn6kNK_1Oqe2OzF0rH7nJuxu8-dDslIhmPCQvghZDp0KeZpDaP-AONcalogeVVn0wXJYJSuxOfsT4wLzb_EKc0OQ7nrfIngAROI90nY1WC3Nw_9uAqmXUsPcMKExHETIzKQmoAbbvQn6t_jahn2A5OyyFF6JvpiHfFQOBVOPqrcgdV-3asP27Qm3iz1xUTciM2pwloZdp2ciaNndiBeV9_epiTYzFvmJY3VtQHw1IHpEdBGHDQGcjE020qI0k5pjIvhNonBCOEfOrSATm6O0-EvoXDLVxV-sVocUMxlDww_40RXZqOUObpM7ooIBrc-raelk58ZQ70ZFwCE2vAB_FPHbAwz8qlJzvZz4Re9MFjx_5LL37Z-T3o1hhfbLXUOC9oYe9qTjEQ&sai=AMfl-YSZJprMfMYhbpvt5xuYbTZN7aDh5bh2KuuXXK6a0oXxTZ-rQLGgp3KLSwLow5qj4hpG84Zd2bsfloQfGdO-nw5ZC10_FqwrIQy-rLQHbx_Y2SLTcpNDqt_Unv-usLgwOICLzkS8nGtONGgCC-3KiNKYZ_woD13u6E-Fywgiv7NOR_4FA0H5frY&sig=Cg0ArKJSzNign5iueM6HEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=257&cbvp=1&cstd=255&cisv=r20211027.75117&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sun, 31 Oct 2021 01:38:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/ Frame 6FEB 24 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DzYwZMWYxsAW22tFp6GuIhP7LakP-SnpoSXdfC46D_gOo3ECjYMIjUNkUsUnKIiMrUlqpoVwrzOe-U01PvNoPzrqweSqeHaYzCzacaqjtn10x30qMJaPlikXjymkw87aDS6EA_r03qSvc7LOjXnNRSY4yUdg&cry=1&dbm_d=AKAmf-AK5c8y1pf2fY243t-R8_xi1aDUmKLHlS0uEs2UZ8OBEy4oNyQcUmO0QDw2d2BJ9Lqz6uF9T-tG9qWAgHj3YF1sZhhGx1JFgSXXKf6UqnE5TGHdBjyJflsI0giU0cDxeDssI6IV5LMf3m6heYKqzUcIXc0kwF-VSkkcpBr6iQ2ykh630KeSzkCvRdO01JXgPIbL3JKyfD9DPt0erCfn3p4Iq9HZltTLYKrXhpdYCY1z2GxC_etbdRBvKUiyUDy3mk18Wt1jo5CXA1FfBPmYOBfXZINNMVnraM3_2uRc69qVFX4n5rNuduFymatSOYLmhXWHOzAiHRMg33Qi9k6HIRqTpJFJLSj22KOW5lLSr0Av4QN01165mnjiPCDzvFj1mC_CajywaK_FcBZstXOwhM2LIEdYd2sciLqu9uP4U6HmEEt-vJgUOXWCF33I-ODaibxI8daDf72FSNRBRZ6b_lTKc-dgaI4eICTK3bFCTG_6lp9aORWmCe9Byk8RFIhviS8V01fYn4lx78XSzgOI-U8Q8V-N6Zm5DJ5_bETN3Ayu3ThQprchh9S5WoPXrTLHbidsmYqD5lcDxFmZiboi2achvRQYE5IB2OEDj4zxjLahcovXmoVhOKMGYxX7WHSK0ZhPeoK-G30PUpem7chMZtX-wW78WJxC5TB0tAVS714zkBD6MkkXj7N_YglsMGC-jKT-s2U5Zorz6lJL5fRngvJqvwY2stYcGC3h1j8Wny8hTW8Fz4AMU2STGA3to7w5PZIYhqskaiFuG9cQwwCH80xmlpVgqccpT1F6KJEN2QwdwsU-p5orPvL_9B7l7nLz4kdPZWg5qSzvM6h3Wkp_78BHWwCTBEmG6qUH2_ZRR6EmiE_tebo7nrUKuFwbk4w_H2DsB2PVzF76z3DbFvChzY9xIUUPolvabkokgg0MXlWzTp88Rui1xJYAbUa6U-UtlsAvkM7VFWnew0Kwjbq7EkLPQo9bma4jt0xDnsJGEKDjJHmCRnLxndz4qPsyKqcIf7HetvgAHQ53m_2IYmz3_aC0e2_ZnK47G0udbdyRPsO0pwU6RKS2S0fkXdctLX7raMZfL6tVeNeAEibzm9GA8XlytkkQwqvrZ84DwHolRUeHGT9YJQxnbsCiyiseh4Z3ORfmB8XwGav0LD24KyMZdHCOLqNPRqCenvNve0V7r5ZwvkLWJeNeiGqhLGcN2-VE4KL05heWeoW48ebliHRIV9V4MaTk_DL-2MEaZnw2u7x3w6_KfhkrieAcUgoV8HDoG89MN7C0BFR7aJhRcjk3S-62gZ-TRR8rXxAi-_wNz8tvUDaqwdeYoPpZHDJekttVfDMNV_g6ci4l4PcIXf_imWk4iXu31FkRu0SLWbtQDTVPBKDYqV8tGOkqb57MdDDuYdGE1Ff_AdFoixoqohSqP7ChsiOS282-BukkgHV0Cn1niftKCO8h1zCqM4cjmlfogT0o3V0eSiXapXrIdO4F_gL0UP2ISjZlNjkV5N3uNJ7Dt7kBZuHDzdMDz-2V2MSg5g-m_vlCxhPKjNBOayVMa9KA3gs1j5jvk4zIt1xewLncSFtiEabw4QsCH44Z-jCRJ_B_47R8lwM8L_d0suY7PFHCL8JIWJuR3A83I2dCkC6vNcnoJXzYcfYXkaYEwMpt6z0uP8etMwzq22KH0dKgQWDe7uZtjUH13iRx8W1Orv-dhth4LFbNL2GFl0O7zvCPxinh77ICiO85HCtOAWMJe26XT53M7x87UgAp7Zh3Sbgim2BUgSBmo58nkZKkbIpTeeSg6oRSlq5PfVbDptbY3ksXPuh1uuwclaZiSrdC1j7HcFud2NNOumDMk52pSuiBPhK2PdedIGbXy0Bmeq9Onpmafoyv23qkAs_e9xELJp97plaS-tEzcdYbzMQ7Rszh6V87RBQgDnUn1_24eLnLQZN_PIkxUpTTbo7CUoCnqfpP0oeFiihCe5uREx7zqSdy7UYfRpYVmV2vogjW6Sq6M2WLGaTDYobGlRqoBvu46D03NnB1_a5s4Sm6kxqg9qfSxggxsgiZe-pmsZZens4I29heqNkolL5O3EzsxK22o8UtpxrVtBtPCGOivKGTWVvdMa1M1h_g7jECIEN4BAwIXtcoPOZKX29p1opjdTdFd2P9V6_SR-yeOMzxBm62TQqUA6nf2S_Xz6vPiNox73uC2xwx3r_krixBnJ7GusAIUHpmS_fUfe1Whsw-7gl5LxvJ-quHw77jnBQTtpI5WKnbGpoqicF6xHcLaywaLYr6lX56-7QN1Odrxza8PRrwZtjWffqFfzuZaYtqDexgE0GbLChKDNLtqug9ayAkanCHuLs6PaADxIOoMOweHKt7EQXH2XSDlA849_DbTJBiVHqorrt2Iv4k2NRYQktTjiieGpYNM3Feib20hBQAmvEiU53OT6SYL7JLV3FXoszi4IihcWMWIKepCFMZQp3uGDmzpGQimRgUeoibbRjL1pNUHjdx1X0kF9Prl9dbyz43A1fog22tgi5A26D5wAYHgEV_mbEWIjoHKRI40mlTdyxu7dn2yUpNzrjbuh1-AwBprpSNsoOpwZLuNabcupLFEyu6x2qN08vcl2501b55y5RwlFMXwmnTVz_Q64GOWmMu9SCehLScs3SCmXbgHYO_MD4ASktmttGllsyC7-CuA57-6t-UzXuD84i8UTiaV5LHVSLGA5ovzs-HDI-BCA8eTGWA9k3gDbh5mvMHF-i-BPwdVZx9WTsSmV_d3zxp3L9jfR5C3XCEkUJxLRrKtoSXjb2GJLJlofd7ESBBB_ToncCWRd06orh-Mx7pkHaiN1MsQhg-uJMhwtSipT_QjPZ9hHl-l_lnoFef9RWbD40atZFVw4ZSARX8DlfvN0Lyymn_OdU0NpIwMkJ8HQ6H8Zv7IR_09BU1vrNDfmYzeyrbnG6VI27mZWlUmrLOUO0HF5Vq8czU_9-iGtJcVqe8I92CMcdj4g8yLqXMBjZSI3P-XWF7ZsO_ZKOhf9zDBCi8BIIje3TuJDM8OSBnML6mh62_IizUUBJ1aXZuAvgmtWNJGg3k_b1-bzdV2jQWySwanDtwvEJbRN6WK4SD9GaIhOQXuhi-PWkv0rTjGkXeDjBiIm6qKoSYd4hhQbUMkANIB6Ov1eYyi6EOn8s-1_ZZa13I3sk9xav7eHFvjZDnnh3D2bXW0J67uMXJDHFhtVoiEm97bVfQUqUFOksz7ayYPi3jIafcJ2FyyCFNVWaHSNAAm_pFVFszP79v2JGIHv3RjMTk54uPxAeNsbsBtXNxfWrPMLnAfW6MNPhI7W3LR6qcF61HboccExcnyrkUt50PlIFYUERo7N01kIF1JA&cid=CAASFeRoWHuknKQwd3-rRfxKul6Pfpqp1A&rfl=2%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%242%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df660fd3ad4168b7c32eadc3b588ee90334003a7ea1af3299536be4e6697fcd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:03:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2125
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9375
x-xss-protection: 0
server: cafe
etag: 6887285106501176819
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:03:04 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 6FEB 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 14:15:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 386565
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Wed, 26 Oct 2022 14:15:44 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 08F6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEJLzsMCw1qWLDSlVnNQmpjE&google_cver=1
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEJLzsMCw1qWLDSlVnNQmpjE&google_cver=1

43 B
106 B

19ms
19ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEJLzsMCw1qWLDSlVnNQmpjE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY7YDTtQEwAQ&v=APEucNXTTUgdk4W9oKvkVhs75VgOwBOJwfkMGkY9A2Vi29qt4Eyf18LZw2GdbmITonMhCYzWjJvTaeWJ7dHvdPri74udYKzhbbEuDC2KKSShPikL4hRLQA4jClINxTkv33Lb4YDf9PThIPhzOpV3C5QT8LuXavN0Y1P2e2XarK5lHgkafS4H620
Protocol: H2
Server: 34.98.64.218 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.217.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:29 GMT
via: 1.1 google
server: OXGW/16.217.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEJLzsMCw1qWLDSlVnNQmpjE&google_cver=1
date: Sun, 31 Oct 2021 01:38:29 GMT
via: 1.1 google
server: OXGW/16.217.1
alt-svc: clear
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 08F6
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NTVlZmM1ZjktYWEyYS0yYThlLWM2MGMtMzc0OTI5ZmZhN2Y3

170 B
188 B

16ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NTVlZmM1ZjktYWEyYS0yYThlLWM2MGMtMzc0OTI5ZmZhN2Y3

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY7YDTtQEwAQ&v=APEucNXTTUgdk4W9oKvkVhs75VgOwBOJwfkMGkY9A2Vi29qt4Eyf18LZw2GdbmITonMhCYzWjJvTaeWJ7dHvdPri74udYKzhbbEuDC2KKSShPikL4hRLQA4jClINxTkv33Lb4YDf9PThIPhzOpV3C5QT8LuXavN0Y1P2e2XarK5lHgkafS4H620

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
server: OXGW/16.217.1
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NTVlZmM1ZjktYWEyYS0yYThlLWM2MGMtMzc0OTI5ZmZhN2Y3
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H2

200

um
sync.teads.tv/ Frame 08F6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEN-Q1a2XjFHm9ISh4JSa6xk&google_cver=1

23 B
172 B

77ms
35ms

Image
image/gif

104.92.106.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEN-Q1a2XjFHm9ISh4JSa6xk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY7YDTtQEwAQ&v=APEucNXTTUgdk4W9oKvkVhs75VgOwBOJwfkMGkY9A2Vi29qt4Eyf18LZw2GdbmITonMhCYzWjJvTaeWJ7dHvdPri74udYKzhbbEuDC2KKSShPikL4hRLQA4jClINxTkv33Lb4YDf9PThIPhzOpV3C5QT8LuXavN0Y1P2e2XarK5lHgkafS4H620
Protocol: H2
Server: 104.92.106.130 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-106-130.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.6 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:29 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sun, 31 Oct 2021 01:38:29 GMT
server: akka-http/10.2.6
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:29 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEN-Q1a2XjFHm9ISh4JSa6xk&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 08F6 23 B
172 B 141ms
34ms Image
image/gif 104.92.106.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsY7YDTtQEwAQ&v=APEucNXTTUgdk4W9oKvkVhs75VgOwBOJwfkMGkY9A2Vi29qt4Eyf18LZw2GdbmITonMhCYzWjJvTaeWJ7dHvdPri74udYKzhbbEuDC2KKSShPikL4hRLQA4jClINxTkv33Lb4YDf9PThIPhzOpV3C5QT8LuXavN0Y1P2e2XarK5lHgkafS4H620
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.106.130 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-106-130.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.6 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:29 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sun, 31 Oct 2021 01:38:29 GMT
server: akka-http/10.2.6
content-length: 23
content-type: image/gif

GET
H2 200 html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 4F2F 169 KB
59 KB 254ms
9ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/
Origin: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 02:52:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81961
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60173
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 02:52:28 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/elements/html/ Frame 4F2F 8 KB
3 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BHEwgJFyDPz8LWDALu05U0ga_LyduUcl9xBaQG_D-zP4KN4OmhGpNoH5QdaZntgrvdJHANVL2QFDMrpm5lOPeUbG8x1Y2DEZ05w0dfjHHS1RbBANNC1adMpnDmNS9zDQAdYiANQFcXFYS0BHm5UDiSAxuZTA&dbm_d=AKAmf-CiUfdJcM9T1aFEGVP0eB-1hQyKV45cKxdGK86GbwpCRxFFbav-8gDin2zjE7gWY5tqrjZkqJ4WeswnLCUqtJ6HUpJyF3_Q4Y_YCe03XyhQakrBUoRF2hmSX3S0R6KDjYdPJUaLjzyTFYpgcWLPIDvJTQ72wAq6amBYa3_rsLYZ3-pAaWUniawWNzsjjvqEsm1ye4XXumdvEl9m9mqXtm5wDe-uFR7-fifxxSnUtmSUj77-vy7uNLmvgLUtAOQrDxBh1j4ioa8_-iVJndOvho87qAa4gLGOS0m3GSGZhWctI1t7983Zt2wlhuOLwvYw3UdXveIcDMpGbAnNtoiPhDuqUCz559r4gFcGjvWHWGzKVz0i1FYwB4VNRjFIXTjiP1t_v2rtSZTsaHr1Au7GdManRnRiTO6BZ4JQ1vygMSQ-MNiN42w_8cyD4vfhjtlSLxLa6AoF03xssUgiDGzD7WiIIHfoB4oyE5RxgH9Tc4gOQ2V8uVosf6fisA9sG0MMlLnBwY7aBZJWt71PzKEbBPt6B87fndhy9u8IA7BkCTEJzL6O5qS7b1Lf52mwHUK2--JfIo5PjhpDw4hYSf4pn4GRnbPvXsB7_WP5J6U56yuf25tZSTYqRfuLR1VloEGki6RT3nHrON_p5iDho30LNOqUDAWsY49tzaUuI4h9OTODx7Vg6xVrQ6PKaovkPv9XguWyA2gwPscnBmhsyxitxEXBaZCgsxBG1xpo-qCj4Igtzisk42lgd1UY3H7FBPJ5ajxw8FQOB34_hsXvT60ko04Hi3TAXRHdIdzBCu-WPN_UsdsuFaYPYfvDkw9SDHTJZH8ika-Wm8MpSJJakQGaFnZ4Nq_zVhHp2RY3f4GUqnZcPU0HlSz7EFUruOI_t7tAFX7VhmrKC84waXrvvsui2y9uVJSrIxzK8hbit1Bn6YVTtXoRzxBnhFz3NM5Cf1T7_KvM7RYzJFOfUXSMGo2rGSd--cMKHIQrTSVwN1a6hw0dbPNyRnrd9w5Oj1lPsItAZ1AdCymEwcns5v654Wdct9E6KIkjRh-oAM1Gn30sIN8vIzvfvpUSmpDm9CaKbL5F8EZ5XO38pTpz5IO5bz0YkqUlGIAMuP5_OAtW2oLfmnyWJ5Sc3F-Yfrx_WDuX-EbmlV7ImG5wZr2dkuN-6ia9VDYjAZLooHqFttxjVvLeH6-c5sTuShmLf-qu4YmsM_1K1X1U2H5WVLiqg_B_jOVqd4P0a1qtEdy65sCVHNHb6AocW9yqa2Pq7_rs7a046ZH55Hrhmu849dHb8NBkDkK6RMRJyQjbLNJ93_OmIU3gBFm59zTz6A7sKmr8-hzsKRMatCAZpCKOGGdxmp9tW5xBBaz-3W3X9bg9Nem3Y3JwaDsQ0BEpnMKFMJHVMgc1MBnLz9oudX8GVfjOtCAJMzkqBLmJDIyB9yIYSYUGaQvzPHoafw53KMlZmjq00DPhDGL2gPwJJci_NjgMrSyvya-2wxYwMUYCEx0U9dUPNC180i1ZT5x3K5w0mZhz4ObCxV6WyPcwTgjh6pSWtbg9xacBQ4xJMinVB8o4d6ZgDs5frmOeFrbewEdLr2ENHrPrnhyaN-VHSiZsPFW7_Hs4zBj2sc1kEkRX5s5yPOiXIv_nLEGA5VWZlaNAEJ_r4Gk8sQwLOTKWqmlXHSoWnc3MF2dLV7kFkpf8-AWxxcZ3XIUmayxWiE_uOKaDLl6PUutkKuEV_64zoFmQ1FiUnJK0qXJvcbmNnpGjArVtT22BilMwOnZg9AQBe7dcS0_ubLI6ok9C42yoIBVy1c9PzJFQKo4SzMbW487sJoCh1F9Hjp2cKXBCicvQB6fTNlzwvE_tTPEKIrb3bJiKisu-HDKHaI_EjtFkfj922WljgDb1srUYRkvq4BWCnbabnbqhOykAccd_XE5P-Vaou6hlzin5SwJ3DakgWDLmrTmuVslViHEg7waC8u6mo_-kJiMUY8hfBxsMQE7UYVgKK3yqsV9HpVAQpZAhu1yxaDQG2PDFaXgTFmgTBfbvACFm7EGG7A7MzVZGv3damhY5sETER9ybak6TcQlccrg3fSxAzRwHA4eURk90RDk3CvtO796n9Oijey9njcGugUYum3gwGjpP9deWzHXotyFeWFZM3iPjhfDuujGNSryGbyuVr0mAIeMUXmKb8gdhE5_jeekIFZRLVCY5ZGd1dlCIuois9xYxubctHeJO8GwJrwaUfVDjNbf60lNHOBmytZgb89a8QzEKD8i6TIeRC88PF8oyRXzbE-SCwPt6cX1YQWLyxhOKaKuuyFcS1t-TnvxUjkqphYMng6RHOCKt1ENvJ_G871bL8yyqGIf7dY801l3HnOqou0Qrqb6LB8EK5pcFefIF-YydedvkawkxhtTNqy6dnaLsnf7lLs81Xs_FmwNknW-Mg2e1gFshvQT6viuoueqhKds2pYlOJIQvF38vCjcKdqIlbRLuV0oJOUMMoHMXOd6WI6Kj6bOga6SgdcwjsKrP9FYKb6-5F1oa3DMbMCaPSpArPemCY0KqSZx9l6ul_h0vH_BYru9-imc7kH_vhbYThbuQsnl7Y5ot02NaIhozYIuO4DW6FN5zDVQ7CyWo-TU_-1L6xZtmENksn-ZZCCOhYOd5ogZB5KaWyFc8sGT6HZvDvrLJGQNcY94jWl0pd8lrr4FotFAwRfahU4vyAbFtkUjoIPSZQ9_xWUnCrngCt22lp71aZEBarZDP-mb0BHzLkE-uJpzA9N7r4COJRTJ--CW_pzwMnBhLuPc3SrnGu7mONWccbCKXUC5lRfcFR9vajA2Hdd7AYsp0jLO7KHnaL_9bOdcQInufFPCAofU5AtGnF4mlEFvVY-jbVNMW81s40-Q4nGKvhLr4Zy9dv7C1AaXOgCpjJv67ujXrpE0g0h4Pw56_Dv5ALK1hThWQTLKjbAA7bkdAJnFVR4UqevbeC9QyiCp3xEzYIaSCOBRM90TG9mwdZZPAUIENCjuhWJcMvBZCSbhZS9BnLdk8fgefebxtuXyQ48Tzvgz-NyRQJF95593Utr_Ju3jWE4_NLevygxPslvepYbPHVrtMpuQsFW9RA-hBXDhWq79HwQFKNy8FePNvBZ25O2JaTzR3XBbeN6wlbO1Oc5Maoqj-1HnWcU60eOz00nvItUyCtw&cid=CAASEuRoB_KC0vaNTo16XUvSNre2eA&rfl=2%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%242%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

67cf5c21bfc71ee46210832792237e4a6ccd99e5c7bc198b046a38c9167fd0ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:26:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 736
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3128
x-xss-protection: 0
server: cafe
etag: 3658073882064373855
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:26:13 GMT

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/ Frame 4F2F 24 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/abg_lite.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df660fd3ad4168b7c32eadc3b588ee90334003a7ea1af3299536be4e6697fcd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:03:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2125
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9375
x-xss-protection: 0
server: cafe
etag: 6887285106501176819
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:03:04 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame CA69
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC2y-uZlLUdGUilga6cC1Z0&google_cver=1

43 B
894 B

17ms
12ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC2y-uZlLUdGUilga6cC1Z0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYhs3FlQEwAQ&v=APEucNUxjOFDVDvfhbSVnW4peWp13TtX1OiFhQrHiAGt0ZGeI88ZZZBVQYSahUKx7CVMkk-dSHrtV5DWYaIErPCLHl2DL-WD5fjhRKa2OsXmXsClQywbKslsr5tXUurgtlIADXmxOeiQaEgRjclUO4w1oFxyVc0vhtaK_5wdwy7Cm1fc2TPQoOs
Protocol: HTTP/1.1
Server: 23.218.208.246 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 01:38:29 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 31 Oct 2021 01:38:29 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:29 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC2y-uZlLUdGUilga6cC1Z0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame CA69
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YX3zlbtJTfjVXfVMmN-7igAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECyDErByL_gaLrg0c_Y2wnY&google_cver=1

43 B
894 B

20ms
20ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECyDErByL_gaLrg0c_Y2wnY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYhs3FlQEwAQ&v=APEucNUxjOFDVDvfhbSVnW4peWp13TtX1OiFhQrHiAGt0ZGeI88ZZZBVQYSahUKx7CVMkk-dSHrtV5DWYaIErPCLHl2DL-WD5fjhRKa2OsXmXsClQywbKslsr5tXUurgtlIADXmxOeiQaEgRjclUO4w1oFxyVc0vhtaK_5wdwy7Cm1fc2TPQoOs
Protocol: HTTP/1.1
Server: 23.218.208.246 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 01:38:29 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 31 Oct 2021 01:38:29 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:29 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECyDErByL_gaLrg0c_Y2wnY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame CA69
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEGsYx5rWfzjVhKgzxgFMWS0&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEGsYx5rWfzjVhKgzxgFMWS0%26google_cver%3D1

43 B
1 KB

14ms
14ms

Image
image/gif

185.33.221.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEGsYx5rWfzjVhKgzxgFMWS0%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYhs3FlQEwAQ&v=APEucNUxjOFDVDvfhbSVnW4peWp13TtX1OiFhQrHiAGt0ZGeI88ZZZBVQYSahUKx7CVMkk-dSHrtV5DWYaIErPCLHl2DL-WD5fjhRKa2OsXmXsClQywbKslsr5tXUurgtlIADXmxOeiQaEgRjclUO4w1oFxyVc0vhtaK_5wdwy7Cm1fc2TPQoOs

Protocol

HTTP/1.1

Server

185.33.221.90 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 01:38:29 GMT
X-Proxy-Origin: 168.119.25.193; 168.119.25.193; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 413c27a6-277d-4308-baf5-a39a30c4982e
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 01:38:29 GMT
X-Proxy-Origin: 168.119.25.193; 168.119.25.193; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 890b007e-4d4d-4fbb-b61e-cc71cedd7aac
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEGsYx5rWfzjVhKgzxgFMWS0%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CA69
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTExNDQ4NDM4Mjc5MDQzMjk1Mw%3D%3D

170 B
188 B

17ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTExNDQ4NDM4Mjc5MDQzMjk1Mw%3D%3D

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 01:38:29 GMT
X-Proxy-Origin: 168.119.25.193; 168.119.25.193; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 0d582668-83f8-4dab-9653-a39227b36ab1
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTExNDQ4NDM4Mjc5MDQzMjk1Mw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 9972 169 KB
59 KB 247ms
11ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 02:52:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81961
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60173
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 02:52:28 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/elements/html/ Frame 9972 8 KB
3 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CBTy8oPQjA4ePcQVunASW9SyBnGqdJmCCc3nJPffyykoH3puPFJOtblfa50XaxxvRfnWDrk97LGDWkQhJ4QqwkazmPHTnEaqE_Lygs8dsL0FEjXk0VCOXLp-dsuaQs9gNqFER943yL6lu7KR6cVI_dBw_dBw&dbm_d=AKAmf-Aus6z2jyxx0OrX3fY1eqUapiVDByK9U0zzY3korV0gvNF6MRkKiKPolxMSnLX29ykrLoBrJwQiKJOvlxrGdXO4QeNPWsRWH2EuT7htFHPUeM8qzf-wq2-OcBXtvOsE0W-6TA0__9LTYMif7oIU0Ksr82it8aFye_Y5GfppOlEZBM2kYexK9mBPZZfdzX1Zh18EokUqvvEGNHxUny4iQgQyadntfyZWXHkOgGyRyjlv2SNL9j7TeONq49bYzS5orFl6FNNkjtnuL_Y9OszPzfbyH6ElB-QG4w0uq3lAsj0VwduajN5wBEhXXg3Fjq6f1NHaGRQGuHUzXp9zoEiYFIVbr2aP094MFO7WpjdQv-nvr6b-rkVKndoFiEiYxdTuQJU7Q3dhQV9WXuePqVOkczYajEclLO8cf6AHsvi_pOKplin7dDbE7jAn86RSY0DKTSpF8Vzj5gvW8CF-gwUZ3GdL65e7O0i5coKgsWcjdP3PmzOLt7GwXVMt7u3BYsRNE_Pkgaazqie1hc-zGKpjn2cwHL_USNwkmRD1dPdQngeb62oiCZBv0GDm_HUHCtxJ0euZR-iyvLz1C6yHkla-w2IGVLd5Cyvtjst5njmdS1w8wC_6qBG1Ue4q2GT4bpI0rZ97HsmJJ5I0HlcrUuYsgfiFmXcc5drul5nFU_9jJMKgR05ZzeLKx9JIi3lZ8PWZGRfJAhpoTNitp0s42Ys11hG_gclg_jMaCEoZNeI5Qf9HzVIGMej_5uQgm6XFWFv61YJn2u_b2DvkD4D96Yi0WNo2PVOsvOrP8jJ-J9zd33EFTzT83tV8OLUizqEmtAuaCUacPPg_2aFP2QJ7if1KPbOtCt2IyhMDRpFrVas5OYywlmkoQ0c4dfPxUcoAnycqDzVYiVIjrw2O4PznSfxT5Gnk-T3UvZ-t1gv0sNZiKoJIYxcys_8Oy4OzPZs2nCQIQtmSVUicAzVd6YFh_JbF3Zy5I_kmRJj3dO00CNjjoxCT8ulyEb2jQJqfQeYrNrTglaPCnpgzASi_3SSw6I0SDEZm3TKjmtDCYgZCecDr0C547Ll3DcejMP0oLBtTJruafCNTZQq0QobmEo8EgQVCdXIdvBoMWnBxwZwcEPPuv9Uxm5g0qOUSb6pN01iWRy_B83AKQ5J4qHXj9C49F-e_9dqNoS96ARykxsYKrYOj44EOcZ7DIFNEk_ZaU9BFRuYMDwgjlIT6HuCe6c62qMz-wwEeXd8yjCLGvb-GARtN_H9L4ktLf9zah_Q6Zqea0jZNjroXWAp34kuuIBqtuRoXstTLLlK1g9BuhloLt5XkxLQ0tZ411pQEnIav2YFspSy80ZnOWnAjnGttaIBMHj50TVNw6YTSQnp9Hb-58fEpLkNp6ZLnt6C6gyZ_3XUDWdi4-epdcFpH0nrD2qO81QNr5MTD4AY5AyZWuqSNx0c4N-OEYprsLCSTVOkVhmVX4krEBm5j2lA2h-pOUQbkY9MEp22vvVL4dykBPRttBb5KCsnKm2wQQN4ONzec3xhVSwSYCKls4qibDbMdZRljU8avQpyW1_ISkeTcn-MXPicj5YfuNGNoK_Vbe02bgTFWq8wehFYstdwhTqpttFDPUWODGkJIYRNzuOL_7t9kK_DnyyWmHFCrEWCA7qh2QpFRIeDhctTJTGawvNLVYi6GopLGcuc4U5fh4bhDMwBtLJl3a-gSB3jzRxFndb81e6AA7z6a7GqTOgQA3Lbl_TZ1EyrW61CH4QFYaS_EkAw-vDxzYxp876FuTj1t4y7wJm3REELX32kbI4_eIhmzWuKFqUCnDLpQlvUQ_o9vxzDwNHqsjceWhnBZLWuQn4ZqHYLKCLIln6FeDWO-7pmQVdVmSDRoVmZH64vIwHgl8RIS_NcxiC6WUbltLbT0HbLNh-8HtrDf7mbjjN63x7SEBz4Dx9hlop32Jb2p2VsbtNrQyJAT9uL-QQIMP0OMJW_x32daZiYvQ0WCPlezzJTWivmPlVPf5yomjH74MRA0yjFKfWuGCJ-wr6UAIFFHdof7kg_gpEpLr2w_DPqCcqTfrWL9p9OkAkMUhObJICDjbCAXShTF1WWUVzi8KGF_d4lE7-vs1RRM5LlCs2bPJkuiGwBQNZzclt5H86GLets6kH1kAHF3Kur7GHYkYKUV9naArDYHByUgeqOMKWrNYJMCP6VWVUYHQUYVwqPW8hIqWHeM-G32zKL7LLx6L6HakY-knvSrTVYdt4O4X2Wwp2JJb1VShz6-PR1rDdHusoGuSIBiiXLuhCso-oKIHAU_p63AWcDdBGhxXmQSCXtravdRukycKazFOYRwwFPnPQTC8dwpbVNShoEED_o02xfEkb_ns1sH8amz_ZF-DmEKjEN_HaurwJweorDKWxVjYPZFeKn33NDYmYly4faADu1oS7_-e_cLJu25LUcK2PN7wgMHbg2euMOhEWWROCztN2_iDc1tyZumzxN9BZp1EmRaJNY3bwmjG1gBiwsthWTYXF6T5gk1oG-sZtYtj0b4m8EJBu4WkusxTr2mGsP6SpxMqk4lqw7dANhMRQxc3TnHaC0teaPmIxLNmFZRDLTr-G5ggGoRTyYXjtynC5LLsXeBk5UvVu-oyD-1M7i7BHuLEHSMkq0nYOK0GNPoPr6AUVkPBs--9IxaIswu9ajSD9DgJGgsmYrXnhzm9siAv-_reKpdK4A_-shn0ITx3fJVC9Up1b00fr7XICC-yonajuKCvhifnXfNhPBRp27vlPukHbA-K_VZZMwOLtjNTGuRzre1SF7fxE4Q3Va8n3GlGow-KJ8hff4rWmZ_Wgx94ppx6XUQUd-dji97AUzlghAVIrcwoP6ImbxFANYO3smRgeBzcrPMANyr_zfjoThl_EtBJDInSY1Mdp6EFh4MQVKwtorFok4ZueBN-7Pf_8xFh_ssmKBKxNfWhJOZoWm73-k3FnKg7tvUVmLjHSwUmtmBvsdlOh8i8oZma5cYkmc0tNiM2rcnybYlgdCXgfDbAIBYvcyUYOwj-pd9GgbW0u0f4Z7aXRoNE4MX0LGNYYWRncLPEcxNRr3Xq6ufRxgTxQL1HCrZ62mWCFjXuepltnKgwuBMPriiIYU87JQ5bjKCddZ7DR6aSu6DkkR9jrsCT7YKSGJwE2oy43lIaB8iiXpvXi01OOk7ioPZnKJpq6tYNWukeduOi0YhTi0-mbdCoyktkMPoj0OAZvj2_OmRQp2AKVpCoW9j_BiOR0Hnylr4XP_ub-jd6Ct1V82Qkmzu1gG7d8STm_abd3DjEApWsViR9lAHVfxIUp8VEML5hBeRbrwqDH6H_K3R1HgJ_3oftRSY&cid=CAASEuRopQVwQZ74Hjex5K7Z-SSs_Q&rfl=2%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

67cf5c21bfc71ee46210832792237e4a6ccd99e5c7bc198b046a38c9167fd0ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:26:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 736
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3128
x-xss-protection: 0
server: cafe
etag: 3658073882064373855
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:26:13 GMT

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/ Frame 9972 24 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/abg_lite.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df660fd3ad4168b7c32eadc3b588ee90334003a7ea1af3299536be4e6697fcd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:03:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2125
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9375
x-xss-protection: 0
server: cafe
etag: 6887285106501176819
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:03:04 GMT

GET
H2 200 container.html Show response
97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E83D 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102601.js?31063338

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 31 Oct 2021 01:38:29 GMT
expires: Mon, 31 Oct 2022 01:38:29 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame CEBB 11 KB
8 KB 20ms
19ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021102601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102601.js?31063338

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

24f3cdcac4fa0f70e18f5e668b7306076960c6ecd6ea81a708afb8ee4013ed23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8576
x-xss-protection: 0

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 6C1D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPzThSthoUYBiHuSam_eHOw&google_cver=1
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEPzThSthoUYBiHuSam_eHOw&google_cver=1

43 B
180 B

19ms
18ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEPzThSthoUYBiHuSam_eHOw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI2fnwEQxLOfARichL23ATAB&v=APEucNW5V6g85ThJGsfeTIKdflAUsy96UeG-CIsS0CL6yFIsRTLp2Z90I21N3SvO5MVxwuaz4xABlMK2tkDbzeRmnVR6DdaDFKzsVVXT2d9G5T70Aam5K5W13dpXXR4EV_bEMng_gEgJXWlkM5UBcI4rKmRV5uQ3ZaNqz5AfNxlZE7V4yJP8WqQ
Protocol: H2
Server: 34.98.64.218 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.217.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:29 GMT
via: 1.1 google
server: OXGW/16.217.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEPzThSthoUYBiHuSam_eHOw&google_cver=1
date: Sun, 31 Oct 2021 01:38:29 GMT
via: 1.1 google
server: OXGW/16.217.1
alt-svc: clear
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6C1D
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NTVlZmM1ZjktYWEyYS0yYThlLWM2MGMtMzc0OTI5ZmZhN2Y3

170 B
188 B

19ms
19ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NTVlZmM1ZjktYWEyYS0yYThlLWM2MGMtMzc0OTI5ZmZhN2Y3

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI2fnwEQxLOfARichL23ATAB&v=APEucNW5V6g85ThJGsfeTIKdflAUsy96UeG-CIsS0CL6yFIsRTLp2Z90I21N3SvO5MVxwuaz4xABlMK2tkDbzeRmnVR6DdaDFKzsVVXT2d9G5T70Aam5K5W13dpXXR4EV_bEMng_gEgJXWlkM5UBcI4rKmRV5uQ3ZaNqz5AfNxlZE7V4yJP8WqQ

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
server: OXGW/16.217.1
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NTVlZmM1ZjktYWEyYS0yYThlLWM2MGMtMzc0OTI5ZmZhN2Y3
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H2

200

um
sync.teads.tv/ Frame 6C1D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEN-Q1a2XjFHm9ISh4JSa6xk&google_cver=1

23 B
172 B

150ms
119ms

Image
image/gif

104.92.106.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEN-Q1a2XjFHm9ISh4JSa6xk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI2fnwEQxLOfARichL23ATAB&v=APEucNW5V6g85ThJGsfeTIKdflAUsy96UeG-CIsS0CL6yFIsRTLp2Z90I21N3SvO5MVxwuaz4xABlMK2tkDbzeRmnVR6DdaDFKzsVVXT2d9G5T70Aam5K5W13dpXXR4EV_bEMng_gEgJXWlkM5UBcI4rKmRV5uQ3ZaNqz5AfNxlZE7V4yJP8WqQ
Protocol: H2
Server: 104.92.106.130 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-106-130.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.6 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:29 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sun, 31 Oct 2021 01:38:29 GMT
server: akka-http/10.2.6
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:29 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEN-Q1a2XjFHm9ISh4JSa6xk&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 6C1D 23 B
172 B 134ms
35ms Image
image/gif 104.92.106.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI2fnwEQxLOfARichL23ATAB&v=APEucNW5V6g85ThJGsfeTIKdflAUsy96UeG-CIsS0CL6yFIsRTLp2Z90I21N3SvO5MVxwuaz4xABlMK2tkDbzeRmnVR6DdaDFKzsVVXT2d9G5T70Aam5K5W13dpXXR4EV_bEMng_gEgJXWlkM5UBcI4rKmRV5uQ3ZaNqz5AfNxlZE7V4yJP8WqQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.106.130 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-106-130.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.6 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:29 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sun, 31 Oct 2021 01:38:29 GMT
server: akka-http/10.2.6
content-length: 23
content-type: image/gif

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/ Frame 2BE6 19 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9098bce32fa311e967ba3bae1f3c4763801acf08ba95c67fb477f468e42a69a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:13:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1516
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7760
x-xss-protection: 0
server: cafe
etag: 2659786357195577193
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:13:13 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 2BE6 3 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4af635698cb6488a8df86b99febedbc979c76e04f675f3a9cdc66f7b4d86aff6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 00:36:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3707
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1470
x-xss-protection: 0
server: cafe
etag: 9165589572046851897
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 00:36:42 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2BE6 120 KB
37 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eaaa6059ef4c9ca12e78fcc03ae77ad4cbf05dc73c1fedf64b28a632868bd829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37344
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1635161763799786"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 31 Oct 2021 01:38:29 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 2BE6 14 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7155d8dd40ece849d72213770b3a5b84467de8c6cab5c3bda3266808502cb69b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:32:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 356
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6337
x-xss-protection: 0
server: cafe
etag: 7721474052657771746
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:32:33 GMT

GET
H2 200 5193475774055ccce470a7af02e48ef6.js Show response
www.gstatic.com/mysidia/ Frame 2BE6 27 KB
11 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/5193475774055ccce470a7af02e48ef6.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

024bf58839434bcdbb669f44e683ecbb58be25cde0d0e721d68031a67a40dd40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 05:01:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 247016
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11340
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 04:53:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="mysidia"
expires: Wed, 26 Jan 2022 05:01:33 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 4F2C 2 KB
606 B 18ms
17ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=909805614&adf=22827039&pi=t.aa~a.851264418~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=4&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2858&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=wt21vC1GN7&p=https%3A//gruposdewhatsapp.bar&dtd=19

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e89a316ebf1c63ea09e2b7b5889fb55e1ffb326c7b2b172027da0948f5709f6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 31 Oct 2021 01:15:10 GMT
server: ESF
date: Sun, 31 Oct 2021 01:38:29 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Sun, 31 Oct 2021 01:38:29 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 4F2C 2 KB
946 B 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=909805614&adf=22827039&pi=t.aa~a.851264418~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=4&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2858&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=wt21vC1GN7&p=https%3A//gruposdewhatsapp.bar&dtd=19

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1b4e852fde612daeb72f1f4cca801a99cc2730875048c5ac3faa9f5ca5854155

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:12:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1537
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 885
x-xss-protection: 0
server: cafe
etag: 638833322182864030
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:12:52 GMT

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 1C63
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGqP4t0raSAvLt4_yEo9cps&google_cver=1
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGqP4t0raSAvLt4_yEo9cps&google_cver=1&__user_check__=1&sync_id=40386451-39eb-11ec-92d9-1bf0cf250306

43 B
548 B

24ms
23ms

Image
image/gif

185.94.180.125
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGqP4t0raSAvLt4_yEo9cps&google_cver=1&__user_check__=1&sync_id=40386451-39eb-11ec-92d9-1bf0cf250306
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKCQWhCBwFsY6KXNmgEwAQ&v=APEucNUy0SyErKG2gepoGV75C4jY5s9xqhoq3LENla5dZD3gs0xmlMl_kHu3o7DTzKTThMZWt0sg92M1l3xNn4ax52sOXGCdT45_isg6q39b4s7CXkVfAq0hNR7MLnU75rYt4RqIs524F3-vEBy8jaW6QvshW5CfkzdgzyNb5iT8BoFc5ljKltY
Protocol: HTTP/1.1
Server: 185.94.180.125 , Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 01:38:29 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 44
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Sun, 31 Oct 2021 01:38:29 GMT
Server: nginx
Location: /partner?adv_id=7025&uid=CAESEGqP4t0raSAvLt4_yEo9cps&google_cver=1&__user_check__=1&sync_id=40386451-39eb-11ec-92d9-1bf0cf250306
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 13
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1C63
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NDAzODYzZmItMzllYi0xMWVjLTkyZDktMWJmMGNmMjUwMzA2

170 B
188 B

16ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NDAzODYzZmItMzllYi0xMWVjLTkyZDktMWJmMGNmMjUwMzA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKCQWhCBwFsY6KXNmgEwAQ&v=APEucNUy0SyErKG2gepoGV75C4jY5s9xqhoq3LENla5dZD3gs0xmlMl_kHu3o7DTzKTThMZWt0sg92M1l3xNn4ax52sOXGCdT45_isg6q39b4s7CXkVfAq0hNR7MLnU75rYt4RqIs524F3-vEBy8jaW6QvshW5CfkzdgzyNb5iT8BoFc5ljKltY

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sun, 31 Oct 2021 01:38:29 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NDAzODYzZmItMzllYi0xMWVjLTkyZDktMWJmMGNmMjUwMzA2
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 112
Connection: keep-alive
Content-Length: 0

GET
H2 204 v1
ads.yahoo.com/cms/ Frame 1C63 0
446 B 80ms
7ms Image
text/plain 2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~b04e41039133c73fafd60e0ed8cb49a70ecfb061&nwid=10000483131&sigv=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7000 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:29 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

GET
H2 200 adview
googleads.g.doubleclick.net/pagead/ Frame 2BE6 0
0 27ms
27ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CdE63lfN9YZa6CevV7_UPnZ-h4AHfmefwZbyK_ZDpDvT1iNbEBhABIIGn93dglfL9gZQHoAG23rPvA8gBCakCLoL0L5Flsz6oAwHIA8sEqgTnAU_QcHIg2zapJUWcLBClruTesLsRSsWPV4ngGxNuyuQDLHCfWQuetLZGThLDhEsNtGIYWOs75tnMkEwnwKlnvr60RQXTXDaQHssq51jWGzQRJGy2xRHuAZQe79w8bm_m1WyXosuz3l8BOWAKW7XmHyqN9FxYBE5DiQglvn7-pF1nGI9p-7SESOkWVRkcQDYvWhVMnGVWi8iAQK6poysBrZBXZFjUVHVLVi59mrCoEJEY7GSUBPfexOEg6TgMEJKZ51HpWtw9mGwoYD_mhx9fOc7DyilgmCCexBa41UaIiWJFAeRTpAtP6MAE6aP5_dwDkgUECAQYAZIFBAgFGASgBi6AB7KhzBCoB_DZG6gH8tkbqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwDyBwQQm6kC0ggJCIDhgBAQARhfgAoByAsB2BMNiBQB0BUBmBYBgBcBshccChoIABIUcHViLTgzNDA1NTc0MDEyODQwMjIYAA&sigh=Vdeq3C6JOmU&uach_m=[UACH]&template_id=484

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=909805614&adf=1512048447&pi=t.aa~a.851264418~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=5&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=3174&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=wV4BikZI72&p=https%3A//gruposdewhatsapp.bar&dtd=22
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 31 Oct 2021 01:38:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/ Frame 4F2C 19 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=909805614&adf=22827039&pi=t.aa~a.851264418~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=4&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2858&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=wt21vC1GN7&p=https%3A//gruposdewhatsapp.bar&dtd=19

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9098bce32fa311e967ba3bae1f3c4763801acf08ba95c67fb477f468e42a69a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:13:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1516
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7760
x-xss-protection: 0
server: cafe
etag: 2659786357195577193
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:13:13 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 4F2C 3 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=909805614&adf=22827039&pi=t.aa~a.851264418~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=4&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2858&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=wt21vC1GN7&p=https%3A//gruposdewhatsapp.bar&dtd=19

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4af635698cb6488a8df86b99febedbc979c76e04f675f3a9cdc66f7b4d86aff6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 00:36:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3707
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1470
x-xss-protection: 0
server: cafe
etag: 9165589572046851897
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 00:36:42 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4F2C 120 KB
37 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=909805614&adf=22827039&pi=t.aa~a.851264418~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=4&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2858&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=wt21vC1GN7&p=https%3A//gruposdewhatsapp.bar&dtd=19

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eaaa6059ef4c9ca12e78fcc03ae77ad4cbf05dc73c1fedf64b28a632868bd829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37344
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1635161763799786"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 31 Oct 2021 01:38:29 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 4F2C 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=909805614&adf=22827039&pi=t.aa~a.851264418~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=4&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2858&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=wt21vC1GN7&p=https%3A//gruposdewhatsapp.bar&dtd=19

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7155d8dd40ece849d72213770b3a5b84467de8c6cab5c3bda3266808502cb69b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:32:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 356
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6337
x-xss-protection: 0
server: cafe
etag: 7721474052657771746
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:32:33 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 4F2C 0
0 14ms
14ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQLymbsxR-lDcPdEViuFK97IAreAPVhlLDi0siCmZF-hTlr8TzOnfSkkjKtEDvgTJ1lUmUaYa067nHN2fVMqul06-5y-w
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=909805614&adf=22827039&pi=t.aa~a.851264418~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=4&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2858&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=wt21vC1GN7&p=https%3A//gruposdewhatsapp.bar&dtd=19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 200 9a3fbb06dccc6bd708ce8a7c18eecc3a.js Show response
www.gstatic.com/mysidia/ Frame 4F2C 27 KB
11 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/9a3fbb06dccc6bd708ce8a7c18eecc3a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=909805614&adf=22827039&pi=t.aa~a.851264418~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=4&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2858&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=wt21vC1GN7&p=https%3A//gruposdewhatsapp.bar&dtd=19

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfb5f646e583b7f7566b512d01ad4fe7a8bb81b83d8225cb31efe8375c1aa7ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 15:17:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 296483
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11281
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 10:17:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="mysidia"
expires: Tue, 25 Jan 2022 15:17:06 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 3237 624 B
340 B 17ms
17ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKCQWhCBwFsY6KXNmgEwAQ&v=APEucNXQm9-g1_8gI0hpAlMnF9zElHd2tQaz81IYTTuLMEUu0UtZW6pMNQEpWz7E79-xmEDhNhGiTbrxUsuqD1vIpwsFx517EAa7Vo8hfV52Ts4oyB4iccsGXD8eSaKgrSvUhaeMA5XsjsQ9WdAJ39ogFps-AnWFoYckb20ghgsvkBb7uRwQVRg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=90&adk=2080251364&adf=4033036980&pi=t.aa~a.851277323~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x90&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=7&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=4039&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=6&fsb=1&xpc=ixelTRTOKD&p=https%3A//gruposdewhatsapp.bar&dtd=27

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=90&adk=2080251364&adf=4033036980&pi=t.aa~a.851277323~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x90&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=7&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=4039&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=6&fsb=1&xpc=ixelTRTOKD&p=https%3A//gruposdewhatsapp.bar&dtd=27

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 31 Oct 2021 01:38:29 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame CF94 78 KB
30 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ANBVtmgELb4vYh2ANvPCWFbB10FOFLc1gHBO3mnVrpdRYiTwopxuHklWNVntu8XIc4L7cVHvA06MBQFVc0MDQUUPBXbZrLP0I_-Q3h2p86H05mcBATj0hWDHRhfOZ9aWtMfTruVyX3mxe2ZLk4DzQsvFCmRg&dbm_d=AKAmf-CjCNTIxgulXYOQrk8BvEYT7d_SFN0rRAhu_Bue0ZlOZ885bGBnlWRFvUvUqYLdcim19gWVh6OYivxXy4i1AqdnQVmS5gasQD4CxnV83S9b71-ftoQq9iw7LnRqmACjYwcF3jNJD5ufPiocamt5yYeZ8Reu-6bCuSadvM6D-oJE6MggoXP3qpfgVc4quFxOAUx5OvbYr7YvfrT_jJMzbOSEXySZ8uVmXfBfNqZwGSo3D--CWvLZJnXhgMNwchYSwwX5hrUt6IXRHCoTDFtzl0aEWhfHj3YlpadqRaQmJFcO4T4kmKazr2vrwvc8k12sH1KQpKm4MNI81sYhkmcpcQ0GCG55lo291gNQYwnocL2hsaq1S_GOitJsxeIunEORukqLAcr9L22p7-57rXvIhP7kzeedk7zgmNBweU3Xw7vJd75VRzdDLFHdVQqb4or3qDp4WozpDEDv9oP1D1nF4eJK5bgFSSMwGQrfTn9jOqiB0JZliwF4tJCSofw3fNc1xqWca9NInOMxDyWVtkdHpaxAabzUhcsNZiDNuvSpAb0sUCkwwIRCF-23tjsy6DgbV_LFmM25VCtrHBoIYWfYmjqowc9TgwCM80VyniJEJo8SaNBzK7oO83db0UiYum5bsmsblyqkTH8pCdFS6enu-Sczl2MG-xdXDwgM6UDEzsZ7yPwQzwiHzAKwY61F41l6IlDPWnkiRW76J4YFkGwW6CSrjQnyvroSmFAwwvE69J_DoyJKJQVyWCCQGsUf4dRQ4WKU6y5HxlScqaOSx1IBx0jttAQdNgXNmusXbdOtHY9gtExG5O2X37dtq9iOratMp6bj3mWvgdr7uokZF977-bcf4ofcq3F6YD0NtJp8qD2hgp0RyQiqyfGrnSkelViAdtpupkpA6KWxCYT8f8HCCxBqX29OiptLHF2Lvg3o_rPf2UGA5tW2DBmjo39XVE3L6-YUewUvMeC2MmIpUtRPCTf3mi7hZSMBQNjGisawC6MtKSU2JPgnKSCTlFD_n6FeEkVY47nOl5pBT7O4XhNvPLRB6dXWfzYG5gCY6EsI1iW6mJTIilX03krVVWgL_5a6mxGwldYuePgTlIOld-AEnmPxUPaNn5mXvhxaf50GWoYOQT2TQ6Oa8bh8udXTGIf1MKapXDKbFkKO7AA1ylPaFCYbtpfMqt89ImC35KKjbBjDuo4iJnpaYgUXFOvI4BfXOVjAmsyQ5vVxfNvAj4oKyyQ8_gmK128Sk6oIOke9Zv6UNeXtK8wM883OA6pIS250QU9dvyTDbAF5kBjYtWu7tD-0dIL0GblfAq0Ex59SkGwX64FgPiAv3b18RlSOGlNdqrnGBv2YCDZv0bd_xfEBk1S4ewtgowdcsI-y8DPGBR9U3yFfaLKNaF31vTWyJ14Ly7tGcWRVnzN3aDQR9KzPV8y7Es2UTIHJ5KIqTgHZ8slhzzpy395BlLbu3P_wM3uZrHz5YXkMG47y07H36qaOu_MbCwobW3lfPojjX-Wt6WG3A0bcTYJiUD2soe-5MAbFBw1H36a7CzJ0x8QTLNpH40SiiwfM1R2yEQz6FApKAQ4_wccG04redKl3D0Xs1ahq8bWNPD5dJfI-X-aj31MIAadOth2kui0s6XUH-6I-ZVnPS8eeQXOoNApa9GA0FTCkjS7J4NpXBBvpMCLioHx3TZyBTwB3z98726vCkOO_BJPmNIZepC3nc6jHpDRN6FPXjA6MVHv27TCSJFkxSXJIjzLNnUbCZkXcz46w9j_UBYWQU_CWwSsSl_uIl7z72ljn4QBZ5tsqDdmJkuTc_MaskQItBgCjJ-UKf4f7EUIWFbFIv3ilDqp1MzklxzkDSq2oN2CPH8njZ0iePvGxdycoNSORJDLWXoaF1KxBvYOmra1TNRLvxuJhfWotmRuEGtsd7AsO_xd3rDgucQeHTcrOhlvmprCXmtEIdQBaLlQeBra7-V5a4o854V8-cCmEtG3bM5VmND8TvM7QFM7ILaPqFMOfugShCYB3YknaNf4syPQgk7X_iV-A4RhG2UqzsgiI-llrEcIxjvSSbX45vvL0DlqhbTG1opG0gv9tnr08JbzWITWY4k22eY0mwuztnAFYgWWGjRogXTaTZ9ESeO2ZXxGkXD9C-lTeMoVSLHVkaGGS4XGQXzpL5aJdteupeRSogHS05lfdKx4eZQOXk8gQTz80B-BfV9IL0EtCUZ6KfyHCSRmjai4MyacUpc5dSMOkMlPJruA513Du8LX8cb9aZ_arcX9GQulacDP1fisdYwUKGORMB3ncQlA1esntJpsDC6leMIRTqwZAm89VwL1N8zTLxyacwu2jJxytNNPnBtVbABovpsE365ATEWYTvPfY6bCgrJzrlf-km_fYSEylLYEH-lMcv-NxeDD0gTpQ5yYsOz7bqmlymAfF9EBGxgLJIBvEaohmTJiPAwtYSAYUvlO2iITyiTV8HwTlVgXNoFXTI2zjaNwezKgvd3aNANttfHrHTqV3rq9IJ5vJHCa8hQlBm9cD0b65Oi2bib6pITmwp_QEL5gg1Vp19r_CKDliP7veQcBJ2izTTVK6WMAbYUsWGGbMafcPJMrwir4JPRH3JZj59vbU3Mk2XSArEsiqTglUWdsCOx8V7jFPN2bgt5sc9HC0-q64--7BR7Yxc9vgrjfJ4mh4uisGikAl6QC4xrACGwTD3ecoIFuxKFUTo2owuud9RMGdB_e34eWfebmHkXD8MErBnHpAO4IrRgTtL3Z9U40b-G_k257tzrUXm3b7HPVVp9ZkjIRP1uiVY76vA-AuJ15bUXtaGv_w57kXfyA107-EkGemB81INXvpsgXlwFxJv_-8clGI_ty2yhFFGOiiwlNXsQTrdgfWGiOXxJFxBcuM62QJu06vcHw-HJFTVgEZXz-F6o49iIQM4wtg17d-jL1EQL7a0gpCyUb1DSzKGCM2qWdLzjxF0gzuyED5W3PPXu6viqSfan7omYwPV0Lu3g8iuEy7xQJsuwnw373kQCKQKk8hj3_PVwl-5nmD6jwUGb7zjVbE7w8U5MNGz8QxLG9eV4n4uuEDnyyjNsdTQny_oQ9a3_Pzo7rakaDYvqOeShB3WJLwdIGi6X1f_3kzMaD5hDvpXfZr7uTY2luqhyvwXA751o3-s-Q3KqvPBf18sd_8GHCTB8RVkXe_pZ6kS29oRkcJJ5SWQmjTkKH-DP43cyIWgEyYRmWBPzOrU6_PivTWPUTgW-idnI3ibDb_uJ_HmsVQhHGutTJMHoX2-R7cHAvLNeGLLiNDYCwLbdUGYbK5jJEcDJMCXW5LnZGWhPM&cid=CAASEuRo4anwwtcxoNcssFY35gZeFQ&rfl=2%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%252F%240

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f0d69280cbcbe935847ebe50153a7d6713a2e4a751d8160cf92850c44911b73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=90&adk=2080251364&adf=4033036980&pi=t.aa~a.851277323~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x90&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=7&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=4039&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=6&fsb=1&xpc=ixelTRTOKD&p=https%3A//gruposdewhatsapp.bar&dtd=27
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30608
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame CF94 48 KB
14 KB 34ms
34ms Script
application/javascript 54.154.149.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=925113&advId=1499137&campId=38981544&pubId=1&placementId=324227816&adsafe_par&bundleId=&dealId=&bidurl=https://gruposdewhatsapp.bar/
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=90&adk=2080251364&adf=4033036980&pi=t.aa~a.851277323~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x90&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=7&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=4039&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=6&fsb=1&xpc=ixelTRTOKD&p=https%3A//gruposdewhatsapp.bar&dtd=27
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.154.149.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-154-149-33.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 89742b37321a6bc1cd0bd68556ca954b3cde7e0afa490b585a66aef5bf5c4a4b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-server-name: app17.ie.303net.net
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame CF94 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4af635698cb6488a8df86b99febedbc979c76e04f675f3a9cdc66f7b4d86aff6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 00:36:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3707
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1470
x-xss-protection: 0
server: cafe
etag: 9165589572046851897
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 00:36:42 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CF94 120 KB
37 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eaaa6059ef4c9ca12e78fcc03ae77ad4cbf05dc73c1fedf64b28a632868bd829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37344
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1635161763799786"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 31 Oct 2021 01:38:29 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame CF94 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7155d8dd40ece849d72213770b3a5b84467de8c6cab5c3bda3266808502cb69b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:32:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 356
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6337
x-xss-protection: 0
server: cafe
etag: 7721474052657771746
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:32:33 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame CF94 0
0 15ms
14ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS179VR0byowOFFCig7k1yZLMM6pZ7Jqf3nWq5Yx_cbFLrI-KHuFAFSFPiMOXMmduItwfvF_Tsp_-3w_bQqyZXQISASkg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=90&adk=2080251364&adf=4033036980&pi=t.aa~a.851277323~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x90&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=7&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=4039&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=6&fsb=1&xpc=ixelTRTOKD&p=https%3A//gruposdewhatsapp.bar&dtd=27
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame CF94 42 B
107 B 16ms
16ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CAuWbwUN1oQuWMhV2xFghOnK36peb4pmGt1X5pSc36bqFLwN_f-7yl5yCme4RFhU7GInFQO0VXKj1spgIAAAN7MSaSUc_SzKVdblVdntBrHwgFK5s

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 4993 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Tue, 26 Oct 2021 14:15:44 GMT
expires: Wed, 26 Oct 2022 14:15:44 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 386565
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame F935 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 01c30d5b9a12177acd4db8eaef8e96e9f713b74c615d5752c043ad170123389f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame 4F2C 12 KB
12 KB 48ms
8ms Image
image/jpeg 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcSyjr5N6Mn2IeD0AERBWOd-bSStl7osLuWtA4N_hwf0bqfsywHQSSG7_oqk86A&usqp=CAI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=909805614&adf=22827039&pi=t.aa~a.851264418~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=4&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2858&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=wt21vC1GN7&p=https%3A//gruposdewhatsapp.bar&dtd=19

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

749a8f4e159531f6dbc5f3699f7fff2e791dd829840bae6c79dbecad8a1740d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 10:14:15 GMT
x-content-type-options: nosniff
age: 55454
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12096
x-xss-protection: 0
last-modified: Wed, 20 Oct 2021 02:38:22 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sun, 30 Oct 2022 10:14:15 GMT

GET
H2 200 adview
googleads.g.doubleclick.net/pagead/ Frame 4F2C 0
0 24ms
24ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CbpvUlfN9YYemCdmN7_UP8qa96A7xzvK6ZcPfmZrODMma8dfTHRABIIGn93dglfL9gZQHoAHun9GbA8gBCakCLoL0L5Flsz6oAwHIA8sEqgTaAU_QAuhX0G9UF737Hm76oQW7R-c6-G3XORfUfR-seOS3obI_d-ApsdgHhCryU0vuR7KAlRbpeYsBxbPtzb-gUTQmoXbdjd_r48fnOV769tEaz00OqmHjWGJvPtdorz5lJPbhd74NWLvCM_BjuSeeCJ5Ne8h53oNkAvDYXMB1nyQEcLdHZjqrCVDLnCslMX0e7HCsSXOTBJfDvtYQaCDCu4Kv0HzHjvlvLx3xyDHtswltQID54Gpfi4lXIwgsKfhyc00fXnAGUlk-qX5MTLE7Fd0XoRbIokd7RjXIwATzu-KougOSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAH-t-uZKgH8NkbqAfy2RuoB47OG6gHk9gbqAfulrECqAf-nrECqAemvhvYBwDyBwQQha8D0ggJCIDhgBAQARhfgAoByAsB2BMO0BUBmBYBgBcBshccChoIABIUcHViLTgzNDA1NTc0MDEyODQwMjIYAA&sigh=RichvZKrmg0&uach_m=[UACH]&template_id=494

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=909805614&adf=22827039&pi=t.aa~a.851264418~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=4&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2858&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=wt21vC1GN7&p=https%3A//gruposdewhatsapp.bar&dtd=19

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=909805614&adf=22827039&pi=t.aa~a.851264418~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=4&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2858&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=wt21vC1GN7&p=https%3A//gruposdewhatsapp.bar&dtd=19
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 31 Oct 2021 01:38:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B0E4 143 B
198 B 7ms
6ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211026/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20211026/r20110914/zrt_lookup.html?fsb=1

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 31 Oct 2021 01:37:38 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 51
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 9EBE 0
0 20ms
19ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021102601&jk=3036079568268128&rc=
Requested by: Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 3B1C 0
0 23ms
23ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021102701&jk=3345433076437205&rc=
Requested by: Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 8438 0
0 31ms
31ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021102501&jk=1997484346019433&rc=
Requested by: Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 90E1 0
0 31ms
31ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021102501&jk=848841332571682&rc=
Requested by: Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame CEBB 17 KB
6 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102601.js?31063338

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sun, 31 Oct 2021 01:38:29 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame A362 3 KB
653 B 18ms
17ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=1577641129&adf=2908228819&pi=t.aa~a.851277323~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=6&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=3723&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=TpAeDOe1y7&p=https%3A//gruposdewhatsapp.bar&dtd=24

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 31 Oct 2021 01:10:39 GMT
server: ESF
date: Sun, 31 Oct 2021 01:38:29 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Sun, 31 Oct 2021 01:38:29 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame AE26 41 KB
15 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com
URL: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 14:15:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 386565
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Wed, 26 Oct 2022 14:15:44 GMT

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E92E 1 KB
868 B 8ms
7ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com
URL: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 30 Oct 2021 08:58:57 GMT
expires: Sun, 31 Oct 2021 08:58:57 GMT
content-type: text/html; charset=ISO-8859-1
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 59972
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame AE26 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b4b97f786e58c9a4e231d62b35d544128a3dc6962432abcbfdcd7ba68d73e940

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame 76F5 6 KB
744 B 17ms
17ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=1749763963&adf=1023529928&pi=t.aa~a.851271261~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280&nras=2&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=1993&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=wnUtz5zACY&p=https%3A//gruposdewhatsapp.bar&dtd=14

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 31 Oct 2021 01:12:54 GMT
server: ESF
date: Sun, 31 Oct 2021 01:38:29 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Sun, 31 Oct 2021 01:38:29 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 76F5 2 KB
946 B 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1b4e852fde612daeb72f1f4cca801a99cc2730875048c5ac3faa9f5ca5854155

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:12:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1537
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 885
x-xss-protection: 0
server: cafe
etag: 638833322182864030
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:12:52 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 2A02 3 KB
653 B 24ms
23ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=1749763963&adf=1227958693&pi=t.aa~a.851271261~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=3&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2309&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=22ZO10pvNk&p=https%3A//gruposdewhatsapp.bar&dtd=17

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 31 Oct 2021 00:10:47 GMT
server: ESF
date: Sun, 31 Oct 2021 01:38:29 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Sun, 31 Oct 2021 01:38:29 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 2A02 2 KB
946 B 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=1749763963&adf=1227958693&pi=t.aa~a.851271261~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=3&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2309&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=22ZO10pvNk&p=https%3A//gruposdewhatsapp.bar&dtd=17

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1b4e852fde612daeb72f1f4cca801a99cc2730875048c5ac3faa9f5ca5854155

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:12:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1537
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 885
x-xss-protection: 0
server: cafe
etag: 638833322182864030
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:12:52 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame A362 2 KB
946 B 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1b4e852fde612daeb72f1f4cca801a99cc2730875048c5ac3faa9f5ca5854155

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:12:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1537
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 885
x-xss-protection: 0
server: cafe
etag: 638833322182864030
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:12:52 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/ Frame A362 19 KB
8 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9098bce32fa311e967ba3bae1f3c4763801acf08ba95c67fb477f468e42a69a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:13:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1516
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7760
x-xss-protection: 0
server: cafe
etag: 2659786357195577193
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:13:13 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame A362 3 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4af635698cb6488a8df86b99febedbc979c76e04f675f3a9cdc66f7b4d86aff6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 00:36:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3707
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1470
x-xss-protection: 0
server: cafe
etag: 9165589572046851897
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 00:36:42 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A362 120 KB
37 KB 25ms
23ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eaaa6059ef4c9ca12e78fcc03ae77ad4cbf05dc73c1fedf64b28a632868bd829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37344
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1635161763799786"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 31 Oct 2021 01:38:30 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame A362 14 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7155d8dd40ece849d72213770b3a5b84467de8c6cab5c3bda3266808502cb69b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:32:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 356
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6337
x-xss-protection: 0
server: cafe
etag: 7721474052657771746
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:32:33 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame A362 0
0 18ms
16ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR6CrGPMUL3eJu1eCNQebEXs_AdScsguIuEYs7t-E6nO5CRAB1JG1S17ZMyHXMFCcRniyIAs_l3yV8wxtWUK4mvYwsUwQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=1577641129&adf=2908228819&pi=t.aa~a.851277323~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=6&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=3723&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=TpAeDOe1y7&p=https%3A//gruposdewhatsapp.bar&dtd=24
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 200 9a3fbb06dccc6bd708ce8a7c18eecc3a.js Show response
www.gstatic.com/mysidia/ Frame A362 27 KB
11 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/9a3fbb06dccc6bd708ce8a7c18eecc3a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfb5f646e583b7f7566b512d01ad4fe7a8bb81b83d8225cb31efe8375c1aa7ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 15:17:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 296483
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11281
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 10:17:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="mysidia"
expires: Tue, 25 Jan 2022 15:17:06 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0088 640 B
359 B 18ms
18ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiV2d-3ATAB&v=APEucNWgsSf1haxhutYtpvHadbzWTdGFGd4-fTXHBVcRpqSgEKsampfQxVQAYJbg2UcEYU5CG-i_gtcpolkMMnLqL1GPrDNt8xuHvkv5MjYGSKE1UO3qJYAObXlNX-MDvugH0AZWhuEI6EVE8RNzYcNhpZoTGBDlTuaTBfZNqaL1CYq_pt_4W_Q

Requested by

Host: 2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com
URL: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 31 Oct 2021 01:38:30 GMT
server: cafe
cache-control: private
content-length: 295
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 891A 85 KB
32 KB 62ms
61ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DUsStGESBJ8m59GZ3Ag1-oCBJFWJUPMtCtwrnEbXlv5A59SEqc-abV_Sxpl0vmTwmXccetuxox9FrEdJ3nCBBYoKn4NhKWV7hrd5iDc_vxFwue_VOrpSPYuuCGXdB7ivrYqASfReW7w4W1P9gTcZNqTO3TjQ&dbm_d=AKAmf-B7gmzPGjzVQ1LgapShPYbFkuiGn84zrpZCIEvkFrThOfyGYaMcpNU5OYgHju7_GBICgAdYLyTFBIVWvqFKy_ij5bpNL_ARfbYcIgHzCq9Yi9IX9PBHYS_eWOojanJT3PBFoe4YA8RUNIbViKkWcvkKmGgW8CTO57JixvpCQDSSw9PI3ywsl_MecwwiRuF7HtF5KBUKzKmznV3Wd1HwAXxmLQofp-GqJAUnEqj0SSC4wr8qbWmDr1It0Rn7TgAwlbLJejSMUmSM3KTkervTNMUzhUXjpmGNv_8t1n2kVxbvDvs4QBValEHGbucs3xkdaL8GpKDlP6UDIIAdU9eoBfkOUiPTe8FIu4Qr009wcZSzVh7Ryr4sy7Xc0H9tEtpqqxeE3rAetbrtBqZTXmIPrhMpKAqLbNQadBKDWYhLtB3mEF35uLJwKqnztZtRVK_QeyEPEg97A7TPyfGC5dp2j1RQy5O8DfEL4MExR0vHm7uf3PAsFAC_Hlb5ht9bDz0jcxHFKoqvPOMdWPgm2GpPhtrkrl4psK9sZlEiM9tYzdDblUSLtbx-U6wZrWysPUIC6Pk0REOGE4yWWjy9Lwe10mIvVEk26ag69NIqJMl1IlYADkWuZu8cYJAKOGo2WFe23Whwz9wcdsycfqRUlrxbZZf10GEYHeLPrnuekDNJwKh8xNevdHGTjFo0c01NJlc4x4474_DjwM69ckY1oEQhdEbE3zMZlKs0AVYptbbtNOOJYPLCArn1FYrFhv7CSxQtY05uzMbLJsq25-KzIcOj1jAf1Fcv9e96qbHlie8O9DQVC8sD-XucYVAS8eRUS1nLStU5jmM2H0z_vpJtajkkWU_Nn3V3UGxdol0r6aeVNojdQF9_zwqtZvDZCmGkFoYd7GOyOUyxNpfkgGybAgTX9ArDrxTHV6sp5TsUXwRYs0-gNt56Xx8VV2K4mj_J6PvBgKZumIQvLe3flLkB77lE5OrkFZMBuBP5sxjJK4LDPxlhTgnoOPGdYDY0w9z1fJCi6-mJzNV0u4EZ11EYfcaALIG0G3x48zyEV3-ug7bd-tNLPsJwcj7SH_4L6LIwE4hu8bGw6pZwa3oxs_wuRY9FYnDxil7XyFg7bDPzMJiRIAyIfq7q4dxTUJRYqXdAKjsS-FSXeV6r8fRj3oDnsPL2Q6K_hSoGhALeYDcrniAkQ2lJX6PIDJ7VmTramDagxjIWAoSInKKEk5LYHUWYfG8ec3-ycYWRO3vChHXx5xsA_f5RVYcfPboXW6b_UpymZWf5jYclIO8ydZeTP9r_k8uePxCYlntfExl3mZdz27LlW7y31LpB3QgfFXfCqtR8uTlyTF_t5-lTYd4bKiiBpyW_fjAE5S_he1u5T360pMY5971ki614yP9jkNtY2c6EIOjYtDlAuFUM3aX0kArslySDJSelTWn_zJWRcUXt9Tqsh7vHtlR8VDFi14h35WhwIfLJTHYi5ShhmYGfFGFFXcjO6WonwFjZoc191XayJUpm8kOgAMkfsONlyn6ivJyyVn_vz2enzz0dg-stxrVvm6-Lq0pZXYCsn6XGTI_Ao-u-xwZPuAmWb58rVI3QGL8jAA2FBKrYs_ZLdPT3rKYUXhQSY8y-v5Jsj2CcrHli4ivX7r_XIKyWjmJkGIIae7EtNBMKYfLMFhFVFNBHVz1qYl1TTOTXjYTTc7N0diIyVVnRJl_-wJj4RIf3T_Gke0IY6z7gx3hIcP2fugXpfUjirQmfJkou2edQY95QRsqMejsShPus0PpGNslY9HkEjtm7BnMPNsF-smoenP66tQObcwXW22fNAVuW9IeuUU3oAquzAVqx8q2oXjUnwYcgbpiKfkUFaVlWvslf9616fK9bFNQdOTnYCLswVuwS6k4J1B4WJbvMLffKNtZyTuqkanPS2AjlBe9BKw-T5Qoy6UoIHKnWBHYE3fjnyeE4ZxFi9xpDcH5wIfkaYe28J2DMz8vBK9SM-Qb8xLBVJRuVFP7ZAPoUbug4f8M7Q_P7bE8pX0DAGQcQBVzkqeamF22vIuQdY3bsC78ndnT2J0g-l-zlxhcV05kWvLQCdMa983EdpPB5o5oKDyWe_Oi3MM5LeWsBxP-yz_te8Dyr3ZLgsjCgo3HtdSY1C5P60ccwQyf0JYXgGhxpLlwQ-8CfhQfjJIYsHSFVPrMTs3RuEHvZsaPgdMuYGskqwq3uHK_KYJ_mmd28HucOAqwiPzf1aI7NkgZIPDp2b-5mqCEt3NYNdeqdTrw_E2u0ycn669S2CTbNAlVe1r3ovG15kKRRpnTSZt7rDfCBXaUvKfG9Ldjk1qna1N-ekAcRhWBOmljLsgyGHCEtpOY1BMhxZmwIZ63pYzKEUfY1eu1yVUwvQxJsqkCzOfWNOq9MuUWHJI9L2O5oiqqRN8P4JHuOvCEZM_GxH8YEn3RyNhL6xQuS32un-T6Jl3fuGCYuHVY4Ts4BsvsDpo7drhtKbaZF69tgaMBDgWQNt0-Cu2dxTKeyFEO5RusuIi0efylvvHA_JMBsSxN0jEz-Ni9UxP4Oa92oK5wRilH0Us960rRraPQgv9GJ_Z4SuEWc1am-6CIvT9-63y7YYX3mEefR20L76YeOfBIRMmCan6hZFlu1EIelvDb8bCFYlfuJATSqpO2BpQe7EzSWhdTFTB9cjjRtbhlAp7X6Sg0uuBSLzfCVHmyN3hLu5jR_cjjqw1Pr8KTGsfGKX4--w6k-WWbsdz_txjnJBpHNz0ElKf2-n8tPcBAClloM_T5seoHDywKcGmFfacKN3aTEY2bfqah7baHlgLHO121vEsnTp3dxqofFTh79CVIiHldpPqbjCaYC5kr6KIGqPW4-ObB_FFZhOGP1CpynZae8z_lBkweb2hmApUmt42BrvWudKYHsCLUd6k7iQUHOTs15S9zUNecwuQ0IiZM_NP6ovnsoT8Xt6tcK5h3lbmePxUasdtp-BSZTfc-XJpewc_oSjKP-UgwobQrvIqezwQ9wTrT4kmjqsNdBuitTIIy3kFRMnVIiUNTNkTa0yGNSviFVnu8SE7k0aviCZh1W60VyuoNL32DBKHareQOGz8kdaUWp6cgjPhPaNk6kjNQgF-8bS05h0cfU_pYA1tXI_jtudVEguZfu2xo2GGxsLxsazTxhOnwP1cj-RnSKZg&cid=CAASEuRo1KYTHw402C9L8BvgbPx9YQ&rfl=2%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%242%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%252F%240

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

aaee98f612d8fb2a52e2f77849e016f4fa235c8362b47c7835ce974e905068ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32792
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 891A 42 B
110 B 26ms
20ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CJmvY40qpxFkl0GhZ6-gB49C9zE9hY4cnAJGODb_jOiXubT5YeP-79F8p-YYUX58-3i6p_IX1_h0KkjgHeZdDh42nqdfLZ_vUIMmkL2Q2XuqFAdUo

Requested by

Host: 2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com
URL: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 891A 3 KB
1 KB 16ms
10ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/window_focus_fy2019.js

Requested by

Host: 2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com
URL: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4af635698cb6488a8df86b99febedbc979c76e04f675f3a9cdc66f7b4d86aff6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 00:36:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3708
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1470
x-xss-protection: 0
server: cafe
etag: 9165589572046851897
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 00:36:42 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 891A 120 KB
37 KB 43ms
29ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com
URL: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eaaa6059ef4c9ca12e78fcc03ae77ad4cbf05dc73c1fedf64b28a632868bd829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37344
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1635161763799786"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 31 Oct 2021 01:38:30 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 891A 14 KB
6 KB 20ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com
URL: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7155d8dd40ece849d72213770b3a5b84467de8c6cab5c3bda3266808502cb69b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:32:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 357
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6337
x-xss-protection: 0
server: cafe
etag: 7721474052657771746
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:32:33 GMT

GET
H2 200 html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame CF94 169 KB
59 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 02:52:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81962
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60173
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 02:52:28 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/elements/html/ Frame CF94 8 KB
3 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ANBVtmgELb4vYh2ANvPCWFbB10FOFLc1gHBO3mnVrpdRYiTwopxuHklWNVntu8XIc4L7cVHvA06MBQFVc0MDQUUPBXbZrLP0I_-Q3h2p86H05mcBATj0hWDHRhfOZ9aWtMfTruVyX3mxe2ZLk4DzQsvFCmRg&dbm_d=AKAmf-CjCNTIxgulXYOQrk8BvEYT7d_SFN0rRAhu_Bue0ZlOZ885bGBnlWRFvUvUqYLdcim19gWVh6OYivxXy4i1AqdnQVmS5gasQD4CxnV83S9b71-ftoQq9iw7LnRqmACjYwcF3jNJD5ufPiocamt5yYeZ8Reu-6bCuSadvM6D-oJE6MggoXP3qpfgVc4quFxOAUx5OvbYr7YvfrT_jJMzbOSEXySZ8uVmXfBfNqZwGSo3D--CWvLZJnXhgMNwchYSwwX5hrUt6IXRHCoTDFtzl0aEWhfHj3YlpadqRaQmJFcO4T4kmKazr2vrwvc8k12sH1KQpKm4MNI81sYhkmcpcQ0GCG55lo291gNQYwnocL2hsaq1S_GOitJsxeIunEORukqLAcr9L22p7-57rXvIhP7kzeedk7zgmNBweU3Xw7vJd75VRzdDLFHdVQqb4or3qDp4WozpDEDv9oP1D1nF4eJK5bgFSSMwGQrfTn9jOqiB0JZliwF4tJCSofw3fNc1xqWca9NInOMxDyWVtkdHpaxAabzUhcsNZiDNuvSpAb0sUCkwwIRCF-23tjsy6DgbV_LFmM25VCtrHBoIYWfYmjqowc9TgwCM80VyniJEJo8SaNBzK7oO83db0UiYum5bsmsblyqkTH8pCdFS6enu-Sczl2MG-xdXDwgM6UDEzsZ7yPwQzwiHzAKwY61F41l6IlDPWnkiRW76J4YFkGwW6CSrjQnyvroSmFAwwvE69J_DoyJKJQVyWCCQGsUf4dRQ4WKU6y5HxlScqaOSx1IBx0jttAQdNgXNmusXbdOtHY9gtExG5O2X37dtq9iOratMp6bj3mWvgdr7uokZF977-bcf4ofcq3F6YD0NtJp8qD2hgp0RyQiqyfGrnSkelViAdtpupkpA6KWxCYT8f8HCCxBqX29OiptLHF2Lvg3o_rPf2UGA5tW2DBmjo39XVE3L6-YUewUvMeC2MmIpUtRPCTf3mi7hZSMBQNjGisawC6MtKSU2JPgnKSCTlFD_n6FeEkVY47nOl5pBT7O4XhNvPLRB6dXWfzYG5gCY6EsI1iW6mJTIilX03krVVWgL_5a6mxGwldYuePgTlIOld-AEnmPxUPaNn5mXvhxaf50GWoYOQT2TQ6Oa8bh8udXTGIf1MKapXDKbFkKO7AA1ylPaFCYbtpfMqt89ImC35KKjbBjDuo4iJnpaYgUXFOvI4BfXOVjAmsyQ5vVxfNvAj4oKyyQ8_gmK128Sk6oIOke9Zv6UNeXtK8wM883OA6pIS250QU9dvyTDbAF5kBjYtWu7tD-0dIL0GblfAq0Ex59SkGwX64FgPiAv3b18RlSOGlNdqrnGBv2YCDZv0bd_xfEBk1S4ewtgowdcsI-y8DPGBR9U3yFfaLKNaF31vTWyJ14Ly7tGcWRVnzN3aDQR9KzPV8y7Es2UTIHJ5KIqTgHZ8slhzzpy395BlLbu3P_wM3uZrHz5YXkMG47y07H36qaOu_MbCwobW3lfPojjX-Wt6WG3A0bcTYJiUD2soe-5MAbFBw1H36a7CzJ0x8QTLNpH40SiiwfM1R2yEQz6FApKAQ4_wccG04redKl3D0Xs1ahq8bWNPD5dJfI-X-aj31MIAadOth2kui0s6XUH-6I-ZVnPS8eeQXOoNApa9GA0FTCkjS7J4NpXBBvpMCLioHx3TZyBTwB3z98726vCkOO_BJPmNIZepC3nc6jHpDRN6FPXjA6MVHv27TCSJFkxSXJIjzLNnUbCZkXcz46w9j_UBYWQU_CWwSsSl_uIl7z72ljn4QBZ5tsqDdmJkuTc_MaskQItBgCjJ-UKf4f7EUIWFbFIv3ilDqp1MzklxzkDSq2oN2CPH8njZ0iePvGxdycoNSORJDLWXoaF1KxBvYOmra1TNRLvxuJhfWotmRuEGtsd7AsO_xd3rDgucQeHTcrOhlvmprCXmtEIdQBaLlQeBra7-V5a4o854V8-cCmEtG3bM5VmND8TvM7QFM7ILaPqFMOfugShCYB3YknaNf4syPQgk7X_iV-A4RhG2UqzsgiI-llrEcIxjvSSbX45vvL0DlqhbTG1opG0gv9tnr08JbzWITWY4k22eY0mwuztnAFYgWWGjRogXTaTZ9ESeO2ZXxGkXD9C-lTeMoVSLHVkaGGS4XGQXzpL5aJdteupeRSogHS05lfdKx4eZQOXk8gQTz80B-BfV9IL0EtCUZ6KfyHCSRmjai4MyacUpc5dSMOkMlPJruA513Du8LX8cb9aZ_arcX9GQulacDP1fisdYwUKGORMB3ncQlA1esntJpsDC6leMIRTqwZAm89VwL1N8zTLxyacwu2jJxytNNPnBtVbABovpsE365ATEWYTvPfY6bCgrJzrlf-km_fYSEylLYEH-lMcv-NxeDD0gTpQ5yYsOz7bqmlymAfF9EBGxgLJIBvEaohmTJiPAwtYSAYUvlO2iITyiTV8HwTlVgXNoFXTI2zjaNwezKgvd3aNANttfHrHTqV3rq9IJ5vJHCa8hQlBm9cD0b65Oi2bib6pITmwp_QEL5gg1Vp19r_CKDliP7veQcBJ2izTTVK6WMAbYUsWGGbMafcPJMrwir4JPRH3JZj59vbU3Mk2XSArEsiqTglUWdsCOx8V7jFPN2bgt5sc9HC0-q64--7BR7Yxc9vgrjfJ4mh4uisGikAl6QC4xrACGwTD3ecoIFuxKFUTo2owuud9RMGdB_e34eWfebmHkXD8MErBnHpAO4IrRgTtL3Z9U40b-G_k257tzrUXm3b7HPVVp9ZkjIRP1uiVY76vA-AuJ15bUXtaGv_w57kXfyA107-EkGemB81INXvpsgXlwFxJv_-8clGI_ty2yhFFGOiiwlNXsQTrdgfWGiOXxJFxBcuM62QJu06vcHw-HJFTVgEZXz-F6o49iIQM4wtg17d-jL1EQL7a0gpCyUb1DSzKGCM2qWdLzjxF0gzuyED5W3PPXu6viqSfan7omYwPV0Lu3g8iuEy7xQJsuwnw373kQCKQKk8hj3_PVwl-5nmD6jwUGb7zjVbE7w8U5MNGz8QxLG9eV4n4uuEDnyyjNsdTQny_oQ9a3_Pzo7rakaDYvqOeShB3WJLwdIGi6X1f_3kzMaD5hDvpXfZr7uTY2luqhyvwXA751o3-s-Q3KqvPBf18sd_8GHCTB8RVkXe_pZ6kS29oRkcJJ5SWQmjTkKH-DP43cyIWgEyYRmWBPzOrU6_PivTWPUTgW-idnI3ibDb_uJ_HmsVQhHGutTJMHoX2-R7cHAvLNeGLLiNDYCwLbdUGYbK5jJEcDJMCXW5LnZGWhPM&cid=CAASEuRo4anwwtcxoNcssFY35gZeFQ&rfl=2%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

67cf5c21bfc71ee46210832792237e4a6ccd99e5c7bc198b046a38c9167fd0ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:26:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 737
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3128
x-xss-protection: 0
server: cafe
etag: 3658073882064373855
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:26:13 GMT

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/ Frame CF94 24 KB
9 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/abg_lite.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df660fd3ad4168b7c32eadc3b588ee90334003a7ea1af3299536be4e6697fcd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:03:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2126
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9375
x-xss-protection: 0
server: cafe
etag: 6887285106501176819
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:03:04 GMT

GET
H2 200 rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js Show response
pagead2.googlesyndication.com/bg/ Frame 06BB 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad8b12962ae8e7b1e5a90d30d5daf381777909bcc20b06faa9d148b888f6cc8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 15:10:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 210474
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13232
x-xss-protection: 0
last-modified: Tue, 19 Oct 2021 13:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 28 Oct 2022 15:10:36 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 3237
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECyDErByL_gaLrg0c_Y2wnY&google_cver=1

43 B
894 B

15ms
14ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECyDErByL_gaLrg0c_Y2wnY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKCQWhCBwFsY6KXNmgEwAQ&v=APEucNXQm9-g1_8gI0hpAlMnF9zElHd2tQaz81IYTTuLMEUu0UtZW6pMNQEpWz7E79-xmEDhNhGiTbrxUsuqD1vIpwsFx517EAa7Vo8hfV52Ts4oyB4iccsGXD8eSaKgrSvUhaeMA5XsjsQ9WdAJ39ogFps-AnWFoYckb20ghgsvkBb7uRwQVRg
Protocol: HTTP/1.1
Server: 23.218.208.246 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 01:38:30 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 31 Oct 2021 01:38:30 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECyDErByL_gaLrg0c_Y2wnY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 3237
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YX3zlbtJTfjVXfVMmN-7igAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECyDErByL_gaLrg0c_Y2wnY&google_cver=1

43 B
894 B

13ms
12ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECyDErByL_gaLrg0c_Y2wnY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKCQWhCBwFsY6KXNmgEwAQ&v=APEucNXQm9-g1_8gI0hpAlMnF9zElHd2tQaz81IYTTuLMEUu0UtZW6pMNQEpWz7E79-xmEDhNhGiTbrxUsuqD1vIpwsFx517EAa7Vo8hfV52Ts4oyB4iccsGXD8eSaKgrSvUhaeMA5XsjsQ9WdAJ39ogFps-AnWFoYckb20ghgsvkBb7uRwQVRg
Protocol: HTTP/1.1
Server: 23.218.208.246 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 01:38:30 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 31 Oct 2021 01:38:30 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECyDErByL_gaLrg0c_Y2wnY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 3237
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEGsYx5rWfzjVhKgzxgFMWS0&google_cver=1

43 B
1006 B

14ms
13ms

Image
image/gif

185.33.221.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEGsYx5rWfzjVhKgzxgFMWS0&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKCQWhCBwFsY6KXNmgEwAQ&v=APEucNXQm9-g1_8gI0hpAlMnF9zElHd2tQaz81IYTTuLMEUu0UtZW6pMNQEpWz7E79-xmEDhNhGiTbrxUsuqD1vIpwsFx517EAa7Vo8hfV52Ts4oyB4iccsGXD8eSaKgrSvUhaeMA5XsjsQ9WdAJ39ogFps-AnWFoYckb20ghgsvkBb7uRwQVRg

Protocol

HTTP/1.1

Server

185.33.221.90 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 01:38:30 GMT
X-Proxy-Origin: 168.119.25.193; 168.119.25.193; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 95d9649c-c40d-46d2-a985-016bcb88d000
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEGsYx5rWfzjVhKgzxgFMWS0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3237
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTExNDQ4NDM4Mjc5MDQzMjk1Mw%3D%3D

170 B
188 B

20ms
17ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTExNDQ4NDM4Mjc5MDQzMjk1Mw%3D%3D

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 01:38:30 GMT
X-Proxy-Origin: 168.119.25.193; 168.119.25.193; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 191db2ae-89ff-4085-bd2b-877619b19a7c
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTExNDQ4NDM4Mjc5MDQzMjk1Mw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js Show response
pagead2.googlesyndication.com/bg/ Frame 5122 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad8b12962ae8e7b1e5a90d30d5daf381777909bcc20b06faa9d148b888f6cc8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 15:10:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 210474
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13232
x-xss-protection: 0
last-modified: Tue, 19 Oct 2021 13:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 28 Oct 2022 15:10:36 GMT

GET
H2 200 rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js Show response
pagead2.googlesyndication.com/bg/ Frame 5FA3 35 KB
13 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad8b12962ae8e7b1e5a90d30d5daf381777909bcc20b06faa9d148b888f6cc8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 15:10:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 210474
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13232
x-xss-protection: 0
last-modified: Tue, 19 Oct 2021 13:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 28 Oct 2022 15:10:36 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9972 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 14:15:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 386566
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Wed, 26 Oct 2022 14:15:44 GMT

GET
H2 200 main.gr.19.8.258.js Show response
static.adsafeprotected.com/ Frame 9972 187 KB
60 KB 162ms
62ms Script
application/javascript 63.32.255.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.258.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=925113&advId=1499137&campId=38981544&pubId=1&placementId=324227816&adsafe_par&bundleId=&dealId=&bidurl=https://gruposdewhatsapp.bar/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.32.255.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-32-255-93.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 95ed394f2278bc0f10f9d454413268ae015d38b42c01cc0437e3eaf84847b50b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:30 GMT
content-encoding: gzip
last-modified: Thu, 28 Oct 2021 20:53:24 GMT
server: nginx/1.16.1
age: 15
etag: W/"1f0b5c785eba916bbc1965a1c1a5d3f2"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame D2E8 1 KB
792 B 7ms
7ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 30 Oct 2021 08:58:57 GMT
expires: Sun, 31 Oct 2021 08:58:57 GMT
content-type: text/html; charset=ISO-8859-1
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 59973
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 9972 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 91ca886b63c6b4e99d88dbaa8fbb151a1a7222b15b4efc43753de9142991aa34

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame 5DA4 3 KB
719 B 17ms
17ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:700

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4173881934964850688/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b684dd040789421a46a73d15a17624fca22594a692d2200d4b8362f497a59948

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 31 Oct 2021 01:14:20 GMT
server: ESF
date: Sun, 31 Oct 2021 01:38:30 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Sun, 31 Oct 2021 01:38:30 GMT

GET
H2 200 DcmEnabler_01_240.js Show response
s0.2mdn.net/879366/ Frame 5DA4 28 KB
10 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_240.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4173881934964850688/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80b6cb45660038ca8664df098c41002469441da18a13ad4c53d9c85898c22a5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4173881934964850688/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 04:22:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76537
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10141
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:31:19 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 04:22:53 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/3678357672300729772/ Frame 76F5 19 KB
19 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3678357672300729772/downsize_200k_v1?w=400&h=209

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c8e92d534c0854cb3089c6c9959626d66a0ae148bbee71fecd9709856cc2344

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 18:46:51 GMT
x-content-type-options: nosniff
age: 197499
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19555
x-xss-protection: 0
last-modified: Mon, 26 Oct 2020 15:52:46 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 28 Oct 2022 18:46:51 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/1766298243427667904/ Frame 76F5 1 KB
1 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1766298243427667904/downsize_200k_v1?w=100&h=100

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

00c89e128779eadd9c372c8dd74786910f790b72c00976fc08044182b1c9d9ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 17:37:50 GMT
x-content-type-options: nosniff
age: 201640
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1152
x-xss-protection: 0
last-modified: Thu, 24 Oct 2019 14:11:59 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 28 Oct 2022 17:37:50 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/13676504331474517504/ Frame A362 43 KB
44 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13676504331474517504/downsize_200k_v1?w=600&h=314

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e06b42d5fb5e0205cc8b55ad86c899efc9c4159818a166543f2b9c4955fe3a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 16:38:15 GMT
x-content-type-options: nosniff
age: 32415
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44412
x-xss-protection: 0
last-modified: Tue, 12 Jan 2021 11:50:37 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 30 Oct 2022 16:38:15 GMT

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 1B77 1 KB
787 B 7ms
7ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 30 Oct 2021 08:58:57 GMT
expires: Sun, 31 Oct 2021 08:58:57 GMT
content-type: text/html; charset=ISO-8859-1
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 59973
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 2BE6 207 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8fcfb0cfa4ea8b4a1d192b51eecb0f6be078d706b99adbee8c6c700faa7e3777

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/ Frame 76F5 19 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9098bce32fa311e967ba3bae1f3c4763801acf08ba95c67fb477f468e42a69a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:13:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1517
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7760
x-xss-protection: 0
server: cafe
etag: 2659786357195577193
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:13:13 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 76F5 3 KB
2 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4af635698cb6488a8df86b99febedbc979c76e04f675f3a9cdc66f7b4d86aff6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 00:36:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3708
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1470
x-xss-protection: 0
server: cafe
etag: 9165589572046851897
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 00:36:42 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 76F5 120 KB
37 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eaaa6059ef4c9ca12e78fcc03ae77ad4cbf05dc73c1fedf64b28a632868bd829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37344
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1635161763799786"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 31 Oct 2021 01:38:30 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 76F5 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7155d8dd40ece849d72213770b3a5b84467de8c6cab5c3bda3266808502cb69b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:32:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 357
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6337
x-xss-protection: 0
server: cafe
etag: 7721474052657771746
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:32:33 GMT

GET
H2 200 9a3fbb06dccc6bd708ce8a7c18eecc3a.js Show response
www.gstatic.com/mysidia/ Frame 76F5 27 KB
11 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/9a3fbb06dccc6bd708ce8a7c18eecc3a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfb5f646e583b7f7566b512d01ad4fe7a8bb81b83d8225cb31efe8375c1aa7ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 15:17:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 296484
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11281
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 10:17:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="mysidia"
expires: Tue, 25 Jan 2022 15:17:06 GMT

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 7246 1 KB
787 B 13ms
10ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=909805614&adf=22827039&pi=t.aa~a.851264418~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=4&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2858&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=wt21vC1GN7&p=https%3A//gruposdewhatsapp.bar&dtd=19

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 30 Oct 2021 08:58:57 GMT
expires: Sun, 31 Oct 2021 08:58:57 GMT
content-type: text/html; charset=ISO-8859-1
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 59973
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/ Frame 2A02 19 KB
8 KB 12ms
8ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=1749763963&adf=1227958693&pi=t.aa~a.851271261~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=3&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2309&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=22ZO10pvNk&p=https%3A//gruposdewhatsapp.bar&dtd=17

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9098bce32fa311e967ba3bae1f3c4763801acf08ba95c67fb477f468e42a69a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:13:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1517
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7760
x-xss-protection: 0
server: cafe
etag: 2659786357195577193
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:13:13 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 2A02 3 KB
2 KB 12ms
8ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=1749763963&adf=1227958693&pi=t.aa~a.851271261~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=3&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2309&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=22ZO10pvNk&p=https%3A//gruposdewhatsapp.bar&dtd=17

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4af635698cb6488a8df86b99febedbc979c76e04f675f3a9cdc66f7b4d86aff6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 00:36:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3708
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1470
x-xss-protection: 0
server: cafe
etag: 9165589572046851897
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 00:36:42 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2A02 120 KB
37 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=1749763963&adf=1227958693&pi=t.aa~a.851271261~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=3&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2309&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=22ZO10pvNk&p=https%3A//gruposdewhatsapp.bar&dtd=17

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eaaa6059ef4c9ca12e78fcc03ae77ad4cbf05dc73c1fedf64b28a632868bd829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37344
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1635161763799786"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 31 Oct 2021 01:38:30 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 2A02 14 KB
6 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=1749763963&adf=1227958693&pi=t.aa~a.851271261~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=3&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2309&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=22ZO10pvNk&p=https%3A//gruposdewhatsapp.bar&dtd=17

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7155d8dd40ece849d72213770b3a5b84467de8c6cab5c3bda3266808502cb69b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:32:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 357
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6337
x-xss-protection: 0
server: cafe
etag: 7721474052657771746
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:32:33 GMT

GET
H2 200 9a3fbb06dccc6bd708ce8a7c18eecc3a.js Show response
www.gstatic.com/mysidia/ Frame 2A02 27 KB
11 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/9a3fbb06dccc6bd708ce8a7c18eecc3a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=1749763963&adf=1227958693&pi=t.aa~a.851271261~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=3&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2309&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=22ZO10pvNk&p=https%3A//gruposdewhatsapp.bar&dtd=17

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfb5f646e583b7f7566b512d01ad4fe7a8bb81b83d8225cb31efe8375c1aa7ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 15:17:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 296484
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11281
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 10:17:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="mysidia"
expires: Tue, 25 Jan 2022 15:17:06 GMT

GET
H2 200 adview
googleads.g.doubleclick.net/pagead/ Frame A362 0
0 24ms
23ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CN3BolfN9Ydy4CePG7_UPwYKu2Aib9eDTZYP_k8fRC-7Ntou7FRABIIGn93dglfL9gZQHoAH_sKSjA8gBCakCsjF7Xxb3tj6oAwHIA8sEqgTWAU_QE7_5U7qSJEjiHguitm0PN1C26Y-xuqBIkHsZXShcI-pJrI0KFN3JzRDRRru_ID98S82LhAzF_kexqdHteeE-4-69n1JQLnfzS4Krdrv3Vi-fu-iMBVrLLy0ZJ4QtLvL8PRyTp7Fw94l0kUaD8d2GnI3aFOH-3TA0Y_0pShJsC0EI0sEq3VL_W6ihV0hmTJJrh8jyTU643l9T94fJXwGvvF5bdeShFHZkDfHQwqjhp2UE9N8R5xRsgrP6JTJ4wyTNdJlY19pTBIa-J4wIiNe06HPAfp3ABPqcz6nbAZIFBAgEGAGSBQQIBRgEoAYugAe914QsqAfw2RuoB_LZG6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcEEKfsA9IICQiA4YAQEAEYX4AKAcgLAbgTiCfYEwyIFATQFQGAFwGyFxwKGggAEhRwdWItODM0MDU1NzQwMTI4NDAyMhgA&sigh=a8L_J9SusWI&uach_m=[UACH]&template_id=5000

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=1577641129&adf=2908228819&pi=t.aa~a.851277323~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=6&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=3723&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=TpAeDOe1y7&p=https%3A//gruposdewhatsapp.bar&dtd=24
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 31 Oct 2021 01:38:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 4F2C 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dc847fd8b49a823b27d677fdcda9a357cdb6549b65e5dba2aba71c4aa5484d81

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame F6BD 499 B
377 B 18ms
17ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COvS1gIQ5su2qgIYyvyctwEwAQ&v=APEucNUQBF-NIn2OhzsmhTZrRoew2cTtAxTHt9Lt6ee_O-iQk90Hfpg9rKJiXSSfuAl5l_7JdKeCSdDl-lmUSNctaUXgMKfw49neLe_VGxQ57nAJ67wnqhiZX8evD4mbHD01UyTMn0dw6STogUblFeJw7sxF3_ZM7ZHd78jvxfY30ZfJ1g7PBM4

Requested by

Host: 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
URL: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

583eda12fed77c078f7391866e53eedd80aec5b9b178a3537a3c4c3b09575485

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 31 Oct 2021 01:38:30 GMT
server: cafe
cache-control: private
content-length: 313
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame E83D 78 KB
30 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CxXXl98PXYysZftneFmJ8yqt3caC0YFD7b51E-LuFowNoTz67mmhGLZ9QO5sEePq0t9AgeqGGmMRpjRcubkpedXAaAfDv2ibr4fLMkHSsxrrsg16qB0bXaceRLWgc4CAH2JeiBSio1GF1zqPgKUj1CgBYleg&dbm_d=AKAmf-AQcSFsPuSJPymyaIbQ0wlbdiFaNKScF-jCDgqOLRy23iDxfnIxSTS6YWaCHRRsgvm6Fk-uGHGaYwezxRCZD32G3PzVpuVddTXJHuZL6FJ1POkd08xPPUeK8RLbP1n_LRqbvc1vZH5U9AT7yuZ3gsYjsioqvlt2BbywKU_Gklfeg06nVLvUhsZfSGlXkTkMrlBdos3c0axPbdyz9nMfWrmY2-jIjSBsLjyviW755joPuyEXs_kKHjojDHn2EwRxN9FBanJ4pNgNxAlbEVoHL6066CAI3DwkoGXYJsxnRCmgVsK8YGHjbSkxDL5RXHGeOWRDlV5Q7ET4DODnzhhKcy0F6hw6gYhgD89xy_agxHRh1XP-fAD7liCayc0vnR7YdgverQmwtcKaZzp-yK3GOxKiPNIkhbRCOpW21rGZ74V2Ywova8--zrobj_atSsAtSz3eTibRfmGk93nMlrc6PeY1GyLlt9c5C6fg5Ai8Ge6Yn94p2O82L22BS5wR9wcdHV9M-n_rUyimPE-9AIDMVq8o3ViTh4uw9O9RH4wxGm-H6rtA7oeJSSbQ59NXlShOcKX1hkLPLWfSvwiuOdaS97swrp129Lc9j8XvTr_mRcIxj1GMjVKd8sm1hT8eQM3Ce7VS6LhYyahCMAHlgUPpaJJa1DTWNj3iUfm8leyiDPMQkKH_tV37fJr8GrDnUPFbxANZ8iHCeKH_zjsJ0nGk-PbYYjhPTwQG0AKHgidjDk85KRk3EQA9kVdp-Z4Ze4ERwrzrAxbT3l14B6Ue2HryKxEy1kXEx3zca0c1O9OxwsyJccwgAuh71Twoeib7mHeOs_GqDzukWZOZKUJdjOF_AYZdQE7c6lUh42lig-P49ZVK1BdEtKLgsqXrIvEgWfrATiRr7L0S1q4hKm8CNUF1OKU751m4ll5Oz3C6sKjur1CA0h0YkqbbpF7O9YlRJ49O1Uq5eTXhJ_ybg5lZeD5HtI8qhprmRWOS9QSN-MfX30Q66_Qc2RZGogyCTBhWBMzieXD2Sj-_7kF0q4hnEMXfO-X3qP8g9wF_ThZwn_vcRl-EP30a95K7bxU4wb0oTA68TfUWAp0-8fyrjthENDivGFC_xWmQP2_1OJyPywvd_tQKUjcMZOGVCTobZCLqH0RdahYJ8ekT5lOx7E7yvJJrQ-bGZAAViVZn_eSeQghQvulOpOlKVKH0k8pSeszsMAghDI1mzslSdDjr_9fLSRMVp0oxl6FTEivokpkKLNClRoTtuO4B0dxfakEBt5W64OjpUPNpWgU50DU8tz038FH6zuo9nwKlytAlxjC9tNkMw8TbOlJsSMv5dDQ771t_Bqa0wstH6JcazXS2QmpA6rZAhrf0t5MGoXXgJCGGpxnr9KKfJ-z6baV6igoT6dQrcmC3LYKNDTZRItVb9uq5r1pWLz6THg-4nu4OOGZM3JvEStJhT2escH40byOLQRn9q7Noi5msP0nohefuS17SyquUP5ePN13bBengcvOaFv3Y-1PIUthHTkATxHl0yrjfcJWacLFjw-UNr1Lac9hhYz2aVemSt1LvXlb0SrBpmN1lG-ziC_YPWMero75ANwzlQ3keklzYNjOnK3u44qRXN6mJccEmiVkRkK7nnTCY7KuSAC4R9kGlR82607iokAcWJM9fgmFbCGtf8MJ_fFpfmKm64WYvLeJ9eyGchoXWPuEt-5c5GPmz8ISPrcr0gVzVb7C2HwpnlQx3fxT-Lx_gHxYU0wUBD8ePLI5Vk96r4J670JSkmojYkRXXA3gO0BHrDEHpSYG2_Ney-cBhKfwjELEokgfo6pSoyhHCPp7iTBNrGbLx2sCGL4iM32XMRXAuEBtoEA36oJ_Embcdstu3zAq2bthCWZ5X3dGx3C1JYtuVPlwokT8EJlo45PHxaeA1NMfdpx92qWxWkDhrgDkoECDZ0a5tWQXkpTi3TuKcA_ph80bPmcXP6qEPB_WU0emtWpKSqEiGp2TFrCi2jbaU6oRC_ruxS95SUvsOmHMJww3rTS3l_k0Yf0-MhcgaYIQ4do57duedLM-_rNWLIn9f_HOrbuX_HzU2aMGV39oRERPqlNO_yw824k2-1ZzMjtDD7DMrRGmblCftMAoyzSseTr4kwFEo8OjiOadt00Hu6GDEmK7zLJkiJeW55ZVxyP1ySNKAg-QuhVUlHuxlBO8QkPDG_yJY6A-BDW9pDTznWPYsqSOXEEdpUqsGbrakygksJcLNOjhjcEa8GrQb8-f9RXUMu4d7Ndmq-zoiqi3cgjYnJEqbFK7G0KAxowMaGBuPbtMYE2tK2fdrecyectHQ8AmXwd8NK58_T7oJml3ZIDDQurIhVw_l810bv1vb22nn8S7DMRisSOzw0T9Pf3jndIs4nq7-Bq3o8DpGQ7j2xdKPyyi3vGypPLIG8gfto7DOxQAWxPhfcWnyGDeGjmGRGutwOTEd-l-SaludZlTOhFjzWgmG-f807OJVqltQxklpzQ03zSeN4sHWxsHaBf6vt4RxSnCqIPrpGhO8oE7ipLFdji8OarKIM1-rzZKQMxkZmdhqtp22qj6VJxWm-BrIGCtDBLN1r8SChwK1bRSL7i5caUcWtY046ow8Om_Sx-p-uJQTLrMW4vIonN2oqmLI5SwFVtadndGelS2HBVHDrduOMKUF9_obTGgKzEJf0xFObsorQchXrJWKSSTA_hxktftQnD7tyHKnOPwU27n-QW9eeRZxEILTeBJe-i2jbQGxmp0sCgEH_ozqK1lFbLup_aoCPNPdR-Xjy6mRnj1AkCgs8zbeLVSDu0NF3EB_CURS-lTiz7RS7X9zMW5Ke4aNbykqa9QpAjinEQnaw7-iUYUaHDBEN6m8dpaAS9WpnxXcmScMnvflyS-iwh_wwvQOxYMUmM2OTJZOsoiJSr5vc8WynJ3tdty4ytDyN5CSkIAvBeUvIWp1dFhaWR22sxdZZi09BYyFvIk5ZP9hBXyWmhARhX8lyqSJtTh3vFW0kccEANeOF_IGfJP4hIyCRYTs4rRW6T5AcYdARQfWtCjLEwVKOUetiCvZ7gFPCgym8eUPONoOHxVUOQZO0NerWQkYvs2_jCQCFaqrPwhWFltoXmTwLHlY5-EoXamWAG0PxQts7eFBYxtFFWjdKI0J2AGKDIA5Y5OnKth030NmK0N8stCY6bpJJL2u9WC1uCQ1MGM5x56Sxq5WdZpKBCgpQDnHI4wrTHRLjorlAxwKxA73TI7FlEr7At2oLB6p0cyKmoAS4MY5oep1pmTqz_3IInXajd6FXnSdSbDMUPDxCxi2qHFUmwgQj7Sew33NpetdnlSrhFq2RCqrJu2e8Cfs7H_WjawjVt8c5mcHRK6ifzExnyoIus_xll7zZbDRrOFa4_HypzixAbghHB1eMdtErx3kIXGVE_9cd4w_nmCQv3SyseR0ZVG49BiGiQc&cid=CAASEuRoLd0EprJ89wiroAufi5JNGQ&rfl=2%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%242%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%252F%240

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bcef07a0db2d0b2949012cf65343bae0c1615ec230c5237ba603c61575f2a07f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30485
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame E83D 42 B
110 B 17ms
15ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B5WIOuhXOzof-2uHP2vjDVNx3wIn6jfacfdzTdaqKR1ra5qp3Howaeq7_BytkGjcpKsn7mmXd7cV2Jc4cwVyNRWO_795yQUnsDBhYQ4-IAm2yinzw

Requested by

Host: 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
URL: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame E83D 3 KB
2 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/window_focus_fy2019.js

Requested by

Host: 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
URL: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4af635698cb6488a8df86b99febedbc979c76e04f675f3a9cdc66f7b4d86aff6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 00:36:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3708
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1470
x-xss-protection: 0
server: cafe
etag: 9165589572046851897
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 00:36:42 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E83D 120 KB
37 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
URL: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eaaa6059ef4c9ca12e78fcc03ae77ad4cbf05dc73c1fedf64b28a632868bd829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37344
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1635161763799786"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 31 Oct 2021 01:38:30 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame E83D 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
URL: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7155d8dd40ece849d72213770b3a5b84467de8c6cab5c3bda3266808502cb69b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:32:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 357
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6337
x-xss-protection: 0
server: cafe
etag: 7721474052657771746
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:32:33 GMT

GET
H2 200 rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js Show response
pagead2.googlesyndication.com/bg/ Frame F0BB 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad8b12962ae8e7b1e5a90d30d5daf381777909bcc20b06faa9d148b888f6cc8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 15:10:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 210474
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13232
x-xss-protection: 0
last-modified: Tue, 19 Oct 2021 13:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 28 Oct 2022 15:10:36 GMT

GET
H/1.1 200
OK fa7i8f5ue3r6 Show response
hal9000.redintelligence.net/zone/ Frame 6FEB 11 KB
4 KB 29ms
8ms Script
text/html 178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/fa7i8f5ue3r6?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCxtMulPN9Yar2Oo_C-gb6hY7IDbXN-YNXjNK5q-UM8C4QASCBi_ZoYJUCyAEJqQIugvQvkWWzPqgDAaoE9AFP0KWLyR4GBqxiOV8JL-6nloxX6PtO-f0hrsfNoDRb9602Ead3vqoj2veqk0OsngnhOSEMUpXcL5F44LypFdvbXIzou_g81RZ3emtRzBN6FTMIG6AAwjl5vnapjXaLVBYz93xp_w785YU8rjy-FSAU9j_qgwVb0eb8KZXDfVyLCSMJzpaUqMZDqg1APOFh4Npnvak-qne__vUyC57H_xiV8QNtP7c2C4VFrWLYdytuhd0bOI3HgNcs8OYJC_5N-FNR7ZPnf7p4Ov7Bz-0-qWi_1h5XNFUz_koLPaVwvP-aOd74RG14vrhqMUcixEXcHZYtDv25wASqnfy-zwHgBAOQBgGgBk2AB-vn6F6oB_DZG6gH8tkbqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi03NDIyMzU3NzYwMDI0MzgygAoDmAsByAsBgAwBsBPCmtoK0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRoWHuknKQwd3-rRfxKul6Pfpqp1A%26sig%3DAOD64_0xWZtlrjFc6Egv32aqCzXXNMXpoA%26client%3Dca-pub-7808843510208819%26dbm_c%3DAKAmf-CFLdEMZlUaSTpOwmj7lxr0vQdjxLsJPBLm8YC0kVQ-y-uF2P6ZhaO0VveXy4QS1F6qQXy8nsqQn702rmMvZTfaK-OVXLlxUoAukb6qaQr__nzXm2MlXgBAnyRgyn-B5sCphB6cxMJbMGAwtcx5kTiqAD763Q%26cry%3D1%26dbm_d%3DAKAmf-BaOuCdB8XAjPVGJdsuFJOJUsEbu8FCw-Fqmwf0OxySvo3eCpb16f9yUy6cuITAdvsUpzHZQql7MnFdDB6hZIpXpYi66MGERtl0qPj5ZRJu-iTjCKEk_2gC5w8rJwSbk5eDw9ekczkPRZX56CMoZz1Nei-J_XMfHtKqr8Rf7qXv37_Y95sLjX94OLJvaiwYxflbpB4xWqpl3mvYCRWc6ldWu1ncMXjVY1VYf3SYx9j4a7kKWUQgRyKJ5G91GDGeJhgAvJ0AYU7dnDJHuLHeJMsswev6SqLJBAEggx69ncuqjmv8QxcYMjcmiZkf3egRemYABs3F4d-F16aJePnIFhO70Wo3T83fLB7tUn2TtAhsTj7xMHMH5Wz8DUPe-sRGI77xyaDg0RwIyNJgCLlWKaSSnDbTSdxtM0kqt1sjYy5fRyoD6uk3VJ_syZDjjNC8fl5E75kLzj1AdSxoS6tvJwqRr7fIBQ%26adurl%3D
Requested by: Host: a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com
URL: https://a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: bfd119aa87db56d4524f4ba43ff5d050459b7053b66b3874992eb215bbf8f675

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 01:38:30 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3961
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H2 200 adview
googleads.g.doubleclick.net/pagead/ Frame 76F5 0
0 24ms
24ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CrS7zlfN9YYr_CL3C7_UP1ISX6AbU9NiJZau6qYjzDa-BuuPXAhABIIGn93dglfL9gZQHoAHR8orCA8gBCakCLoL0L5Flsz6oAwHIA8sEqgTmAU_QzgGMnwPlhc_8VCBo_b26_-1lcW6kr8ddtkUKFTJNewAwttuE_1_mTLfY-KMhfRktx7LIm9Jb7aAznFnBRz3kl-j53cCf-1JwzetfClepDkupWjuHrqgZEpmlgR82Gulri7ZGaR30RYLOvlhpo0NRjTIPIDtbhCLovhgG0gQR853Imm6FPt1FBlEU1XrfYdK7bVU2nkHRdua6njYvGZU2xXY_MepwW8Shuv0Hk4lGze3nCLJpjfRu-d0FbF6AzAQnfWKNsMAzkVPk1UnW-E1zDZuU9U89DC-9hZJMn9rWvc6G1Fu6wATgqIu-9AKSBQQIBBgBkgUECAUYBKAGLoAHl431PagH8NkbqAfy2RuoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBCzuwTSCAkIgOGAEBABGF-ACgHICwHYEwyIFAHQFQGYFgGAFwGyFxwKGggAEhRwdWItODM0MDU1NzQwMTI4NDAyMhgA&sigh=uTJ7fa5MpS4&uach_m=[UACH]&template_id=484

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=1749763963&adf=1023529928&pi=t.aa~a.851271261~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280&nras=2&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=1993&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=wnUtz5zACY&p=https%3A//gruposdewhatsapp.bar&dtd=14
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 31 Oct 2021 01:38:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 2A02 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
fonts.gstatic.com/s/googlesansdisplay/v15/ Frame 4F2C 20 KB
21 KB 9ms
7ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v15/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

475700259e64d480d1a70023e14741bb298a025e338bb608552e2472d4505a65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 05:28:40 GMT
x-content-type-options: nosniff
age: 245390
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20900
x-xss-protection: 0
last-modified: Mon, 19 Apr 2021 22:53:16 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 28 Oct 2022 05:28:40 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 2BE6 15 KB
15 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 02:40:20 GMT
x-content-type-options: nosniff
age: 255490
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 28 Oct 2022 02:40:20 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 2BE6 15 KB
16 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 01:55:14 GMT
x-content-type-options: nosniff
age: 171796
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 29 Oct 2022 01:55:14 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 2BE6 15 KB
15 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 16:31:41 GMT
x-content-type-options: nosniff
age: 292009
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 27 Oct 2022 16:31:41 GMT

GET
DATA 200
OK truncated
/ Frame A362 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 adview
googleads.g.doubleclick.net/pagead/ Frame 2A02 0
0 26ms
26ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C4TIBlfN9Yd2SCa7E7_UP49SW0AywlcyLZebfj8buDcKi65LGIxABIIGn93dglfL9gZQHoAHqvffXA8gBCakCLoL0L5Flsz6oAwHIA8sEqgTWAU_QJcrC6HtNWSKyeOfai--CRZk8GNP9A9KlfM9oQw8wcRF9Kt5CyanzTKOzbI40Lg7f7Vio4QzxMc82c3vn52j_rx2s7CRNHay_WXhYMlxJFTu_Xh6X0mMcc2VIQje7CuNjwtyJseHi2O7Ti6dxWfD9VImmHXFAaAPguCdiNnLupQ7PqjhpMzo6Xw3Ocr2Grw-809Ug7sBKQOcsHmRMLwg_50Wwqf8n2fZLaze5naMI8BeIgdFAYNxudyr6ieLPxsOfcF_pltnOmKz2j7F7Stz9Yg37uNrABLnr057XA5IFBAgEGAGSBQQIBRgEoAYugAf-wYgoqAfw2RuoB_LZG6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcEEPSdCNIICQiA4YAQEAEYX4AKAcgLAbgTiCfYEw2IFAHQFQGAFwGyFxwKGggAEhRwdWItODM0MDU1NzQwMTI4NDAyMhgA&sigh=cTFO6h7h5CM&uach_m=[UACH]&template_id=5000

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=1749763963&adf=1227958693&pi=t.aa~a.851271261~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=3&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2309&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=22ZO10pvNk&p=https%3A//gruposdewhatsapp.bar&dtd=17

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=1749763963&adf=1227958693&pi=t.aa~a.851271261~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=3&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2309&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=22ZO10pvNk&p=https%3A//gruposdewhatsapp.bar&dtd=17
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 31 Oct 2021 01:38:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 9081 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Tue, 26 Oct 2021 14:15:44 GMT
expires: Wed, 26 Oct 2022 14:15:44 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 386566
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sfht0if3y.js Show response
cdn.krxd.net/controltag/ Frame AE26 11 KB
4 KB 41ms
7ms Script
text/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/controltag/sfht0if3y.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 40a1b3366662d4c052b65b0e7842e3e7f78c4514afb3b4a387f550108ecdab03

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_config_service_ash_prod
date: Sun, 31 Oct 2021 01:38:30 GMT
via: 1.1 varnish, 1.1 varnish
age: 918
x-cache: MISS, HIT, HIT
x-app-cache: HIT
x-age: 0
content-encoding: gzip
content-length: 3744
x-served-by: config-service-a001-ash-prod.krxd.net, cache-bwi5149-BWI, cache-fra19161-FRA
x-response-time: 1
x-do-esi: esi
x-timer: S1635644310.260296,VS0,VE0
etag: "6b7f7c5dd851aeb3a658ac72e276f359fcdeb737"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=1200
accept-ranges: bytes
x-cache-hits: 0, 1, 49

GET
H2 200 index.html Show response
s0.2mdn.net/4528516/1039192214543590/ Frame C9EE 7 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/4528516/1039192214543590/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

22505fbaebad399c3081bd160240ec910f78b83454eed1506e63c67a826a6607

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 2666
date: Sat, 30 Oct 2021 10:45:52 GMT
expires: Sun, 31 Oct 2021 10:45:52 GMT
last-modified: Mon, 18 Oct 2021 13:16:10 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 53558
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame AE26 0
24 B 67ms
52ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuZJwXGUaGRpqkpmIaXIbP9C1VWNNPw-Sb21wNwg86f1MrYmValN9QDY6lPfgk4lGkNy1BVb7YV4Aofd8WwYfz4OJFy85FHOjB-e_wnDXs7X0fVuPj2lDu4FryuKGaZj1gUgzAveGCHJQ1uWl72yq9tA6y7FS1OW7T7ofb_KN57W7U30ViAHT9GtWRNhqQe83l6DQJD5YtZzDoT_Jl-WoYvalXzeAqFSWjhswzOTpTFmzgQFC_4imF_0mx9wkQf3cpBdClzk9LvBVpjc1dzQB3u0RH_4D_V0x7Jkw2rjVdZWaYrAxRWVCpW-n2nviyoHDlSfznQnmRifgg4rH6rl5-4C9OWD_CprGMDLfph3DdZaCodxo8a8m1Fg3Prs5GE1LUz_j3W2O7XZJEM-jrQ3cb61mVmGjLXvOzrMd3Fb8HXvvBfHdJ8a4Yy7vZo-ND3u0KLujZrweH-rpZbtwO8BQ3uc69LQfmH-0aKSvbc62cfGJcBy-gggq7XD5VGnEUjqSGxB3yO7clZKtPVdGEA9Ki18vpJ4o282dkthTm2JLkw1EsZTgpA_ZX5qAGuXlYsXAslJ4m7xWM8vh_lz82iWQ5nXO7L8b3zQl_MzAvCgip1PA9qGnISPhW0xi--tZWqVsJ0_C0kfg8jEBQ3NqF5QVyKAdMXZ6-8XxR4NWS6nb_66yU_uPdTeptTn3yH20u6u8xNJwFYk4rlKHIBaKsZfNyAATwQ4bpcbA-A_Qm59vgX_B2q_oa5_qjIf44d89Ix3HUkVEZIqPCvnpGGvUQPthkfzE7al4Zo3DiRZZ3TJ-k-ZYtWv8Vl7RYIDZP6HXyu0en6-SgIc__MsY11r20G9Z8rHtIVGqmfnaU09v4w395jTNqWTBv3Vu617RJuk4h59VH7g5zcp_BKlJ6UE1pXieKKwp3E2jRcHmy-x_NqaVSI8ekhNCobO25Bpj5U8VPb_7RcPcN7IYtYsnjp2PHfXrFjJ-6vXGEd6WXd9Efhdjbb2xzV_MHUocNV077-2AKzd9W7_rtAbeRZ5iiTVrYEA4ty1y6ypQuAWRdJfnSixlHtr87doSwdbe0C5nZXSHCMS82kRAw3Kc0ax_2vq6isk2vHxKRFwODINZckMjKQLiNm5PTY8JlswZlj2A4Lyx0qy2jYg4Tjja0HQ5hCSeooM21w_TXEdd-N12Im8qKOgJ0f8z1f_LPYPqKxRkqesa1nW8qEo5Ys22AjiL3nXWwf8Y6uI9u79jnUJpXsdvXwVxDYKbbKM2jjH-LF3XCu-553TAaVQ_JF4b1LtmzAbk-1Fm3bJOZT23yYZ5ax4zvI4xLy&sai=AMfl-YQZd0o_UF2Kk-HDDga_p00lWmU3KJ6GeWqhLcz5hf0CUjaukjFD1BuuBTFPlgiOdJuFAOsCcfJn3jMhOaWfqtVcxqoBJXXF8KgB3MConPlPm3ElQh1i2idW3Bxo6B_jnKn0ZMVlQnMSz-VeIiHDAnOnkIKXcA&sig=Cg0ArKJSzLY8WwJfPQ2SEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=584&cbvp=1&cstd=583&cisv=r20211027.53044&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sun, 31 Oct 2021 01:38:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61937826/20211018020328837/ Frame 1A49 78 KB
21 KB 17ms
17ms Document
text/html 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61937826/20211018020328837/index.html?e=69&leftOffset=0&topOffset=0&c=IfbE7g68ds&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b54e07cd55fa2cc3803bdffff6b3ce04466c4805b120e7231b0e3b76973516f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 21251
date: Sun, 31 Oct 2021 01:38:30 GMT
expires: Mon, 01 Nov 2021 01:38:30 GMT
cache-control: public, max-age=86400
last-modified: Mon, 18 Oct 2021 09:03:28 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4F2F 0
24 B 54ms
52ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuOO3e4usuXB9fWw2DcI8cNUXHdN2L7iqmgTbujuZYIdddjv84fu5psH8tvGINVHfk3MZAaulSQQeN1nyzmj8vo-9OrYab75nciXofyHh1Sqv85YXjnSUgftfsJRix83tNQLPEFfvrXSGANE8HuKSdYlWX9zLk4xA6i-9_JCFif8TzZfmSHEVXD8p-bvJO2adeA48nkpH5MBJCRUBqIofXCN_CvR2a3o5sFSJsq3Ru1j78O_BUQMJj9CVlOV5Uu2gT6e5hpMoD-dh10pKQWrSBlLawCBW-Tq2F5zvYoZecu5i6Bs7WWf0BdFsRy8fMPZzvPLXGVS7ph9CgGDldmLhNoB4atxotLXtNSCjPPaUTOZ3MoBHhY0Rt-86_Doda8Vgq_oG9fE0LHSuJFE09UWNjEA8Qctc6mFKSxCtWqTDie6b8FQ-8ChHrQeSSrCVTnLn4HHaZ1JxlAwGXEwTSGmw-rVy96LKSI97zkEQJZRXfKz6DMTy97MOqYUu01dnac7dymEF4w1SwYlDepGjwkl5Dl5F1cCfO6DPxjLdX5gWYLTflfsvrnADFnokuCBDlLWbwIhjG9t-noDV0w74pPSjPkZFoO7mR28TM-kwoF2uPLKKjTvfykFXxwqqfws_0l2rYvMyMrpZweKbtNloMHFf-MH3FhjUC8HKqm22YtIPkEsJ--53NrQV4d6ROWQ5yL9NTF3JoFRAUO8D529mWK7OF69aE0a92HmPmUSFyu7Y81ak_Evb0qsZHTp-de2U-az7o1xoCZa-P0bj3mbCJanb6JA1oRX_Boo9xxvsEHaov5xm_ylPDZiit0_wBDhMRhk6SkQxSDKKte8H24Y-T85_CxufTs9zeQrz3MJE3jFALRvMNuyfr9WBrT0y2bSsDmgOu4db5l9XrlCCJRaQkOA3Xd37yvsy6DpCn9AE-7XQ_Dg1ipDIrDdYWPRqY_D8x_J9CqKw15nCcDCpEck2j7EgTsjWYWUyXfCyBbCBaw3NDqGbCksHxfXjCbd9vmiHOeTvOnOCm3nXX77c0RjwaMmKK4uIrB4s1QUfmzf6PRcaY5kyqGFf9pSG09eRBFS7_2aPtU3KpByWaIC6gNxm_56cPhI-_IDTMr_xs0CxsG3WzUg2FNXFyFcnFaNtwqI3_c0w6-mCqXuKx9NFTOn0W55eo1vkwm-y6dt1PI0TyZR-rgrMtPzgdklmVuz2QxWxPAehiU-sqqfEriNjTGw3ycrJrjVu32RPJRESh_3w2WBViLs7Z6MZz6y3oZ3yi04YbxCujt065eVJzuuQ&sai=AMfl-YTL8DCUEt8It-7v7We2wGrdgqjFWxrnF82jh-dcTkzQkC0uB2JZux37c5fCmswMfHgw4yfeVJ5EDFBivwlGqBHrcRJiZ7zrWw9MR6JrovH99_4u2YftTgMzL8NyppDEW14iigrTjFkdA6XMMGeyRCNFhlxD6Q&sig=Cg0ArKJSzBwkOS-cn6y2EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=540&cbvp=1&cstd=535&cisv=r20211027.51406&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sun, 31 Oct 2021 01:38:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 m
secure-gg.imrworldwide.com/cgi-bin/ Frame 4F2F 0
297 B 122ms
35ms Image
text/plain 54.229.249.145
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gg.imrworldwide.com/cgi-bin/m?ca=nlsn302965&cr=159718502&ce=N376801.279382DBMTP-MONCLER-INTA&pc=316874647&ci=nlsnci1777&am=1&at=view&rt=banner&st=image&gdpr=&gdpr_consent=&r=2967740637&C78=G1,DCM&uoo=0
Requested by: Host: e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com
URL: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.229.249.145 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-229-249-145.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
server: nginx
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-gg.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
content-length: 0
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/60488576/20210603021707961/ Frame 801F 1 KB
679 B 15ms
15ms Document
text/html 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/60488576/20210603021707961/index.html?e=69&leftOffset=0&topOffset=0&c=su6QfSbCio&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54dfb935abb6204a5e45888d14297e054b9f2f94416fae2bb40d6fb443d08fac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 591
date: Sun, 31 Oct 2021 01:38:30 GMT
expires: Mon, 01 Nov 2021 01:38:30 GMT
cache-control: public, max-age=86400
last-modified: Thu, 03 Jun 2021 09:17:08 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9972 0
24 B 51ms
51ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssHsyFpw3advhBA8YOe40OebvcED6cr84zTfoQOkMEtAuAxVQp0Eckn_y4vryfrocz728_s7QaE8W5WIhTZdCOHZvg97wW8VKfSIgspy2Oa65RaV60qouscjVlo-av2Tme1YBq7PJ7lr3pLq0GpSnP2sfXPJ3WABne3cQ1rXpRozxB9aAUHLaDYnAwceZH_KPKbHgWRVZ8z4lbln7VaLpiGZNEzuGecN54TPfy_A5rQ5nPpTWaW_UzdVMOPDT1nhi-N3pyuKkwBbWAAAhVQM8JJ09bZgEJ0k18qiQw2XLG5sGnBMR2YtuoadvCozPgskPIueXP41hIPpfVsuKTMUCQdh3Dv4rmlCx0GKhVOYbmN0grETs8jfOvibm_XSruRPVjFJCS5Gvf8PY8QSGA5RwqlY3Fhk0yW1fLATAEhiT1v6basTB0w_Hp7NVOK8KCOLASjPJmjG837t49VTlo6l3qWsqdd9keJYvz9qDV5Y434eZKoZNVysdAjLDIhcWBAgbw8cQXGGNLAP89_jtoVvlBGTU0a0Kolapb4zZm4lIm-Ybq_8zqU-8fpZELnQB1ezeaQz8hYaaTuXjhuebIXW6XWjmQcp4xZr4aRpcx1BvxlcIpO2gVceYcIUdOD-tuJskb2eJjQZeMsGE7Da18yQTLWPYNxBtT0Gg8A1tfYzhYwSBA_aRDDzEegLPBQH5EGJ6XQ0GgawW9KkQDRDuHBGuvps_t6V724haspDfc3SwBBE2InFQufXQwzFABjLx7mXhhpIHfP8Q-eIfv-nJod-KjB_gMfkjJSLfRL29szlCw_Yvu-gHg9aq2_SIvyHb_1kkrk1MlDu9KuaCqoJIfue7yy_ZkatDQE-nj2X1cHh3S76lE1ROjuL3eSBUgJCiYwQCDwE-TLfjCo8H60PL1Qy2G9wuPlUN4r8t3XwlDHbZagyW3wZeiCBK8lMsjIQch35iS9bOp8iyGWIQ6OSC272g1cCAMNZ4uU-ZmmNFL4l4lZXkvQy9GtALDueRH61EFIueTbQfjHza1I4_Xmw-clFmd1LmC8XC6DBYj39s9lp7mjkKjRnFdgyFu_-SRAw5qyq_TUkPQMwHOVyIC6sO2R8_GX2IFObazURr1W69gt170mHZDYJlxJn0gmTlnsMooeM0d5Mhw1QjkgCmasHHkEE-5b7_-5veisIXWq9lsNYKErTW9pdLO16dJ8TIV5yCsJDSxBASng0egTmiU11JoVz0xMvqE1Fg-LWusMK7w3PV8LbET2jAUi3vJmlaakZ9heb_sNuOA&sai=AMfl-YSzSgRDPWly8hCyZbBkQq3-UzGjGI4J-SlMMpibLSJXLg7QWrq7hql8sm75MC1VsggTzG9-cOjSjCm7EsVfevkSUWyfoO6dXOqhNz1ndxYlf1KLxlcWaB7E4VHcdtSEcCdRnUr2g7daeZQJCuFFE23bNM2RsQ&sig=Cg0ArKJSzMlsFeLpoMhdEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=557&cbvp=1&cstd=553&cisv=r20211027.00515&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sun, 31 Oct 2021 01:38:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame 9972 43 B
1 KB 102ms
22ms Image
image/gif 213.202.235.10
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=63&extPu=lh-mindshare&extLi=25021099&extCr=97271829&extPm=289966437&dv_insertion=${INSERTION_ORDER_ID}&url=&gdpr_consent=&gdpr=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.202.235.10 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
Pragma: no-cache
X-ET-Code: 0
Last-Modified: So, 31 Okt 2021 01:38:30 GMT
Server: Microsoft-IIS/8.5
Date: Sun, 31 Oct 2021 01:38:30 GMT
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://googleads.g.doubleclick.net
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 1119
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D5A5 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Tue, 26 Oct 2021 14:15:44 GMT
expires: Wed, 26 Oct 2022 14:15:44 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 386566
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame C1AE 12 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Sat, 30 Oct 2021 22:31:15 GMT
expires: Sun, 30 Oct 2022 22:31:15 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 11235
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame C21C 783 B
761 B 17ms
17ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7b07c02003e6165d5cf4edd56009f27a6857a582e5dd7cdbc4dcc8768501df76

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-CoP6QznZ/Vq5/imhrz0uOA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sun, 31 Oct 2021 01:38:30 GMT
date: Sun, 31 Oct 2021 01:38:30 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-CoP6QznZ/Vq5/imhrz0uOA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 4F2F 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com
URL: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 14:15:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 386566
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Wed, 26 Oct 2022 14:15:44 GMT

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 310A 1 KB
787 B 7ms
7ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com
URL: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 30 Oct 2021 08:58:57 GMT
expires: Sun, 31 Oct 2021 08:58:57 GMT
content-type: text/html; charset=ISO-8859-1
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 59973
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 4F2F 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8e66e181781d55afc5ebbf791ad856bf448ab0f068e2c58c7a2cf17f8973ee33

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/769474/57793853/ Frame 891A 46 KB
13 KB 35ms
34ms Script
application/javascript 54.154.149.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/769474/57793853/skeleton.js
Requested by: Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.154.149.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-154-149-33.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d7436f5c0edcf552e5913dfc6b19cf74c39cabd08a2922261951a73b7385bd45

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
content-encoding: gzip
x-server-name: app02.ie.303net.net
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 891A 169 KB
59 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/
Origin: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 02:52:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81962
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60173
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 02:52:28 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/elements/html/ Frame 891A 8 KB
3 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DUsStGESBJ8m59GZ3Ag1-oCBJFWJUPMtCtwrnEbXlv5A59SEqc-abV_Sxpl0vmTwmXccetuxox9FrEdJ3nCBBYoKn4NhKWV7hrd5iDc_vxFwue_VOrpSPYuuCGXdB7ivrYqASfReW7w4W1P9gTcZNqTO3TjQ&dbm_d=AKAmf-B7gmzPGjzVQ1LgapShPYbFkuiGn84zrpZCIEvkFrThOfyGYaMcpNU5OYgHju7_GBICgAdYLyTFBIVWvqFKy_ij5bpNL_ARfbYcIgHzCq9Yi9IX9PBHYS_eWOojanJT3PBFoe4YA8RUNIbViKkWcvkKmGgW8CTO57JixvpCQDSSw9PI3ywsl_MecwwiRuF7HtF5KBUKzKmznV3Wd1HwAXxmLQofp-GqJAUnEqj0SSC4wr8qbWmDr1It0Rn7TgAwlbLJejSMUmSM3KTkervTNMUzhUXjpmGNv_8t1n2kVxbvDvs4QBValEHGbucs3xkdaL8GpKDlP6UDIIAdU9eoBfkOUiPTe8FIu4Qr009wcZSzVh7Ryr4sy7Xc0H9tEtpqqxeE3rAetbrtBqZTXmIPrhMpKAqLbNQadBKDWYhLtB3mEF35uLJwKqnztZtRVK_QeyEPEg97A7TPyfGC5dp2j1RQy5O8DfEL4MExR0vHm7uf3PAsFAC_Hlb5ht9bDz0jcxHFKoqvPOMdWPgm2GpPhtrkrl4psK9sZlEiM9tYzdDblUSLtbx-U6wZrWysPUIC6Pk0REOGE4yWWjy9Lwe10mIvVEk26ag69NIqJMl1IlYADkWuZu8cYJAKOGo2WFe23Whwz9wcdsycfqRUlrxbZZf10GEYHeLPrnuekDNJwKh8xNevdHGTjFo0c01NJlc4x4474_DjwM69ckY1oEQhdEbE3zMZlKs0AVYptbbtNOOJYPLCArn1FYrFhv7CSxQtY05uzMbLJsq25-KzIcOj1jAf1Fcv9e96qbHlie8O9DQVC8sD-XucYVAS8eRUS1nLStU5jmM2H0z_vpJtajkkWU_Nn3V3UGxdol0r6aeVNojdQF9_zwqtZvDZCmGkFoYd7GOyOUyxNpfkgGybAgTX9ArDrxTHV6sp5TsUXwRYs0-gNt56Xx8VV2K4mj_J6PvBgKZumIQvLe3flLkB77lE5OrkFZMBuBP5sxjJK4LDPxlhTgnoOPGdYDY0w9z1fJCi6-mJzNV0u4EZ11EYfcaALIG0G3x48zyEV3-ug7bd-tNLPsJwcj7SH_4L6LIwE4hu8bGw6pZwa3oxs_wuRY9FYnDxil7XyFg7bDPzMJiRIAyIfq7q4dxTUJRYqXdAKjsS-FSXeV6r8fRj3oDnsPL2Q6K_hSoGhALeYDcrniAkQ2lJX6PIDJ7VmTramDagxjIWAoSInKKEk5LYHUWYfG8ec3-ycYWRO3vChHXx5xsA_f5RVYcfPboXW6b_UpymZWf5jYclIO8ydZeTP9r_k8uePxCYlntfExl3mZdz27LlW7y31LpB3QgfFXfCqtR8uTlyTF_t5-lTYd4bKiiBpyW_fjAE5S_he1u5T360pMY5971ki614yP9jkNtY2c6EIOjYtDlAuFUM3aX0kArslySDJSelTWn_zJWRcUXt9Tqsh7vHtlR8VDFi14h35WhwIfLJTHYi5ShhmYGfFGFFXcjO6WonwFjZoc191XayJUpm8kOgAMkfsONlyn6ivJyyVn_vz2enzz0dg-stxrVvm6-Lq0pZXYCsn6XGTI_Ao-u-xwZPuAmWb58rVI3QGL8jAA2FBKrYs_ZLdPT3rKYUXhQSY8y-v5Jsj2CcrHli4ivX7r_XIKyWjmJkGIIae7EtNBMKYfLMFhFVFNBHVz1qYl1TTOTXjYTTc7N0diIyVVnRJl_-wJj4RIf3T_Gke0IY6z7gx3hIcP2fugXpfUjirQmfJkou2edQY95QRsqMejsShPus0PpGNslY9HkEjtm7BnMPNsF-smoenP66tQObcwXW22fNAVuW9IeuUU3oAquzAVqx8q2oXjUnwYcgbpiKfkUFaVlWvslf9616fK9bFNQdOTnYCLswVuwS6k4J1B4WJbvMLffKNtZyTuqkanPS2AjlBe9BKw-T5Qoy6UoIHKnWBHYE3fjnyeE4ZxFi9xpDcH5wIfkaYe28J2DMz8vBK9SM-Qb8xLBVJRuVFP7ZAPoUbug4f8M7Q_P7bE8pX0DAGQcQBVzkqeamF22vIuQdY3bsC78ndnT2J0g-l-zlxhcV05kWvLQCdMa983EdpPB5o5oKDyWe_Oi3MM5LeWsBxP-yz_te8Dyr3ZLgsjCgo3HtdSY1C5P60ccwQyf0JYXgGhxpLlwQ-8CfhQfjJIYsHSFVPrMTs3RuEHvZsaPgdMuYGskqwq3uHK_KYJ_mmd28HucOAqwiPzf1aI7NkgZIPDp2b-5mqCEt3NYNdeqdTrw_E2u0ycn669S2CTbNAlVe1r3ovG15kKRRpnTSZt7rDfCBXaUvKfG9Ldjk1qna1N-ekAcRhWBOmljLsgyGHCEtpOY1BMhxZmwIZ63pYzKEUfY1eu1yVUwvQxJsqkCzOfWNOq9MuUWHJI9L2O5oiqqRN8P4JHuOvCEZM_GxH8YEn3RyNhL6xQuS32un-T6Jl3fuGCYuHVY4Ts4BsvsDpo7drhtKbaZF69tgaMBDgWQNt0-Cu2dxTKeyFEO5RusuIi0efylvvHA_JMBsSxN0jEz-Ni9UxP4Oa92oK5wRilH0Us960rRraPQgv9GJ_Z4SuEWc1am-6CIvT9-63y7YYX3mEefR20L76YeOfBIRMmCan6hZFlu1EIelvDb8bCFYlfuJATSqpO2BpQe7EzSWhdTFTB9cjjRtbhlAp7X6Sg0uuBSLzfCVHmyN3hLu5jR_cjjqw1Pr8KTGsfGKX4--w6k-WWbsdz_txjnJBpHNz0ElKf2-n8tPcBAClloM_T5seoHDywKcGmFfacKN3aTEY2bfqah7baHlgLHO121vEsnTp3dxqofFTh79CVIiHldpPqbjCaYC5kr6KIGqPW4-ObB_FFZhOGP1CpynZae8z_lBkweb2hmApUmt42BrvWudKYHsCLUd6k7iQUHOTs15S9zUNecwuQ0IiZM_NP6ovnsoT8Xt6tcK5h3lbmePxUasdtp-BSZTfc-XJpewc_oSjKP-UgwobQrvIqezwQ9wTrT4kmjqsNdBuitTIIy3kFRMnVIiUNTNkTa0yGNSviFVnu8SE7k0aviCZh1W60VyuoNL32DBKHareQOGz8kdaUWp6cgjPhPaNk6kjNQgF-8bS05h0cfU_pYA1tXI_jtudVEguZfu2xo2GGxsLxsazTxhOnwP1cj-RnSKZg&cid=CAASEuRo1KYTHw402C9L8BvgbPx9YQ&rfl=2%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%242%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

67cf5c21bfc71ee46210832792237e4a6ccd99e5c7bc198b046a38c9167fd0ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:26:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 737
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3128
x-xss-protection: 0
server: cafe
etag: 3658073882064373855
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:26:13 GMT

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/ Frame 891A 24 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/abg_lite.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df660fd3ad4168b7c32eadc3b588ee90334003a7ea1af3299536be4e6697fcd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:03:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2126
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9375
x-xss-protection: 0
server: cafe
etag: 6887285106501176819
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:03:04 GMT

GET
H2 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsg-1x4gaVI.woff2
fonts.gstatic.com/s/opensans/v27/ Frame 5DA4 16 KB
16 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsg-1x4gaVI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a61d67250a5c36640e22099937af31613e68d6134439d5d4329efea0372aea79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 16:24:35 GMT
x-content-type-options: nosniff
age: 206035
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16408
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:30:39 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 28 Oct 2022 16:24:35 GMT

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E256 1 KB
787 B 7ms
7ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 30 Oct 2021 08:58:57 GMT
expires: Sun, 31 Oct 2021 08:58:57 GMT
content-type: text/html; charset=ISO-8859-1
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 59973
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 3222 1 KB
787 B 7ms
7ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=1749763963&adf=1227958693&pi=t.aa~a.851271261~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=3&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2309&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=22ZO10pvNk&p=https%3A//gruposdewhatsapp.bar&dtd=17

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 30 Oct 2021 08:58:57 GMT
expires: Sun, 31 Oct 2021 08:58:57 GMT
content-type: text/html; charset=ISO-8859-1
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 59973
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 0088
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGOt5t8zfiVGn_w9CH4geUI&google_cver=1

43 B
106 B

17ms
16ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGOt5t8zfiVGn_w9CH4geUI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiV2d-3ATAB&v=APEucNWgsSf1haxhutYtpvHadbzWTdGFGd4-fTXHBVcRpqSgEKsampfQxVQAYJbg2UcEYU5CG-i_gtcpolkMMnLqL1GPrDNt8xuHvkv5MjYGSKE1UO3qJYAObXlNX-MDvugH0AZWhuEI6EVE8RNzYcNhpZoTGBDlTuaTBfZNqaL1CYq_pt_4W_Q
Protocol: H2
Server: 34.98.64.218 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.217.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
via: 1.1 google
server: OXGW/16.217.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGOt5t8zfiVGn_w9CH4geUI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0088
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NTVlZmM1ZjktYWEyYS0yYThlLWM2MGMtMzc0OTI5ZmZhN2Y3

170 B
188 B

16ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NTVlZmM1ZjktYWEyYS0yYThlLWM2MGMtMzc0OTI5ZmZhN2Y3

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiV2d-3ATAB&v=APEucNWgsSf1haxhutYtpvHadbzWTdGFGd4-fTXHBVcRpqSgEKsampfQxVQAYJbg2UcEYU5CG-i_gtcpolkMMnLqL1GPrDNt8xuHvkv5MjYGSKE1UO3qJYAObXlNX-MDvugH0AZWhuEI6EVE8RNzYcNhpZoTGBDlTuaTBfZNqaL1CYq_pt_4W_Q

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 31 Oct 2021 01:38:30 GMT
content-encoding: gzip
server: OXGW/16.217.1
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NTVlZmM1ZjktYWEyYS0yYThlLWM2MGMtMzc0OTI5ZmZhN2Y3
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H2

200

um
sync.teads.tv/ Frame 0088
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEN-Q1a2XjFHm9ISh4JSa6xk&google_cver=1

23 B
172 B

34ms
34ms

Image
image/gif

104.92.106.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEN-Q1a2XjFHm9ISh4JSa6xk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiV2d-3ATAB&v=APEucNWgsSf1haxhutYtpvHadbzWTdGFGd4-fTXHBVcRpqSgEKsampfQxVQAYJbg2UcEYU5CG-i_gtcpolkMMnLqL1GPrDNt8xuHvkv5MjYGSKE1UO3qJYAObXlNX-MDvugH0AZWhuEI6EVE8RNzYcNhpZoTGBDlTuaTBfZNqaL1CYq_pt_4W_Q
Protocol: H2
Server: 104.92.106.130 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-106-130.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.6 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sun, 31 Oct 2021 01:38:30 GMT
server: akka-http/10.2.6
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEN-Q1a2XjFHm9ISh4JSa6xk&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 0088 23 B
172 B 34ms
34ms Image
image/gif 104.92.106.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiV2d-3ATAB&v=APEucNWgsSf1haxhutYtpvHadbzWTdGFGd4-fTXHBVcRpqSgEKsampfQxVQAYJbg2UcEYU5CG-i_gtcpolkMMnLqL1GPrDNt8xuHvkv5MjYGSKE1UO3qJYAObXlNX-MDvugH0AZWhuEI6EVE8RNzYcNhpZoTGBDlTuaTBfZNqaL1CYq_pt_4W_Q
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.106.130 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-106-130.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.6 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sun, 31 Oct 2021 01:38:30 GMT
server: akka-http/10.2.6
content-length: 23
content-type: image/gif

GET
H2 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/60488576/20210603021707961/ Frame 40CE 1 KB
652 B 15ms
15ms Document
text/html 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/60488576/20210603021707961/index.html?e=69&leftOffset=0&topOffset=0&c=JKUBp5Vtvo&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54dfb935abb6204a5e45888d14297e054b9f2f94416fae2bb40d6fb443d08fac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 591
date: Sun, 31 Oct 2021 01:38:30 GMT
expires: Mon, 01 Nov 2021 01:38:30 GMT
cache-control: public, max-age=86400
last-modified: Thu, 03 Jun 2021 09:17:08 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame CF94 0
24 B 49ms
49ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstJIdYXOBvPxwsdKNXtGkbyJkikP1OOXOHkAxrzeCA4u_uYOi6sOGr_evFDVvZID_lv5pzORegLSeE3pZUxP9BVrnNktJ9KROdkGrJX4_89XlROgO6OefiFuxD5HqTT8YE6RqTK2GlfYKINw6gUzebjxepbKpJtwMxUF2Y4Cq3CdhtamZLMI3EECCO5rcC1W0D0CmbFwcX1MdngxIAVbxJDRT0fyjGhi-5liOsbAU_vWSyQ76riXgLdzvPCE89_Mve97Fq9CQ9EMLnlzK0Wd1oKruwBBcYSH1nhndmbt8ti8Gmni7chynh47_CIAE-BlNBafImcQK3zlhsjESXXWcFFnl1bP39xvbL6fuVVGDaPd34xYZnsqPOEuDITFekmnvJccqdsZ0W3TXQxzvB0o1HWW1u3ZWNzN-DCSAdv36Xx-aHyySe6N3EL2zHG7ZyL2A2KCpx4yBjNH9JJUQ4jZhmFVj1cKai6yQfUIUsSUJK4Ji8LjqIAFjM28-j5wTUlbUdOelVGbC5uzpyGWJrOIZ5Jsf8sevVkefW92ca0VJXG459Ti81kbqynv5Xbc_xpGyvRCeR4c5r3DiIFoTifeBFju9E7dEyg0SE75vpge1zs2ktOMVvQ-gOUxtwtveNDqrfx_jNdxvTDShnxC9FJbeQPbSeXCqxceIcqiZfNtl597Hy8dPTIkp6tBrwwc0kKrZp8w8OFeE52pUu7rF0kDcXccfvr2UAcujJ7Qd9pngNlWMY-7K4aPGoYfSIbHtahuZOmcYKTt67t7FF2KPIu62s148ZVZXcpUq8u5SxmbmTO2aQ1dIimGqW8vWUOqxHRviADhI0_VZuy5mw2cnjUCIuWu51f7WJkdQz9BN3-GExTdgujSxiWbtfEgWWTW50R4IlcBsfY1IXjS6BSlPZ3Ij8pldJbglWqcSWJ0ep6socAMZK7URU0gS_-anK7_lQfR9XFk4EHslcqnZaB5Me-I8Szl8VfmZZ6JFcrkgfhhILAdNYNKBpuTE8p06wEjXwt-SBrXmpegsuIAtLs40TmROFKdAd9Vgjo7HYHkyJ1V9vvb7ZCmBuEmxcBvSEcBhlS0zZL33WqMczOdQ739tAJq_VBtrHuHj2rkCY2hI-47o6lS-QnMStUHIqyyFYOdQP-_WJdJSfp_dF_CtBciySrzh9RYLf0c8af4jgl0wcn-kPGSpDpgl-cioU-cB36c9vLKs7pwVsxs0WO5vf232YxrUi9sCpc8M5VltIYi-gD2w5xw6tdgcy94a66ZRVX&sai=AMfl-YTZig8N9j3CHap--kz-gaiWapp94pbqkciXC5P1ya6kyxoPM1YAcNzMCiJj5ac_nYX4NmALxnGWZxNFApijEJHQsPS71CLJ0WZEyxBAXKO5x-mcTOCPw-qeGDytDbSxITN0Frx8BuJWVyP4Nz5BJjB14VdTcQ&sig=Cg0ArKJSzGLOzwI6aDBOEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=394&cbvp=1&cstd=389&cisv=r20211027.06663&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sun, 31 Oct 2021 01:38:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame CF94 43 B
910 B 67ms
23ms Image
image/gif 213.202.235.10
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvId=63&extPu=lh-mindshare&extLi=25021099&extCr=97271829&extPm=289966437&dv_insertion=${INSERTION_ORDER_ID}&url=&gdpr_consent=&gdpr=

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.202.235.10 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
Pragma: no-cache
X-ET-Code: 0
Last-Modified: So, 31 Okt 2021 01:38:30 GMT
Server: Microsoft-IIS/8.5
Date: Sun, 31 Oct 2021 01:38:29 GMT
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://googleads.g.doubleclick.net
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 1119
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 4C8D 22 KB
8 KB 8ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Tue, 26 Oct 2021 14:15:44 GMT
expires: Wed, 26 Oct 2022 14:15:44 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 386566
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 express_html_obb_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame E83D 119 KB
42 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_obb_rendering_lib_200_275.js

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a57cecd2bf4d6d3b8498c67487333f6dc9e102371f5e48ffc7fcf18a6e8487e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/
Origin: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:12:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1574
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42555
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:53 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 01 Nov 2021 01:12:16 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/elements/html/ Frame E83D 8 KB
3 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CxXXl98PXYysZftneFmJ8yqt3caC0YFD7b51E-LuFowNoTz67mmhGLZ9QO5sEePq0t9AgeqGGmMRpjRcubkpedXAaAfDv2ibr4fLMkHSsxrrsg16qB0bXaceRLWgc4CAH2JeiBSio1GF1zqPgKUj1CgBYleg&dbm_d=AKAmf-AQcSFsPuSJPymyaIbQ0wlbdiFaNKScF-jCDgqOLRy23iDxfnIxSTS6YWaCHRRsgvm6Fk-uGHGaYwezxRCZD32G3PzVpuVddTXJHuZL6FJ1POkd08xPPUeK8RLbP1n_LRqbvc1vZH5U9AT7yuZ3gsYjsioqvlt2BbywKU_Gklfeg06nVLvUhsZfSGlXkTkMrlBdos3c0axPbdyz9nMfWrmY2-jIjSBsLjyviW755joPuyEXs_kKHjojDHn2EwRxN9FBanJ4pNgNxAlbEVoHL6066CAI3DwkoGXYJsxnRCmgVsK8YGHjbSkxDL5RXHGeOWRDlV5Q7ET4DODnzhhKcy0F6hw6gYhgD89xy_agxHRh1XP-fAD7liCayc0vnR7YdgverQmwtcKaZzp-yK3GOxKiPNIkhbRCOpW21rGZ74V2Ywova8--zrobj_atSsAtSz3eTibRfmGk93nMlrc6PeY1GyLlt9c5C6fg5Ai8Ge6Yn94p2O82L22BS5wR9wcdHV9M-n_rUyimPE-9AIDMVq8o3ViTh4uw9O9RH4wxGm-H6rtA7oeJSSbQ59NXlShOcKX1hkLPLWfSvwiuOdaS97swrp129Lc9j8XvTr_mRcIxj1GMjVKd8sm1hT8eQM3Ce7VS6LhYyahCMAHlgUPpaJJa1DTWNj3iUfm8leyiDPMQkKH_tV37fJr8GrDnUPFbxANZ8iHCeKH_zjsJ0nGk-PbYYjhPTwQG0AKHgidjDk85KRk3EQA9kVdp-Z4Ze4ERwrzrAxbT3l14B6Ue2HryKxEy1kXEx3zca0c1O9OxwsyJccwgAuh71Twoeib7mHeOs_GqDzukWZOZKUJdjOF_AYZdQE7c6lUh42lig-P49ZVK1BdEtKLgsqXrIvEgWfrATiRr7L0S1q4hKm8CNUF1OKU751m4ll5Oz3C6sKjur1CA0h0YkqbbpF7O9YlRJ49O1Uq5eTXhJ_ybg5lZeD5HtI8qhprmRWOS9QSN-MfX30Q66_Qc2RZGogyCTBhWBMzieXD2Sj-_7kF0q4hnEMXfO-X3qP8g9wF_ThZwn_vcRl-EP30a95K7bxU4wb0oTA68TfUWAp0-8fyrjthENDivGFC_xWmQP2_1OJyPywvd_tQKUjcMZOGVCTobZCLqH0RdahYJ8ekT5lOx7E7yvJJrQ-bGZAAViVZn_eSeQghQvulOpOlKVKH0k8pSeszsMAghDI1mzslSdDjr_9fLSRMVp0oxl6FTEivokpkKLNClRoTtuO4B0dxfakEBt5W64OjpUPNpWgU50DU8tz038FH6zuo9nwKlytAlxjC9tNkMw8TbOlJsSMv5dDQ771t_Bqa0wstH6JcazXS2QmpA6rZAhrf0t5MGoXXgJCGGpxnr9KKfJ-z6baV6igoT6dQrcmC3LYKNDTZRItVb9uq5r1pWLz6THg-4nu4OOGZM3JvEStJhT2escH40byOLQRn9q7Noi5msP0nohefuS17SyquUP5ePN13bBengcvOaFv3Y-1PIUthHTkATxHl0yrjfcJWacLFjw-UNr1Lac9hhYz2aVemSt1LvXlb0SrBpmN1lG-ziC_YPWMero75ANwzlQ3keklzYNjOnK3u44qRXN6mJccEmiVkRkK7nnTCY7KuSAC4R9kGlR82607iokAcWJM9fgmFbCGtf8MJ_fFpfmKm64WYvLeJ9eyGchoXWPuEt-5c5GPmz8ISPrcr0gVzVb7C2HwpnlQx3fxT-Lx_gHxYU0wUBD8ePLI5Vk96r4J670JSkmojYkRXXA3gO0BHrDEHpSYG2_Ney-cBhKfwjELEokgfo6pSoyhHCPp7iTBNrGbLx2sCGL4iM32XMRXAuEBtoEA36oJ_Embcdstu3zAq2bthCWZ5X3dGx3C1JYtuVPlwokT8EJlo45PHxaeA1NMfdpx92qWxWkDhrgDkoECDZ0a5tWQXkpTi3TuKcA_ph80bPmcXP6qEPB_WU0emtWpKSqEiGp2TFrCi2jbaU6oRC_ruxS95SUvsOmHMJww3rTS3l_k0Yf0-MhcgaYIQ4do57duedLM-_rNWLIn9f_HOrbuX_HzU2aMGV39oRERPqlNO_yw824k2-1ZzMjtDD7DMrRGmblCftMAoyzSseTr4kwFEo8OjiOadt00Hu6GDEmK7zLJkiJeW55ZVxyP1ySNKAg-QuhVUlHuxlBO8QkPDG_yJY6A-BDW9pDTznWPYsqSOXEEdpUqsGbrakygksJcLNOjhjcEa8GrQb8-f9RXUMu4d7Ndmq-zoiqi3cgjYnJEqbFK7G0KAxowMaGBuPbtMYE2tK2fdrecyectHQ8AmXwd8NK58_T7oJml3ZIDDQurIhVw_l810bv1vb22nn8S7DMRisSOzw0T9Pf3jndIs4nq7-Bq3o8DpGQ7j2xdKPyyi3vGypPLIG8gfto7DOxQAWxPhfcWnyGDeGjmGRGutwOTEd-l-SaludZlTOhFjzWgmG-f807OJVqltQxklpzQ03zSeN4sHWxsHaBf6vt4RxSnCqIPrpGhO8oE7ipLFdji8OarKIM1-rzZKQMxkZmdhqtp22qj6VJxWm-BrIGCtDBLN1r8SChwK1bRSL7i5caUcWtY046ow8Om_Sx-p-uJQTLrMW4vIonN2oqmLI5SwFVtadndGelS2HBVHDrduOMKUF9_obTGgKzEJf0xFObsorQchXrJWKSSTA_hxktftQnD7tyHKnOPwU27n-QW9eeRZxEILTeBJe-i2jbQGxmp0sCgEH_ozqK1lFbLup_aoCPNPdR-Xjy6mRnj1AkCgs8zbeLVSDu0NF3EB_CURS-lTiz7RS7X9zMW5Ke4aNbykqa9QpAjinEQnaw7-iUYUaHDBEN6m8dpaAS9WpnxXcmScMnvflyS-iwh_wwvQOxYMUmM2OTJZOsoiJSr5vc8WynJ3tdty4ytDyN5CSkIAvBeUvIWp1dFhaWR22sxdZZi09BYyFvIk5ZP9hBXyWmhARhX8lyqSJtTh3vFW0kccEANeOF_IGfJP4hIyCRYTs4rRW6T5AcYdARQfWtCjLEwVKOUetiCvZ7gFPCgym8eUPONoOHxVUOQZO0NerWQkYvs2_jCQCFaqrPwhWFltoXmTwLHlY5-EoXamWAG0PxQts7eFBYxtFFWjdKI0J2AGKDIA5Y5OnKth030NmK0N8stCY6bpJJL2u9WC1uCQ1MGM5x56Sxq5WdZpKBCgpQDnHI4wrTHRLjorlAxwKxA73TI7FlEr7At2oLB6p0cyKmoAS4MY5oep1pmTqz_3IInXajd6FXnSdSbDMUPDxCxi2qHFUmwgQj7Sew33NpetdnlSrhFq2RCqrJu2e8Cfs7H_WjawjVt8c5mcHRK6ifzExnyoIus_xll7zZbDRrOFa4_HypzixAbghHB1eMdtErx3kIXGVE_9cd4w_nmCQv3SyseR0ZVG49BiGiQc&cid=CAASEuRoLd0EprJ89wiroAufi5JNGQ&rfl=2%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%242%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

67cf5c21bfc71ee46210832792237e4a6ccd99e5c7bc198b046a38c9167fd0ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:26:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 737
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3128
x-xss-protection: 0
server: cafe
etag: 3658073882064373855
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:26:13 GMT

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/ Frame E83D 24 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/abg_lite.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df660fd3ad4168b7c32eadc3b588ee90334003a7ea1af3299536be4e6697fcd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:03:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2126
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9375
x-xss-protection: 0
server: cafe
etag: 6887285106501176819
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:03:04 GMT

GET
H/1.1

200
OK

request.php Show response
hal900019.redintelligence.net/ Frame 6FEB
Redirect Chain

https://hal900019.redintelligence.net/request.php?zone=fa7i8f5ue3r6&nw=20&renderingType=javascript&namespace=4e71422600&subid=&uid=4d1e72399095e450&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900019.redintelligence.net/request.php?zone=fa7i8f5ue3r6&nw=20&renderingType=javascript&namespace=4e71422600&subid=&uid=4d1e72399095e450&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

2 KB
1 KB

81ms
69ms

Script
application/x-javascript

78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900019.redintelligence.net/request.php?zone=fa7i8f5ue3r6&nw=20&renderingType=javascript&namespace=4e71422600&subid=&uid=4d1e72399095e450&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=640x480&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCxtMulPN9Yar2Oo_C-gb6hY7IDbXN-YNXjNK5q-UM8C4QASCBi_ZoYJUCyAEJqQIugvQvkWWzPqgDAaoE9AFP0KWLyR4GBqxiOV8JL-6nloxX6PtO-f0hrsfNoDRb9602Ead3vqoj2veqk0OsngnhOSEMUpXcL5F44LypFdvbXIzou_g81RZ3emtRzBN6FTMIG6AAwjl5vnapjXaLVBYz93xp_w785YU8rjy-FSAU9j_qgwVb0eb8KZXDfVyLCSMJzpaUqMZDqg1APOFh4Npnvak-qne__vUyC57H_xiV8QNtP7c2C4VFrWLYdytuhd0bOI3HgNcs8OYJC_5N-FNR7ZPnf7p4Ov7Bz-0-qWi_1h5XNFUz_koLPaVwvP-aOd74RG14vrhqMUcixEXcHZYtDv25wASqnfy-zwHgBAOQBgGgBk2AB-vn6F6oB_DZG6gH8tkbqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi03NDIyMzU3NzYwMDI0MzgygAoDmAsByAsBgAwBsBPCmtoK0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRoWHuknKQwd3-rRfxKul6Pfpqp1A%26sig%3DAOD64_0xWZtlrjFc6Egv32aqCzXXNMXpoA%26client%3Dca-pub-7808843510208819%26dbm_c%3DAKAmf-CFLdEMZlUaSTpOwmj7lxr0vQdjxLsJPBLm8YC0kVQ-y-uF2P6ZhaO0VveXy4QS1F6qQXy8nsqQn702rmMvZTfaK-OVXLlxUoAukb6qaQr__nzXm2MlXgBAnyRgyn-B5sCphB6cxMJbMGAwtcx5kTiqAD763Q%26cry%3D1%26dbm_d%3DAKAmf-BaOuCdB8XAjPVGJdsuFJOJUsEbu8FCw-Fqmwf0OxySvo3eCpb16f9yUy6cuITAdvsUpzHZQql7MnFdDB6hZIpXpYi66MGERtl0qPj5ZRJu-iTjCKEk_2gC5w8rJwSbk5eDw9ekczkPRZX56CMoZz1Nei-J_XMfHtKqr8Rf7qXv37_Y95sLjX94OLJvaiwYxflbpB4xWqpl3mvYCRWc6ldWu1ncMXjVY1VYf3SYx9j4a7kKWUQgRyKJ5G91GDGeJhgAvJ0AYU7dnDJHuLHeJMsswev6SqLJBAEggx69ncuqjmv8QxcYMjcmiZkf3egRemYABs3F4d-F16aJePnIFhO70Wo3T83fLB7tUn2TtAhsTj7xMHMH5Wz8DUPe-sRGI77xyaDg0RwIyNJgCLlWKaSSnDbTSdxtM0kqt1sjYy5fRyoD6uk3VJ_syZDjjNC8fl5E75kLzj1AdSxoS6tvJwqRr7fIBQ%26adurl%3D&documentReferer=https%3A%2F%2Fgruposdewhatsapp.bar%2F&ancestorOrigins=https%3A%2F%2Fgruposdewhatsapp.bar%2Chttps%3A%2F%2Fgruposdewhatsapp.bar&random=1531181916826&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com
URL: https://a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: e7390d3bd5a07554ca871a7f02f8585f0709b3fe6422fa75f20fbe0b9b05c94a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 01:38:30 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 59320200010508600710622011764019
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 893
Expires: Sun, 31 Oct 2021 02:38:30 +0200

Redirect headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 01:38:30 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=fa7i8f5ue3r6&nw=20&renderingType=javascript&namespace=4e71422600&subid=&uid=4d1e72399095e450&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=640x480&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCxtMulPN9Yar2Oo_C-gb6hY7IDbXN-YNXjNK5q-UM8C4QASCBi_ZoYJUCyAEJqQIugvQvkWWzPqgDAaoE9AFP0KWLyR4GBqxiOV8JL-6nloxX6PtO-f0hrsfNoDRb9602Ead3vqoj2veqk0OsngnhOSEMUpXcL5F44LypFdvbXIzou_g81RZ3emtRzBN6FTMIG6AAwjl5vnapjXaLVBYz93xp_w785YU8rjy-FSAU9j_qgwVb0eb8KZXDfVyLCSMJzpaUqMZDqg1APOFh4Npnvak-qne__vUyC57H_xiV8QNtP7c2C4VFrWLYdytuhd0bOI3HgNcs8OYJC_5N-FNR7ZPnf7p4Ov7Bz-0-qWi_1h5XNFUz_koLPaVwvP-aOd74RG14vrhqMUcixEXcHZYtDv25wASqnfy-zwHgBAOQBgGgBk2AB-vn6F6oB_DZG6gH8tkbqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi03NDIyMzU3NzYwMDI0MzgygAoDmAsByAsBgAwBsBPCmtoK0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRoWHuknKQwd3-rRfxKul6Pfpqp1A%26sig%3DAOD64_0xWZtlrjFc6Egv32aqCzXXNMXpoA%26client%3Dca-pub-7808843510208819%26dbm_c%3DAKAmf-CFLdEMZlUaSTpOwmj7lxr0vQdjxLsJPBLm8YC0kVQ-y-uF2P6ZhaO0VveXy4QS1F6qQXy8nsqQn702rmMvZTfaK-OVXLlxUoAukb6qaQr__nzXm2MlXgBAnyRgyn-B5sCphB6cxMJbMGAwtcx5kTiqAD763Q%26cry%3D1%26dbm_d%3DAKAmf-BaOuCdB8XAjPVGJdsuFJOJUsEbu8FCw-Fqmwf0OxySvo3eCpb16f9yUy6cuITAdvsUpzHZQql7MnFdDB6hZIpXpYi66MGERtl0qPj5ZRJu-iTjCKEk_2gC5w8rJwSbk5eDw9ekczkPRZX56CMoZz1Nei-J_XMfHtKqr8Rf7qXv37_Y95sLjX94OLJvaiwYxflbpB4xWqpl3mvYCRWc6ldWu1ncMXjVY1VYf3SYx9j4a7kKWUQgRyKJ5G91GDGeJhgAvJ0AYU7dnDJHuLHeJMsswev6SqLJBAEggx69ncuqjmv8QxcYMjcmiZkf3egRemYABs3F4d-F16aJePnIFhO70Wo3T83fLB7tUn2TtAhsTj7xMHMH5Wz8DUPe-sRGI77xyaDg0RwIyNJgCLlWKaSSnDbTSdxtM0kqt1sjYy5fRyoD6uk3VJ_syZDjjNC8fl5E75kLzj1AdSxoS6tvJwqRr7fIBQ%26adurl%3D&documentReferer=https%3A%2F%2Fgruposdewhatsapp.bar%2F&ancestorOrigins=https%3A%2F%2Fgruposdewhatsapp.bar%2Chttps%3A%2F%2Fgruposdewhatsapp.bar&random=1531181916826&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Sun, 31 Oct 2021 02:38:30 +0200

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame F935 0
23 B 44ms
43ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvGTJaV-6UbzL7aykegGQ1Gjc_Mt85gPDqZl694sBpm4DZYigAeVU6sR2p_jAwkMqeEwPpMWMBiOFgQgkXHZ4chduSJxtObEBtDid2XTbLKnVPCjQ_8FR-6bPRN_pHrwgxtmJHOJb9DWqGhMCO7P9EEFrzu-MiukoaNne43eJB3Wtuj2Zq2e86Qs76nrTrrtocKphtXc7yc4kToPambH3-HMU-HyKzH7pISAw-DkH07tQkhJmKkO_tZvfw6V-N5baGf2hfke-YqZiMoOveXtIIgk01tayRYJk4lrwuopD8fFEfyHgJffzeG-rXNFVLOEoYNWnVrQ87IGdEtcKhFj6gL_0Y6k5gMCw6m_f6ADw2sUYto_WYpRhWlhoH4OdSekzeLgBT46J1XpgtNPHdW9Fzo56gPAEM9T-5X7sQMKyHJ6Blpk8wvO9XnxEJP1JozvbIVfMssYbQnAiKeQ-SrtMQLvvcFp_oz7HqqZq7bh9YBAronSzIeYVHs9yTTpP4Mu292I-8MbSG-atx0odQkxo-ndCH3S6A7unOJGphNzECAGufYhhHAbi6PUNrLMovAbr5v00kTXzR0dx7XmQ9S54WUXXIPcDusLgcjbKfHdS9SDd_OHu5mVyXld1PlhJi8N1vgj-NNm9KnWrWNBRM3PqfdHF4giJDB7tDxeyG_Gv7kveDUTwq_PduAysX8pDKKsOqA8F-cVg7ZEcIS5mbYJYkQJifyJsRBFGLbdYVY8P8yYTFN6OpxZDtUab8t-rKkHpY14sqSU20-8k5PiT7J_M5Zqn6kNK_1Oqe2OzF0rH7nJuxu8-dDslIhmPCQvghZDp0KeZpDaP-AONcalogeVVn0wXJYJSuxOfsT4wLzb_EKc0OQ7nrfIngAROI90nY1WC3Nw_9uAqmXUsPcMKExHETIzKQmoAbbvQn6t_jahn2A5OyyFF6JvpiHfFQOBVOPqrcgdV-3asP27Qm3iz1xUTciM2pwloZdp2ciaNndiBeV9_epiTYzFvmJY3VtQHw1IHpEdBGHDQGcjE020qI0k5pjIvhNonBCOEfOrSATm6O0-EvoXDLVxV-sVocUMxlDww_40RXZqOUObpM7ooIBrc-raelk58ZQ70ZFwCE2vAB_FPHbAwz8qlJzvZz4Re9MFjx_5LL37Z-T3o1hhfbLXUOC9oYe9qTjEQ&sai=AMfl-YSZJprMfMYhbpvt5xuYbTZN7aDh5bh2KuuXXK6a0oXxTZ-rQLGgp3KLSwLow5qj4hpG84Zd2bsfloQfGdO-nw5ZC10_FqwrIQy-rLQHbx_Y2SLTcpNDqt_Unv-usLgwOICLzkS8nGtONGgCC-3KiNKYZ_woD13u6E-Fywgiv7NOR_4FA0H5frY&sig=Cg0ArKJSzNign5iueM6HEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1060&vt=11&dtpt=803&dett=3&cstd=255&cisv=r20211027.75117&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:30 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame CD45 1 KB
787 B 7ms
7ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 30 Oct 2021 08:58:57 GMT
expires: Sun, 31 Oct 2021 08:58:57 GMT
content-type: text/html; charset=ISO-8859-1
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 59973
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame A362 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 88a23ca533975c52e52d9fb5a7940851ba1da60e4f38e6e4b13fa43331a089e8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js Show response
pagead2.googlesyndication.com/bg/ Frame 4993 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e7b8ddc2df8ad1ef42f7846f30e92a666b4a79d319fa52405745b6c99f4abaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 21:11:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 275203
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13394
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 18:58:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Thu, 27 Oct 2022 21:11:47 GMT

GET
H2

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame B0E4
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
167 B

37ms
36ms

Document
text/html

2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20211026/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 31 Oct 2021 01:38:30 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 31 Oct 2021 01:38:30 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 31 Oct 2021 01:38:30 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame CF94 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 14:15:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 386566
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Wed, 26 Oct 2022 14:15:44 GMT

GET
H2 200 main.gr.19.8.258.js Show response
static.adsafeprotected.com/ Frame CF94 187 KB
60 KB 33ms
33ms Script
application/javascript 63.32.255.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.258.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=925113&advId=1499137&campId=38981544&pubId=1&placementId=324227816&adsafe_par&bundleId=&dealId=&bidurl=https://gruposdewhatsapp.bar/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.32.255.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-32-255-93.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 95ed394f2278bc0f10f9d454413268ae015d38b42c01cc0437e3eaf84847b50b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:30 GMT
content-encoding: gzip
last-modified: Thu, 28 Oct 2021 20:53:24 GMT
server: nginx/1.16.1
age: 8
etag: W/"1f0b5c785eba916bbc1965a1c1a5d3f2"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 9B40 1 KB
787 B 7ms
7ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 30 Oct 2021 08:58:57 GMT
expires: Sun, 31 Oct 2021 08:58:57 GMT
content-type: text/html; charset=ISO-8859-1
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 59973
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame CF94 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f6c471262cfb55248a92cd1347abd7675a752cbbf6c36f9162e06006b758b31f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame A362 21 KB
21 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 02:15:39 GMT
x-content-type-options: nosniff
age: 256971
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21660
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:07:18 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 28 Oct 2022 02:15:39 GMT

GET
H2 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame A362 21 KB
21 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 25 Oct 2021 18:21:26 GMT
x-content-type-options: nosniff
age: 458224
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21424
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:08:24 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 25 Oct 2022 18:21:26 GMT

GET
H2 200 LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js Show response
pagead2.googlesyndication.com/bg/ Frame FE29 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e7b8ddc2df8ad1ef42f7846f30e92a666b4a79d319fa52405745b6c99f4abaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 21:11:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 275203
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13394
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 18:58:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Thu, 27 Oct 2022 21:11:47 GMT

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame F6BD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGqP4t0raSAvLt4_yEo9cps&google_cver=1

43 B
548 B

22ms
22ms

Image
image/gif

185.94.180.125
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGqP4t0raSAvLt4_yEo9cps&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COvS1gIQ5su2qgIYyvyctwEwAQ&v=APEucNUQBF-NIn2OhzsmhTZrRoew2cTtAxTHt9Lt6ee_O-iQk90Hfpg9rKJiXSSfuAl5l_7JdKeCSdDl-lmUSNctaUXgMKfw49neLe_VGxQ57nAJ67wnqhiZX8evD4mbHD01UyTMn0dw6STogUblFeJw7sxF3_ZM7ZHd78jvxfY30ZfJ1g7PBM4
Protocol: HTTP/1.1
Server: 185.94.180.125 , Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 01:38:30 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 15
Connection: keep-alive
Content-Length: 43

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGqP4t0raSAvLt4_yEo9cps&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 306
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F6BD
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NDAzODYzZmItMzllYi0xMWVjLTkyZDktMWJmMGNmMjUwMzA2

170 B
188 B

16ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NDAzODYzZmItMzllYi0xMWVjLTkyZDktMWJmMGNmMjUwMzA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COvS1gIQ5su2qgIYyvyctwEwAQ&v=APEucNUQBF-NIn2OhzsmhTZrRoew2cTtAxTHt9Lt6ee_O-iQk90Hfpg9rKJiXSSfuAl5l_7JdKeCSdDl-lmUSNctaUXgMKfw49neLe_VGxQ57nAJ67wnqhiZX8evD4mbHD01UyTMn0dw6STogUblFeJw7sxF3_ZM7ZHd78jvxfY30ZfJ1g7PBM4

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sun, 31 Oct 2021 01:38:30 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=NDAzODYzZmItMzllYi0xMWVjLTkyZDktMWJmMGNmMjUwMzA2
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 133
Connection: keep-alive
Content-Length: 0

GET
H2 204 v1
ads.yahoo.com/cms/ Frame F6BD 0
292 B 8ms
8ms Image
text/plain 2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~b04e41039133c73fafd60e0ed8cb49a70ecfb061&nwid=10000483131&sigv=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7000 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:30 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 94F8 42 B
174 B 18ms
17ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstS0Q6Sp3xurpMdsUa1xpWizgctWU9oj8icxz47gQRBMXi_8ddVvrjMIxfeur55AxopiPXqpNEjoZY86Bhy-y4-UwC2siXRy4Q9h0ULqpb73JCjm5qt6Q&sai=AMfl-YRUQxgYOJusoCmUOP6gy5i8Oz6KNyaRI9eNedvxdKi666rJcJhu1W9MBleddMLAV8Mx2ENLvSjs1gCF&sig=Cg0ArKJSzGUnb_HHRil5EAE&id=lidar2&mcvt=1113&p=0,0,280,1200&mtos=1113,1113,1113,1113,1113&tos=1113,0,0,0,0&v=20211025&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=3482220690&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1635644308487&rpt=958&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame C9EE 236 KB
63 KB 56ms
17ms Script
text/javascript 2a02:26f0:f7::5c7b:e033
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/4528516/1039192214543590/index.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e033 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:30 GMT
content-encoding: gzip
server: Apache
cache-control: max-age=900
vary: Accept-Encoding
content-type: text/javascript
x-n: S
accept-ranges: bytes
expires: Sun, 31 Oct 2021 01:53:30 GMT

GET
H2 200 javascript.js Show response
s0.2mdn.net/4528516/1039192214543590/ Frame C9EE 26 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/4528516/1039192214543590/javascript.js?1633936563913

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/4528516/1039192214543590/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd1b986921be892a8a35adf08e9f19b7065593708080f2d4c476d8e4b4918041

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/4528516/1039192214543590/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 10:45:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53559
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6351
x-xss-protection: 0
last-modified: Mon, 18 Oct 2021 13:16:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 10:45:51 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/17360875325443262816/ Frame 2A02 20 KB
20 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17360875325443262816/downsize_200k_v1?w=600&h=314

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=1749763963&adf=1227958693&pi=t.aa~a.851271261~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=3&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2309&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=22ZO10pvNk&p=https%3A//gruposdewhatsapp.bar&dtd=17

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79054cc265700080b7d945a9b1797607e3a166c6c3393a5abb59b4ea1c448476

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 09:45:18 GMT
x-content-type-options: nosniff
age: 143592
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20846
x-xss-protection: 0
last-modified: Wed, 31 Mar 2021 14:43:23 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 29 Oct 2022 09:45:18 GMT

GET
DATA 200
OK truncated
/ Frame 2A02 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0f24863a3d15acc434a6be64ac2d54b606012abeb004960ac1215f764251aaa6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 76F5 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 31e0cb36013a6726120a21ccf47bb434a0712b9d7490a4c0252472e73bcc4e40

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 76F5 15 KB
15 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 02:40:20 GMT
x-content-type-options: nosniff
age: 255490
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 28 Oct 2022 02:40:20 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 76F5 15 KB
16 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 01:55:14 GMT
x-content-type-options: nosniff
age: 171796
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 29 Oct 2022 01:55:14 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 76F5 15 KB
15 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 16:31:41 GMT
x-content-type-options: nosniff
age: 292009
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 27 Oct 2022 16:31:41 GMT

GET
H2 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 2A02 21 KB
21 KB 10ms
9ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 02:15:39 GMT
x-content-type-options: nosniff
age: 256971
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21660
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:07:18 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 28 Oct 2022 02:15:39 GMT

GET
H2 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 2A02 21 KB
21 KB 10ms
10ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 25 Oct 2021 18:21:26 GMT
x-content-type-options: nosniff
age: 458224
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21424
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 18:08:24 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 25 Oct 2022 18:21:26 GMT

GET
H2 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 1A49 118 KB
40 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61937826/20211018020328837/index.html?e=69&leftOffset=0&topOffset=0&c=IfbE7g68ds&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61937826/20211018020328837/index.html?e=69&leftOffset=0&topOffset=0&c=IfbE7g68ds&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 13:34:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 43423
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 13:34:47 GMT

GET
H2 200 controltag.js.a1705c5ac5f06cf0c202ff70908fc042 Show response
cdn.krxd.net/ctjs/ Frame AE26 259 KB
83 KB 7ms
7ms Script
application/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/controltag/sfht0if3y.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 58d6350da5588a52d6baa4efc27a3362b4ee69dba3504fc762f934d7bb5d0bc4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_Controltag_S3
date: Sun, 31 Oct 2021 01:38:30 GMT
content-encoding: gzip
age: 7737656
x-amz-server-side-encryption: AES256
x-cache: HIT
x-cache-hits: 1545533
content-length: 84509
x-served-by: cache-fra19161-FRA
last-modified: Mon, 02 Aug 2021 12:06:17 GMT
x-timer: S1635644311.667116,VS0,VE0
etag: "a1705c5ac5f06cf0c202ff70908fc042"
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=315360000
accept-ranges: bytes
expires: Thu, 31 Jul 2031 12:06:16 GMT

GET /
google2waycm.netmng.com/cm/ Frame E92E 0
0

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame E92E
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEBztHkH4KUxqkYensOvM_1I&google_cver=1&google_push=AYg5qPJvF1nVHPVL7gbP-oPG2mVTqETad5Ia5ijWFCp5qgKtpIEH1yzyIo85Sq1KDzJPpGjN1YGQPyqnTDzCcD8Ci3L21Cz5P1sQ
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MjgwMTgwMTMzMDYxNjU3MTY1Mw==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEDAmT2_ja65L6UvbHEF2zxA&google_cver=1

43 B
407 B

630ms
172ms

Image
image/gif

2620:112:f000:bbbb::11
TURN-US-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEDAmT2_ja65L6UvbHEF2zxA&google_cver=1
Requested by: Host: aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com
URL: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Server: 2620:112:f000:bbbb::11 , United States, ASN6336 (TURN-US-ASN, US),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEDAmT2_ja65L6UvbHEF2zxA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame E92E 35 B
463 B 36ms
9ms Image
image/gif 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEKV0b2munPbVCwRVrMEI_J8&google_cver=1&google_push=AYg5qPK91pzxkosTtJnPRwUq7jo69vRcbBHqS5kldaSdPja6uvMFJkC6Bwfo7NKIs4IPdn6Yl8gzZLsaszrcHICA8l_0X6FeKU-o

Requested by

Host: aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com
URL: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E92E
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEKbmMe9HjRt6d9HqYVNO2EM&google_cver=1&google_push=AYg5qPJ3EeXYRGut2b6DUa7EQ1G_wbx9dewZI6pRejrOWFuaYEuGiNrXi3MocLPCGwoezw07qD-G3wgRLJ5KML-u...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPJ3EeXYRGut2b6DUa7EQ1G_wbx9dewZI6pRejrOWFuaYEuGiNrXi3MocLPCGwoezw07qD-G3wgRLJ5KML-ufr5cGFLbhEos

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPJ3EeXYRGut2b6DUa7EQ1G_wbx9dewZI6pRejrOWFuaYEuGiNrXi3MocLPCGwoezw07qD-G3wgRLJ5KML-ufr5cGFLbhEos

Requested by

Host: aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com
URL: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sun, 31 Oct 2021 01:38:30 GMT
Server: MT3 4067 88cc6bf master cdg-pixel-x14 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPJ3EeXYRGut2b6DUa7EQ1G_wbx9dewZI6pRejrOWFuaYEuGiNrXi3MocLPCGwoezw07qD-G3wgRLJ5KML-ufr5cGFLbhEos
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sun, 31 Oct 2021 01:38:29 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E92E
Redirect Chain

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEGJBucwhe2OvbLItkwnsl7I&google_cver=1&google_push=AYg5qPIBEFYsL7E_56RbJSYvOON8bpEi3hty52UUAgaPJuPL9bHriA7_12T4C...
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEGJBucwhe2OvbLItkwnsl7I&google_cver=1&google_push=AYg5qPIBEFYsL7E_56RbJSYvOON8bpEi3hty52UUAgaPJuPL9bHriA7_12T4C...
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=sXdNw4LDb_lzaFWlTT41vA&google_push=AYg5qPIBEFYsL7E_56RbJSYvOON8bpEi3hty52UUAgaPJuPL9bHriA7_12T4CtFIH0lf5NI4ddRxOeMkv...

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=sXdNw4LDb_lzaFWlTT41vA&google_push=AYg5qPIBEFYsL7E_56RbJSYvOON8bpEi3hty52UUAgaPJuPL9bHriA7_12T4CtFIH0lf5NI4ddRxOeMkvip033Z_XJN64M7j-8Jq

Requested by

Host: aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com
URL: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sun, 31 Oct 2021 01:38:31 GMT
Server: nginx
Vary: Accept
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=sXdNw4LDb_lzaFWlTT41vA&google_push=AYg5qPIBEFYsL7E_56RbJSYvOON8bpEi3hty52UUAgaPJuPL9bHriA7_12T4CtFIH0lf5NI4ddRxOeMkvip033Z_XJN64M7j-8Jq
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 238

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E92E
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=WnAbpBlDQjS7TEy7LrKH9Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=WnAbpBlDQjS7TEy7LrKH9Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLqXeQ2u3mCIlbm0aSfLaUymV0Ly-rSzQpuulZju87RcstenAKCwFbHqRGufvLZDyPlbDpnu9MLzkRSpdGbUUsfRVhJiN7g

Requested by

Host: aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com
URL: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=WnAbpBlDQjS7TEy7LrKH9Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLqXeQ2u3mCIlbm0aSfLaUymV0Ly-rSzQpuulZju87RcstenAKCwFbHqRGufvLZDyPlbDpnu9MLzkRSpdGbUUsfRVhJiN7g
date: Sun, 31 Oct 2021 01:38:30 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 200 dot.gif
s0.2mdn.net/ Frame E92E 43 B
135 B 16ms
15ms Image
image/gif 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEJDvjZINanWybntC4wCPNMI&google_cver=1&google_push=AYg5qPKEiPvn6UWmTe7L5dbAlAKsOfOZYRotuZ7olbMH4NQcNAzACAgYfOOdjJT1MoIdKRbyYImpEnNk1IV-xqon8n4TYOwDQXi9

Requested by

Host: aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com
URL: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 01 Nov 2021 01:38:30 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame E92E 0
12 B 15ms
14ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KkV5W_WpY0I7X6EflgIYiD79Qo85vh7qAssPlMoYVrLkBmjUAqL1-06RJBz8ISMsuo9HR7cw

Requested by

Host: aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com
URL: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:30 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame 801F 110 KB
38 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/60488576/20210603021707961/index.html?e=69&leftOffset=0&topOffset=0&c=su6QfSbCio&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/60488576/20210603021707961/index.html?e=69&leftOffset=0&topOffset=0&c=su6QfSbCio&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 09:46:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57112
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 09:46:38 GMT

GET
H2 200 preloadjs_1.0.0_55e44727ad1a72cb590cb504b5394b25_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 801F 64 KB
16 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/preloadjs_1.0.0_55e44727ad1a72cb590cb504b5394b25_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/60488576/20210603021707961/index.html?e=69&leftOffset=0&topOffset=0&c=su6QfSbCio&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

659aba74af795768d9d8d2ed688e49cd5f47d9425d5a1630329a845759b4591d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/60488576/20210603021707961/index.html?e=69&leftOffset=0&topOffset=0&c=su6QfSbCio&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16579
x-xss-protection: 0
last-modified: Mon, 12 Feb 2018 18:09:40 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 01:38:30 GMT

GET
H2 200 tweenmax_1.20.0_d360d9a082ccc13b1a1a9b153f86b378_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 801F 112 KB
38 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_1.20.0_d360d9a082ccc13b1a1a9b153f86b378_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/60488576/20210603021707961/index.html?e=69&leftOffset=0&topOffset=0&c=su6QfSbCio&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3b9597a90a43830b2a92897a5ef015ce5310e7f32dbb5cd1db2c807c5e6b036

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/60488576/20210603021707961/index.html?e=69&leftOffset=0&topOffset=0&c=su6QfSbCio&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38407
x-xss-protection: 0
last-modified: Wed, 04 Oct 2017 18:33:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 01:38:30 GMT

GET
H2 200 de_DE_polite.js Show response
s0.2mdn.net/creatives/assets/2377528/ Frame 801F 86 KB
27 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/60488576/20210603021707961/index.html?e=69&leftOffset=0&topOffset=0&c=su6QfSbCio&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9f0577d4c9c7d50ec09a98133538069ba395981e51cf89b985db151294e73af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/60488576/20210603021707961/index.html?e=69&leftOffset=0&topOffset=0&c=su6QfSbCio&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:36:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 136
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27193
x-xss-protection: 0
last-modified: Sun, 14 Mar 2021 22:07:43 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 01:51:14 GMT

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame F10C 80 KB
21 KB 33ms
33ms Script
application/javascript 63.32.255.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=90&adk=1365112950&adf=133147881&pi=t.aa~a.851278768~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x90&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=1&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x90&nras=8&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=4414&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=9&uci=a!9&btvi=7&fsb=1&xpc=nkL63vxrOo&p=https%3A//gruposdewhatsapp.bar&dtd=30
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.32.255.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-32-255-93.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:30 GMT
content-encoding: gzip
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: nginx/1.16.1
age: 5793610
etag: W/"9304f57298c3834ff107ea7ccb547996"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000

GET
H2 200 mon
pixel.adsafeprotected.com/ Frame 9972 43 B
216 B 45ms
45ms Image
image/gif 54.154.149.33
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=925113&advId=1499137&campId=38981544&pubId=1&placementId=324227816&adsafe_par&bundleId=&dealId=&bidurl=https://gruposdewhatsapp.bar/&adsafe_url=https%3A%2F%2Fgruposdewhatsapp.bar&adsafe_type=g&adsafe_url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-8340557401284022%26output%3Dhtml%26h%3D90%26adk%3D1365112950%26adf%3D133147881%26pi%3Dt.aa~a.851278768~rp.3%26w%3D1200%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1635644309%26rafmt%3D1%26to%3Dqs%26pwprc%3D7424644901%26psa%3D0%26format%3D1200x90%26url%3Dhttps%253A%252F%252Fgruposdewhatsapp.bar%252F%26flash%3D0%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.%26dt%3D1635644309113%26bpp%3D1%26bdt%3D896%26idt%3D1%26shv%3Dr20211026%26mjsv%3Dm202110260101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253D6dd818f9cc4d2108-22af929704cb00f7%253AT%253D1635644308%253AS%253DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg%26prev_fmts%3D0x0%252C1200x280%252C1200x280%252C1200x280%252C1200x280%252C1200x280%252C1200x280%252C1200x90%26nras%3D8%26correlator%3D605116957689%26frm%3D20%26pv%3D1%26ga_vid%3D221572323.1635644308%26ga_sid%3D1635644308%26ga_hid%3D415480631%26ga_fc%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26adx%3D200%26ady%3D4414%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D31063139%252C31062931%26oid%3D2%26pvsid%3D1961414005332091%26pem%3D589%26eae%3D0%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26ifi%3D9%26uci%3Da!9%26btvi%3D7%26fsb%3D1%26xpc%3DnkL63vxrOo%26p%3Dhttps%253A%2F%2Fgruposdewhatsapp.bar%26dtd%3D30&adsafe_type=bd&adsafe_jsinfo=,id:359cb852-c8de-1c4c-2333-0536f7afac49,c:sA63t7,sl:outOfView,em:true,fr:false,thd:1,mn:app14ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,scm:publ1.grpm1,nbld:0,mtim:621,fm:sNnuPRB+11%7C12%7C13%7C141%7C142%7C15%7C161%7C1621%7C163%7C171%7C1721%7C1722%7C1723%7C1731%7C174%7C181%7C1821%7C1822%7C1823%7C1824%7C1831%7C184%7C191%7C1921%7C1922%7C1931%7C194%7C1a1%7C1a21%7C1a31%7C1a4%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g1%7C1g21%7C1g3%7C1g4%7C1h1%7C1i1%7C1j1%7C1k1%7C1l1%7C1m11%7C1m12%7C1m13%7C1n1*.925113%7C1n11%7C1n12%7C1n13%7C1n14%7C1o11%7C1o12%7C1p11%7C1p12%7C1p13,idMap:1n1*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,et:643,oid:40085bf3-39eb-11ec-9015-02c390e9b11a,v:19.8.258,sp:1,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=90&adk=1365112950&adf=133147881&pi=t.aa~a.851278768~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x90&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=1&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x90&nras=8&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=4414&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=9&uci=a!9&btvi=7&fsb=1&xpc=nkL63vxrOo&p=https%3A//gruposdewhatsapp.bar&dtd=30
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.154.149.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-154-149-33.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
x-server-name: app08.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8A53 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Tue, 26 Oct 2021 14:15:44 GMT
expires: Wed, 26 Oct 2022 14:15:44 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 386566
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 main.gr.19.8.258.js Show response
static.adsafeprotected.com/ Frame 891A 187 KB
60 KB 35ms
35ms Script
application/javascript 63.32.255.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.258.js
Requested by: Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rjss/st/769474/57793853/skeleton.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.32.255.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-32-255-93.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 95ed394f2278bc0f10f9d454413268ae015d38b42c01cc0437e3eaf84847b50b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:30 GMT
content-encoding: gzip
last-modified: Thu, 28 Oct 2021 20:53:24 GMT
server: nginx/1.16.1
age: 4
etag: W/"1f0b5c785eba916bbc1965a1c1a5d3f2"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000

GET
H2 200 whiteLogo.png
s0.2mdn.net/sadbundle/4173881934964850688/ Frame 5DA4 16 KB
16 KB 8ms
8ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4173881934964850688/whiteLogo.png

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e138f3efc551dc31b46688f12a95c4e668929588b8c0d7e6e2a986090b965e8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4173881934964850688/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 15:28:19 GMT
x-content-type-options: nosniff
age: 123011
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16520
x-xss-protection: 0
last-modified: Tue, 17 Dec 2019 13:41:40 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 29 Oct 2022 15:28:19 GMT

GET
H2 200 stripes.png
s0.2mdn.net/sadbundle/4173881934964850688/ Frame 5DA4 32 KB
32 KB 9ms
8ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/4173881934964850688/stripes.png

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

499b5e85f090790d4816e771edb671c960e9a76be40ca04a613c36a79387b0c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/4173881934964850688/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 15:28:14 GMT
x-content-type-options: nosniff
age: 123016
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32967
x-xss-protection: 0
last-modified: Tue, 17 Dec 2019 13:41:40 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 29 Oct 2022 15:28:14 GMT

GET
H2 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame 40CE 110 KB
38 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/60488576/20210603021707961/index.html?e=69&leftOffset=0&topOffset=0&c=JKUBp5Vtvo&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/60488576/20210603021707961/index.html?e=69&leftOffset=0&topOffset=0&c=JKUBp5Vtvo&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 09:46:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57112
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 09:46:38 GMT

GET
H2 200 preloadjs_1.0.0_55e44727ad1a72cb590cb504b5394b25_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 40CE 64 KB
16 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/preloadjs_1.0.0_55e44727ad1a72cb590cb504b5394b25_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/60488576/20210603021707961/index.html?e=69&leftOffset=0&topOffset=0&c=JKUBp5Vtvo&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

659aba74af795768d9d8d2ed688e49cd5f47d9425d5a1630329a845759b4591d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/60488576/20210603021707961/index.html?e=69&leftOffset=0&topOffset=0&c=JKUBp5Vtvo&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16579
x-xss-protection: 0
last-modified: Mon, 12 Feb 2018 18:09:40 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 01:38:30 GMT

GET
H2 200 tweenmax_1.20.0_d360d9a082ccc13b1a1a9b153f86b378_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 40CE 112 KB
38 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_1.20.0_d360d9a082ccc13b1a1a9b153f86b378_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/60488576/20210603021707961/index.html?e=69&leftOffset=0&topOffset=0&c=JKUBp5Vtvo&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3b9597a90a43830b2a92897a5ef015ce5310e7f32dbb5cd1db2c807c5e6b036

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/60488576/20210603021707961/index.html?e=69&leftOffset=0&topOffset=0&c=JKUBp5Vtvo&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38407
x-xss-protection: 0
last-modified: Wed, 04 Oct 2017 18:33:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 01:38:30 GMT

GET
H2 200 de_DE_polite.js Show response
s0.2mdn.net/creatives/assets/2377528/ Frame 40CE 86 KB
27 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/60488576/20210603021707961/index.html?e=69&leftOffset=0&topOffset=0&c=JKUBp5Vtvo&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9f0577d4c9c7d50ec09a98133538069ba395981e51cf89b985db151294e73af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/60488576/20210603021707961/index.html?e=69&leftOffset=0&topOffset=0&c=JKUBp5Vtvo&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:36:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 136
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27193
x-xss-protection: 0
last-modified: Sun, 14 Mar 2021 22:07:43 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 01:51:14 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9972 43 B
216 B 307ms
98ms Image
image/gif 54.224.22.215
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925113&asId=359cb852-c8de-1c4c-2333-0536f7afac49&tv=%7Bc:sA63uD,pingTime:-3,time:736,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:642%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:736,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:642,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B112~0%5D,as:%5B112~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:jload,dtt:0,fm:sNnuPRB+11%7C12%7C13%7C141%7C142%7C15%7C161%7C1621%7C163%7C171%7C1721%7C1722%7C1723%7C1731%7C174%7C181%7C1821%7C1822%7C1823%7C1824%7C1831%7C184%7C191%7C1921%7C1922%7C1931%7C194%7C1a1%7C1a21%7C1a31%7C1a4%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g1%7C1g21%7C1g3%7C1g4%7C1h1%7C1i1%7C1j1%7C1k1%7C1l1%7C1m11%7C1m12%7C1m13%7C1n1*.925113%7C1n11%7C1n12%7C1n13%7C1n14%7C1o11%7C1o12%7C1p11%7C1p12%7C1p13,idMap:1n1*,rmeas:1,rend:0,renddet:na%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=90&adk=1365112950&adf=133147881&pi=t.aa~a.851278768~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x90&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=1&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x90&nras=8&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=4414&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=9&uci=a!9&btvi=7&fsb=1&xpc=nkL63vxrOo&p=https%3A//gruposdewhatsapp.bar&dtd=30
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.224.22.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-224-22-215.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
x-server-name: dt46.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9972 43 B
215 B 308ms
100ms Image
image/gif 54.224.22.215
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925113&asId=359cb852-c8de-1c4c-2333-0536f7afac49&tv=%7Bc:sA63uE,pingTime:-6,time:737,type:i,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:737,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:642,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B113~0%5D,as:%5B113~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:jload,dtt:0,fm:sNnuPRB+11%7C12%7C13%7C141%7C142%7C15%7C161%7C1621%7C163%7C171%7C1721%7C1722%7C1723%7C1731%7C174%7C181%7C1821%7C1822%7C1823%7C1824%7C1831%7C184%7C191%7C1921%7C1922%7C1931%7C194%7C1a1%7C1a21%7C1a31%7C1a4%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g1%7C1g21%7C1g3%7C1g4%7C1h1%7C1i1%7C1j1%7C1k1%7C1l1%7C1m11%7C1m12%7C1m13%7C1n1*.925113%7C1n11%7C1n12%7C1n13%7C1n14%7C1o11%7C1o12%7C1p11%7C1p12%7C1p13,idMap:1n1*,rmeas:1,rend:0,renddet:na%7D&tpiLookup=ao:gruposdewhatsapp.bar*%2Cgoogleads.g.doubleclick.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=90&adk=1365112950&adf=133147881&pi=t.aa~a.851278768~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x90&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=1&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x90&nras=8&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=4414&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=9&uci=a!9&btvi=7&fsb=1&xpc=nkL63vxrOo&p=https%3A//gruposdewhatsapp.bar&dtd=30
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.224.22.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-224-22-215.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
x-server-name: dt44.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D2E8
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESENs3h9O4Nt5HKbrVuVKPJ3w&google_cver=1&google_push=AYg5qPKbz1G7OYmY-ziUUn2nr3D3iiqBpgNUQAcQDn1Zte3ocQzzU6BFYg...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKbz1G7OYmY-ziUUn2nr3D3iiqBpgNUQAcQDn1Zte3ocQzzU6BFYglp_Zyb_VJUcARmdystohjvT2T6dOaznxR5Yff6e9VyCg&google_hm=2Rma...

170 B
188 B

16ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKbz1G7OYmY-ziUUn2nr3D3iiqBpgNUQAcQDn1Zte3ocQzzU6BFYglp_Zyb_VJUcARmdystohjvT2T6dOaznxR5Yff6e9VyCg&google_hm=2RmaCPWRgpW-EVcgew-znQ

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKbz1G7OYmY-ziUUn2nr3D3iiqBpgNUQAcQDn1Zte3ocQzzU6BFYglp_Zyb_VJUcARmdystohjvT2T6dOaznxR5Yff6e9VyCg&google_hm=2RmaCPWRgpW-EVcgew-znQ
pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D2E8
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPL32uZSzj_Ku5caFaGqM1E3ViJLLwt3S2qdS8F...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVgzemx3QUFBSThFcFdIMw&google_push=AYg5qPL32uZSzj_Ku5caFaGqM1E3ViJLLwt3S2qdS8FsaQhtq9yvS61Ta47UZgB1cSNTecxLe9t3hcEMpnQFUEfxP4lDO1Qp6l...

170 B
188 B

16ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVgzemx3QUFBSThFcFdIMw&google_push=AYg5qPL32uZSzj_Ku5caFaGqM1E3ViJLLwt3S2qdS8FsaQhtq9yvS61Ta47UZgB1cSNTecxLe9t3hcEMpnQFUEfxP4lDO1Qp6lKSYQ

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVgzemx3QUFBSThFcFdIMw&google_push=AYg5qPL32uZSzj_Ku5caFaGqM1E3ViJLLwt3S2qdS8FsaQhtq9yvS61Ta47UZgB1cSNTecxLe9t3hcEMpnQFUEfxP4lDO1Qp6lKSYQ
Date: Sun, 31 Oct 2021 01:38:31 GMT
Server: Apache
Connection: keep-alive
Content-Length: 393
Content-Type: text/html; charset=iso-8859-1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D2E8
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPIRqurz...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPIRqurz...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEwMzEwMTM4MzEwMDA0MDc0MTQ4NTg2NA%3D%3D&google_push=AYg5qPIRqurz24NoyLj2s2oPQEr6FwdmxEDApKay-8nBNcyR36br6Qxg1pukWnTE86hu4B...

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEwMzEwMTM4MzEwMDA0MDc0MTQ4NTg2NA%3D%3D&google_push=AYg5qPIRqurz24NoyLj2s2oPQEr6FwdmxEDApKay-8nBNcyR36br6Qxg1pukWnTE86hu4BG03_-Eg04_e4UaZ8Cx_ppQ9B8j8Cbx

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEwMzEwMTM4MzEwMDA0MDc0MTQ4NTg2NA%3D%3D&google_push=AYg5qPIRqurz24NoyLj2s2oPQEr6FwdmxEDApKay-8nBNcyR36br6Qxg1pukWnTE86hu4BG03_-Eg04_e4UaZ8Cx_ppQ9B8j8Cbx
pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Sun, 31 Oct 2021 01:38:31 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D2E8
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEKhJd9QX6agt7SlKNKYIr1A&google_cver=1&google_push=AYg5qPLOTrC808ucybVl_DBroDKn5woTf_3xtQTAm14xKlX5b1rtayD2n8C3y9MMIV5L0sxPF6h_uR3Z6e7Px69KqYMHAUqnDuQ6ng
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLOTrC808ucybVl_DBroDKn5woTf_3xtQTAm14xKlX5b1rtayD2n8C3y9MMIV5L0sxPF6h_uR3Z6e7Px69KqYMHAUqnDuQ6ng&google_hm=ptacD8rbzQQ1mCFHMARTLQ==

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLOTrC808ucybVl_DBroDKn5woTf_3xtQTAm14xKlX5b1rtayD2n8C3y9MMIV5L0sxPF6h_uR3Z6e7Px69KqYMHAUqnDuQ6ng&google_hm=ptacD8rbzQQ1mCFHMARTLQ==

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:29 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLOTrC808ucybVl_DBroDKn5woTf_3xtQTAm14xKlX5b1rtayD2n8C3y9MMIV5L0sxPF6h_uR3Z6e7Px69KqYMHAUqnDuQ6ng&google_hm=ptacD8rbzQQ1mCFHMARTLQ==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: mp2666r77hb2v338dsgc1emkddn7su84

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D2E8
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

17ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI4zoxhP2fQiTpBpFHmrLJixgAaDcknEApEicoQMdtivaHK0RTlCyQIfj5GU_jBRBMAd8JbQNuuptIpgJuapCD4K4dkKErbgg

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPI4zoxhP2fQiTpBpFHmrLJixgAaDcknEApEicoQMdtivaHK0RTlCyQIfj5GU_jBRBMAd8JbQNuuptIpgJuapCD4K4dkKErbgg
date: Sun, 31 Oct 2021 01:38:29 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D2E8
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEO9s2MpQ63gPvFFNin8cu94&google_cver=1&google_push=AYg5qPKCO2NKYLz1mA9lIPToGpwragdDkzoLtRnTo98AvqihllzYDbTtFMQ4nHqHSvUcJRVCF0l...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0UzSFgtTC1GV1Q0&google_push=AYg5qPKCO2NKYLz1mA9lIPToGpwragdDkzoLtRnTo98AvqihllzYDbTtFMQ4nHqHSvUcJRVCF0lsSvG646I2FSvEV735MHNhTy21fQ

170 B
188 B

18ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0UzSFgtTC1GV1Q0&google_push=AYg5qPKCO2NKYLz1mA9lIPToGpwragdDkzoLtRnTo98AvqihllzYDbTtFMQ4nHqHSvUcJRVCF0lsSvG646I2FSvEV735MHNhTy21fQ

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0UzSFgtTC1GV1Q0&google_push=AYg5qPKCO2NKYLz1mA9lIPToGpwragdDkzoLtRnTo98AvqihllzYDbTtFMQ4nHqHSvUcJRVCF0lsSvG646I2FSvEV735MHNhTy21fQ
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame D2E8
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPok39eb_THqR2742tbB_S0&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw1...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw1...

0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame D2E8 0
12 B 16ms
16ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I1lvUEa7SUnFWyFYQeWiPxnkbB4BtngeDpL51fhOrJLqV9M8hkHcemTvCTanyUuk8FOxbT

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:30 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1B77
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEK5wrYo646SQgVtHuYGEE8s&google_cver=1&google_push=AYg5qPLShVKqNCUNnFoCtxwhuobElFiRQMEmONmTSoVoP7V2QpZ6__5Haa...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPLShVKqNCUNnFoCtxwhuobElFiRQMEmONmTSoVoP7V2QpZ6__5HaaVqnd3qjzPiKlZ6hq0XXr0uf-Ba5gFwumcMF589_3LDYg&google_hm=2Rma...

170 B
188 B

18ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPLShVKqNCUNnFoCtxwhuobElFiRQMEmONmTSoVoP7V2QpZ6__5HaaVqnd3qjzPiKlZ6hq0XXr0uf-Ba5gFwumcMF589_3LDYg&google_hm=2RmaCPWRgpW-EVcgew-znQ

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPLShVKqNCUNnFoCtxwhuobElFiRQMEmONmTSoVoP7V2QpZ6__5HaaVqnd3qjzPiKlZ6hq0XXr0uf-Ba5gFwumcMF589_3LDYg&google_hm=2RmaCPWRgpW-EVcgew-znQ
pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1B77
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESENXxlq2QyBcWxzdnqFEhNeg&google_cver=1&google_push=AYg5qPI_DuZWbRDRb9rF_YMN7ZeFqBF86ZRBNABCMiSr00Q4YybkmjShnevwinyhb3mFByy0YXFcgac28IG5ekZGqVNycD2lZCGJHA
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPI_DuZWbRDRb9rF_YMN7ZeFqBF86ZRBNABCMiSr00Q4YybkmjShnevwinyhb3mFByy0YXFcgac28IG5ekZGqVNycD2lZCGJHA&google_hm=Q0FFU0VOWHhscTJReUJ...

170 B
188 B

19ms
18ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPI_DuZWbRDRb9rF_YMN7ZeFqBF86ZRBNABCMiSr00Q4YybkmjShnevwinyhb3mFByy0YXFcgac28IG5ekZGqVNycD2lZCGJHA&google_hm=Q0FFU0VOWHhscTJReUJjV3h6ZG5xRkVoTmVn

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 01:38:30 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPI_DuZWbRDRb9rF_YMN7ZeFqBF86ZRBNABCMiSr00Q4YybkmjShnevwinyhb3mFByy0YXFcgac28IG5ekZGqVNycD2lZCGJHA&google_hm=Q0FFU0VOWHhscTJReUJjV3h6ZG5xRkVoTmVn
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1B77
Redirect Chain

https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESELL6ffbjTXu2hkBbTvwxhSQ&google_push=AYg5qPL_TCnUO6kIjEHkypB5JZFioIbGVT83uj5f-ufgl-6Fb1olaPZbFmD2OuYACdoo01k4yhbJIHIj-hh56YqCEfy_Q7m...
https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dmp&google_push=AYg5qPL_TCnUO6kIjEHkypB5JZFioIbGVT83uj5f-ufgl-6Fb1olaPZbFmD2OuYACdoo01k4yhbJIHIj-hh56YqCEfy_Q7mEWpuEEQ&google_hm=MTA4MTAzMjc5NTY4...

170 B
188 B

18ms
17ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dmp&google_push=AYg5qPL_TCnUO6kIjEHkypB5JZFioIbGVT83uj5f-ufgl-6Fb1olaPZbFmD2OuYACdoo01k4yhbJIHIj-hh56YqCEfy_Q7mEWpuEEQ&google_hm=MTA4MTAzMjc5NTY4NjMyODA1ODc

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
location: https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dmp&google_push=AYg5qPL_TCnUO6kIjEHkypB5JZFioIbGVT83uj5f-ufgl-6Fb1olaPZbFmD2OuYACdoo01k4yhbJIHIj-hh56YqCEfy_Q7mEWpuEEQ&google_hm=MTA4MTAzMjc5NTY4NjMyODA1ODc
cache-control: no-cache, no-store, must-revalidate
alt-svc: clear
content-length: 0
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1B77
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEKNyF1D3kfkf2YcZ6Cr7Wbk&google_cver=1&google_push=AYg5qPKr1UeXxa_nBJhALOEFmx7n3rwTRLuu3plAkyBtRCBhT0CZ5JAFEKMnoww57C-Ijwq4xNRPf1NEg-vvrGmC6Sp8TziYBx4YsA
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKr1UeXxa_nBJhALOEFmx7n3rwTRLuu3plAkyBtRCBhT0CZ5JAFEKMnoww57C-Ijwq4xNRPf1NEg-vvrGmC6Sp8TziYBx4YsA&google_hm=ptacD8rbzQQ1mCFHMARTLQ==

170 B
188 B

17ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKr1UeXxa_nBJhALOEFmx7n3rwTRLuu3plAkyBtRCBhT0CZ5JAFEKMnoww57C-Ijwq4xNRPf1NEg-vvrGmC6Sp8TziYBx4YsA&google_hm=ptacD8rbzQQ1mCFHMARTLQ==

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKr1UeXxa_nBJhALOEFmx7n3rwTRLuu3plAkyBtRCBhT0CZ5JAFEKMnoww57C-Ijwq4xNRPf1NEg-vvrGmC6Sp8TziYBx4YsA&google_hm=ptacD8rbzQQ1mCFHMARTLQ==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: tqcoifvpi0878i5495qp0pbvhbptfhc3

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1B77
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=WnAbpBlDQjS7TEy7LrKH9Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=WnAbpBlDQjS7TEy7LrKH9Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJi2legOATkOxqPoZdTiUUvcNrwJo5l0wRTJbUSnwZJP6PwyL4dZWLiJOWsuKgE5Nl0A3cNL_DUccrHdW820zZiF9xHZJFrrw

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=WnAbpBlDQjS7TEy7LrKH9Q%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJi2legOATkOxqPoZdTiUUvcNrwJo5l0wRTJbUSnwZJP6PwyL4dZWLiJOWsuKgE5Nl0A3cNL_DUccrHdW820zZiF9xHZJFrrw
date: Sun, 31 Oct 2021 01:38:29 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1B77
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEF9QG2L8lX6kGIhRqISxVVc&google_cver=1&google_push=AYg5qPLfoA5FxECHy7HT3XI_U8r0S4emYFIvS9wUvZYcvICf0_YpEpsYYcoQvFsp3DZfD-0Qwty...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0UzSTEtMi1LQThE&google_push=AYg5qPLfoA5FxECHy7HT3XI_U8r0S4emYFIvS9wUvZYcvICf0_YpEpsYYcoQvFsp3DZfD-0QwtyAVTPOGdMJqtQ1fq_f3fsZ4OHH

170 B
188 B

19ms
17ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0UzSTEtMi1LQThE&google_push=AYg5qPLfoA5FxECHy7HT3XI_U8r0S4emYFIvS9wUvZYcvICf0_YpEpsYYcoQvFsp3DZfD-0QwtyAVTPOGdMJqtQ1fq_f3fsZ4OHH

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0UzSTEtMi1LQThE&google_push=AYg5qPLfoA5FxECHy7HT3XI_U8r0S4emYFIvS9wUvZYcvICf0_YpEpsYYcoQvFsp3DZfD-0QwtyAVTPOGdMJqtQ1fq_f3fsZ4OHH
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 1B77
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf...

0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 1B77 0
12 B 16ms
16ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Jc3TO0bRjWtBUgH0l1q_QYvXhB_YCW58yjihjda2s_MAxIFXDiuZ1vNY7mFJrza4_CN8_a

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:30 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/470514463477682487/ Frame 2BE6 23 KB
23 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/470514463477682487/downsize_200k_v1?w=400&h=209

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1aa316c3dd2fbb1b874bef31fa50cd9564e1813a2987c2d2c67257c90c849675

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 22:12:33 GMT
x-content-type-options: nosniff
age: 12357
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23043
x-xss-protection: 0
last-modified: Mon, 18 Oct 2021 14:20:29 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 30 Oct 2022 22:12:33 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/17701275730315145117/ Frame 2BE6 2 KB
3 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17701275730315145117/downsize_200k_v1?w=100&h=100

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae01152c9fefe2dc623fa8705a829fb0ef694605c398d7a7f8db8596ac3d6f17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 18:23:22 GMT
x-content-type-options: nosniff
age: 198908
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2535
x-xss-protection: 0
last-modified: Mon, 18 Oct 2021 14:20:25 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 28 Oct 2022 18:23:22 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7246
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESELqBFBVOwAY1So_qg4ZQ6Us&google_cver=1&google_push=AYg5qPLxp4MRDjor-i2W4x4zvYaUegmhEo_3OX1-81TM6nwk5E2rmjIUpKT6Xy3V6wB73nh4pJO3wfBP1QLKXUzjurhYsow6iHZy
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPLxp4MRDjor-i2W4x4zvYaUegmhEo_3OX1-81TM6nwk5E2rmjIUpKT6Xy3V6wB73nh4pJO3wfBP1QLKXUzjurhYsow6iHZy&google_hm=Q0FFU0VMcUJGQlZPd0FZM...

170 B
188 B

19ms
18ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPLxp4MRDjor-i2W4x4zvYaUegmhEo_3OX1-81TM6nwk5E2rmjIUpKT6Xy3V6wB73nh4pJO3wfBP1QLKXUzjurhYsow6iHZy&google_hm=Q0FFU0VMcUJGQlZPd0FZMVNvX3FnNFpRNlVz

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 01:38:30 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPLxp4MRDjor-i2W4x4zvYaUegmhEo_3OX1-81TM6nwk5E2rmjIUpKT6Xy3V6wB73nh4pJO3wfBP1QLKXUzjurhYsow6iHZy&google_hm=Q0FFU0VMcUJGQlZPd0FZMVNvX3FnNFpRNlVz
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7246
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPK9aetZo6jmH1gMpIYRZSh1jDPFWIEDmKMfy-udjKJ3v0s1hrmpTvLFNM4ehv5ZtzlH0ETVqKTdaZVTlRL1dqmKUJWlXPTy&google_gid=CAESEMEGAeuZQjIkmE8bnjFz4WU&goo...
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCJbn94sGEgUI6AcQAEIASnBnb29nbGVfcHVzaD1BWWc1cVBLOWFldFpvNmptSDFnTXBJWVJaU2gxakRQRldJRURtS01meS11ZGpLSjN2MHMxaHJtcFR2TEZOTTRlaHY1WnR6bEgwRVRWcUtUZGFaVlRsUk...
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwVkFnVkZoM3ZyMVVPU0xWNVV3ZHZ0S1lycXNNUGVQOHFhSHNhSWJQcDFXMA==&google_push

170 B
188 B

17ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwVkFnVkZoM3ZyMVVPU0xWNVV3ZHZ0S1lycXNNUGVQOHFhSHNhSWJQcDFXMA==&google_push

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 31 Oct 2021 01:38:31 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwVkFnVkZoM3ZyMVVPU0xWNVV3ZHZ0S1lycXNNUGVQOHFhSHNhSWJQcDFXMA==&google_push
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7246
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPLqvJIU...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPLqvJIU...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEwMzEwMTM4MzEwMDA3NDg2MDYwNTM5NQ%3D%3D&google_push=AYg5qPLqvJIUdqxt3WX6HD-QhhrfW8MAZbKJL5mqQc1kXKBMaSMKCIDbS0g78XfkOWvVm3...

170 B
188 B

19ms
18ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEwMzEwMTM4MzEwMDA3NDg2MDYwNTM5NQ%3D%3D&google_push=AYg5qPLqvJIUdqxt3WX6HD-QhhrfW8MAZbKJL5mqQc1kXKBMaSMKCIDbS0g78XfkOWvVm3AaG6VgP__G03rps4M5kQof6ih7CxaU

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEwMzEwMTM4MzEwMDA3NDg2MDYwNTM5NQ%3D%3D&google_push=AYg5qPLqvJIUdqxt3WX6HD-QhhrfW8MAZbKJL5mqQc1kXKBMaSMKCIDbS0g78XfkOWvVm3AaG6VgP__G03rps4M5kQof6ih7CxaU
pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Sun, 31 Oct 2021 01:38:31 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7246
Redirect Chain

https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEIHuJJMMuHSMp9d48rrX_oQ&google_push=AYg5qPLGDUT0W6sDJrAk5spXKb9ZrSIi8Dxr5UUSqRMCYaImmAMrilbkG_mI9vF6sgUEp9g_PL3uogjL0bXor5ZCxH6YEef...
https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dmp&google_push=AYg5qPLGDUT0W6sDJrAk5spXKb9ZrSIi8Dxr5UUSqRMCYaImmAMrilbkG_mI9vF6sgUEp9g_PL3uogjL0bXor5ZCxH6YEefW2mN6&google_hm=MTA4MjE0NDYyMTcyMz...

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dmp&google_push=AYg5qPLGDUT0W6sDJrAk5spXKb9ZrSIi8Dxr5UUSqRMCYaImmAMrilbkG_mI9vF6sgUEp9g_PL3uogjL0bXor5ZCxH6YEefW2mN6&google_hm=MTA4MjE0NDYyMTcyMzY3OTI4NDg

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
location: https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dmp&google_push=AYg5qPLGDUT0W6sDJrAk5spXKb9ZrSIi8Dxr5UUSqRMCYaImmAMrilbkG_mI9vF6sgUEp9g_PL3uogjL0bXor5ZCxH6YEefW2mN6&google_hm=MTA4MjE0NDYyMTcyMzY3OTI4NDg
cache-control: no-cache, no-store, must-revalidate
alt-svc: clear
content-length: 0
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7246
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

19ms
18ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIm4FY8gzVEl4UEu24cJPicTb8Ih2uCodmwQwN89_xPbQSRleTMX8xneBcHZJ1oYnm1N17rQAKBhk02iIYAu9J4jTgjwIP2

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIm4FY8gzVEl4UEu24cJPicTb8Ih2uCodmwQwN89_xPbQSRleTMX8xneBcHZJ1oYnm1N17rQAKBhk02iIYAu9J4jTgjwIP2
date: Sun, 31 Oct 2021 01:38:29 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7246
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEEpMXZFdpJ160nx5FB1Z6BE&google_cver=1&google_push=AYg5qPKhVfNXwB8PELuOF9tMx5wlG2624mQ9P-t0TvQ8NtQMKBotG4W_nSrdhvJPJvhajoYHW0w...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0UzSUktMUotM1RDWg==&google_push=AYg5qPKhVfNXwB8PELuOF9tMx5wlG2624mQ9P-t0TvQ8NtQMKBotG4W_nSrdhvJPJvhajoYHW0wfIcNwRaw7pV3pqC_U9Vi0UNo

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0UzSUktMUotM1RDWg==&google_push=AYg5qPKhVfNXwB8PELuOF9tMx5wlG2624mQ9P-t0TvQ8NtQMKBotG4W_nSrdhvJPJvhajoYHW0wfIcNwRaw7pV3pqC_U9Vi0UNo

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0UzSUktMUotM1RDWg==&google_push=AYg5qPKhVfNXwB8PELuOF9tMx5wlG2624mQ9P-t0TvQ8NtQMKBotG4W_nSrdhvJPJvhajoYHW0wfIcNwRaw7pV3pqC_U9Vi0UNo
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 7246
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESECcqWczW73mJIPEbUc_K6Fg&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-...

0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 7246 0
12 B 17ms
15ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LG17npE-rlvP2HsNKYPJ6zhtZT6HK0tSO517U9rPH0QFIYdN0_nkbVsyKLvN3SpJZIfaD_

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=909805614&adf=22827039&pi=t.aa~a.851264418~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=4&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2858&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=wt21vC1GN7&p=https%3A//gruposdewhatsapp.bar&dtd=19

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:30 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 index.html Show response
s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/ Frame 8AEB 5 KB
2 KB 8ms
7ms Document
text/html 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_obb_rendering_lib_200_275.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

26231a92d159f0ba32c17a9aa6fde2e5038f59e1a5a9b15058c5cc2ee8e40f1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 1504
date: Sat, 30 Oct 2021 12:33:00 GMT
expires: Sun, 31 Oct 2021 12:33:00 GMT
last-modified: Fri, 08 Oct 2021 12:51:23 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 47130
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame E83D 0
24 B 50ms
50ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssgs2pFzIoWx9w73Y_Oqwf77U2O_65aNllf04L_DmturafHss-C-8q-9o1yz1ZnuU0lW2fWNU97f_DRf8X2OC5vK6Dl7M_3TlUXhSYKK9YCNU0yRRTGFlXYF12ccpR6_LmefAkFaFuo7LvUGOGj1SJM0vB-DuFi-uS61nOdqhHtr9nUwYm77knfRTYKqUzugFoJKVfUaLYUuII89_AaDPdgG0XLxHocE8TE2O746nBm57fyxe00lCyRhcNeXW9_0T8WlTmL2KsogH-Z6qnI9jeX5rvBV6iqN45dxJdIn1qzsG2Wxb_2wpFxfHhMEWAiyvVe9Yv8C0ZcbiszFd-RkhDfihoCltNHvcE4fKc5Q0WkRLU6IwqWwpuJktRhaztJc45knygrISO-Ro_HfzFeDjUEssElCE25Ab8EMDKJbm5mXN3deWUX3reKE6j5Lvc90JQV9k5WrK-kYNxkP3t7zMUBU5f8EVXYhG9lVG7VLeMtU9U4g4zMntbxyszXkBX2WzueaEwYPDov34KLLPMf0YrG3_eSwU0zU4wUsYVuBfGTEXu2BHVp2vMATStYcj1xstu0WsuD5QGB6_pPZ6X5Ppcgnxoiv3YUSBk_iBhJXHYe7YoOIcADXI1akbX2VxL1REerQu3HUFn-DUtvbXzdYoGWLVvGnCIqnrsPVC_Fu1pd_WZbTcsNW0fKG9SB9GNTUc_F4j6OC4B1djPXJoP9w11qxgRpI5C2LG_6q6d1B1DBnc7qG48jQJ9FhUbargVK5bqt-SI8yu2FgdmBOkJLuwhb4Jda9fBb6MFUtQINzrr-37GejN6xB62YTv19nShl3YATKpeEpAawmAhIjVT2gLN-VBGIPP6HtSAAqdx_Jnr4CvBgOU6p8ZiRZcp_m5MZrNVmedPpAlcyqorbKhhvtlT8h36TZsDvggM_uRnSEw1s3CxMpgJVcHzCmAq5lmnBUwxpp-IfjJZEN8Yfk7NVRJdg0pD_Gi_F4DnHMO964NdpdiYTznoByTcCYQEHVz35UFYaTMr7_FtOFQWqMvPiA5h_qBUb70gXvE8gbkLVgb7HL2wiDrCCeoUtK5cNtdCAulmlo2kIumbieL9GmcxdcUsEzjH-_UT0DRwy6bPhAzJystO-PLB4Mr592g3iArEUbTmWumm0HGrjv3smSsXNL_5d-G1YL1QpXApRsi2e-pRfrnioZwNHdNkP6LSO-TpUmL10z0Ll01eTzFWvw0Y2XKHY3dkoSC7IkMlg2KV8yEawKpENb4F-pLEfOH-Ysf3zkTAb8jygQmyliU314vRfmuqEgKBKqMpwfhHXthZIURsO1sAXVgBOmFrL2_sdMBnTOwJDffhZhI2eIg0V7rYwLkxULXShGDLm-5DHeg9ZAg140QJchsU08JoopjaDEPQJHneki3eG2pDem9lP-Q&sai=AMfl-YRCIaP_49bzcSuuZ0TvHMw_dsi_ZeMlPvabzPJv9wZC98ICnLfWI3EkUl6zpI1fOqG1FkLZS5Nsa86MPFv-DeRnBWiPRL6xFYbZh5lYmlzBbfYRbp5QibwKaynUmtJZudgFN3WZi9w0tgG4v7fHx3SjeEUVtTplS-F1kBz19KcBrfTtjlu4m3s&sig=Cg0ArKJSzGGBycreCFrGEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=372&cbvp=1&cstd=370&cisv=r20211027.01222&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sun, 31 Oct 2021 01:38:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8A63 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Tue, 26 Oct 2021 14:15:44 GMT
expires: Wed, 26 Oct 2022 14:15:44 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 386566
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4F2F 0
23 B 45ms
45ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuOO3e4usuXB9fWw2DcI8cNUXHdN2L7iqmgTbujuZYIdddjv84fu5psH8tvGINVHfk3MZAaulSQQeN1nyzmj8vo-9OrYab75nciXofyHh1Sqv85YXjnSUgftfsJRix83tNQLPEFfvrXSGANE8HuKSdYlWX9zLk4xA6i-9_JCFif8TzZfmSHEVXD8p-bvJO2adeA48nkpH5MBJCRUBqIofXCN_CvR2a3o5sFSJsq3Ru1j78O_BUQMJj9CVlOV5Uu2gT6e5hpMoD-dh10pKQWrSBlLawCBW-Tq2F5zvYoZecu5i6Bs7WWf0BdFsRy8fMPZzvPLXGVS7ph9CgGDldmLhNoB4atxotLXtNSCjPPaUTOZ3MoBHhY0Rt-86_Doda8Vgq_oG9fE0LHSuJFE09UWNjEA8Qctc6mFKSxCtWqTDie6b8FQ-8ChHrQeSSrCVTnLn4HHaZ1JxlAwGXEwTSGmw-rVy96LKSI97zkEQJZRXfKz6DMTy97MOqYUu01dnac7dymEF4w1SwYlDepGjwkl5Dl5F1cCfO6DPxjLdX5gWYLTflfsvrnADFnokuCBDlLWbwIhjG9t-noDV0w74pPSjPkZFoO7mR28TM-kwoF2uPLKKjTvfykFXxwqqfws_0l2rYvMyMrpZweKbtNloMHFf-MH3FhjUC8HKqm22YtIPkEsJ--53NrQV4d6ROWQ5yL9NTF3JoFRAUO8D529mWK7OF69aE0a92HmPmUSFyu7Y81ak_Evb0qsZHTp-de2U-az7o1xoCZa-P0bj3mbCJanb6JA1oRX_Boo9xxvsEHaov5xm_ylPDZiit0_wBDhMRhk6SkQxSDKKte8H24Y-T85_CxufTs9zeQrz3MJE3jFALRvMNuyfr9WBrT0y2bSsDmgOu4db5l9XrlCCJRaQkOA3Xd37yvsy6DpCn9AE-7XQ_Dg1ipDIrDdYWPRqY_D8x_J9CqKw15nCcDCpEck2j7EgTsjWYWUyXfCyBbCBaw3NDqGbCksHxfXjCbd9vmiHOeTvOnOCm3nXX77c0RjwaMmKK4uIrB4s1QUfmzf6PRcaY5kyqGFf9pSG09eRBFS7_2aPtU3KpByWaIC6gNxm_56cPhI-_IDTMr_xs0CxsG3WzUg2FNXFyFcnFaNtwqI3_c0w6-mCqXuKx9NFTOn0W55eo1vkwm-y6dt1PI0TyZR-rgrMtPzgdklmVuz2QxWxPAehiU-sqqfEriNjTGw3ycrJrjVu32RPJRESh_3w2WBViLs7Z6MZz6y3oZ3yi04YbxCujt065eVJzuuQ&sai=AMfl-YTL8DCUEt8It-7v7We2wGrdgqjFWxrnF82jh-dcTkzQkC0uB2JZux37c5fCmswMfHgw4yfeVJ5EDFBivwlGqBHrcRJiZ7zrWw9MR6JrovH99_4u2YftTgMzL8NyppDEW14iigrTjFkdA6XMMGeyRCNFhlxD6Q&sig=Cg0ArKJSzBwkOS-cn6y2EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1254&vt=11&dtpt=714&dett=3&cstd=535&cisv=r20211027.51406&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:30 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9972 43 B
215 B 137ms
101ms Image
image/gif 54.224.22.215
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925113&asId=359cb852-c8de-1c4c-2333-0536f7afac49&tv=%7Bc:sA63xq,pingTime:-2,time:909,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:574,beZ:575,mfA:1196,cmA:1197,inA:1197,inZ:1201,prA:1201,prZ:1212,si:1218,poA:1218,poZ:1230,cmZ:1230,mfZ:1230,loA:1311,loZ:1313,ltA:1484,ltZ:1484,idA:1231,idZ:1276%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:642%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:909,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:642,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B285~0%5D,as:%5B285~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:jload,dtt:0,fm:sNnuPRB+11%7C12%7C13%7C141%7C142%7C15%7C161%7C1621%7C163%7C171%7C1721%7C1722%7C1723%7C1731%7C174%7C181%7C1821%7C1822%7C1823%7C1824%7C1831%7C184%7C191%7C1921%7C1922%7C1931%7C194%7C1a1%7C1a21%7C1a31%7C1a4%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g1%7C1g21%7C1g3%7C1g4%7C1h1%7C1i1%7C1j1%7C1k1%7C1l1%7C1m11%7C1m12%7C1m13%7C1n1*.925113%7C1n11%7C1n12%7C1n13%7C1n14%7C1o11%7C1o12%7C1p11%7C1p12%7C1p13,idMap:1n1*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:na,sinceFw:265,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=90&adk=1365112950&adf=133147881&pi=t.aa~a.851278768~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x90&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=1&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x90&nras=8&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=4414&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=9&uci=a!9&btvi=7&fsb=1&xpc=nkL63vxrOo&p=https%3A//gruposdewhatsapp.bar&dtd=30
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.224.22.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-224-22-215.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
x-server-name: dt45.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 300x250.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61551629/20210616054624412/ Frame B079 41 KB
10 KB 16ms
16ms Document
text/html 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61551629/20210616054624412/300x250.html?e=69&leftOffset=0&topOffset=0&c=eb08ByMTnh&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3db51ab50308ac63d24f672051ae46a7fd355653204f3cfae4773684c66d6522

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 9907
date: Sun, 31 Oct 2021 01:38:30 GMT
expires: Mon, 01 Nov 2021 01:38:30 GMT
cache-control: public, max-age=86400
last-modified: Wed, 16 Jun 2021 12:46:24 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 891A 0
24 B 52ms
52ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvQai5bXLNKNbeXfShidcBOk2RDtgiBrr5euPZGIc55DoJGJa8Anp0Q9o1Bs1-CBFBiChogjPaQiEOaGbYIV_35zv7Uw7ytlEmrvQI-mY795eciyCPBXImhlFxmDWvyeL6fVAgKXeS4lA8CyZFGV4yDhM0vQTKj3nuHpZiuEx2ZpuID4Xheup_LPZ3SwOHOtWdXeeX-yvxQhg2I_eDMrXr4iP6EU9Yvgnw7hBakCwMZYrdBj5PJn3OI5iVsye2wmxrqrCp8vsnrLbA4p23CZqg9DLnoaiUddmcJXGJN5_jodg8jp2jBOzGHPkv_3BKdVL6g-8qIAUlZCm0jr8N7ubUWdabunDG_qMksmgLi0m35xs0gVMPdpP42SGMZIK9WWZBHg10LSEarRneH1z4hUxYuifKqwZ-sSZk2pXIOnKAnJ7IygwjDsc02zUJAf9EC6WOrK0AKZprxGoagCemyNy1YoR5clMWUrTmau-c8NxCvRjzOmX3TOxf0Ta0D6SQ0BIr1B_5i-12LEesJAMzvPdjxc-KfcJ1rio22ckqmb2VPD8ZD80CuqWPm5eP219X6Uev2kEvFVLdhl0VRmtNnbd-UKJdiCqbB7n3XCo89m7iMv1IqXrV8A2qiZuaXRu9NRTeiEmbQsWqp7Chk3NxK0DcjQV4w8Rug3CEAmDUn2mSvAAU6FYpSW-Ko0J8Q3mXMPbcgkvphJ6Xf1DwnyoXFYfOe8Uq8vpMOeIad2RP7BmjvsAtg7OkHAGbJ2a9-pTI034jW8xDV60BFUEVGlAfCHoZfb3_EqNHL44h2O7NbYMU9piAEdNA07jaIHaa2j9Y_p0Uk5rGOlFmTfX9SnzYH0dcvLTrFiID6_Z20C9mQZPaJpAh5dJ2-LNWoHHMQrJ4uDMdl-Evq8g8mIrPC9IyB4yyc_FfkZLa9G3ivn33M4G2L4PXEnS1TRrScMd9dlEpSOLtV5Lglgl0LE2bRbh8MZPv2D9t3KQ0PQtAke1NfNtYAs37svY_qZKD34IK2jEcndRbljAY7eZhrybqT-gKTVbr3rf7PzRY_jlwu8GD-MXI8wxnlUJao7tUygAgpydA2G8YXbFEueRDhL24yuOAPE8BK5rjm74UQih0fCm0DxOVP2oapUVwrH2xHOz3h3BXtZtB5gKe9aP11cYOcFpQZ6kN4VxeabWIeI55a4QhGvWBPdZimT-K1MaTGhOoS2ALRmyTh68fu4E26lasT2IqGBwKHPl-rOFS7mpdszViIMXO4gEC4fhKk4XZD8y7TWa_AGwtSKSWqaSXdvljtAibzpSz9i0F2&sai=AMfl-YQsg4TU-RT6r3AAgdgtYa4qn1vPH2BbA1Q2hpap4eVltQD808Y0GK0FfEsLOb0hVtxpCwLstFBFylLeo2t-vv4jgpoXk1wNlePwMg7NjwMxAKR2ryFlUCGooS6GFdayC9A60beq7b6ETtSa9Zk0oA7LMNVl7Q&sig=Cg0ArKJSzC6f0u4NklsuEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=671&cbvp=1&cstd=668&cisv=r20211027.73063&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sun, 31 Oct 2021 01:38:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3

200

activityi;dc_pre=CP2kjPHB8_MCFTXSEQgd79kCPg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=717486480055.0807 Show response
5994599.fls.doubleclick.net/ Frame 0E48
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=717486480055.0807?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CP2kjPHB8_MCFTXSEQgd79kCPg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=717486480055.0807?

391 B
346 B

38ms
22ms

Document
text/html

142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CP2kjPHB8_MCFTXSEQgd79kCPg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=717486480055.0807?

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

cafe /

Resource Hash

f5c427415dfd4dd8527a74d0c65a126834cb37f721450a2e9b1092ac60a4abe1

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 31 Oct 2021 01:38:31 GMT
expires: Sun, 31 Oct 2021 01:38:31 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 323
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 31 Oct 2021 01:38:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CP2kjPHB8_MCFTXSEQgd79kCPg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=717486480055.0807?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK request_content.php Show response
hal900019.redintelligence.net/ Frame FC92 4 KB
2 KB 19ms
7ms Document
text/html 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900019.redintelligence.net/request_content.php?s=59320200010508600710622011764019&a=b9ed1b94
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request.php?zone=fa7i8f5ue3r6&nw=20&renderingType=javascript&namespace=4e71422600&subid=&uid=4d1e72399095e450&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=640x480&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCxtMulPN9Yar2Oo_C-gb6hY7IDbXN-YNXjNK5q-UM8C4QASCBi_ZoYJUCyAEJqQIugvQvkWWzPqgDAaoE9AFP0KWLyR4GBqxiOV8JL-6nloxX6PtO-f0hrsfNoDRb9602Ead3vqoj2veqk0OsngnhOSEMUpXcL5F44LypFdvbXIzou_g81RZ3emtRzBN6FTMIG6AAwjl5vnapjXaLVBYz93xp_w785YU8rjy-FSAU9j_qgwVb0eb8KZXDfVyLCSMJzpaUqMZDqg1APOFh4Npnvak-qne__vUyC57H_xiV8QNtP7c2C4VFrWLYdytuhd0bOI3HgNcs8OYJC_5N-FNR7ZPnf7p4Ov7Bz-0-qWi_1h5XNFUz_koLPaVwvP-aOd74RG14vrhqMUcixEXcHZYtDv25wASqnfy-zwHgBAOQBgGgBk2AB-vn6F6oB_DZG6gH8tkbqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi03NDIyMzU3NzYwMDI0MzgygAoDmAsByAsBgAwBsBPCmtoK0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRoWHuknKQwd3-rRfxKul6Pfpqp1A%26sig%3DAOD64_0xWZtlrjFc6Egv32aqCzXXNMXpoA%26client%3Dca-pub-7808843510208819%26dbm_c%3DAKAmf-CFLdEMZlUaSTpOwmj7lxr0vQdjxLsJPBLm8YC0kVQ-y-uF2P6ZhaO0VveXy4QS1F6qQXy8nsqQn702rmMvZTfaK-OVXLlxUoAukb6qaQr__nzXm2MlXgBAnyRgyn-B5sCphB6cxMJbMGAwtcx5kTiqAD763Q%26cry%3D1%26dbm_d%3DAKAmf-BaOuCdB8XAjPVGJdsuFJOJUsEbu8FCw-Fqmwf0OxySvo3eCpb16f9yUy6cuITAdvsUpzHZQql7MnFdDB6hZIpXpYi66MGERtl0qPj5ZRJu-iTjCKEk_2gC5w8rJwSbk5eDw9ekczkPRZX56CMoZz1Nei-J_XMfHtKqr8Rf7qXv37_Y95sLjX94OLJvaiwYxflbpB4xWqpl3mvYCRWc6ldWu1ncMXjVY1VYf3SYx9j4a7kKWUQgRyKJ5G91GDGeJhgAvJ0AYU7dnDJHuLHeJMsswev6SqLJBAEggx69ncuqjmv8QxcYMjcmiZkf3egRemYABs3F4d-F16aJePnIFhO70Wo3T83fLB7tUn2TtAhsTj7xMHMH5Wz8DUPe-sRGI77xyaDg0RwIyNJgCLlWKaSSnDbTSdxtM0kqt1sjYy5fRyoD6uk3VJ_syZDjjNC8fl5E75kLzj1AdSxoS6tvJwqRr7fIBQ%26adurl%3D&documentReferer=https%3A%2F%2Fgruposdewhatsapp.bar%2F&ancestorOrigins=https%3A%2F%2Fgruposdewhatsapp.bar%2Chttps%3A%2F%2Fgruposdewhatsapp.bar&random=1531181916826&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 3f06a0c7d32aa12a6591b19926eabd9c084ef27adaa66cc88ba19911aee89e73

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com/

Response headers

Date: Sun, 31 Oct 2021 01:38:30 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Sun, 31 Oct 2021 02:38:30 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1507
Connection: close
Content-Type: text/html; charset=utf-8

GET
DATA 200
OK truncated
/ Frame 6FEB 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d9bdfc3e070d8550ec5e8e0bd255d4e9d01ae36993a321d04243d54018b4f28d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js Show response
pagead2.googlesyndication.com/bg/ Frame BD8D 35 KB
13 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e7b8ddc2df8ad1ef42f7846f30e92a666b4a79d319fa52405745b6c99f4abaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 21:11:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 275204
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13394
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 18:58:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Thu, 27 Oct 2022 21:11:47 GMT

GET
H2 200 LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js Show response
pagead2.googlesyndication.com/bg/ Frame CBAD 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=909805614&adf=22827039&pi=t.aa~a.851264418~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280&nras=4&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2858&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=wt21vC1GN7&p=https%3A//gruposdewhatsapp.bar&dtd=19

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e7b8ddc2df8ad1ef42f7846f30e92a666b4a79d319fa52405745b6c99f4abaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 21:11:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 275204
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13394
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 18:58:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Thu, 27 Oct 2022 21:11:47 GMT

GET
H2 204 ad_impression.gif
beacon.krxd.net/ Frame AE26 0
338 B 111ms
31ms Image
text/plain 52.211.234.106
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/ad_impression.gif?campaignid=11313517&advertiserid=4528516&placementid=315078331&adid=507876724&creativeid=160015383&siteid=1729994&url=https%3A%2F%2Fbeacon.krxd.net%2Fad_impression.gif&_kpid=af5fc09f-edef-481c-bfa7-696005c6deb3&confid=sfht0if3y
Requested by: Host: aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com
URL: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.211.234.106 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-211-234-106.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:31 GMT
cache-control: private, no-cache, no-store
x-request-time: D=40 t=1635644311
x-served-by: beacon-n021-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame C21C 0
0 31ms
31ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021102601&jk=2375784301372285&rc=
Requested by: Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 310A
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEFXiiEQV4Nmg-vIalGCqWJ0&google_cver=1&google_push=AYg5qPK2Nfb6I51kNjCvvDbHaik9L10RblzYGpoMOmCPXTM424l_1wysUa83iMhika8HzeTOa3ODTe2uzec8mqF4Dca05OF1WK8V-g
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MjgwMTgwMTMzMDYxNjU3MTY1Mw==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEDAmT2_ja65L6UvbHEF2zxA&google_cver=1

43 B
407 B

476ms
171ms

Image
image/gif

2620:112:f000:bbbb::11
TURN-US-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEDAmT2_ja65L6UvbHEF2zxA&google_cver=1
Requested by: Host: e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com
URL: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Server: 2620:112:f000:bbbb::11 , United States, ASN6336 (TURN-US-ASN, US),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEDAmT2_ja65L6UvbHEF2zxA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 310A
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESELWK9uD9NTsr0e6mLOCdoP0&google_cver=1&google_push=AYg5qPJqopQp5SP2Ri52ux_4dtLe94ahU3KMgnNoqFMm7iYuKRpTa7EHYB...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJqopQp5SP2Ri52ux_4dtLe94ahU3KMgnNoqFMm7iYuKRpTa7EHYBNRp2oBO4Hg69CZlrzV0l0-V1MNhzlhrGSFXUdo6ZoueQ&google_hm=2Rma...

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJqopQp5SP2Ri52ux_4dtLe94ahU3KMgnNoqFMm7iYuKRpTa7EHYBNRp2oBO4Hg69CZlrzV0l0-V1MNhzlhrGSFXUdo6ZoueQ&google_hm=2RmaCPWRgpW-EVcgew-znQ

Requested by

Host: e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com
URL: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJqopQp5SP2Ri52ux_4dtLe94ahU3KMgnNoqFMm7iYuKRpTa7EHYBNRp2oBO4Hg69CZlrzV0l0-V1MNhzlhrGSFXUdo6ZoueQ&google_hm=2RmaCPWRgpW-EVcgew-znQ
pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 310A 0
191 B 81ms
24ms Image
text/plain 66.155.71.149
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESECeUkemMK8tQy6_8D_bScKg&google_cver=1&google_push=AYg5qPJHwUcOcrW2fKQvvAQ4sKzM528lNaCzsUVxb1N_KkHMrEcMwxdzC-83dDQKIQ9ZaxXcHA0KZFxD-nr8s8vwimix7qsnk5tCPA
Requested by: Host: e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com
URL: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.149 Southampton, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 310A
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

16ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIhcxExn2wJXILlS8iNLAKTbHBGdWFleTtN_BFlMT947dS04RP_4yGsBPt55z8sM23IZDGwUlJZIJ-ajjuY9vbDMuVUiEGUEQ

Requested by

Host: e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com
URL: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIhcxExn2wJXILlS8iNLAKTbHBGdWFleTtN_BFlMT947dS04RP_4yGsBPt55z8sM23IZDGwUlJZIJ-ajjuY9vbDMuVUiEGUEQ
date: Sun, 31 Oct 2021 01:38:30 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET

pixel
cm.g.doubleclick.net/ Frame 310A
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEOjK6OZZsOOlHSpXXvMKz9o&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu...

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 310A
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEI...
https://sync.targeting.unrulymedia.com/csync/RX-b134b67d-23aa-4b5b-a01b-41bc511ad974-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPKEYHCZ41CoF81WgYRLL...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPKEYHCZ41CoF81WgYRLLVtgH2qxNn8J7o7EWiPfE9IweCBcBXzvIXU_mbXNHBTtDTfu0CGvTKLjJB5N0HkR8uEIlG2dmlGWtA&google_hm=A7E0tn0jqktboBtBvFEa2XQ

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPKEYHCZ41CoF81WgYRLLVtgH2qxNn8J7o7EWiPfE9IweCBcBXzvIXU_mbXNHBTtDTfu0CGvTKLjJB5N0HkR8uEIlG2dmlGWtA&google_hm=A7E0tn0jqktboBtBvFEa2XQ

Requested by

Host: e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com
URL: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPKEYHCZ41CoF81WgYRLLVtgH2qxNn8J7o7EWiPfE9IweCBcBXzvIXU_mbXNHBTtDTfu0CGvTKLjJB5N0HkR8uEIlG2dmlGWtA&google_hm=A7E0tn0jqktboBtBvFEa2XQ
date: Sun, 31 Oct 2021 01:38:31 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RXb134b67d23aa4b5ba01b41bc511ad974003
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 310A
Redirect Chain

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEAD76gtBi5gJ-4wG03WfE9g&google_cver=1&google_push=AYg5qPJZTv3HZq8aTSmpL4_zlv5bi4yzvWoDaws8ijXgZ_YXnn7j2uPe...
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEAD76gtBi5gJ-4wG03WfE9g&google_cver=1&google_push=AYg5qPJZTv3HZq8aTSmpL4_zlv5bi4yzvWoDaws8ijXgZ_YXnn7j2uPe...
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEAD76gtBi5gJ-4wG03WfE9g&google_cver=1&google_push=AYg5qPJZTv3HZq8aTSmpL4_zlv5bi4yzvWoDaws8ijXgZ_YXnn7j2u...
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVA0MGVkNjQ0MC0zOWViLTExZWMtYjYxNi0wMjRjNDBlYTQ4MzY%3D&google_push=AYg5qPJZTv3HZq8aTSmpL4_zlv5bi4yzvWoDaws8ijXgZ_YXnn7j2uPetNeAdjkvYv...

170 B
188 B

17ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVA0MGVkNjQ0MC0zOWViLTExZWMtYjYxNi0wMjRjNDBlYTQ4MzY%3D&google_push=AYg5qPJZTv3HZq8aTSmpL4_zlv5bi4yzvWoDaws8ijXgZ_YXnn7j2uPetNeAdjkvYvDcNhiDNWhpKkZxl-10DogbIQ4lMsqLPDXzY4o

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sun, 31 Oct 2021 01:38:31 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVA0MGVkNjQ0MC0zOWViLTExZWMtYjYxNi0wMjRjNDBlYTQ4MzY%3D&google_push=AYg5qPJZTv3HZq8aTSmpL4_zlv5bi4yzvWoDaws8ijXgZ_YXnn7j2uPetNeAdjkvYvDcNhiDNWhpKkZxl-10DogbIQ4lMsqLPDXzY4o
Connection: keep-alive
Content-Length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 310A 0
12 B 15ms
14ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Jb1oFd5Uvi0JQHRtQXDec4fVL4BV92yAfcC6ppKqrumxAHW6Fhm78JpqHvdG4stOcWnp_Uig

Requested by

Host: e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com
URL: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 891A 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com
URL: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 14:15:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 386567
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Wed, 26 Oct 2022 14:15:44 GMT

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame CA27 1 KB
793 B 7ms
7ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com
URL: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 30 Oct 2021 08:58:57 GMT
expires: Sun, 31 Oct 2021 08:58:57 GMT
content-type: text/html; charset=ISO-8859-1
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 59974
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 891A 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5115fa77544d15c7371d108be6c4ca65aa2d6b5b9f848b0e11e4e738911ec535

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js Show response
pagead2.googlesyndication.com/bg/ Frame 9081 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e7b8ddc2df8ad1ef42f7846f30e92a666b4a79d319fa52405745b6c99f4abaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 21:11:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 275204
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13394
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 18:58:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Thu, 27 Oct 2022 21:11:47 GMT

GET
H2 200 device.png
s0.2mdn.net/4528516/1039192214543590/ Frame C9EE 33 KB
33 KB 8ms
7ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528516/1039192214543590/device.png?1633936563892

Requested by

Host: aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com
URL: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

86528dae2901b5f4d10b42f3a38beb86267c534423ad2284c9e387fdd55f1162

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/4528516/1039192214543590/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 10:15:06 GMT
x-content-type-options: nosniff
age: 55405
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33609
x-xss-protection: 0
last-modified: Mon, 18 Oct 2021 13:16:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 10:15:06 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame AE26 0
23 B 43ms
43ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuZJwXGUaGRpqkpmIaXIbP9C1VWNNPw-Sb21wNwg86f1MrYmValN9QDY6lPfgk4lGkNy1BVb7YV4Aofd8WwYfz4OJFy85FHOjB-e_wnDXs7X0fVuPj2lDu4FryuKGaZj1gUgzAveGCHJQ1uWl72yq9tA6y7FS1OW7T7ofb_KN57W7U30ViAHT9GtWRNhqQe83l6DQJD5YtZzDoT_Jl-WoYvalXzeAqFSWjhswzOTpTFmzgQFC_4imF_0mx9wkQf3cpBdClzk9LvBVpjc1dzQB3u0RH_4D_V0x7Jkw2rjVdZWaYrAxRWVCpW-n2nviyoHDlSfznQnmRifgg4rH6rl5-4C9OWD_CprGMDLfph3DdZaCodxo8a8m1Fg3Prs5GE1LUz_j3W2O7XZJEM-jrQ3cb61mVmGjLXvOzrMd3Fb8HXvvBfHdJ8a4Yy7vZo-ND3u0KLujZrweH-rpZbtwO8BQ3uc69LQfmH-0aKSvbc62cfGJcBy-gggq7XD5VGnEUjqSGxB3yO7clZKtPVdGEA9Ki18vpJ4o282dkthTm2JLkw1EsZTgpA_ZX5qAGuXlYsXAslJ4m7xWM8vh_lz82iWQ5nXO7L8b3zQl_MzAvCgip1PA9qGnISPhW0xi--tZWqVsJ0_C0kfg8jEBQ3NqF5QVyKAdMXZ6-8XxR4NWS6nb_66yU_uPdTeptTn3yH20u6u8xNJwFYk4rlKHIBaKsZfNyAATwQ4bpcbA-A_Qm59vgX_B2q_oa5_qjIf44d89Ix3HUkVEZIqPCvnpGGvUQPthkfzE7al4Zo3DiRZZ3TJ-k-ZYtWv8Vl7RYIDZP6HXyu0en6-SgIc__MsY11r20G9Z8rHtIVGqmfnaU09v4w395jTNqWTBv3Vu617RJuk4h59VH7g5zcp_BKlJ6UE1pXieKKwp3E2jRcHmy-x_NqaVSI8ekhNCobO25Bpj5U8VPb_7RcPcN7IYtYsnjp2PHfXrFjJ-6vXGEd6WXd9Efhdjbb2xzV_MHUocNV077-2AKzd9W7_rtAbeRZ5iiTVrYEA4ty1y6ypQuAWRdJfnSixlHtr87doSwdbe0C5nZXSHCMS82kRAw3Kc0ax_2vq6isk2vHxKRFwODINZckMjKQLiNm5PTY8JlswZlj2A4Lyx0qy2jYg4Tjja0HQ5hCSeooM21w_TXEdd-N12Im8qKOgJ0f8z1f_LPYPqKxRkqesa1nW8qEo5Ys22AjiL3nXWwf8Y6uI9u79jnUJpXsdvXwVxDYKbbKM2jjH-LF3XCu-553TAaVQ_JF4b1LtmzAbk-1Fm3bJOZT23yYZ5ax4zvI4xLy&sai=AMfl-YQZd0o_UF2Kk-HDDga_p00lWmU3KJ6GeWqhLcz5hf0CUjaukjFD1BuuBTFPlgiOdJuFAOsCcfJn3jMhOaWfqtVcxqoBJXXF8KgB3MConPlPm3ElQh1i2idW3Bxo6B_jnKn0ZMVlQnMSz-VeIiHDAnOnkIKXcA&sig=Cg0ArKJSzLY8WwJfPQ2SEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1488&vt=11&dtpt=904&dett=3&cstd=583&cisv=r20211027.53044&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E256
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEEZP5XvRr0l8xUBEDr5MI1k&google_cver=1&google_push=AYg5qPKQD_8LedXNy2tCqAbuGOV-3CngFhnww6WNGF_TZ8F0waqkxDL8d2...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKQD_8LedXNy2tCqAbuGOV-3CngFhnww6WNGF_TZ8F0waqkxDL8d2N55wQvAze5IYFg4y_7d2LvJAGWNseLtkrJ1ht3YV6c&google_hm=2RmaCP...

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKQD_8LedXNy2tCqAbuGOV-3CngFhnww6WNGF_TZ8F0waqkxDL8d2N55wQvAze5IYFg4y_7d2LvJAGWNseLtkrJ1ht3YV6c&google_hm=2RmaCPWRgpW-EVcgew-znQ

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKQD_8LedXNy2tCqAbuGOV-3CngFhnww6WNGF_TZ8F0waqkxDL8d2N55wQvAze5IYFg4y_7d2LvJAGWNseLtkrJ1ht3YV6c&google_hm=2RmaCPWRgpW-EVcgew-znQ
pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E256
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPJoESrGWW9nH-upodBXhm8qWN_kfAy6oxoiB7K...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVgzemx3QUFBZlltYXc3LQ&google_push=AYg5qPJoESrGWW9nH-upodBXhm8qWN_kfAy6oxoiB7KbLX_arE8Q15E4UY_tcgr4Xo7H7Lu9zZyQbCg3s1yEsBk7XKZBrFcA4lZX

170 B
188 B

20ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVgzemx3QUFBZlltYXc3LQ&google_push=AYg5qPJoESrGWW9nH-upodBXhm8qWN_kfAy6oxoiB7KbLX_arE8Q15E4UY_tcgr4Xo7H7Lu9zZyQbCg3s1yEsBk7XKZBrFcA4lZX

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVgzemx3QUFBZlltYXc3LQ&google_push=AYg5qPJoESrGWW9nH-upodBXhm8qWN_kfAy6oxoiB7KbLX_arE8Q15E4UY_tcgr4Xo7H7Lu9zZyQbCg3s1yEsBk7XKZBrFcA4lZX
Date: Sun, 31 Oct 2021 01:38:31 GMT
Server: Apache
Connection: keep-alive
Content-Length: 391
Content-Type: text/html; charset=iso-8859-1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E256
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEETeUoaXlnw956h8lgCa8Vk&google_cver=1&google_push=AYg5qPIC-zUbSSIsgofF0AfNfqWYYZv2GqIutvpM2Mh7avi1tTcShB4pVm0US05FeWKfPB9lIuZsTy4xKi01mGFG3eE95dQQ1MbB
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPIC-zUbSSIsgofF0AfNfqWYYZv2GqIutvpM2Mh7avi1tTcShB4pVm0US05FeWKfPB9lIuZsTy4xKi01mGFG3eE95dQQ1MbB&google_hm=ptacD8rbzQQ1mCFHMARTLQ==

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPIC-zUbSSIsgofF0AfNfqWYYZv2GqIutvpM2Mh7avi1tTcShB4pVm0US05FeWKfPB9lIuZsTy4xKi01mGFG3eE95dQQ1MbB&google_hm=ptacD8rbzQQ1mCFHMARTLQ==

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPIC-zUbSSIsgofF0AfNfqWYYZv2GqIutvpM2Mh7avi1tTcShB4pVm0US05FeWKfPB9lIuZsTy4xKi01mGFG3eE95dQQ1MbB&google_hm=ptacD8rbzQQ1mCFHMARTLQ==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: 7hh8ufdgovkdth7oti9mdn1paed2j5ia

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E256
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

18ms
17ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLyIBSs7Q55vvmvlTyvEFa5PqR3hKChhyt7BREvecgdUr02XYV2A97se5e0UqMIyCiEIHhS126jI2cXooIqdSLVyN1U-LQ

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLyIBSs7Q55vvmvlTyvEFa5PqR3hKChhyt7BREvecgdUr02XYV2A97se5e0UqMIyCiEIHhS126jI2cXooIqdSLVyN1U-LQ
date: Sun, 31 Oct 2021 01:38:30 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E256
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJ4RRy7LXj4HLJUJo7PSBgY&google_cver=1&google_push=AYg5qPK9RHDa4hjOg-17Kxn1gTK7dE7Y9rxdXAhjHaLmSf7vHRv15C7EFuiIxSCacwpGr8SzXmx...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0UzUUotSy1RQVY=&google_push=AYg5qPK9RHDa4hjOg-17Kxn1gTK7dE7Y9rxdXAhjHaLmSf7vHRv15C7EFuiIxSCacwpGr8SzXmx5jO7eZJc4oBucav9uqA2o8co

170 B
188 B

24ms
23ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0UzUUotSy1RQVY=&google_push=AYg5qPK9RHDa4hjOg-17Kxn1gTK7dE7Y9rxdXAhjHaLmSf7vHRv15C7EFuiIxSCacwpGr8SzXmx5jO7eZJc4oBucav9uqA2o8co

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0UzUUotSy1RQVY=&google_push=AYg5qPK9RHDa4hjOg-17Kxn1gTK7dE7Y9rxdXAhjHaLmSf7vHRv15C7EFuiIxSCacwpGr8SzXmx5jO7eZJc4oBucav9uqA2o8co
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame E256
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktS...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktS...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktS...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktS...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktS...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktS...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktS...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktS...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktS...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktS...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktS...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktS...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktS...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktS...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktS...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktS...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktS...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktS...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktS...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktS...

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E256
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEFlsEw8oQzSCvuFqKHk6jIs&google_cver=1&google_push=AYg5qPJIJuaxsKbNkqc8praS...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPJIJuaxsKbNkqc8praShjfe3iqo2C8dPNCfoAJaB-BmIBqY3dxWfA92OXs28ctIgcaRCszZscU0s7X_Jx6xAIN3rFSjY_BZrA&google_hm=

170 B
188 B

16ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPJIJuaxsKbNkqc8praShjfe3iqo2C8dPNCfoAJaB-BmIBqY3dxWfA92OXs28ctIgcaRCszZscU0s7X_Jx6xAIN3rFSjY_BZrA&google_hm=

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPJIJuaxsKbNkqc8praShjfe3iqo2C8dPNCfoAJaB-BmIBqY3dxWfA92OXs28ctIgcaRCszZscU0s7X_Jx6xAIN3rFSjY_BZrA&google_hm=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Sat, 30 Oct 2021 01:38:31 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame E256 0
12 B 16ms
15ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I1wC8Za_bfohhai-MktxnEFsaiG0ZCgsJDHIYxvd78EIZ_S_cFe20z13kfy2UJf40UrciJeg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3222
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESELgOu1RkqQlZLvs_4DdWliw&google_cver=1&google_push=AYg5qPKo5dppTfy3P8-v4xIoBorbMrgM0ozSIn7gKfKGGOJxYHjGFvAfL6...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKo5dppTfy3P8-v4xIoBorbMrgM0ozSIn7gKfKGGOJxYHjGFvAfL6Zl1M51SmOkdzehNb4g8Vzm1eKzuibnegMCmsm_8Q&google_hm=2RmaCPWR...

170 B
188 B

17ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKo5dppTfy3P8-v4xIoBorbMrgM0ozSIn7gKfKGGOJxYHjGFvAfL6Zl1M51SmOkdzehNb4g8Vzm1eKzuibnegMCmsm_8Q&google_hm=2RmaCPWRgpW-EVcgew-znQ

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKo5dppTfy3P8-v4xIoBorbMrgM0ozSIn7gKfKGGOJxYHjGFvAfL6Zl1M51SmOkdzehNb4g8Vzm1eKzuibnegMCmsm_8Q&google_hm=2RmaCPWRgpW-EVcgew-znQ
pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 466606.gif
id.rlcdn.com/ Frame 3222 42 B
315 B 17ms
14ms Image
image/gif 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPJLYMb0bODbb_Qv7rZjViKuC8t3Qi8ex4lOyPQG96X0f2TpETGFRJjcxVqJyQSLSX-JkiqdZf04ARGxTADhN_ahyBJ23Wg&google_gid=CAESEJtW2KC0gXUXDvZckR3wftM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=1749763963&adf=1227958693&pi=t.aa~a.851271261~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=3&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2309&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=22ZO10pvNk&p=https%3A//gruposdewhatsapp.bar&dtd=17
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:31 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3222
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEJ9XxrMx69J1D5rSHwUzF14&google_cver=1&google_push=AYg5qPJy8hbP-epBiwDV67FwAwb7VMaQV6b4CaoNQwjWKWFLPjtoXKkO-3n4Maze1GmbyI-5nL1lcny5-01ZfvEfjJOZ2XUIoSM
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJy8hbP-epBiwDV67FwAwb7VMaQV6b4CaoNQwjWKWFLPjtoXKkO-3n4Maze1GmbyI-5nL1lcny5-01ZfvEfjJOZ2XUIoSM&google_hm=ptacD8rbzQQ1mCFHMARTLQ==

170 B
188 B

19ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJy8hbP-epBiwDV67FwAwb7VMaQV6b4CaoNQwjWKWFLPjtoXKkO-3n4Maze1GmbyI-5nL1lcny5-01ZfvEfjJOZ2XUIoSM&google_hm=ptacD8rbzQQ1mCFHMARTLQ==

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJy8hbP-epBiwDV67FwAwb7VMaQV6b4CaoNQwjWKWFLPjtoXKkO-3n4Maze1GmbyI-5nL1lcny5-01ZfvEfjJOZ2XUIoSM&google_hm=ptacD8rbzQQ1mCFHMARTLQ==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: mhl435n8mqkn2j5q6ssamf477j9t94kg

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3222
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

20ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIRjUEwEkBQqJcux3-SRSdfhUcCEF-_ad1BWdAO1iomoilJeGUy9N6osl5VzgNorotO9TyrG18hg4gWNxxikBA6IctTtg

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIRjUEwEkBQqJcux3-SRSdfhUcCEF-_ad1BWdAO1iomoilJeGUy9N6osl5VzgNorotO9TyrG18hg4gWNxxikBA6IctTtg
date: Sun, 31 Oct 2021 01:38:30 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3222
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEF5WbyRI5b1rwslwO5Ex0Y4&google_cver=1&google_push=AYg5qPJc_FHSQhVrtslOe6YBuvGwaAf4NEDpJS4SxVSxNdxr0qzRI_7PevrX9lOyDlWHq72HHez...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0UzUVotMUItTTZQQw==&google_push=AYg5qPJc_FHSQhVrtslOe6YBuvGwaAf4NEDpJS4SxVSxNdxr0qzRI_7PevrX9lOyDlWHq72HHez3Xot5Qo3gKtGtD4VSwxEzIA

170 B
188 B

16ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0UzUVotMUItTTZQQw==&google_push=AYg5qPJc_FHSQhVrtslOe6YBuvGwaAf4NEDpJS4SxVSxNdxr0qzRI_7PevrX9lOyDlWHq72HHez3Xot5Qo3gKtGtD4VSwxEzIA

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0UzUVotMUItTTZQQw==&google_push=AYg5qPJc_FHSQhVrtslOe6YBuvGwaAf4NEDpJS4SxVSxNdxr0qzRI_7PevrX9lOyDlWHq72HHez3Xot5Qo3gKtGtD4VSwxEzIA
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 3222
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV...

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3222
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEAPuvsFySAcjDhAQtUyPVf0&google_cver=1&google_push=AYg5qPL3yolqSJpmuwjzG6N2...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPL3yolqSJpmuwjzG6N2krmRceo7WTom1e4mVq3HdnW-s4A1BnoHfTIdaSOttzAvSLokK9zp6SVco3ndtEQp8l78ONSxm8I&google_hm=

170 B
188 B

17ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPL3yolqSJpmuwjzG6N2krmRceo7WTom1e4mVq3HdnW-s4A1BnoHfTIdaSOttzAvSLokK9zp6SVco3ndtEQp8l78ONSxm8I&google_hm=

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPL3yolqSJpmuwjzG6N2krmRceo7WTom1e4mVq3HdnW-s4A1BnoHfTIdaSOttzAvSLokK9zp6SVco3ndtEQp8l78ONSxm8I&google_hm=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Sat, 30 Oct 2021 01:38:31 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 3222 0
12 B 16ms
15ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13INd1PGSND9jMge3BlwOlJx85zl1hZu2vdibeCojk17dUJTety46CNHJWArolku4JFqCabXPA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=1749763963&adf=1227958693&pi=t.aa~a.851271261~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=3&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2309&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=22ZO10pvNk&p=https%3A//gruposdewhatsapp.bar&dtd=17

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js Show response
pagead2.googlesyndication.com/bg/ Frame D5A5 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e7b8ddc2df8ad1ef42f7846f30e92a666b4a79d319fa52405745b6c99f4abaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 21:11:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 275204
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13394
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 18:58:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Thu, 27 Oct 2022 21:11:47 GMT

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame 891A
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/769474/57793853/skeleton.js?adsafe_url=https%3A%2F%2Fgruposdewhatsapp.bar&adsafe_type=g&adsafe_url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&adsafe_type=e&adsafe_u...
https://static.adsafeprotected.com/skeleton.js

17 B
240 B

33ms
33ms

Script
application/javascript

63.32.255.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js
Requested by: Host: 2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com
URL: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Server: 63.32.255.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-32-255-93.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:31 GMT
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: nginx/1.16.1
age: 1214754
etag: "53fab767ecbd3bf07990b10246befbd4"
x-cache-status: HIT
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 17

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
x-server-name: app15.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame AF9E 80 KB
21 KB 33ms
33ms Script
application/javascript 63.32.255.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: 2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com
URL: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.32.255.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-32-255-93.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:31 GMT
content-encoding: gzip
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: nginx/1.16.1
age: 5791372
etag: W/"9304f57298c3834ff107ea7ccb547996"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame E83D 41 KB
15 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
URL: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 14:15:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 386567
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Wed, 26 Oct 2022 14:15:44 GMT

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 45A4 1 KB
788 B 7ms
7ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
URL: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 30 Oct 2021 08:58:57 GMT
expires: Sun, 31 Oct 2021 08:58:57 GMT
content-type: text/html; charset=ISO-8859-1
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 59974
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame E83D 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b6f09484d794a76a45ec6a8fa0efb3f2814f8505e7a76ce8dced3288547d7613

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 af5fc09f-edef-481c-bfa7-696005c6deb3 Show response
consumer.krxd.net/consent/get/ Frame AE26 221 B
416 B 57ms
39ms Script
text/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://consumer.krxd.net/consent/get/af5fc09f-edef-481c-bfa7-696005c6deb3?idt=device&dt=kxcookie&callback=Krux.ns.congstar.kxjsonp_consent_get_0
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 14dbb435fe86816e0aa258d5dd9361ebfdfd20bfe96523b9eab592cbecf36075

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:31 GMT
via: 1.1 varnish
age: 0
x-served-by: consumer-a014-dub-prod.krxd.net, cache-fra19126-FRA
vary: Accept-Encoding
x-cache: MISS, MISS
content-type: text/javascript; charset=UTF-8
content-encoding: gzip
cache-control: max-age=1800
x-age: 0
accept-ranges: bytes
x-timer: S1635644311.319958,VS0,VE31
content-length: 177
x-cache-hits: 0, 0

GET
H2 200 styles.css
s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/ Frame 8AEB 3 KB
807 B 9ms
8ms Stylesheet
text/css 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/styles.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e2273757db82c512c7724a56acb665cb430985d237d01303add41f5aa2a59e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 10:16:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 55339
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 675
x-xss-protection: 0
last-modified: Fri, 08 Oct 2021 12:51:24 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 10:16:12 GMT

GET
H2 200 TweenMax.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/2.0.2/ Frame 8AEB 113 KB
34 KB 37ms
16ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/2.0.2/TweenMax.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

009bf00d3831fb62595adb20e170ed288d8a157493fb6028b1888b05875ed8f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 414986
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 33806
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-1c56a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xztHuDhrc1QHNUcCiLSjrkUgVCZmym1%2FavFd%2BH%2FsWOAzmEaH9N%2FTqNbhEMUiL7vY%2FboSM%2BgSYpj1mh51Dha9Qp9trscLtUjPHcuHYoMaGkoI5aRnfXxtCGaZfbMdkQ%2FaHD9w2QmsOXoOYCzUBJ2Y3P0v"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6a692a11cd602bb9-FRA
expires: Fri, 21 Oct 2022 01:38:31 GMT

GET
H2 200 main.js Show response
s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/ Frame 8AEB 10 KB
2 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7fb740dab4620f2d5de41d2d9f0bcb6028e02cb761490bce0c88a14c1a907727

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 10:16:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 55339
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2469
x-xss-protection: 0
last-modified: Fri, 08 Oct 2021 12:51:24 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 10:16:12 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CD45
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESENI9HSFPCenPGKUy7mYV5cw&google_cver=1&google_push=AYg5qPI9PjxbGSrgtcGqeyYUometkfhKBvy_6gwMdB6d33AzCxmk_9BSra...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPI9PjxbGSrgtcGqeyYUometkfhKBvy_6gwMdB6d33AzCxmk_9BSraiUTU1fHUkL-n7qRq_IwdsakWNgm5JUHcre481eSErf&google_hm=2RmaCP...

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPI9PjxbGSrgtcGqeyYUometkfhKBvy_6gwMdB6d33AzCxmk_9BSraiUTU1fHUkL-n7qRq_IwdsakWNgm5JUHcre481eSErf&google_hm=2RmaCPWRgpW-EVcgew-znQ

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPI9PjxbGSrgtcGqeyYUometkfhKBvy_6gwMdB6d33AzCxmk_9BSraiUTU1fHUkL-n7qRq_IwdsakWNgm5JUHcre481eSErf&google_hm=2RmaCPWRgpW-EVcgew-znQ
pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CD45
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPKGyhdRcLmDzfj68F9HMOGW3zrgnE11bwIEuBe...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVgzemx3QUFCUnIxNzJAbA&google_push=AYg5qPKGyhdRcLmDzfj68F9HMOGW3zrgnE11bwIEuBex7VWhtwCrb7-d05FhxverEJvw5vhq3-xT07Bo-tOtp80bJfZeJWM_eX...

170 B
188 B

17ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVgzemx3QUFCUnIxNzJAbA&google_push=AYg5qPKGyhdRcLmDzfj68F9HMOGW3zrgnE11bwIEuBex7VWhtwCrb7-d05FhxverEJvw5vhq3-xT07Bo-tOtp80bJfZeJWM_eX56ZA

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVgzemx3QUFCUnIxNzJAbA&google_push=AYg5qPKGyhdRcLmDzfj68F9HMOGW3zrgnE11bwIEuBex7VWhtwCrb7-d05FhxverEJvw5vhq3-xT07Bo-tOtp80bJfZeJWM_eX56ZA
Date: Sun, 31 Oct 2021 01:38:31 GMT
Server: Apache
Connection: keep-alive
Content-Length: 393
Content-Type: text/html; charset=iso-8859-1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CD45
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKcjEQ3...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEwMzEwMTM4MzEwMDA0MDc0MTQ4NTg2NA%3D%3D&google_push=AYg5qPKcjEQ3vDT71tEHg5pSQtry4NyYr_qsUJ8W37U4zmb7zJdrvTRzWj8oykUjZ7l6An...

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEwMzEwMTM4MzEwMDA0MDc0MTQ4NTg2NA%3D%3D&google_push=AYg5qPKcjEQ3vDT71tEHg5pSQtry4NyYr_qsUJ8W37U4zmb7zJdrvTRzWj8oykUjZ7l6AnWTR6xMQjbA9CHgX23fW25ubpZd96l8DQ

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTEwMzEwMTM4MzEwMDA0MDc0MTQ4NTg2NA%3D%3D&google_push=AYg5qPKcjEQ3vDT71tEHg5pSQtry4NyYr_qsUJ8W37U4zmb7zJdrvTRzWj8oykUjZ7l6AnWTR6xMQjbA9CHgX23fW25ubpZd96l8DQ
pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Sun, 31 Oct 2021 01:38:31 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CD45
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEN-u9_PuMuSsl9mF09v7jPw&google_cver=1&google_push=AYg5qPLXEvOSisYdzzdmw11uAIO3DnOgEDuDke4UolCR56g3alZzZYwuwr9RqTyYdOd1ISJqGQt2E9dHxwdGkHGLHFLaPjd6krzMvw
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLXEvOSisYdzzdmw11uAIO3DnOgEDuDke4UolCR56g3alZzZYwuwr9RqTyYdOd1ISJqGQt2E9dHxwdGkHGLHFLaPjd6krzMvw&google_hm=ptacD8rbzQQ1mCFHMARTLQ==

170 B
188 B

16ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLXEvOSisYdzzdmw11uAIO3DnOgEDuDke4UolCR56g3alZzZYwuwr9RqTyYdOd1ISJqGQt2E9dHxwdGkHGLHFLaPjd6krzMvw&google_hm=ptacD8rbzQQ1mCFHMARTLQ==

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:30 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLXEvOSisYdzzdmw11uAIO3DnOgEDuDke4UolCR56g3alZzZYwuwr9RqTyYdOd1ISJqGQt2E9dHxwdGkHGLHFLaPjd6krzMvw&google_hm=ptacD8rbzQQ1mCFHMARTLQ==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: 681tneo0k23st03beqt11nskkhrm4hvm

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CD45
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

16ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIS3N16I6pL1S4vVZ7SOe58JamIoaKyItnkvgAPaOo7_b4KeAK7SzI4L3mLci-EOHIhjobaEz_TuxW5qAJqe4d1nJzP6YNAeQ

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIS3N16I6pL1S4vVZ7SOe58JamIoaKyItnkvgAPaOo7_b4KeAK7SzI4L3mLci-EOHIhjobaEz_TuxW5qAJqe4d1nJzP6YNAeQ
date: Sun, 31 Oct 2021 01:38:31 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CD45
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPFIeKcfzqazYUH-0cH2yEg&google_cver=1&google_push=AYg5qPJERp7lNEfJa-nprJBoOUYqeK15r7lNp9ZM64ksH43aNIKNSuxIIQaQyO2c8fA2ClW0kYz...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0UzVVktQy02STgw&google_push=AYg5qPJERp7lNEfJa-nprJBoOUYqeK15r7lNp9ZM64ksH43aNIKNSuxIIQaQyO2c8fA2ClW0kYzRK42NekA1TCavDGnKR1cY6izKmQ

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0UzVVktQy02STgw&google_push=AYg5qPJERp7lNEfJa-nprJBoOUYqeK15r7lNp9ZM64ksH43aNIKNSuxIIQaQyO2c8fA2ClW0kYzRK42NekA1TCavDGnKR1cY6izKmQ

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0UzVVktQy02STgw&google_push=AYg5qPJERp7lNEfJa-nprJBoOUYqeK15r7lNp9ZM64ksH43aNIKNSuxIIQaQyO2c8fA2ClW0kYzRK42NekA1TCavDGnKR1cY6izKmQ
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame CD45
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEM6pfD0GILacsYvbb5N7xNM&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruA...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruA...

0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame CD45 0
12 B 15ms
15ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KNm-98hOeWM4EZ-cq1NjI1UoCTXGGqs19XZoKkwLqPu3UwVxqKeMvk9Wc_mT4rdiQBk4Tx

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js Show response
pagead2.googlesyndication.com/bg/ Frame A154 35 KB
13 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e7b8ddc2df8ad1ef42f7846f30e92a666b4a79d319fa52405745b6c99f4abaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 21:11:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 275204
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13394
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 18:58:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Thu, 27 Oct 2022 21:11:47 GMT

GET
H2 200 LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js Show response
pagead2.googlesyndication.com/bg/ Frame 6280 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=280&adk=1749763963&adf=1227958693&pi=t.aa~a.851271261~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x280&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=3&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=2309&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=22ZO10pvNk&p=https%3A//gruposdewhatsapp.bar&dtd=17

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e7b8ddc2df8ad1ef42f7846f30e92a666b4a79d319fa52405745b6c99f4abaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 21:11:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 275204
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13394
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 18:58:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Thu, 27 Oct 2022 21:11:47 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9B40
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESELWyId9zcIzvVKi8b_AaZ-I&google_cver=1&google_push=AYg5qPKJ9WOWi7UCQQ9aN8uPzPI9jBBU6xmnkGNiVpcldWl_JIR2ubwiJH...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKJ9WOWi7UCQQ9aN8uPzPI9jBBU6xmnkGNiVpcldWl_JIR2ubwiJH8rxn5GYctF1Fq5MN9Rq75DF5hTZZ52YWi9Ou4PKLtc4A&google_hm=2Rma...

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKJ9WOWi7UCQQ9aN8uPzPI9jBBU6xmnkGNiVpcldWl_JIR2ubwiJH8rxn5GYctF1Fq5MN9Rq75DF5hTZZ52YWi9Ou4PKLtc4A&google_hm=2RmaCPWRgpW-EVcgew-znQ

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKJ9WOWi7UCQQ9aN8uPzPI9jBBU6xmnkGNiVpcldWl_JIR2ubwiJH8rxn5GYctF1Fq5MN9Rq75DF5hTZZ52YWi9Ou4PKLtc4A&google_hm=2RmaCPWRgpW-EVcgew-znQ
pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 466606.gif
id.rlcdn.com/ Frame 9B40 42 B
304 B 20ms
11ms Image
image/gif 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPKrfoI8GmkQpx2JZD2d2_dq32C6-OhnhvJk7918N0yvyfAGhoZwKNGKUyMPPHA0ju0uTYi69_BJztramKU11-E0l3dj_xHgPg&google_gid=CAESEJlg2TNeHWyioaZZc6legd0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=90&adk=2080251364&adf=4033036980&pi=t.aa~a.851277323~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x90&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=7&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=4039&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=6&fsb=1&xpc=ixelTRTOKD&p=https%3A//gruposdewhatsapp.bar&dtd=27
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:31 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9B40
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEC1v8ULqc7RtIeGkiG2DR1Q&google_cver=1&google_push=AYg5qPIJsIoL0royrchCFfFd697zszc0KWbQf0V9ibPMdv1p_d3g2ZEiCv_LMzynT4yUrmcqj764MRP9EFBjbOK-JXYy71Rne28-
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPIJsIoL0royrchCFfFd697zszc0KWbQf0V9ibPMdv1p_d3g2ZEiCv_LMzynT4yUrmcqj764MRP9EFBjbOK-JXYy71Rne28-&google_hm=ptacD8rbzQQ1mCFHMARTLQ==

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPIJsIoL0royrchCFfFd697zszc0KWbQf0V9ibPMdv1p_d3g2ZEiCv_LMzynT4yUrmcqj764MRP9EFBjbOK-JXYy71Rne28-&google_hm=ptacD8rbzQQ1mCFHMARTLQ==

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPIJsIoL0royrchCFfFd697zszc0KWbQf0V9ibPMdv1p_d3g2ZEiCv_LMzynT4yUrmcqj764MRP9EFBjbOK-JXYy71Rne28-&google_hm=ptacD8rbzQQ1mCFHMARTLQ==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: g006p3paljfa9hm8jn3kf6aaksamg54a

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9B40
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLIl-H1-_9cvCfJDBmYLWIQbU9PYA3n6LC3xc5AJ6rIDjENc1EH8n6Pg731ElmBUMhuzB5iZ3AXjRa7g61yg9_aN_Zq129GDA

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLIl-H1-_9cvCfJDBmYLWIQbU9PYA3n6LC3xc5AJ6rIDjENc1EH8n6Pg731ElmBUMhuzB5iZ3AXjRa7g61yg9_aN_Zq129GDA
date: Sun, 31 Oct 2021 01:38:30 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9B40
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEO9QzyUwQ5F9inoRoeQPh0E&google_cver=1&google_push=AYg5qPJn3-V4DdG1mNESXZvsPmVa1cKRQbGanBCBIr9kSMWVjUKi5nFlnIdj11Vi825kLUULTyr...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0UzVlgtMjUtODUxQQ==&google_push=AYg5qPJn3-V4DdG1mNESXZvsPmVa1cKRQbGanBCBIr9kSMWVjUKi5nFlnIdj11Vi825kLUULTyrvD7wn6vUTYH8Fs-PTSfIgIrRn

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0UzVlgtMjUtODUxQQ==&google_push=AYg5qPJn3-V4DdG1mNESXZvsPmVa1cKRQbGanBCBIr9kSMWVjUKi5nFlnIdj11Vi825kLUULTyrvD7wn6vUTYH8Fs-PTSfIgIrRn

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0UzVlgtMjUtODUxQQ==&google_push=AYg5qPJn3-V4DdG1mNESXZvsPmVa1cKRQbGanBCBIr9kSMWVjUKi5nFlnIdj11Vi825kLUULTyrvD7wn6vUTYH8Fs-PTSfIgIrRn
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 9B40
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJOjQSJpSvWK0D3mskFbJlw&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy...

0
0

GET
H2 200 trk
ag.innovid.com/ Frame 9B40 43 B
296 B 1167ms
172ms Image
image/gif 2600:1f14:d24:9300:e494:24e3:c795:8468
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEJmv7sha6NzYc9RIgq843bI&google_cver=1&google_push=AYg5qPKd05QvT2zNwg0wauH0U1n3Zep1aSQjwmeCL2AAeXQEQ_VD2J72SQPmdhPzhdEnJX3Hq060xqYTfEfIFiKCJZgAkH1yH0TnuA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=90&adk=2080251364&adf=4033036980&pi=t.aa~a.851277323~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x90&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=7&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=4039&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=6&fsb=1&xpc=ixelTRTOKD&p=https%3A//gruposdewhatsapp.bar&dtd=27
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f14:d24:9300:e494:24e3:c795:8468 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:32 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 1
expires: -1

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 9B40 0
12 B 21ms
16ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KYTKcO3YkezHRpDv9ahD0DtTGrRFiDH7RsvsLtBKeMbkXH3FIY4tAvoIPLM0L5kv5k2JYH

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:31 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9972 0
23 B 44ms
43ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssHsyFpw3advhBA8YOe40OebvcED6cr84zTfoQOkMEtAuAxVQp0Eckn_y4vryfrocz728_s7QaE8W5WIhTZdCOHZvg97wW8VKfSIgspy2Oa65RaV60qouscjVlo-av2Tme1YBq7PJ7lr3pLq0GpSnP2sfXPJ3WABne3cQ1rXpRozxB9aAUHLaDYnAwceZH_KPKbHgWRVZ8z4lbln7VaLpiGZNEzuGecN54TPfy_A5rQ5nPpTWaW_UzdVMOPDT1nhi-N3pyuKkwBbWAAAhVQM8JJ09bZgEJ0k18qiQw2XLG5sGnBMR2YtuoadvCozPgskPIueXP41hIPpfVsuKTMUCQdh3Dv4rmlCx0GKhVOYbmN0grETs8jfOvibm_XSruRPVjFJCS5Gvf8PY8QSGA5RwqlY3Fhk0yW1fLATAEhiT1v6basTB0w_Hp7NVOK8KCOLASjPJmjG837t49VTlo6l3qWsqdd9keJYvz9qDV5Y434eZKoZNVysdAjLDIhcWBAgbw8cQXGGNLAP89_jtoVvlBGTU0a0Kolapb4zZm4lIm-Ybq_8zqU-8fpZELnQB1ezeaQz8hYaaTuXjhuebIXW6XWjmQcp4xZr4aRpcx1BvxlcIpO2gVceYcIUdOD-tuJskb2eJjQZeMsGE7Da18yQTLWPYNxBtT0Gg8A1tfYzhYwSBA_aRDDzEegLPBQH5EGJ6XQ0GgawW9KkQDRDuHBGuvps_t6V724haspDfc3SwBBE2InFQufXQwzFABjLx7mXhhpIHfP8Q-eIfv-nJod-KjB_gMfkjJSLfRL29szlCw_Yvu-gHg9aq2_SIvyHb_1kkrk1MlDu9KuaCqoJIfue7yy_ZkatDQE-nj2X1cHh3S76lE1ROjuL3eSBUgJCiYwQCDwE-TLfjCo8H60PL1Qy2G9wuPlUN4r8t3XwlDHbZagyW3wZeiCBK8lMsjIQch35iS9bOp8iyGWIQ6OSC272g1cCAMNZ4uU-ZmmNFL4l4lZXkvQy9GtALDueRH61EFIueTbQfjHza1I4_Xmw-clFmd1LmC8XC6DBYj39s9lp7mjkKjRnFdgyFu_-SRAw5qyq_TUkPQMwHOVyIC6sO2R8_GX2IFObazURr1W69gt170mHZDYJlxJn0gmTlnsMooeM0d5Mhw1QjkgCmasHHkEE-5b7_-5veisIXWq9lsNYKErTW9pdLO16dJ8TIV5yCsJDSxBASng0egTmiU11JoVz0xMvqE1Fg-LWusMK7w3PV8LbET2jAUi3vJmlaakZ9heb_sNuOA&sai=AMfl-YSzSgRDPWly8hCyZbBkQq3-UzGjGI4J-SlMMpibLSJXLg7QWrq7hql8sm75MC1VsggTzG9-cOjSjCm7EsVfevkSUWyfoO6dXOqhNz1ndxYlf1KLxlcWaB7E4VHcdtSEcCdRnUr2g7daeZQJCuFFE23bNM2RsQ&sig=Cg0ArKJSzMlsFeLpoMhdEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1643&vt=11&dtpt=1086&dett=3&cstd=553&cisv=r20211027.00515&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame B086 80 KB
21 KB 33ms
33ms Script
application/javascript 63.32.255.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=90&adk=2080251364&adf=4033036980&pi=t.aa~a.851277323~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x90&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=7&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=4039&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=6&fsb=1&xpc=ixelTRTOKD&p=https%3A//gruposdewhatsapp.bar&dtd=27
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.32.255.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-32-255-93.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:31 GMT
content-encoding: gzip
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: nginx/1.16.1
age: 5793180
etag: W/"9304f57298c3834ff107ea7ccb547996"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000

GET
H2 200 mon
pixel.adsafeprotected.com/ Frame CF94 43 B
216 B 38ms
37ms Image
image/gif 54.154.149.33
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=925113&advId=1499137&campId=38981544&pubId=1&placementId=324227816&adsafe_par&bundleId=&dealId=&bidurl=https://gruposdewhatsapp.bar/&adsafe_url=https%3A%2F%2Fgruposdewhatsapp.bar&adsafe_type=g&adsafe_url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-8340557401284022%26output%3Dhtml%26h%3D90%26adk%3D2080251364%26adf%3D4033036980%26pi%3Dt.aa~a.851277323~rp.3%26w%3D1200%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1635644309%26rafmt%3D1%26to%3Dqs%26pwprc%3D7424644901%26psa%3D0%26format%3D1200x90%26url%3Dhttps%253A%252F%252Fgruposdewhatsapp.bar%252F%26flash%3D0%26fwr%3D0%26pra%3D3%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26fa%3D40%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.%26dt%3D1635644309113%26bpp%3D1%26bdt%3D896%26idt%3D-M%26shv%3Dr20211026%26mjsv%3Dm202110260101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie%3DID%253D6dd818f9cc4d2108-22af929704cb00f7%253AT%253D1635644308%253AS%253DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg%26prev_fmts%3D0x0%252C1200x280%252C1200x280%252C1200x280%252C1200x280%252C1200x280%252C1200x280%26nras%3D7%26correlator%3D605116957689%26frm%3D20%26pv%3D1%26ga_vid%3D221572323.1635644308%26ga_sid%3D1635644308%26ga_hid%3D415480631%26ga_fc%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26adx%3D200%26ady%3D4039%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D31063139%252C31062931%26oid%3D2%26pvsid%3D1961414005332091%26pem%3D589%26eae%3D0%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257Cs%257C%26abl%3DNS%26fu%3D128%26bc%3D31%26ifi%3D8%26uci%3Da!8%26btvi%3D6%26fsb%3D1%26xpc%3DixelTRTOKD%26p%3Dhttps%253A%2F%2Fgruposdewhatsapp.bar%26dtd%3D27&adsafe_type=bd&adsafe_jsinfo=,id:dd24d7cd-b2ef-2253-ca96-02e8f761781a,c:sA63E1,sl:outOfView,em:true,fr:false,thd:1,mn:app17ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,scm:publ1.grpm1,nbld:0,mtim:835,fm:sNnuPZ2+11%7C12%7C13%7C141%7C142%7C15%7C161%7C1621%7C163%7C171%7C1721%7C1722%7C1723%7C1724%7C1731%7C174%7C181%7C1821%7C1822%7C1823%7C1824%7C1831%7C184%7C191%7C1921%7C1922%7C1923%7C1924%7C1931%7C194%7C1a1%7C1a21%7C1a22%7C1a23%7C1a24%7C1a31%7C1a4%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g1%7C1g21%7C1g22%7C1g23%7C1g3%7C1g4%7C1h1%7C1h2%7C1i1%7C1i2%7C1j1%7C1j2%7C1k1%7C1k2%7C1l1%7C1l2%7C1m1*.925113%7C1m11%7C1m12%7C1m13%7C1m14%7C1n11%7C1n12%7C1n13%7C1n14%7C1n15%7C1o11%7C1o12%7C1p11%7C1p12%7C1p131,idMap:1m1*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,et:857,oid:402cfab3-39eb-11ec-bda6-0289e6fd96ae,v:19.8.258,sp:1,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=90&adk=2080251364&adf=4033036980&pi=t.aa~a.851277323~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x90&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=7&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=4039&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=6&fsb=1&xpc=ixelTRTOKD&p=https%3A//gruposdewhatsapp.bar&dtd=27
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.154.149.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-154-149-33.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
x-server-name: app09.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 891A 43 B
215 B 99ms
98ms Image
image/gif 54.224.22.215
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=769474&asId=8cd53e58-fb44-0305-4902-be118c72d005&tv=%7Bc:sA63Ez,pingTime:-3,time:662,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:492%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:662,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:492,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B182~0%5D,as:%5B182~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sNnuQ2J+11%7C12%7C13%7C141%7C142%7C15%7C161%7C1621%7C163%7C171%7C1721%7C1722%7C1723%7C1724%7C1731%7C174%7C181%7C1821%7C1822%7C1823%7C1824%7C1831%7C184%7C191%7C1921%7C1922%7C1923%7C1924%7C1931%7C194%7C1a1%7C1a2*.769474-57793853%7C1a21%7C1a22%7C1a23%7C1a31%7C1a4%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g1%7C1g21%7C1g22%7C1g3%7C1g4%7C1h1%7C1h2%7C1i1%7C1i2%7C1j1%7C1j2%7C1k1%7C1k2%7C1l1%7C1m11%7C1m12%7C1m13%7C1m14%7C1n11%7C1n12%7C1n13%7C1n14%7C1n15%7C1o11%7C1o12%7C1p11%7C1p12%7C1p131,idMap:1a2*,rmeas:1,rend:0,renddet:na%7D&br=c
Requested by: Host: 2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com
URL: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.224.22.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-224-22-215.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
x-server-name: dt08.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 891A 43 B
215 B 99ms
99ms Image
image/gif 54.224.22.215
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=769474&asId=8cd53e58-fb44-0305-4902-be118c72d005&tv=%7Bc:sA63EA,pingTime:-6,time:663,type:i,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:663,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:492,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B183~0%5D,as:%5B183~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sNnuQ2J+11%7C12%7C13%7C141%7C142%7C15%7C161%7C1621%7C163%7C171%7C1721%7C1722%7C1723%7C1724%7C1731%7C174%7C181%7C1821%7C1822%7C1823%7C1824%7C1831%7C184%7C191%7C1921%7C1922%7C1923%7C1924%7C1931%7C194%7C1a1%7C1a2*.769474-57793853%7C1a21%7C1a22%7C1a23%7C1a31%7C1a4%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g1%7C1g21%7C1g22%7C1g3%7C1g4%7C1h1%7C1h2%7C1i1%7C1i2%7C1j1%7C1j2%7C1k1%7C1k2%7C1l1%7C1m11%7C1m12%7C1m13%7C1m14%7C1n11%7C1n12%7C1n13%7C1n14%7C1n15%7C1o11%7C1o12%7C1p11%7C1p12%7C1p131,idMap:1a2*,rmeas:1,rend:0,renddet:na%7D&tpiLookup=ao:gruposdewhatsapp.bar*%2Cgruposdewhatsapp.bar*&br=c
Requested by: Host: 2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com
URL: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.224.22.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-224-22-215.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
x-server-name: dt23.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame B079 110 KB
38 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61551629/20210616054624412/300x250.html?e=69&leftOffset=0&topOffset=0&c=eb08ByMTnh&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61551629/20210616054624412/300x250.html?e=69&leftOffset=0&topOffset=0&c=eb08ByMTnh&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 09:46:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57113
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 09:46:38 GMT

GET
H2 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame B079 60 KB
24 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61551629/20210616054624412/300x250.html?e=69&leftOffset=0&topOffset=0&c=eb08ByMTnh&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61551629/20210616054624412/300x250.html?e=69&leftOffset=0&topOffset=0&c=eb08ByMTnh&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 01:38:31 GMT

GET
H2 200 LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js Show response
pagead2.googlesyndication.com/bg/ Frame 4C8D 35 KB
13 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e7b8ddc2df8ad1ef42f7846f30e92a666b4a79d319fa52405745b6c99f4abaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 21:11:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 275204
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13394
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 18:58:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Thu, 27 Oct 2022 21:11:47 GMT

GET
H/1.1 200
OK 640x480.jpg
cdn.contentspread.net/24i/advertiser/32995/creativesup/ Frame FC92 73 KB
74 KB 49ms
12ms Image
image/jpeg 54.36.108.3
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/advertiser/32995/creativesup/640x480.jpg
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=59320200010508600710622011764019&a=b9ed1b94
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 54.36.108.3 , Germany, ASN16276 (OVH, FR),
Reverse DNS: ns3112796.ip-54-36-108.eu
Software: nginx /
Resource Hash: bffb5af21748fb67041d582fced65b85329b9e293b6f6d9032187d68ad441d2a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 01:38:31 GMT
Last-Modified: Mon, 05 Feb 2018 09:44:20 GMT
Server: nginx
ETag: "5a782774-125af"
Content-Type: image/jpeg
Connection: close
Accept-Ranges: bytes
Content-Length: 75183

GET
H2 200 lineup.png
s0.2mdn.net/4528516/1039192214543590/ Frame C9EE 49 KB
49 KB 10ms
6ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528516/1039192214543590/lineup.png?1633936563892

Requested by

Host: aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com
URL: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c2bddab4c08abf1443397ace5c9701b4cebe0d04a861504db50c7f667f6a8f70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/4528516/1039192214543590/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 10:45:51 GMT
x-content-type-options: nosniff
age: 53560
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49896
x-xss-protection: 0
last-modified: Mon, 18 Oct 2021 13:16:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 10:45:51 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F935 42 B
108 B 18ms
18ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstAlsXA5yY3p5cVK8pHRzmh-KN-pmR4MILxrW1bJzRXbN43bTI8lupWbSs7DWLI04gQ5dnBmHba_bZ67LQzdYcxk87RAz7MIghCS1anD4oRDtIknLXDww&sai=AMfl-YTQKX1qFuuKHSms_03O2cemroheVtS0HHo1P7KbfrY6_RQFQwg-iQ9zVBmvvzvRp0M_iiQiE2RR35_V&sig=Cg0ArKJSzAKSqyXSLUTnEAE&cid=CAASBORoIwE&id=lidar2&mcvt=1241&p=0,0,90,728&mtos=1124,1241,1241,1241,1241&tos=1124,117,0,0,0&v=20211025&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1635644309410&rpt=860&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js Show response
pagead2.googlesyndication.com/bg/ Frame 2841 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e7b8ddc2df8ad1ef42f7846f30e92a666b4a79d319fa52405745b6c99f4abaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 21:11:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 275204
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13394
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 18:58:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Thu, 27 Oct 2022 21:11:47 GMT

GET
H2 200 rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js Show response
pagead2.googlesyndication.com/bg/ Frame C1AE 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad8b12962ae8e7b1e5a90d30d5daf381777909bcc20b06faa9d148b888f6cc8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 15:10:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 210475
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13232
x-xss-protection: 0
last-modified: Tue, 19 Oct 2021 13:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 28 Oct 2022 15:10:36 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame CF94 0
23 B 44ms
44ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstJIdYXOBvPxwsdKNXtGkbyJkikP1OOXOHkAxrzeCA4u_uYOi6sOGr_evFDVvZID_lv5pzORegLSeE3pZUxP9BVrnNktJ9KROdkGrJX4_89XlROgO6OefiFuxD5HqTT8YE6RqTK2GlfYKINw6gUzebjxepbKpJtwMxUF2Y4Cq3CdhtamZLMI3EECCO5rcC1W0D0CmbFwcX1MdngxIAVbxJDRT0fyjGhi-5liOsbAU_vWSyQ76riXgLdzvPCE89_Mve97Fq9CQ9EMLnlzK0Wd1oKruwBBcYSH1nhndmbt8ti8Gmni7chynh47_CIAE-BlNBafImcQK3zlhsjESXXWcFFnl1bP39xvbL6fuVVGDaPd34xYZnsqPOEuDITFekmnvJccqdsZ0W3TXQxzvB0o1HWW1u3ZWNzN-DCSAdv36Xx-aHyySe6N3EL2zHG7ZyL2A2KCpx4yBjNH9JJUQ4jZhmFVj1cKai6yQfUIUsSUJK4Ji8LjqIAFjM28-j5wTUlbUdOelVGbC5uzpyGWJrOIZ5Jsf8sevVkefW92ca0VJXG459Ti81kbqynv5Xbc_xpGyvRCeR4c5r3DiIFoTifeBFju9E7dEyg0SE75vpge1zs2ktOMVvQ-gOUxtwtveNDqrfx_jNdxvTDShnxC9FJbeQPbSeXCqxceIcqiZfNtl597Hy8dPTIkp6tBrwwc0kKrZp8w8OFeE52pUu7rF0kDcXccfvr2UAcujJ7Qd9pngNlWMY-7K4aPGoYfSIbHtahuZOmcYKTt67t7FF2KPIu62s148ZVZXcpUq8u5SxmbmTO2aQ1dIimGqW8vWUOqxHRviADhI0_VZuy5mw2cnjUCIuWu51f7WJkdQz9BN3-GExTdgujSxiWbtfEgWWTW50R4IlcBsfY1IXjS6BSlPZ3Ij8pldJbglWqcSWJ0ep6socAMZK7URU0gS_-anK7_lQfR9XFk4EHslcqnZaB5Me-I8Szl8VfmZZ6JFcrkgfhhILAdNYNKBpuTE8p06wEjXwt-SBrXmpegsuIAtLs40TmROFKdAd9Vgjo7HYHkyJ1V9vvb7ZCmBuEmxcBvSEcBhlS0zZL33WqMczOdQ739tAJq_VBtrHuHj2rkCY2hI-47o6lS-QnMStUHIqyyFYOdQP-_WJdJSfp_dF_CtBciySrzh9RYLf0c8af4jgl0wcn-kPGSpDpgl-cioU-cB36c9vLKs7pwVsxs0WO5vf232YxrUi9sCpc8M5VltIYi-gD2w5xw6tdgcy94a66ZRVX&sai=AMfl-YTZig8N9j3CHap--kz-gaiWapp94pbqkciXC5P1ya6kyxoPM1YAcNzMCiJj5ac_nYX4NmALxnGWZxNFApijEJHQsPS71CLJ0WZEyxBAXKO5x-mcTOCPw-qeGDytDbSxITN0Frx8BuJWVyP4Nz5BJjB14VdTcQ&sig=Cg0ArKJSzGLOzwI6aDBOEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1567&vt=11&dtpt=1173&dett=3&cstd=389&cisv=r20211027.06663&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 dt
dt.adsafeprotected.com/ Frame CF94 43 B
215 B 100ms
100ms Image
image/gif 54.224.22.215
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925113&asId=dd24d7cd-b2ef-2253-ca96-02e8f761781a&tv=%7Bc:sA63Hu,pingTime:-3,time:1072,type:v,im:%7Bpci:%7Btdr:204%7D%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:857%7D,%7Bpiv:-1,vs:n,r:,t:1070%7D,%7Bpiv:0,vs:o,r:l,t:1072%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:1072,n:2,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:857,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B235~0%5D,as:%5B235~728.90%5D%7D%7D,%7Bsl:n,t:1070,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1~1,0~0%5D,as:%5B1~728.90%5D%7D%7D,%7Bsl:o,t:1072,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B0~0%5D,as:%5B0~728.90%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jload,dtt:0,fm:sNnuPZ2+11%7C12%7C13%7C141%7C142%7C15%7C161%7C1621%7C163%7C171%7C1721%7C1722%7C1723%7C1724%7C1731%7C174%7C181%7C1821%7C1822%7C1823%7C1824%7C1831%7C184%7C191%7C1921%7C1922%7C1923%7C1924%7C1931%7C194%7C1a1%7C1a2.769474-57793853%7C1a21%7C1a22%7C1a23%7C1a24%7C1a31%7C1a4%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g1%7C1g21%7C1g22%7C1g23%7C1g3%7C1g4%7C1h1%7C1h2%7C1i1%7C1i2%7C1j1%7C1j2%7C1k1%7C1k2%7C1l1%7C1l2%7C1m1*.925113%7C1m11%7C1m12%7C1m13%7C1m14%7C1n11%7C1n12%7C1n13%7C1n14%7C1n15%7C1o11%7C1o12%7C1p11%7C1p12%7C1p131,idMap:1m1*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=90&adk=2080251364&adf=4033036980&pi=t.aa~a.851277323~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x90&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=7&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=4039&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=6&fsb=1&xpc=ixelTRTOKD&p=https%3A//gruposdewhatsapp.bar&dtd=27
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.224.22.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-224-22-215.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
x-server-name: dt09.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame CF94 43 B
215 B 100ms
100ms Image
image/gif 54.224.22.215
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925113&asId=dd24d7cd-b2ef-2253-ca96-02e8f761781a&tv=%7Bc:sA63Hv,pingTime:-6,time:1073,type:i,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:1073,n:2,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:857,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B235~0%5D,as:%5B235~728.90%5D%7D%7D,%7Bsl:n,t:1070,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1~1,0~0%5D,as:%5B1~728.90%5D%7D%7D,%7Bsl:o,t:1072,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B1~0%5D,as:%5B1~728.90%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jload,dtt:0,fm:sNnuPZ2+11%7C12%7C13%7C141%7C142%7C15%7C161%7C1621%7C163%7C171%7C1721%7C1722%7C1723%7C1724%7C1731%7C174%7C181%7C1821%7C1822%7C1823%7C1824%7C1831%7C184%7C191%7C1921%7C1922%7C1923%7C1924%7C1931%7C194%7C1a1%7C1a2.769474-57793853%7C1a21%7C1a22%7C1a23%7C1a24%7C1a31%7C1a4%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g1%7C1g21%7C1g22%7C1g23%7C1g3%7C1g4%7C1h1%7C1h2%7C1i1%7C1i2%7C1j1%7C1j2%7C1k1%7C1k2%7C1l1%7C1l2%7C1m1*.925113%7C1m11%7C1m12%7C1m13%7C1m14%7C1n11%7C1n12%7C1n13%7C1n14%7C1n15%7C1o11%7C1o12%7C1p11%7C1p12%7C1p131,idMap:1m1*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf%7D&tpiLookup=ao:gruposdewhatsapp.bar*%2Cgoogleads.g.doubleclick.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=90&adk=2080251364&adf=4033036980&pi=t.aa~a.851277323~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x90&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=7&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=4039&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=6&fsb=1&xpc=ixelTRTOKD&p=https%3A//gruposdewhatsapp.bar&dtd=27
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.224.22.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-224-22-215.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
x-server-name: dt23.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1A49 6 KB
4 KB 16ms
16ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c82a5a2ee3456f2dfb44a85ea68a6b11878deac48e2bd9a7ffaaa2ef85661a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4531
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 801F 6 KB
4 KB 17ms
16ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3f3dd6455ce99ce966ac4e2fdfb0075b9a090d07f2643b48e9636f1ec19ddcda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4428
x-xss-protection: 0

GET
H2 200 dc_pre=CP2kjPHB8_MCFTXSEQgd79kCPg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=717486480055.0807
adservice.google.com/ddm/fls/z/ Frame 0E48 42 B
262 B 19ms
19ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CP2kjPHB8_MCFTXSEQgd79kCPg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=717486480055.0807

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CP2kjPHB8_MCFTXSEQgd79kCPg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=717486480055.0807?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame B4F1 22 KB
8 KB 9ms
6ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Tue, 26 Oct 2021 14:15:44 GMT
expires: Wed, 26 Oct 2022 14:15:44 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 386567
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 728x90_G_WD_Corona.jpg Show response
s0.2mdn.net/creatives/assets/2373736/ Frame 801F 6 KB
7 KB 9ms
8ms XHR
image/jpeg 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/2373736/728x90_G_WD_Corona.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87c161b2701b2efa2b6651fc7c5f2d159b8038b9f67b7a5ecaf5df441b751ddd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/60488576/20210603021707961/index.html?e=69&leftOffset=0&topOffset=0&c=su6QfSbCio&t=1&renderingType=2
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:37:04 GMT
x-content-type-options: nosniff
age: 87
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6572
x-xss-protection: 0
last-modified: Tue, 26 Jan 2021 10:25:48 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 01:52:04 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 891A 43 B
215 B 100ms
98ms Image
image/gif 54.224.22.215
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=769474&asId=8cd53e58-fb44-0305-4902-be118c72d005&tv=%7Bc:sA63Id,pingTime:-2,time:888,type:a,im:%7Bsf:0,pom:1,prf:%7BbdA:1015,bdZ:1050,beA:1462,beZ:1463,mfA:1941,cmA:1941,inA:1941,inZ:1942,prA:1942,prZ:1952,si:1954,poA:1955,poZ:1962,cmZ:1962,mfZ:1962,loA:2124,loZ:2125,ltA:2349,ltZ:2349%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:300.250,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:492%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:888,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:492,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B408~0%5D,as:%5B408~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sNnuPRB+11%7C12%7C13%7C141%7C142%7C15%7C161%7C1621%7C163%7C171%7C1721%7C1722%7C1723%7C1724%7C1731%7C174%7C181%7C1821%7C1822%7C1823%7C1824%7C1831%7C184%7C191%7C1921%7C1922%7C1923%7C1924%7C1931%7C194%7C1a1%7C1a2*.769474-57793853%7C1a21%7C1a22%7C1a23%7C1a31%7C1a4%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g1%7C1g21%7C1g22%7C1g3%7C1g4%7C1h1%7C1h2%7C1i1%7C1i2%7C1j1%7C1j2%7C1k1%7C1k2%7C1l1%7C1m1.925113%7C1m11%7C1m12%7C1m13%7C1m14%7C1n1.925113%7C1n11%7C1n12%7C1n13%7C1n14%7C1n15%7C1o11%7C1o12%7C1p11%7C1p12%7C1p131,idMap:1a2*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:na,sinceFw:395,readyFired:true%7D&br=c
Requested by: Host: 2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com
URL: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.224.22.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-224-22-215.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
x-server-name: dt38.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H/1.1 200
OK viewability Show response
hal900019.redintelligence.net/ Frame FC92 0
150 B 19ms
7ms Script
text/html 78.46.90.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900019.redintelligence.net/viewability?s=59320200010508600710622011764019&a=f07f01e0&vb=m
Requested by: Host: hal900019.redintelligence.net
URL: https://hal900019.redintelligence.net/request_content.php?s=59320200010508600710622011764019&a=b9ed1b94
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.90.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.90.46.78.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900019.redintelligence.net/request_content.php?s=59320200010508600710622011764019&a=b9ed1b94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 01:38:31 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame FC92 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 optout_check Show response
beacon.krxd.net/ Frame AE26 81 B
240 B 33ms
33ms Script
text/javascript 52.211.234.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon.krxd.net/optout_check?callback=Krux.ns.congstar.kxjsonp_optOutCheck
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.211.234.106 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-211-234-106.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 0ee2c3ecefa1a87e8db59bf7fef560c7b14007d073b97dbda9c80494a77a2669

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:31 GMT
cache-control: private, max-age=0, s-max-age=0
x-request-time: D=33 t=1635644311
x-served-by: beacon-n020-dub-prod.krxd.net
content-type: text/javascript

GET
H2 200 dt
dt.adsafeprotected.com/ Frame CF94 43 B
215 B 99ms
98ms Image
image/gif 54.224.22.215
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925113&asId=dd24d7cd-b2ef-2253-ca96-02e8f761781a&tv=%7Bc:sA63K0,pingTime:-2,time:1228,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:699,beZ:700,mfA:1534,cmA:1534,inA:1534,inZ:1535,prA:1535,prZ:1553,si:1556,poA:1556,poZ:1564,cmZ:1564,mfZ:1564,loA:1772,loZ:1773,ltA:1926,ltZ:1926,idA:1564,idZ:1602%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:857%7D,%7Bpiv:-1,vs:n,r:,t:1070%7D,%7Bpiv:0,vs:o,r:l,t:1072%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:1228,n:2,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:857,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B235~0%5D,as:%5B235~728.90%5D%7D%7D,%7Bsl:n,t:1070,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1~1,0~0%5D,as:%5B1~728.90%5D%7D%7D,%7Bsl:o,t:1072,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B156~0%5D,as:%5B156~728.90%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jload,dtt:0,fm:sNnuPRB+11%7C12%7C13%7C141%7C142%7C15%7C161%7C1621%7C163%7C171%7C1721%7C1722%7C1723%7C1724%7C1731%7C174%7C181%7C1821%7C1822%7C1823%7C1824%7C1831%7C184%7C191%7C1921%7C1922%7C1923%7C1924%7C1931%7C194%7C1a1%7C1a2.769474-57793853%7C1a21%7C1a22%7C1a23%7C1a24%7C1a31%7C1a4%7C1b%7C1c%7C1d%7C1e%7C1f%7C1g1%7C1g21%7C1g22%7C1g23%7C1g3%7C1g4%7C1h1%7C1h2%7C1i1%7C1i2%7C1j1%7C1j2%7C1k1%7C1k2%7C1l1%7C1l2%7C1m1*.925113%7C1m11%7C1m12%7C1m13%7C1m14%7C1n1.925113%7C1n11%7C1n12%7C1n13%7C1n14%7C1n15%7C1o11%7C1o12%7C1p11%7C1p12%7C1p131,idMap:1m1*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,sinceFw:369,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8340557401284022&output=html&h=90&adk=2080251364&adf=4033036980&pi=t.aa~a.851277323~rp.3&w=1200&fwrn=4&fwrnh=100&lmt=1635644309&rafmt=1&to=qs&pwprc=7424644901&psa=0&format=1200x90&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1635644309113&bpp=1&bdt=896&idt=-M&shv=r20211026&mjsv=m202110260101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D6dd818f9cc4d2108-22af929704cb00f7%3AT%3D1635644308%3AS%3DALNI_MaqtU6lycjgkLJwwChVoiwYdr_CTg&prev_fmts=0x0%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280%2C1200x280&nras=7&correlator=605116957689&frm=20&pv=1&ga_vid=221572323.1635644308&ga_sid=1635644308&ga_hid=415480631&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=4039&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31063139%2C31062931&oid=2&pvsid=1961414005332091&pem=589&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=6&fsb=1&xpc=ixelTRTOKD&p=https%3A//gruposdewhatsapp.bar&dtd=27
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.224.22.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-224-22-215.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
x-server-name: dt11.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9972 43 B
215 B 99ms
98ms Image
image/gif 54.224.22.215
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925113&asId=359cb852-c8de-1c4c-2333-0536f7afac49&tv=%7Bc:sA63Ke,pingTime:-10,time:1703,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85NS4wLjQ2MzguNTQgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1635644311758%7C%7C64440f1b7e6430867a3ec18ca0b587b2%7C%7C9ceebc4ad83ababb94d4029b4dca4e66%7C%7C057b5139af44656918f20bbe6cc41eb0%7C%7Cc44821aae286484aea09c9f04e842ac5%7C%7Cf410c920cd3a3f74aa559f8a7d55a74d%7C%7C60f7594cb49b737b3a6174a8c4080d8c%7C%7C09aa20655df9445117a10e5f66647af7%7C%7C1629390669,im:%7Bpci:%7Btdr:657%7D%7D%7D
Requested by: Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.224.22.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-224-22-215.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
x-server-name: dt49.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 40CE 6 KB
4 KB 17ms
17ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6079fe6551eac3122b7cd973f4d7e646759fef9d369537190543efd872afd102

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4452
x-xss-protection: 0

GET
H2 200 LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js Show response
pagead2.googlesyndication.com/bg/ Frame 8A53 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e7b8ddc2df8ad1ef42f7846f30e92a666b4a79d319fa52405745b6c99f4abaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 21:11:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 275204
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13394
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 18:58:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Thu, 27 Oct 2022 21:11:47 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1A49 17 KB
6 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sun, 31 Oct 2021 01:38:31 GMT

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame C20F 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Tue, 26 Oct 2021 14:15:44 GMT
expires: Wed, 26 Oct 2022 14:15:44 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 386568
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 801F 17 KB
6 KB 34ms
33ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sun, 31 Oct 2021 01:38:31 GMT

GET
H2 200 pausa.png
s0.2mdn.net/ads/richmedia/studio/pv2/61937826/20211018020328837/ Frame 1A49 4 KB
4 KB 8ms
8ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61937826/20211018020328837/pausa.png

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

385a356efa4114b719beed902aba094c8a9ca1a9381d262b598857c23fdd635a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61937826/20211018020328837/index.html?e=69&leftOffset=0&topOffset=0&c=IfbE7g68ds&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 17:07:24 GMT
x-content-type-options: nosniff
age: 30667
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4095
x-xss-protection: 0
last-modified: Mon, 18 Oct 2021 09:03:28 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 17:07:24 GMT

GET
H2 200 repeat.png
s0.2mdn.net/ads/richmedia/studio/pv2/61937826/20211018020328837/ Frame 1A49 4 KB
4 KB 9ms
9ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61937826/20211018020328837/repeat.png

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

60ff47dd82f8534f9648d87f9a2a19c4bdc9982319e00fafc2c350a5ec6a53c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61937826/20211018020328837/index.html?e=69&leftOffset=0&topOffset=0&c=IfbE7g68ds&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 17:07:24 GMT
x-content-type-options: nosniff
age: 30667
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4229
x-xss-protection: 0
last-modified: Mon, 18 Oct 2021 09:03:28 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 17:07:24 GMT

GET
H2 200 soundon.png
s0.2mdn.net/ads/richmedia/studio/pv2/61937826/20211018020328837/ Frame 1A49 4 KB
4 KB 9ms
8ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61937826/20211018020328837/soundon.png

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fefbef456d0bbdd2d5b8bb6afd9b048b4e992256f0929d14f555309508494e4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61937826/20211018020328837/index.html?e=69&leftOffset=0&topOffset=0&c=IfbE7g68ds&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 08:44:45 GMT
x-content-type-options: nosniff
age: 60826
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4315
x-xss-protection: 0
last-modified: Mon, 18 Oct 2021 09:03:28 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 08:44:45 GMT

GET
H2 200 play.png
s0.2mdn.net/ads/richmedia/studio/pv2/61937826/20211018020328837/ Frame 1A49 4 KB
4 KB 9ms
9ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61937826/20211018020328837/play.png

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

936047e29bc4ae82f5dd26383d9039abddb5569d5fa4b9f85762628446ba14b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61937826/20211018020328837/index.html?e=69&leftOffset=0&topOffset=0&c=IfbE7g68ds&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 17:07:24 GMT
x-content-type-options: nosniff
age: 30667
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4144
x-xss-protection: 0
last-modified: Mon, 18 Oct 2021 09:03:28 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 17:07:24 GMT

GET
H2 200 soundoff.png
s0.2mdn.net/ads/richmedia/studio/pv2/61937826/20211018020328837/ Frame 1A49 4 KB
4 KB 8ms
8ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61937826/20211018020328837/soundoff.png

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a96d4f0941ee39c51a38bb5c6215fb390139d6dda4d21bd4a70d44302d7dea8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61937826/20211018020328837/index.html?e=69&leftOffset=0&topOffset=0&c=IfbE7g68ds&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 22:45:34 GMT
x-content-type-options: nosniff
age: 10377
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4244
x-xss-protection: 0
last-modified: Mon, 18 Oct 2021 09:03:28 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 22:45:34 GMT

GET
H2 200 background.jpg
s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/ Frame 8AEB 27 KB
27 KB 9ms
6ms Image
image/jpeg 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/background.jpg

Requested by

Host: 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
URL: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65dbc5382d6b3f90cdd386f26822de72ea4d3a82c5e8286ce9cfa903b7cb69de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 10:16:12 GMT
x-content-type-options: nosniff
age: 55340
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27143
x-xss-protection: 0
last-modified: Fri, 08 Oct 2021 12:51:23 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 10:16:12 GMT

GET
H2 200 h1.png
s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/ Frame 8AEB 1 KB
2 KB 11ms
8ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/h1.png

Requested by

Host: 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
URL: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd04460df3ca7cd883522619b5c98bcf2dbe6f8bc48ca5ca62af7efd20925ce2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 12:33:00 GMT
x-content-type-options: nosniff
age: 47132
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1489
x-xss-protection: 0
last-modified: Fri, 08 Oct 2021 12:51:23 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 12:33:00 GMT

GET
H2 200 h2.png
s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/ Frame 8AEB 2 KB
2 KB 11ms
8ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/h2.png

Requested by

Host: 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
URL: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3fa26ebef6d2e2ae33d1f2be60ef7a5f3a940bed5830101a0fb2ec3365b440f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 12:33:00 GMT
x-content-type-options: nosniff
age: 47132
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1945
x-xss-protection: 0
last-modified: Fri, 08 Oct 2021 12:51:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 12:33:00 GMT

GET
H2 200 h3.png
s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/ Frame 8AEB 2 KB
2 KB 12ms
8ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/h3.png

Requested by

Host: 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
URL: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c3dc6e13250f032cfa24b0eb3a80ba8dea1900849d165d3429e5f713539c658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 12:33:00 GMT
x-content-type-options: nosniff
age: 47132
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1641
x-xss-protection: 0
last-modified: Fri, 08 Oct 2021 12:51:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 12:33:00 GMT

GET
H2 200 h4.png
s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/ Frame 8AEB 1 KB
1 KB 11ms
8ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/h4.png

Requested by

Host: 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
URL: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b5169cf7eef762a1dd4062c29e63c2bab2f3691ae47f3b8c37182fbbaf4104b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 08:12:16 GMT
x-content-type-options: nosniff
age: 62776
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1223
x-xss-protection: 0
last-modified: Fri, 08 Oct 2021 12:51:23 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 08:12:16 GMT

GET
H2 200 h5.png
s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/ Frame 8AEB 2 KB
2 KB 11ms
8ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/h5.png

Requested by

Host: 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
URL: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

766993796aa7ab3025c7e0f757ef7c8c62179adf2e7487ee18b9e99ed24c3337

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 10:16:12 GMT
x-content-type-options: nosniff
age: 55340
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2019
x-xss-protection: 0
last-modified: Fri, 08 Oct 2021 12:51:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 10:16:12 GMT

GET
H2 200 motiv01.png
s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/ Frame 8AEB 130 KB
130 KB 15ms
13ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/motiv01.png

Requested by

Host: 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
URL: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b5d46e8963ed3a4b9b3bdc29e1dcd88106022412618ae555b7690080f1fdf822

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 12:33:00 GMT
x-content-type-options: nosniff
age: 47132
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133337
x-xss-protection: 0
last-modified: Fri, 08 Oct 2021 12:51:23 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 12:33:00 GMT

GET
H2 200 motiv02.png
s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/ Frame 8AEB 137 KB
137 KB 13ms
11ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/motiv02.png

Requested by

Host: 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
URL: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7681381e1638aeab76152fbe305d3bb0690438e388a01512e8d313adefe31bf6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 10:16:12 GMT
x-content-type-options: nosniff
age: 55340
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 140570
x-xss-protection: 0
last-modified: Fri, 08 Oct 2021 12:51:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 10:16:12 GMT

GET
H2 200 motiv03.png
s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/ Frame 8AEB 113 KB
113 KB 12ms
10ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/motiv03.png

Requested by

Host: 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
URL: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b7b1b2da2c4d6d87ac46494543585def2fd0ea30d762a0c72b63ff856374c40e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 12:33:00 GMT
x-content-type-options: nosniff
age: 47132
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 115595
x-xss-protection: 0
last-modified: Fri, 08 Oct 2021 12:51:23 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 12:33:00 GMT

GET
H2 200 stoerer01.png
s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/ Frame 8AEB 818 B
887 B 17ms
14ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/stoerer01.png

Requested by

Host: 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
URL: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03be1282d705d91f9eab5f97d002610e2c2478fd6b24c6b9a0972bfb7bdda931

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 10:16:12 GMT
x-content-type-options: nosniff
age: 55340
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 818
x-xss-protection: 0
last-modified: Fri, 08 Oct 2021 12:51:23 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 10:16:12 GMT

GET
H2 200 stoerer02.png
s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/ Frame 8AEB 818 B
891 B 16ms
14ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/stoerer02.png

Requested by

Host: 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
URL: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa9dd214c4a6848e3bb1fb60931194e912db4435550b032218658b020f0c4af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 10:16:12 GMT
x-content-type-options: nosniff
age: 55340
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 818
x-xss-protection: 0
last-modified: Fri, 08 Oct 2021 12:51:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 10:16:12 GMT

GET
H2 200 siegel.png
s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/ Frame 8AEB 10 KB
10 KB 13ms
12ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/siegel.png

Requested by

Host: 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
URL: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

405c18f9cfa166607debeab6a076361150bbfb3d91c1c8ec5481aec54df84923

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 10:16:12 GMT
x-content-type-options: nosniff
age: 55340
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10270
x-xss-protection: 0
last-modified: Fri, 08 Oct 2021 12:51:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 10:16:12 GMT

GET
H2 200 logo.png
s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/ Frame 8AEB 4 KB
4 KB 14ms
13ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/logo.png

Requested by

Host: 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
URL: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f39ebecadf4bc3f96d0e1f85088b4fceb1ba2b51e01544ba4b29fc95400fc5c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10640116/1633697483728/funk_202110_unlimited-LTE_320x480/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 10:16:12 GMT
x-content-type-options: nosniff
age: 55340
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3806
x-xss-protection: 0
last-modified: Fri, 08 Oct 2021 12:51:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 10:16:12 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame E83D 0
23 B 45ms
44ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssgs2pFzIoWx9w73Y_Oqwf77U2O_65aNllf04L_DmturafHss-C-8q-9o1yz1ZnuU0lW2fWNU97f_DRf8X2OC5vK6Dl7M_3TlUXhSYKK9YCNU0yRRTGFlXYF12ccpR6_LmefAkFaFuo7LvUGOGj1SJM0vB-DuFi-uS61nOdqhHtr9nUwYm77knfRTYKqUzugFoJKVfUaLYUuII89_AaDPdgG0XLxHocE8TE2O746nBm57fyxe00lCyRhcNeXW9_0T8WlTmL2KsogH-Z6qnI9jeX5rvBV6iqN45dxJdIn1qzsG2Wxb_2wpFxfHhMEWAiyvVe9Yv8C0ZcbiszFd-RkhDfihoCltNHvcE4fKc5Q0WkRLU6IwqWwpuJktRhaztJc45knygrISO-Ro_HfzFeDjUEssElCE25Ab8EMDKJbm5mXN3deWUX3reKE6j5Lvc90JQV9k5WrK-kYNxkP3t7zMUBU5f8EVXYhG9lVG7VLeMtU9U4g4zMntbxyszXkBX2WzueaEwYPDov34KLLPMf0YrG3_eSwU0zU4wUsYVuBfGTEXu2BHVp2vMATStYcj1xstu0WsuD5QGB6_pPZ6X5Ppcgnxoiv3YUSBk_iBhJXHYe7YoOIcADXI1akbX2VxL1REerQu3HUFn-DUtvbXzdYoGWLVvGnCIqnrsPVC_Fu1pd_WZbTcsNW0fKG9SB9GNTUc_F4j6OC4B1djPXJoP9w11qxgRpI5C2LG_6q6d1B1DBnc7qG48jQJ9FhUbargVK5bqt-SI8yu2FgdmBOkJLuwhb4Jda9fBb6MFUtQINzrr-37GejN6xB62YTv19nShl3YATKpeEpAawmAhIjVT2gLN-VBGIPP6HtSAAqdx_Jnr4CvBgOU6p8ZiRZcp_m5MZrNVmedPpAlcyqorbKhhvtlT8h36TZsDvggM_uRnSEw1s3CxMpgJVcHzCmAq5lmnBUwxpp-IfjJZEN8Yfk7NVRJdg0pD_Gi_F4DnHMO964NdpdiYTznoByTcCYQEHVz35UFYaTMr7_FtOFQWqMvPiA5h_qBUb70gXvE8gbkLVgb7HL2wiDrCCeoUtK5cNtdCAulmlo2kIumbieL9GmcxdcUsEzjH-_UT0DRwy6bPhAzJystO-PLB4Mr592g3iArEUbTmWumm0HGrjv3smSsXNL_5d-G1YL1QpXApRsi2e-pRfrnioZwNHdNkP6LSO-TpUmL10z0Ll01eTzFWvw0Y2XKHY3dkoSC7IkMlg2KV8yEawKpENb4F-pLEfOH-Ysf3zkTAb8jygQmyliU314vRfmuqEgKBKqMpwfhHXthZIURsO1sAXVgBOmFrL2_sdMBnTOwJDffhZhI2eIg0V7rYwLkxULXShGDLm-5DHeg9ZAg140QJchsU08JoopjaDEPQJHneki3eG2pDem9lP-Q&sai=AMfl-YRCIaP_49bzcSuuZ0TvHMw_dsi_ZeMlPvabzPJv9wZC98ICnLfWI3EkUl6zpI1fOqG1FkLZS5Nsa86MPFv-DeRnBWiPRL6xFYbZh5lYmlzBbfYRbp5QibwKaynUmtJZudgFN3WZi9w0tgG4v7fHx3SjeEUVtTplS-F1kBz19KcBrfTtjlu4m3s&sig=Cg0ArKJSzGGBycreCFrGEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1549&vt=11&dtpt=1177&dett=3&cstd=370&cisv=r20211027.01222&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
BLOB 200
OK d6fb4c00-9b67-44bd-92d7-1a2a92f3cb37
https://s0.2mdn.net/ Frame 801F 6 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://s0.2mdn.net/d6fb4c00-9b67-44bd-92d7-1a2a92f3cb37
Requested by: Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 87c161b2701b2efa2b6651fc7c5f2d159b8038b9f67b7a5ecaf5df441b751ddd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Length: 6572
Content-Type: image/jpeg

GET
H2 200 LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js Show response
pagead2.googlesyndication.com/bg/ Frame 8A63 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e7b8ddc2df8ad1ef42f7846f30e92a666b4a79d319fa52405745b6c99f4abaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 21:11:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 275205
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13394
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 18:58:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Thu, 27 Oct 2022 21:11:47 GMT

GET
H/1.1

206
Partial Content

file.mp4
r4---sn-4g5edns6.c.2mdn.net/videoplayback/id/25307fc9a81d2e4f/itag/15/source/doubleclick/ratebypass/yes/mime/video%2Fmp4/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778996502/sparams/acao,expire,id,ip,ipb... Frame 1A49
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/25307fc9a81d2e4f/itag/15/source/doubleclick/ratebypass/yes/mime/video%2Fmp4/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778996502/sparams/id,itag,source,ratebypass,m...
https://r4---sn-4g5edns6.c.2mdn.net/videoplayback/id/25307fc9a81d2e4f/itag/15/source/doubleclick/ratebypass/yes/mime/video%2Fmp4/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778996502/sparams/acao,expire,i...

859 KB
859 KB

101ms
8ms

Media
video/mp4

2a00:1450:4001:6d::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r4---sn-4g5edns6.c.2mdn.net/videoplayback/id/25307fc9a81d2e4f/itag/15/source/doubleclick/ratebypass/yes/mime/video%2Fmp4/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778996502/sparams/acao,expire,id,ip,ipbits,itag,mh,mime,mip,mm,mn,ms,mv,mvi,pl,ratebypass,source/signature/1C78A64A0863ADB7F1758416F8E4AD25A68E5E44.583176120F5C0DD233D07460F9106A44C2623398/key/cms1/cms_redirect/yes/mh/fR/mip/2a01:4f8:a1:1a1:84::1/mm/42/mn/sn-4g5edns6/ms/onc/mt/1635643173/mv/u/mvi/4/pl/48/file/file.mp4

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

HTTP/1.1

Server

2a00:1450:4001:6d::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

f8c250368fe43eadddcef1351e8ddbf5b0f45f4e20669b04437975fa8eb7c852

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 01:38:32 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 15 Oct 2021 14:00:36 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Content-Range: bytes 0-879273/879274
Cache-Control: private, max-age=86400
Connection: close
Accept-Ranges: bytes
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 879274
Expires: Sun, 31 Oct 2021 01:38:32 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:32 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r4---sn-4g5edns6.c.2mdn.net/videoplayback/id/25307fc9a81d2e4f/itag/15/source/doubleclick/ratebypass/yes/mime/video%2Fmp4/acao/yes/ip/0.0.0.0/ipbits/0/expire/3778996502/sparams/acao,expire,id,ip,ipbits,itag,mh,mime,mip,mm,mn,ms,mv,mvi,pl,ratebypass,source/signature/1C78A64A0863ADB7F1758416F8E4AD25A68E5E44.583176120F5C0DD233D07460F9106A44C2623398/key/cms1/cms_redirect/yes/mh/fR/mip/2a01:4f8:a1:1a1:84::1/mm/42/mn/sn-4g5edns6/ms/onc/mt/1635643173/mv/u/mvi/4/pl/48/file/file.mp4
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 682
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame CA27
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEGrN5KL99d9SMwIBX5YrHNA&google_cver=1&google_push=AYg5qPK4BIm7z4kN-haJGeGxrGePswgBPXxwbAb1Jgtj68umzRg-rLHr_4OnfnNe1jDZLA92VUvwwGjGGYRxBml_KVAla_WSfbzC&...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEGrN5KL99d9SMwIBX5YrHNA&google_cver=1&google_push=AYg5qPK4BIm7z4kN-haJGeGxrGePswgBPXxwbAb1Jgtj68umzRg-rLHr_4OnfnNe1jDZLA92VUvwwGjGGYRxBml_KVAla_WSfbz...

43 B
421 B

176ms
168ms

Image
image/gif

2606:4700::6812:d05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEGrN5KL99d9SMwIBX5YrHNA&google_cver=1&google_push=AYg5qPK4BIm7z4kN-haJGeGxrGePswgBPXxwbAb1Jgtj68umzRg-rLHr_4OnfnNe1jDZLA92VUvwwGjGGYRxBml_KVAla_WSfbzC&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPK4BIm7z4kN-haJGeGxrGePswgBPXxwbAb1Jgtj68umzRg-rLHr_4OnfnNe1jDZLA92VUvwwGjGGYRxBml_KVAla_WSfbzC%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: 2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com
URL: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Server: 2606:4700::6812:d05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:32 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6a692a199f0c6903-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:32 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 8
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6a692a181d5e6903-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEGrN5KL99d9SMwIBX5YrHNA&google_cver=1&google_push=AYg5qPK4BIm7z4kN-haJGeGxrGePswgBPXxwbAb1Jgtj68umzRg-rLHr_4OnfnNe1jDZLA92VUvwwGjGGYRxBml_KVAla_WSfbzC&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPK4BIm7z4kN-haJGeGxrGePswgBPXxwbAb1Jgtj68umzRg-rLHr_4OnfnNe1jDZLA92VUvwwGjGGYRxBml_KVAla_WSfbzC%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
cache-control: no-cache, private
content-type: text/html
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame CA27 70 B
265 B 248ms
31ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESECQyPQyxyi1csvaaJv-N-UQ&google_cver=1&google_push=AYg5qPIk8h2EE5m4OzCcKno_1oZEcGVkeuudCH2yxXI25PmsK-BynVYMpVQbCYwz61KRULKwYWBSe-Nh1vk3JgzxpCdEs5yg1MM
Requested by: Host: 2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com
URL: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:32 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CA27
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEOhCMer4YjNLdIKb44BRN5w&google_cver=1&google_push=AYg5qPK-t-CRjqB9gu71sm7zfAB44rxAIyherMeZIbgyhGHDIegC_ezKPOuljGiCjbmv37dZF76L5N9FHUTeDGnk...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=x_wD-GPvQN2rdR3GBYBt9w2&google_push=AYg5qPK-t-CRjqB9gu71sm7zfAB44rxAIyherMeZIbgyhGHDIegC_ezKPOuljGiCjbmv37dZF76L5N9FHUTeDGnkFHBFTHftpawA

170 B
188 B

17ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=x_wD-GPvQN2rdR3GBYBt9w2&google_push=AYg5qPK-t-CRjqB9gu71sm7zfAB44rxAIyherMeZIbgyhGHDIegC_ezKPOuljGiCjbmv37dZF76L5N9FHUTeDGnkFHBFTHftpawA

Requested by

Host: 2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com
URL: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 31 Oct 2021 01:38:32 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.15.12
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=x_wD-GPvQN2rdR3GBYBt9w2&google_push=AYg5qPK-t-CRjqB9gu71sm7zfAB44rxAIyherMeZIbgyhGHDIegC_ezKPOuljGiCjbmv37dZF76L5N9FHUTeDGnkFHBFTHftpawA
x-host: tde-deliveryengine-production-7f8fcb5db4-hfvf5
alt-svc: clear
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CA27
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEDPS_01W7ygjREzx8E-aLPI&google_cver=1&google_push=AYg5qPKxnSD_AY4frRq3fIqMwLZQPTGnCR0oE3zzmm4XkHHLfRzrx6v0vGaE6B7RPulM-xnjIt2hyews...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEDPS_01W7ygjREzx8E-aLPI&google_cver=1&google_push=AYg5qPKxnSD_AY4frRq3fIqMwLZQPTGnCR0oE3zzmm4XkHHLfRzrx6v0vGaE6B7RPulM-xnjIt2...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTQzODg2MTMwNjY5MjQwMjM1OA&google_push=AYg5qPKxnSD_AY4frRq3fIqMwLZQPTGnCR0oE3zzmm4XkHHLfRzrx6v0vGaE6B7RPulM-xnjIt2hye...

170 B
188 B

17ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTQzODg2MTMwNjY5MjQwMjM1OA&google_push=AYg5qPKxnSD_AY4frRq3fIqMwLZQPTGnCR0oE3zzmm4XkHHLfRzrx6v0vGaE6B7RPulM-xnjIt2hyews-WNIR77X-LrMocHrMhgy

Requested by

Host: 2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com
URL: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:32 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTQzODg2MTMwNjY5MjQwMjM1OA&google_push=AYg5qPKxnSD_AY4frRq3fIqMwLZQPTGnCR0oE3zzmm4XkHHLfRzrx6v0vGaE6B7RPulM-xnjIt2hyews-WNIR77X-LrMocHrMhgy
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CA27
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIxzy4oCuKMiOF8qsTd7tvQIQ4BsrcKUHaAfwv5vmm2nBNTWtOCwzRFmMKik6NFE2jMI_ImnopB7-De3OhhUiXUvpa9WelS

Requested by

Host: 2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com
URL: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=C9nfxT4YQiWGt4kBEh9q9A%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIxzy4oCuKMiOF8qsTd7tvQIQ4BsrcKUHaAfwv5vmm2nBNTWtOCwzRFmMKik6NFE2jMI_ImnopB7-De3OhhUiXUvpa9WelS
date: Sun, 31 Oct 2021 01:38:31 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CA27
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEI9ra8La1otYnMWkOIDcIlE&google_cver=1&google_push=AYg5qPKWklK-UgZwDj6_vOfnoT7vKoizxK8zALaJF_LC-thj33n-DT5HsdwRrxyn27qs5iM7VWo0cC3C37_vt0fW...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPKWklK-UgZwDj6_vOfnoT7vKoizxK8zALaJF_LC-thj33n-DT5HsdwRrxyn27qs5iM7VWo0cC3C37_vt0fWVvdJdEfQewnt

170 B
188 B

16ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPKWklK-UgZwDj6_vOfnoT7vKoizxK8zALaJF_LC-thj33n-DT5HsdwRrxyn27qs5iM7VWo0cC3C37_vt0fWVvdJdEfQewnt

Requested by

Host: 2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com
URL: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 31 Oct 2021 01:38:32 GMT
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-P5
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPKWklK-UgZwDj6_vOfnoT7vKoizxK8zALaJF_LC-thj33n-DT5HsdwRrxyn27qs5iM7VWo0cC3C37_vt0fWVvdJdEfQewnt
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: J_2OxqrWOfQWXfG-y96zHG6AK1zhllOd7dRfRvGMiTTeRke_sG8FAA==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CA27
Redirect Chain

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEJNdECnmeRp23nYUkYdo60M&google_cver=1&google_push=AYg5qPLNhaG5IaLyl0NxMPVNiHxXbjeIAAyx9PucrXtyNVlqXbb61m0BVhg_hALFWEVRkJPeLY3LAK...
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPLNhaG5IaLyl0NxMPVNiHxXbjeIAAyx9PucrXtyNVlqXbb61m0BVhg_hALFWEVRkJPeLY3LAK4vVWrywS7N7mbQcJOEnv_l&google_hm=MTgyNDQ4NT...

170 B
188 B

18ms
17ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPLNhaG5IaLyl0NxMPVNiHxXbjeIAAyx9PucrXtyNVlqXbb61m0BVhg_hALFWEVRkJPeLY3LAK4vVWrywS7N7mbQcJOEnv_l&google_hm=MTgyNDQ4NTg5NDA4NTkwMjk2NA%3D%3D

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPLNhaG5IaLyl0NxMPVNiHxXbjeIAAyx9PucrXtyNVlqXbb61m0BVhg_hALFWEVRkJPeLY3LAK4vVWrywS7N7mbQcJOEnv_l&google_hm=MTgyNDQ4NTg5NDA4NTkwMjk2NA%3D%3D
date: Sun, 31 Oct 2021 01:38:31 GMT
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame CA27 0
12 B 16ms
15ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IQAILNs3KMHI1ygikK00l4-1MZV4l5Ay4dLs5fT2SekKDW33Gm4B3yxYxOuvM4l3tejwWL

Requested by

Host: 2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com
URL: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:32 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 891A 0
23 B 45ms
45ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvQai5bXLNKNbeXfShidcBOk2RDtgiBrr5euPZGIc55DoJGJa8Anp0Q9o1Bs1-CBFBiChogjPaQiEOaGbYIV_35zv7Uw7ytlEmrvQI-mY795eciyCPBXImhlFxmDWvyeL6fVAgKXeS4lA8CyZFGV4yDhM0vQTKj3nuHpZiuEx2ZpuID4Xheup_LPZ3SwOHOtWdXeeX-yvxQhg2I_eDMrXr4iP6EU9Yvgnw7hBakCwMZYrdBj5PJn3OI5iVsye2wmxrqrCp8vsnrLbA4p23CZqg9DLnoaiUddmcJXGJN5_jodg8jp2jBOzGHPkv_3BKdVL6g-8qIAUlZCm0jr8N7ubUWdabunDG_qMksmgLi0m35xs0gVMPdpP42SGMZIK9WWZBHg10LSEarRneH1z4hUxYuifKqwZ-sSZk2pXIOnKAnJ7IygwjDsc02zUJAf9EC6WOrK0AKZprxGoagCemyNy1YoR5clMWUrTmau-c8NxCvRjzOmX3TOxf0Ta0D6SQ0BIr1B_5i-12LEesJAMzvPdjxc-KfcJ1rio22ckqmb2VPD8ZD80CuqWPm5eP219X6Uev2kEvFVLdhl0VRmtNnbd-UKJdiCqbB7n3XCo89m7iMv1IqXrV8A2qiZuaXRu9NRTeiEmbQsWqp7Chk3NxK0DcjQV4w8Rug3CEAmDUn2mSvAAU6FYpSW-Ko0J8Q3mXMPbcgkvphJ6Xf1DwnyoXFYfOe8Uq8vpMOeIad2RP7BmjvsAtg7OkHAGbJ2a9-pTI034jW8xDV60BFUEVGlAfCHoZfb3_EqNHL44h2O7NbYMU9piAEdNA07jaIHaa2j9Y_p0Uk5rGOlFmTfX9SnzYH0dcvLTrFiID6_Z20C9mQZPaJpAh5dJ2-LNWoHHMQrJ4uDMdl-Evq8g8mIrPC9IyB4yyc_FfkZLa9G3ivn33M4G2L4PXEnS1TRrScMd9dlEpSOLtV5Lglgl0LE2bRbh8MZPv2D9t3KQ0PQtAke1NfNtYAs37svY_qZKD34IK2jEcndRbljAY7eZhrybqT-gKTVbr3rf7PzRY_jlwu8GD-MXI8wxnlUJao7tUygAgpydA2G8YXbFEueRDhL24yuOAPE8BK5rjm74UQih0fCm0DxOVP2oapUVwrH2xHOz3h3BXtZtB5gKe9aP11cYOcFpQZ6kN4VxeabWIeI55a4QhGvWBPdZimT-K1MaTGhOoS2ALRmyTh68fu4E26lasT2IqGBwKHPl-rOFS7mpdszViIMXO4gEC4fhKk4XZD8y7TWa_AGwtSKSWqaSXdvljtAibzpSz9i0F2&sai=AMfl-YQsg4TU-RT6r3AAgdgtYa4qn1vPH2BbA1Q2hpap4eVltQD808Y0GK0FfEsLOb0hVtxpCwLstFBFylLeo2t-vv4jgpoXk1wNlePwMg7NjwMxAKR2ryFlUCGooS6GFdayC9A60beq7b6ETtSa9Zk0oA7LMNVl7Q&sig=Cg0ArKJSzC6f0u4NklsuEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1826&vt=11&dtpt=1155&dett=3&cstd=668&cisv=r20211027.73063&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 891A 43 B
215 B 98ms
98ms Image
image/gif 54.224.22.215
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=769474&asId=8cd53e58-fb44-0305-4902-be118c72d005&tv=%7Bc:sA63QV,pingTime:-10,time:1428,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85NS4wLjQ2MzguNTQgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1635644312172%7C%7Ca0861b4ed50b1f066023ecf76c40dca4%7C%7C9ceebc4ad83ababb94d4029b4dca4e66%7C%7C7283199b8f8089ec585e764bb7db169a%7C%7C190d941320ce5072b5e5bacf22a6c91d%7C%7Cd5d94cea082d188b8a3dbcb4228d8771%7C%7C89468a1fe140275d92df2456c76e91db%7C%7C95e794abf536c3c7520651f9bdad75f6%7C%7C1629390669,im:%7Bimprf:%7Bttecl:1721,ecd:34,tsecr:571%7D,pci:%7Btdr:894%7D%7D%7D
Requested by: Host: 2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com
URL: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.224.22.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-224-22-215.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:32 GMT
x-server-name: dt10.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3483 0
61 B 18ms
17ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021102701&jk=2878135317469018&bg=!7-yl7KjNAAbUs_yW1LM7ACkAdvg8WoS8DWwUNOYHaKaPinLBlEy1joHhxgg61Xt9XJf07fbFUayjxAIAAAVCUgAAAXZoAQcKAGcKFOkM2S5we3bbsKVYlbNhSTUG-aXLgZGbZx6eTj5jE7X6MQLKvqznqJr0450EDs-DmbN_8_37zswVFjwFkDEG86xl1nqfsZ0iPMcYLu5qhsWCBqVRfHqhCk5zI58-phIEbpuATD3bmQLhb_4LWyGQnTZgnMWrlT0VY-29neQaNDq-Fdrn2bEohRqz3JaLJ2R91pKNZyp20Wk5tsDk_dVSuSOSNCq2l4tYkIp6xp1GH9RIgIn3gDz20_icvN45Hsgc5820F0CO4edWzzuGnQuZ5S3OH5vkE5_AR4e2W2M-IfGYrYggtZT3Racux1_e6vaOHcWZ6vKmAP_oZ78RN0BlLQtwwS8NzszFFKubv0nCms_HMZuHZxhz6Qw3Gg0e8OWCrArnxmjY2_vqPggudiD7Os3LLnRSw5Z1dTKTtT85bNqU64ZWGYHEHlpmazpULyby9P2oDZTSKGtSIq57pqrATU_xlYFF0e0oSe-d3UH6Gh16LSqdgXse08SiW7aOHMhBQvje8L3lxZoppRdI8cfqBnR7_UlVnFDw4F_qV52SksB7KPPbEpTt5Th_8wWumYHetqHhWENEfeToSmFbJMHqjJLiZb_FjtaHR5Qb7XytVO3SNzZpPViBmAHbjXEW9YjVqtoXaYfRFnnA7UcjzbMICSucQ4j54D4qIoaPoGW261LVcyg5lPKhOz_d5OR9r8wHfl-qZKJDP4nz9mymHHV7ICAmAlcjL8ZTQb4CP2YegtI-LrsuiOWFp_2zQMgO8XY5OiH8HSl4RJQVbPhJaHT7Cd9Jjc-Nm_xv5d9qB4JpRJhJQvwx2CTXI-vEYNFmRjDJPTqDviydk4t5ENOwB50BOhH0mUPzr8xeYpL6FMjn27JmKZU0BWeOTBRVEzw8tbIDnE5hhVEac0x1vBNyiExp_zJN3gyE69JxIz5MVjAdjGM7AeHF9jNiJVf0RmO_0xOHcR1vqMmCQ95j5WZOyYrHfw44ezxUg-dIuFVsjGX8zHmsjsykP2xvRI5lOZxJ176ALES_CYu5kzNzow4z3RbJCHyQRNp8-vsEEBJ3Ledx9bOgMZ0EoVF6ZlPjHEte1BSS2-A112tpdyCTjXcf4Rty5zl_JRsjjTomy3g

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 45A4
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEE_Zxq-Q39j8Q0ugVFzhzJ0&google_cver=1&google_push=AYg5qPKHCACili3wcLgQDhJ0n-QaU5s5v-Co9-svhhxmIqMXFFjMxSf0YUoPl7gK6eb6uyuQFy3D_i9Jn5-nmtTJtnWNbeeiejJO2w
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MjgwMTgwMTMzMDYxNjU3MTY1Mw==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEDAmT2_ja65L6UvbHEF2zxA&google_cver=1

43 B
407 B

195ms
195ms

Image
image/gif

2620:112:f000:bbbb::11
TURN-US-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEDAmT2_ja65L6UvbHEF2zxA&google_cver=1
Requested by: Host: 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
URL: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Server: 2620:112:f000:bbbb::11 , United States, ASN6336 (TURN-US-ASN, US),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:32 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEDAmT2_ja65L6UvbHEF2zxA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 45A4
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEKrxzFjMQ-gRWu3i4jnwmF8&google_cver=1&google_push=AYg5qPJE5ryvVT74gx1sMdpPGOt3QSZuKXbtJU54w5pL1xWwq3Us5lg7To...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJE5ryvVT74gx1sMdpPGOt3QSZuKXbtJU54w5pL1xWwq3Us5lg7ToEWahizVfXShoU4InmOYSK6xqO-gcfQ5kHMoOEQAryQCg&google_hm=2Rma...

170 B
188 B

17ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJE5ryvVT74gx1sMdpPGOt3QSZuKXbtJU54w5pL1xWwq3Us5lg7ToEWahizVfXShoU4InmOYSK6xqO-gcfQ5kHMoOEQAryQCg&google_hm=2RmaCPWRgpW-EVcgew-znQ

Requested by

Host: 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
URL: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJE5ryvVT74gx1sMdpPGOt3QSZuKXbtJU54w5pL1xWwq3Us5lg7ToEWahizVfXShoU4InmOYSK6xqO-gcfQ5kHMoOEQAryQCg&google_hm=2RmaCPWRgpW-EVcgew-znQ
pragma: no-cache
date: Sun, 31 Oct 2021 01:38:32 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 45A4 0
191 B 27ms
26ms Image
text/plain 66.155.71.149
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESENG9ST888myalMF0eQg85MQ&google_cver=1&google_push=AYg5qPJk80rE75F_KAyp8Y3yHnQbFZWja3wddXJE6lUqfzgi0Xpm1KesquKsAbc3m47AYC0Lqb4VXq2Fge0e7jvwXKOR3akdECN5kg
Requested by: Host: 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
URL: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.149 Southampton, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:31 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 45A4
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEIYLWlyn_SClZDdztobg07k&google_cver=1&google_push=AYg5qPIgf8smrNxTHMjtohiJysn7cs3qQKDdu4J93o0CtqHBQoZzwMfSYECXZgwRQVDfedlyvgS0oefKhLQcVJWy...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=zqMd1CRcQpuMX29w9nizgA2&google_push=AYg5qPIgf8smrNxTHMjtohiJysn7cs3qQKDdu4J93o0CtqHBQoZzwMfSYECXZgwRQVDfedlyvgS0oefKhLQcVJWy8Kt6sTgztElGcA

170 B
188 B

16ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=zqMd1CRcQpuMX29w9nizgA2&google_push=AYg5qPIgf8smrNxTHMjtohiJysn7cs3qQKDdu4J93o0CtqHBQoZzwMfSYECXZgwRQVDfedlyvgS0oefKhLQcVJWy8Kt6sTgztElGcA

Requested by

Host: 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
URL: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 31 Oct 2021 01:38:32 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.15.12
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=zqMd1CRcQpuMX29w9nizgA2&google_push=AYg5qPIgf8smrNxTHMjtohiJysn7cs3qQKDdu4J93o0CtqHBQoZzwMfSYECXZgwRQVDfedlyvgS0oefKhLQcVJWy8Kt6sTgztElGcA
x-host: tde-deliveryengine-production-7f8fcb5db4-2dswr
alt-svc: clear
content-length: 0

GET
H2 200 dot.gif
s0.2mdn.net/ Frame 45A4 43 B
146 B 15ms
14ms Image
image/gif 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEELadNk1vFgDbsk_CrQDxcM&google_cver=1&google_push=AYg5qPJ3I1sXmWH73qK-ZXyk3AggGTqmH1MFWST1mi-VijuYoH08g5bwwvOzv_ZUGNXmg-opMhHZ2BKBIb3TMsj_3exeU6R8-Qv0Mg

Requested by

Host: 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
URL: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 01 Nov 2021 01:38:32 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 45A4
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEKHdHzAHukWaHB7FBvydGmY&google_cver=1&google_push=AYg5qPLfo-s-i6ctIPl5EkLylFVVCIXmLGAXjwJ_WRuP7C1wiptG-AJ31Q-67H1Cb4VIhb7xty0...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0U0S0QtMTUtNTZDTw==&google_push=AYg5qPLfo-s-i6ctIPl5EkLylFVVCIXmLGAXjwJ_WRuP7C1wiptG-AJ31Q-67H1Cb4VIhb7xty0iymZwaQnPWhtK7iy6zHRLMtaKdw

170 B
188 B

18ms
18ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0U0S0QtMTUtNTZDTw==&google_push=AYg5qPLfo-s-i6ctIPl5EkLylFVVCIXmLGAXjwJ_WRuP7C1wiptG-AJ31Q-67H1Cb4VIhb7xty0iymZwaQnPWhtK7iy6zHRLMtaKdw

Requested by

Host: 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
URL: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0U0S0QtMTUtNTZDTw==&google_push=AYg5qPLfo-s-i6ctIPl5EkLylFVVCIXmLGAXjwJ_WRuP7C1wiptG-AJ31Q-67H1Cb4VIhb7xty0iymZwaQnPWhtK7iy6zHRLMtaKdw
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 45A4
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESELrVNww_e_Fy2kSOQbL_Dp0&google_cver=1&google_push=AYg5qPLII7hvBbl740qSV1CF7G_2kvPgRX4eIVNfELe5QSR4f_6mUQkixjHun2cnSTGfANbT1xTRbuBe2D8bx9RB...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPLII7hvBbl740qSV1CF7G_2kvPgRX4eIVNfELe5QSR4f_6mUQkixjHun2cnSTGfANbT1xTRbuBe2D8bx9RBuFUXRNo8xjVubg

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPLII7hvBbl740qSV1CF7G_2kvPgRX4eIVNfELe5QSR4f_6mUQkixjHun2cnSTGfANbT1xTRbuBe2D8bx9RBuFUXRNo8xjVubg

Requested by

Host: 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
URL: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 31 Oct 2021 01:38:32 GMT
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-P5
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPLII7hvBbl740qSV1CF7G_2kvPgRX4eIVNfELe5QSR4f_6mUQkixjHun2cnSTGfANbT1xTRbuBe2D8bx9RBuFUXRNo8xjVubg
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: od4P8gXlTNf2DMptxEALoIcMePPjRQS-Gk34RweVXdbfxiUPJBU20g==

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 45A4 0
12 B 16ms
16ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LPQJ-mGsP40xuSfn6Uhjto4H5jaeXDzs7df8JgKpjNgw-Ge8ypa03W6fDJw_qPjk2Y8jwv

Requested by

Host: 97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
URL: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:32 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 prod_studio_01_247_videomodule.js Show response
s0.2mdn.net/879366/ Frame 1A49 13 KB
5 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/prod_studio_01_247_videomodule.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78b8b9c06e8648b397191402eb4ca35c9a83400e71f2338c84f2ef1393ef32cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61937826/20211018020328837/index.html?e=69&leftOffset=0&topOffset=0&c=IfbE7g68ds&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 14:18:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40786
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5003
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 14:18:46 GMT

GET
H2 200 de_DE_imageanimation_G_WD_Corona_728x90.js Show response
s0.2mdn.net/creatives/assets/2987685/ Frame 801F 41 KB
23 KB 9ms
8ms XHR
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/2987685/de_DE_imageanimation_G_WD_Corona_728x90.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d76d64fb91e3321e030f273de25963bbc2992ca234086efedca4ef9bfd6135a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/60488576/20210603021707961/index.html?e=69&leftOffset=0&topOffset=0&c=su6QfSbCio&t=1&renderingType=2
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:23:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 891
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23873
x-xss-protection: 0
last-modified: Wed, 18 Aug 2021 10:49:47 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 01:38:41 GMT

GET
H2 200 728x90_G_WD_Corona.jpg Show response
s0.2mdn.net/creatives/assets/2373736/ Frame 40CE 6 KB
6 KB 7ms
7ms XHR
image/jpeg 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/2373736/728x90_G_WD_Corona.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87c161b2701b2efa2b6651fc7c5f2d159b8038b9f67b7a5ecaf5df441b751ddd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/60488576/20210603021707961/index.html?e=69&leftOffset=0&topOffset=0&c=JKUBp5Vtvo&t=1&renderingType=2
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:37:04 GMT
x-content-type-options: nosniff
age: 88
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6572
x-xss-protection: 0
last-modified: Tue, 26 Jan 2021 10:25:48 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 01:52:04 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame B079 6 KB
4 KB 16ms
16ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7c6de2f5b4b0401816dc0eb716d4123ba7c388b66799e9eade8ee155d66d0b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4377
x-xss-protection: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame CF94 43 B
215 B 99ms
99ms Image
image/gif 54.224.22.215
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=925113&asId=dd24d7cd-b2ef-2253-ca96-02e8f761781a&tv=%7Bc:sA63T0,pingTime:-10,time:1786,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85NS4wLjQ2MzguNTQgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1635644312302%7C%7Cd54f14ae099a43c1a0ae9d17e034d443%7C%7C9ceebc4ad83ababb94d4029b4dca4e66%7C%7C228348961aac507e5e258003653e244d%7C%7C1fd67c0aa2596b34c22f465259b9ad1e%7C%7C443dd0195525555c2c4563f777664846%7C%7Cb080aec9346cbcd0a267cce00c15474f%7C%7Cdc9bdffa29cfd4ac5b5db75ea65a8aa0%7C%7C1629390669%7D
Requested by: Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.224.22.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-224-22-215.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:32 GMT
x-server-name: dt45.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 899B 0
61 B 17ms
17ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021102601&jk=3036079568268128&bg=!xMelx4PNAAbUs_yW1LM7ACkAdvg8Wjmk-I7CVQHxfqtYu6zcdYHWbShxTAz_1tpUC_pqDRNUgjmJZgIAAAWAUgAAAKZoAQcKACy3LXXB0JXnxfxdf7yVOIYHGrJ3wikZaDX2bWEbSUruQz4e0By-pck-QHsLEZkC67oZdR44_xe3wI_t7wrSJXsmVyMwbrSO3Q4QCN1sRxOY_TKGJpmwq-rYWAicSOBhG6KLv0DoXK8LyalKxi7VovOetiZaZd_EV1nLEu6Q5W7XhiCL3qtusiuyaLQdh84y-S-EYHJsWvL5MuV-Me3PbX4U32mPfNsdMImY4EGiHYsk2ig16Yiw9EEwKy84x3H0XdycVkX_xZTT7MEp4koHqRnIjnxxqxxuju7UdL23MoiltT_A6BPVOK6Sl4RQ8Hjc4OPr_K73bgS9cWNEh4qdgnWgQMYp8LIqXVXp-bYdcs_N8y6Mh5J5Gzy0lAxQLzSMkx139PnyROc-zhVRWA-FKjEUOcDPrchIkXRM8GTsf1Qvfwji1WkBcBvuthNfgnCCUckLs4I1CwKuU6-D8M1m8iVZOOzBGY8yJT9_Yjb4L9Hlk_mULMbkxSbetJn3Fqi19tWBOY-O3Ao3o6UxgFnsi9XScr0Fzkq1D1SuUmVDqOq6NDFMPAx61pSh0B4guwOm12WOyNolbUuNTgQNN64e_Wv_ssb8Pjogly6DHKwOGoJGy26eUWDQTXtYThNIQX98Xi9z39rcTz2jV8vLue6TLm3idbYuYXnzA8fMRmex0lacHsy7l6EvWkJ7yCgXLIf-o78Ax-HxmT3jb4ZP1YhUu6hCpxB3K2qTuiNdi24bZCVs39um_2biQlEIJYD3pwSAxyeIZx5cki8yUZNWSQXTVt0EiZzKZ3xIcmzjDUl-biR6xKmU9ikdGOH3XB2xWTyBFWrt43jsK7hlbh1xwPSCcwSvqa0J3v8UxTo_eJ1Xof7yWOQclF_fkbqwxwvhiBvcEuECMm4bCHZI56Rcxk9Gv2ffI3DdVgA71exfH5aeQ5SljBB_alocf-MgCE5YMxxVxljLDDv1T0FJg_c9gOgsDF4Dwe-1FfFeds7h33He_A8V0DAp9K4qS9Tl6a-Q1ugdFYNSznEc9EGQVsqShOx0ckKuivm__WeC42iOpA

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6D50 0
61 B 18ms
18ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021102701&jk=3345433076437205&bg=!nJ-ln9vNAAbUs_yW1LM7ACkAdvg8WvXG8ZlnIH8yDc7Cy7g8cAWm1g67oRJex8Yi9m0wM_kwOJlrVgIAAAV4UgAAAKRoAQcKAEh9nEDleUyDDfFmY-5zWLcH9KfpHxCG5w47aIHWqmSMr0_7dxrnXsupBbhZWpw0sJ4UWALZwAoB1xdDImKVNiuU_Y776gOsmjGZAuPxJ0v52nn7J2CSDoruvp-B6b3fWHX9PCpUp2IZnQf2WITYmyEeSehAht48MVWBk4yCkVi1BzUVaMJTuxtohB-dccXF8gKCw4rZr0NFlG2jLNRVXZjscXsZM1ZdC-BzMQXBoVcaFIgn6LCgg1mJzrLogeUythUsH9feHz1mByH-z8QubpcWh1WzlxGM0ogHy4R6GW_g2q0J5YhvxzmHRKcJ8xyx22H2qICphEfjj7Vm-p8QlROnNTl3tsaoW0yDv7Uz0pnXslqEC6IPHch6pJW-vH0F5eiuLJluDOw6Y3wbMBYpbbtnwEy-oJge13tZwLLKrOvPk_mbyrXxyKLC3brYdwIYW7f1xgqEob7cOi0BaMfbD2zHjMJzZ8HHjLTpDiVb1L8B0NkHdsUXX2eBXIO5M8ljCUiLhQ2ouEmezHd7tdLoi0D_XWwfFf83T32vjF-hye_qlQACaQT2B8LhuqYMwL8bKKMZVfr8JQ7pETSUCmdbZ-r1HMHrXU9MgDjrPxqMIUFBFuibEPZ3WeConhjUxd_LeTNNqOu8mVsootPTCDBL8QEJKRRXGObKEZGIui0wN4B0REHWDHA_weeylzhQXph0KPrEyFVxAAJzDqLvXWLdtDjW5HErNEG3Bd7Fazjd8v7hLvHEceifM0UdLNNiL3Q8Xu4YFWhIZ_0L9I_aNdArUp-0RqPF0FJcsMAjmBpLs_xdWRo83GIsbqQDJ8N1SUiLF_6JYYHMMSwGWNZfYFuUlDpSkQ1j53ebRnITtWMNNcTVxNJXAslo8Oc4SB_hMChHyNWwVKZ2Vv-ktZwefxq3mHHc_6Pmh27m2eL5EuPsRgeRPvqvizQ9BtaJ_36B2ojPJIkYJOFiplwUKxPG2sAxaBLOG12wF5RmFkvwb-LZZ13EKvkzqwQ9Xd5UCAu9bQcTK4NyRdqALl9cq-7-XjS_gagOWYOrPcy3If3-lmZO84Ash2Ycg1Pd0psJdpl2KKAk

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B18E 0
61 B 17ms
17ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021102501&jk=1997484346019433&bg=!kJOlk9fNAAbUs_yW1LM7ACkAdvg8Wm_t98x6p0abflYEF7E4VTTKcsWt5kBnU-CUX-6NDZwxXdOLlQIAAAVtUgAAAKZoAQcKAKLR2967JmqmKfvwZ-JjQU5NF1oFVVownR2VWQcWnDTC5PGMTeC5vGJXWIc-uRDMf0ia927i4FV9Vzvux08vPp6uspNx3pDociWtZFleZjLwvvmuRjlxELq__IbQMOCzC0D6OnRH2_0_kLjOIDcZI7AD6x5lqux13q0zYGklxirkam_8zjo7fdgSg9-2y1-3eENLWgOJZjwhDSSm37lCWH-5uduZAs28FkpKAvp-ms2OpcEIt4jqA15p1rrWcs83wQtQ0G_2zH7ajNfCTa9nDjMihreHHGcvZKGxyDoz15pq7opDGo34RZXiJwR6aGIFeXNRk1CeZN80f0N-KBexAPE3DsZHhY0KCQx2XylzxVow3ugfv5-aANFcWDVZHUDHwfhRfzY99gMmnIN73J00Ps5OgG3RFubBc-ki-0D3prEfaPqQpSeeX8sL_T0b7xIiB79Fgz1gRhg8s0U1jZ0q3Aw5686RV0ATBeyv5RKuo6WKdWy3SRR7XUSYhB9Ivp1mbMU-I49wpDV-cYXUwt7HI5Z_pW-QOokW_5F1IeZFoNUX3S1qUzAiYIU_RlJlRdz_BrB1REnziSZA04LiAOzys3hs620Rymz5xuEvBhhi8TOS7vbHmlFC6McpeLPvdimXnnOK1ln4xFCP9WCIA2jvKEmjgOkZ6cuEEOUzdJ0Vfa3JchuyszssvJYo7pA7VNsNGDDMkH-JlUS268Ko6fZpZl14x1e1XtvkeqMQWJWeM7HonDaBaMFB0q60vvjYLw7_EGEqMGfcElHLCXmT_x2Jd1fBdCzwvfxcX9txYxdgrWB8UZ1CWP4ZcuwoPeB61GDlBi-W8kj6U49Q8nrOFi6-n3PR7ZROXf0eREz_tikdATLwc-9VfH-GkG6DvS8T8cfLD_e1j367z9SV78iHSTfTM_tAUxiNBMjUcWDigA3vh3mC1KSsE56CsojGBNt_pTX779XSdBiEjmQ-25j1vyQhFFRz4Mt_ZLNNs4m2A_k54HYseot7RqkMtuhZ7WuOa6xTy-Fo6yqwBpDfUJZrPNp0afUe5_4HRaOkv89Z63UDdOA_dvwAgCFjokjjq2XoVdApkPUc0dtBAo2ACEAKWJJaiTnf8p4fA9kfNNLFunwfruV7F4VNt5zZDbcrt0Z0qnhO51Ao_SxAYeOda3taRxObMgd246g

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
BLOB 200
OK 9ccfcc08-864a-4ca0-b994-b78021ab3325
https://s0.2mdn.net/ Frame 40CE 6 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://s0.2mdn.net/9ccfcc08-864a-4ca0-b994-b78021ab3325
Requested by: Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 87c161b2701b2efa2b6651fc7c5f2d159b8038b9f67b7a5ecaf5df441b751ddd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Length: 6572
Content-Type: image/jpeg

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 40CE 17 KB
6 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sun, 31 Oct 2021 01:38:32 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4202 0
61 B 17ms
17ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021102501&jk=848841332571682&bg=!l5SllNDNAAbUs_yW1LM7ACkAdvg8WjJaTtE0IMAfxXGBdFpCMLbJMIDr6XP3HoZfX-kRZ3-SCyVJYgIAAAXzUgAAAHRoAQeZAtXYv7LFb-qVTeo7-Y5nBa48b0uGJIv_VJUVwtqfL-3guCyYy8xWpDGmvM27_afKLVxXrkmMXGo2ua61v1D3ksab-SbtCHO-cJoTMmFMCtlq9Fne64kObTwycstbPWZZT6EHgFldd2CiMMgLxpC6voNCZza_jQIz_hD4VFcNbPuAmnNRIlI1cF2Mtz7OioidgydrsIYx8I3vB_K8en5kiBDUQaf4u9VI89f3V_1RbL3JfByXdv4wFAGfQiLgsJ0D2kPQjeBDMSdsH0Jb-7JYaz-keaFZnBt4COcprVIvuihHFpaRuji7ocfO3FAzcHSO5hkfgPUUUMc7jo_yqivFtgyG-auYIlVjfpXj_Cu_W6cVPWkPjSsyAiT4T1YXE9mgCPkFv4OgBMnOdoPRhPOnwq730oIpbT5rFKzhMh705HemdW7UcdLP_J2_VwnGjzF5Nb8O2xs04iNpIe3GvZmseDe3ev2M2wdfPRki5ENep08SZXDH3KwNdA-QdxiN4Y_JxJjIIqoxlUNbaUdamHPxad2XGean57fAOYFw3DpFGrDbQuZgw01DYNvI8KyZq1CMfvLSvMfOgRBuTJghqh71gZwUq7K3fd7R1-N7bIFTzgaqqcUXQ6OCGIZ04Ws7Q7whTy-GUZXIElmSLQYIWS344Go2fGdpIgW3-OJ_tRHhn9N_4BGJzLJxq3m-o-E4lOWH_jbOTILBytPxO3-b_tYlNYoieCG3GjMpchApM4zxz9jF7CfX8ntTqh9D7tKpmAqJep06xsHRwgUtBHsUw1qJTMELeesQRkeoxw7CjO29BGfERKglgnQVuk3JiPAzL0PYqkmGskwEZNhgV3YAwb5BmXw_bpbGct0AwmktgY2bMW8h-LYstMsJg0Dxeq7AxuS7KiBNdL4orD_4r21eKqu1RCnYvruZhEhc7mcTFqde8WtQ4j-hSf4vmjvyIsnMuIQBDqY6_fZB3w

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame B079 17 KB
6 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sun, 31 Oct 2021 01:38:32 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E83D 42 B
108 B 22ms
22ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstfLSuhXsuS9Yd4oGqjKy72-3LLEpr8Vpzj4lJNqul65mDvO3a6mlZ_3vepLb5lyN4UwhyDizLv0CZeiVKEILj4gRkFKybuVwi5qW8foAornVUtUl2yIg&sai=AMfl-YQ18-gncord137EaqCwro3TGyyD5P-Sy61ymXgZzneS4azaDssd4zN_DKZZVo2XUs1Wh4vZpNJW8VS3PtySSsg0RaAblkDTiGtEojhzJNx58yzslPU6EG5AekQ&sig=Cg0ArKJSzMNAlum2ehsyEAE&cid=CAASEuRoLd0EprJ89wiroAufi5JNGQ&id=lidar2&mcvt=1039&p=0,0,480,320&mtos=1039,1039,1039,1039,1039&tos=1039,0,0,0,0&v=20211025&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=475162452&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1635644309712&rpt=1571&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js-animation_de_DE_imageanimation.js Show response
s0.2mdn.net/creatives/assets/3389262/ Frame 801F 65 KB
17 KB 8ms
8ms XHR
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/3389262/js-animation_de_DE_imageanimation.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d10fa1d9aefa7b26452bc6daff08105c29f61ed71d64e727a30d0fe71b8ea52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/60488576/20210603021707961/index.html?e=69&leftOffset=0&topOffset=0&c=su6QfSbCio&t=1&renderingType=2
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:37:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 82
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17622
x-xss-protection: 0
last-modified: Sun, 14 Mar 2021 21:59:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 01:52:10 GMT

GET
DATA 200
OK truncated
/ Frame 801F 16 KB
16 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 06e13e753ce02eb311a0491eada8d8671a0c4fa4f85d3b94bb78ed1d0aa76289

Request headers

Referer
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4993 0
61 B 17ms
17ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BF6cNlPN9YfHwHaaV9u8Pno21UAAAAAA4AeAEAg&bg=!PzylPHjNAAZzbWp4c207ACkAdvg8WmRwNrNTg9tjo_G2YSnIV8m86f6fxeGqd6dUimUEp8pBMGHixQIAAAV9UgAAAF1oAQeZAxFsOy0LRwOL-eG-tV-87h6PVUh7dSFn_DpIzb4itVCOO4yk-vZfYQe38rk4UTZEIzo-Viesz_dERJmzeesVe1ESA4K4Dv12wBrigP0PQ8irvZO9uAZLJf_AltyjqQ179qOTp548AK-SlzdUbcfU2X5ZtFQUee3uKUKrOkC4LYX_PiSDpSxMEyEI4H2wKTztSU-zF4Z5LV13QmEQtVUbQKFQUDWqD6d8Zg-tKL5ri1jnqJVUl5twZRi1p_ykyHseV0vYJbwPLJeTrT_6LdMpJjBuFUvBJWs00HjmkPwZv3NUagTi9HCmdM8CEmGhctmn3cH0S5no8zpZ_SQjSgCsuNX26JlopE9ug88rLWgD_SNWMnBTnr0_ZSnsMnrxRddCRDBhRZEMgDzTSzwnxYMxgQmgp_-rPV8TrBbkep0wXuKMnFDgzFvV1x9wKox6EwI9k3ngLRqQShpAVx35ieqJwU6_cZC_slWSRhjYRFxSwbwk0efIfSQaTlijnV2KqoHFbXfTGm1wA8rDF-UqhyqUVg00AtebVW1P1oirWutkhX8_ZnhYNOjSnq106GmR0B-jld1fG1fJaE6GE90r3n6LXvAo545b-jci8NdV1ucmnXYuLFUMdeuF-AsBJImI-eNSRSRWVBJrC4DXxwA_nLrCd9QrhwsK7IwPYjIaL1yYEblUorb2EocEC1bShG-Xj7I5Gr-yErNq3D4OCqJuiEQldLUN2kyRCnGtODhAdoKXoEMx4ATqMt0MAfRAiIIKSL0svLcTYbDd3G-_9yKuwj77Wn89eSC0NlxHipB2c8nVENEC1dJJVpdq9wQzSLFdU8rTwl5c3FUI_zFUHxVKOVtxD99M6XMVzKeCMUet-REoIlHRRiCQABcI3XzBYN9s47w8BsQZQxr2pw4dYEHmnVCP8FhAj93y7uIGfykcgTwGa2gAEe4k1hB5cs2ow4NYa_zW1ISNSAt772BBhu8_5_Nigi8L61L9eRgGyZ5Dd92-WVT-2OqxBXun2svL_AEDfCwnzP2LQ1665N-YZGul8_TQQrtJQg

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 de_DE_imageanimation_G_WD_Corona_728x90.js Show response
s0.2mdn.net/creatives/assets/2987685/ Frame 40CE 41 KB
23 KB 7ms
7ms XHR
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/2987685/de_DE_imageanimation_G_WD_Corona_728x90.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d76d64fb91e3321e030f273de25963bbc2992ca234086efedca4ef9bfd6135a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/60488576/20210603021707961/index.html?e=69&leftOffset=0&topOffset=0&c=JKUBp5Vtvo&t=1&renderingType=2
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:23:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 891
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23873
x-xss-protection: 0
last-modified: Wed, 18 Aug 2021 10:49:47 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 01:38:41 GMT

GET
H2 200 rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js Show response
pagead2.googlesyndication.com/bg/ Frame 2645 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad8b12962ae8e7b1e5a90d30d5daf381777909bcc20b06faa9d148b888f6cc8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 15:10:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 210476
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13232
x-xss-protection: 0
last-modified: Tue, 19 Oct 2021 13:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 28 Oct 2022 15:10:36 GMT

GET
H2 200 rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js Show response
pagead2.googlesyndication.com/bg/ Frame CC13 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad8b12962ae8e7b1e5a90d30d5daf381777909bcc20b06faa9d148b888f6cc8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 15:10:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 210476
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13232
x-xss-protection: 0
last-modified: Tue, 19 Oct 2021 13:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 28 Oct 2022 15:10:36 GMT

GET
H2 200 js-animation_de_DE_imageanimation.js Show response
s0.2mdn.net/creatives/assets/3389262/ Frame 40CE 65 KB
17 KB 7ms
7ms XHR
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/3389262/js-animation_de_DE_imageanimation.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/creatives/assets/2377528/de_DE_polite.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d10fa1d9aefa7b26452bc6daff08105c29f61ed71d64e727a30d0fe71b8ea52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/60488576/20210603021707961/index.html?e=69&leftOffset=0&topOffset=0&c=JKUBp5Vtvo&t=1&renderingType=2
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:37:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 82
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17622
x-xss-protection: 0
last-modified: Sun, 14 Mar 2021 21:59:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 01:52:10 GMT

GET
H2 200 CongstarFont.woff2
s0.2mdn.net/ads/richmedia/studio/45844501/ Frame C9EE 102 KB
102 KB 13ms
13ms Font
font/woff2 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/45844501/CongstarFont.woff2

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c310a100b2bb38cd97a6ed696abe3dd3556b707607d207a13b838cd89f73e78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/4528516/1039192214543590/index.html
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:28:42 GMT
x-content-type-options: nosniff
age: 590
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 104232
x-xss-protection: 0
last-modified: Thu, 06 Oct 2016 14:32:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 01:43:42 GMT

GET
DATA 200
OK truncated
/ Frame 40CE 16 KB
0 Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 200 rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js Show response
pagead2.googlesyndication.com/bg/ Frame 3BC7 35 KB
13 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad8b12962ae8e7b1e5a90d30d5daf381777909bcc20b06faa9d148b888f6cc8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 15:10:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 210476
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13232
x-xss-protection: 0
last-modified: Tue, 19 Oct 2021 13:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 28 Oct 2022 15:10:36 GMT

GET
H2 200 rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js Show response
pagead2.googlesyndication.com/bg/ Frame CC79 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad8b12962ae8e7b1e5a90d30d5daf381777909bcc20b06faa9d148b888f6cc8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 15:10:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 210476
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13232
x-xss-protection: 0
last-modified: Tue, 19 Oct 2021 13:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 28 Oct 2022 15:10:36 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame E83D 6 KB
5 KB 18ms
17ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=latest&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_obb_rendering_lib_200_275.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cc18f16a6649d7057b804750cfdf44ce66a547da0d1292f6c11dc57b3e5b06a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4566
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 27ms
27ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211026&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

faeadd049e132b35030e113af8f70aa45d35852c4b07e9304d683bc50674d173

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8646
x-xss-protection: 0

GET
H2 200 conversion.js Show response
d.tailtarget.com/ 15 KB
6 KB 14ms
7ms Script
application/javascript 35.201.123.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.tailtarget.com/conversion.js
Requested by: Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.123.184 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 184.123.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: f3d70165d1438b13b94b2aebf55f853777b6f44c8ca0b3473728bfefa90b115f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 06:43:16 GMT
content-encoding: gzip
age: 68116
x-guploader-uploadid: ADPycdu5016qZPNowJTnZT7SyDg6OIER7qGJHm4AgyJhHEd-gc3BU-vBbxA4v60Clk4rpvFNw3W2W2nHRIvDhwtgOTw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 6114
last-modified: Thu, 23 Sep 2021 17:37:36 GMT
server: UploadServer
etag: "c011d7eff3edda011a5511fb703d925a"
x-goog-hash: crc32c=I6Sd4w==, md5=wBHX7/Pt2gEaVRH7cD2SWg==
content-language: en
x-goog-generation: 1632418656103247
cache-control: public, max-age=86400,no-transform
x-goog-stored-content-length: 6114
accept-ranges: bytes
content-type: application/javascript
expires: Sun, 31 Oct 2021 06:43:16 GMT

GET
H2 200 widget.css
static.arc.io/widget/css/ Frame 4877 85 KB
5 KB 19ms
16ms Stylesheet
text/css 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/widget/css/widget.css?2326f2d
Requested by: Host: static.arc.io
URL: https://static.arc.io/widget/js/widget-ui.js?c729574a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2a0d5016c9be45fd2d7534bf47f3b2c67d3d1d47e64e31572c28a94b984e7014

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:32 GMT
content-encoding: br
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-azure-ref-originshield: 0sUN8YQAAAABbQVPUhvXHTI0kPY27YUufTE9OMjFFREdFMDExMgBhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
x-amz-request-id: EAXBNGW7D4Z48757
x-cache: TCP_HIT
x-azure-ref: 0mPN9YQAAAADZ2LA0/OTuTpBYF1oWV39IQU1TMDRFREdFMTkxOQBhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
x-amz-id-2: 4Fg6MJ/qnvzx4vJLLTvTYIf20gqGGCbU74AlT/Fm0Ek7L3zB9ji7wbsQ01MHuOrM7OA6TEixh38=
last-modified: Thu, 28 Oct 2021 19:32:37 GMT
server: AmazonS3
etag: "ce66dd39d9339eebd65264a9ecc334be"
access-control-max-age: 86400
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
cache-control: public, max-age=2592000, stale-while-revalidate=864000
accept-ranges: bytes

GET
H2 200 normalize.min.css
cdnjs.cloudflare.com/ajax/libs/normalize/8.0.0/ Frame 4877 2 KB
925 B 317ms
16ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/normalize/8.0.0/normalize.min.css

Requested by

Host: static.arc.io
URL: https://static.arc.io/widget/js/widget-ui.js?c729574a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a12ac29d1617bc71b7d520627ea3f63ccd6e8deed2254c97d274f03b6449579e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:33 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 171908
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 631
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:13:31 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03f2b-732"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0PjTPm0RZgfuMWKyJtx6Mq0KDSyHULwMXak7eYjtuScBGdpSCh35f%2F9g1cq3qml4jZXgFH5khEbmZzgOhyp7sXKLGZ0BQd8w0498lMACYoRgWhIUcpZT%2FErtgcxpPy4ifm1LzAcnikkXKH0%2FiHMC0PcY"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6a692a1c3b742bb9-FRA
expires: Fri, 21 Oct 2022 01:38:33 GMT

GET
H2 200 widget.css
static.arc.io/widget/css/ Frame E0D9 85 KB
5 KB 17ms
17ms Stylesheet
text/css 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/widget/css/widget.css?2326f2d
Requested by: Host: static.arc.io
URL: https://static.arc.io/widget/js/widget-ui.js?c729574a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2a0d5016c9be45fd2d7534bf47f3b2c67d3d1d47e64e31572c28a94b984e7014

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:32 GMT
content-encoding: br
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-azure-ref-originshield: 0sUN8YQAAAABbQVPUhvXHTI0kPY27YUufTE9OMjFFREdFMDExMgBhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
x-amz-request-id: EAXBNGW7D4Z48757
x-cache: TCP_HIT
x-azure-ref: 0mPN9YQAAAAB8Yysu1EG9TZc2rFXlyVA6QU1TMDRFREdFMTkxOQBhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
x-amz-id-2: 4Fg6MJ/qnvzx4vJLLTvTYIf20gqGGCbU74AlT/Fm0Ek7L3zB9ji7wbsQ01MHuOrM7OA6TEixh38=
last-modified: Thu, 28 Oct 2021 19:32:37 GMT
server: AmazonS3
etag: "ce66dd39d9339eebd65264a9ecc334be"
access-control-max-age: 86400
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
cache-control: public, max-age=2592000, stale-while-revalidate=864000
accept-ranges: bytes

GET
H2 200 normalize.min.css
cdnjs.cloudflare.com/ajax/libs/normalize/8.0.0/ Frame E0D9 2 KB
1 KB 310ms
15ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/normalize/8.0.0/normalize.min.css

Requested by

Host: static.arc.io
URL: https://static.arc.io/widget/js/widget-ui.js?c729574a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a12ac29d1617bc71b7d520627ea3f63ccd6e8deed2254c97d274f03b6449579e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:33 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 171908
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 631
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:13:31 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03f2b-732"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hYHZ8jb2ToPVNl4dxs7MDw0biovRRG7p4qI8RMpq2yA5fnwJhUR946fOnQaeoQ1XV2ku5Vcm6tL8zA2WgJKezN3%2BBQAqUE7dupLmYp6VZ3nVzGj93pwaHCcRLSRXXFPZF2YWSAaMQhOBK96UlKhu%2FSsH"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6a692a1c3b752bb9-FRA
expires: Fri, 21 Oct 2022 01:38:33 GMT

GET
DATA 200
OK truncated
/ Frame 4877 411 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f87a4b2a4acbaa053da2e6df56367f4396be15a72f719cedd071e7812725a443

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame E0D9 411 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f87a4b2a4acbaa053da2e6df56367f4396be15a72f719cedd071e7812725a443

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame E0D9 277 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fb2b1971e54b31144a8794057598aba69ebe1d416c8c75d3a142942917f5e58b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame E0D9 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 19311967464cd6447bb7fba382aa67939dcca903a56f1ac925ac2a80ff33642e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame E0D9 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9b08cb6068e70fb67de0576ef27d427a403e1f0055777b7fc5d736963e6c1ea6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame E0D9 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 35e8d96d42f0ffa258060a98b45f013829bc57b3ae7be71c9f54c037b6e0e707

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame E0D9 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fb1d7b6144bde90327cd64b86e7742a9b11a3b2b3658d71dd80115195ff2debb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame E0D9 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8fe9d28d12e8c33e9f1d5ab109c2570547ee6648ca11fdd79b7523c6d2e2f6a2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 G_WD_Corona;strtype=2
ad.doubleclick.net/activity;src=4768000;pid=289966437;aid=483232713;ko=0;cid=97271829;rid=97252205;rv=9;stragg=1;&timestamp=1635644312720;str=LH/NULL/-1/NoOffer/ Frame 9972 42 B
118 B 57ms
56ms Image
image/gif 142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/activity;src=4768000;pid=289966437;aid=483232713;ko=0;cid=97271829;rid=97252205;rv=9;stragg=1;&timestamp=1635644312720;str=LH/NULL/-1/NoOffer/G_WD_Corona;strtype=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js Show response
pagead2.googlesyndication.com/bg/ Frame B4F1 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e7b8ddc2df8ad1ef42f7846f30e92a666b4a79d319fa52405745b6c99f4abaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 21:11:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 275205
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13394
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 18:58:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Thu, 27 Oct 2022 21:11:47 GMT

GET
H2 200 OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame B079 47 KB
47 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61551629/20210616054624412/300x250.html?e=69&leftOffset=0&topOffset=0&c=eb08ByMTnh&t=1&renderingType=2
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:31:38 GMT
x-content-type-options: nosniff
age: 414
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47676
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 01:46:38 GMT

GET
H2 200 OnAir-Regular.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame B079 47 KB
47 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Regular.woff2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c110419995948214e5b16d9d0df8f7d91536cc42783edd90c7fc1810308309ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61551629/20210616054624412/300x250.html?e=69&leftOffset=0&topOffset=0&c=eb08ByMTnh&t=1&renderingType=2
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:25:15 GMT
x-content-type-options: nosniff
age: 797
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47848
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:29 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 01:40:15 GMT

GET
H2 200 60005582_20211014235342828_APP_iPhone-13-Pro-Max_Asset.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame B079 26 KB
26 KB 8ms
7ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20211014235342828_APP_iPhone-13-Pro-Max_Asset.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94c861b3e4bc918650205113892b86d7768e0fbc75fdfcd8e103e87988eea6aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61551629/20210616054624412/300x250.html?e=69&leftOffset=0&topOffset=0&c=eb08ByMTnh&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 08:02:32 GMT
x-content-type-options: nosniff
age: 63360
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26950
x-xss-protection: 0
last-modified: Fri, 15 Oct 2021 06:53:43 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 08:02:32 GMT

GET
H/1.1 200
OK postview.gif
portal.o2online.de/nws/img/ Frame B079 43 B
609 B 34ms
9ms Image
image/gif 82.113.101.132
TDDE-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14114_PV&mediacode=25124645_4307561_316931993_137415464_-0&ref=25124645_4307561_316931993_137415464_-0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 82.113.101.132 Ingelheim am Rhein, Germany, ASN6805 (TDDE-ASN1, DE),
Reverse DNS: portal.o2online.de
Software: Apache /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 01:38:32 GMT
Last-Modified: Wed, 26 Aug 2020 10:11:24 GMT
Server: Apache
ETag: "2b-5adc50abeeb00"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: close
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43

GET
H2 200 LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js Show response
pagead2.googlesyndication.com/bg/ Frame C20F 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e7b8ddc2df8ad1ef42f7846f30e92a666b4a79d319fa52405745b6c99f4abaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 21:11:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 275205
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13394
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 18:58:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Thu, 27 Oct 2022 21:11:47 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame E83D 17 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_obb_rendering_lib_200_275.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sun, 31 Oct 2021 01:38:32 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sun, 31 Oct 2021 01:38:32 GMT

GET
H3 200 G_WD_Corona;strtype=2
ad.doubleclick.net/activity;src=4768000;pid=289966437;aid=483232713;ko=0;cid=97271829;rid=97252205;rv=9;stragg=1;&timestamp=1635644312859;str=LH/NULL/-1/NoOffer/ Frame CF94 42 B
63 B 19ms
19ms Image
image/gif 142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/activity;src=4768000;pid=289966437;aid=483232713;ko=0;cid=97271829;rid=97252205;rv=9;stragg=1;&timestamp=1635644312859;str=LH/NULL/-1/NoOffer/G_WD_Corona;strtype=2

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9081 0
61 B 17ms
17ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BOro3lfN9YZDiHeKwlQf9i6GIDQAAAAA4AeAEAg&bg=!ZmWlZSHNAAZzbWp4c207ACkAdvg8WrXu0B2S2iIWDaizTeUNzQR_grCGp32B8BdHqg7Mtl-1aBP6RwIAAANHUgAAAN1oAQeZAzAzY_YlZGij1zNDrU6Q5YsD15KL4fIaPxB-T5hnDTEFCXh-qhxkIek5ZJsmOLd_Vqjsk7WDKQlimSZamxzMbQR9Qbk3Tf4o8Oe9pWJbikSAZ5miSD1Ka8FC_kAGyfYdy76TSlNEeaeXxW9F_Npkr44PjuKpdLVmJhqFoBkzm7h-qGn2vsysFPWbEMS4LjTvv74urR-v7aO-8iMdZt1uzpLFAU0rZF3pr1bw_HYFvhJEvqOzD27NuwMNbNFEYiyUlIZ9bVhWJLBGGC3RHibOkjIJ9gpogJdEqkMCXlXmumMli0M9fI8fBUQ7RJtFCZ1Df0TPRSy1zTiGcyCSmANPXBXVjhXjyahztYPE5af03EK1bu21DZtWf2CW_9bbrFwA_oF-l3BMD6ZVRejkCLV4hIEAlcMuEslezU7hIQuvixlLPWt4GPkl81q1JeFAAiG-6t9_1SU8GwrneHP4qsIqF6_XcZV9aLkf3rrZKauCoPx36zQ5Dlejptye9d-M6R5IovHi78_w7Q2pZV9fzHgM4PIPJ9c9DbGCV8kVdce_zEZGav1igJvUa-m0iEGGbmbNjyPMovREp7DF5QS5DXHd_7pyK_InjIjdcBMHcAGLaXn10erHWLKL_iSxL1fLp8mgBp_BmK5AOgrcV1vCEqxXkRmOq4RJYTVjUEF8LAN6iOAB-o6U6A6_ZYI76FuSdtt14wOyvPPIh6X-V-175yxIExaH5hZZQWiuvKYjeENaXpKwX3aXCdve3gnOCLbNxg60m2_xqE28XJ8XhkGu0glIEIcK2aNjYbSyEKSzSaBJ23mWZpnjlvwTU-kEJcp8Ynw0SSR0IS_uidun6J0qM2LX2co-cGhxCn5GnjCR1EuMFamjWV0tCEq4L_BV9uvFP9qC6jgkw8-61dW_S4Yu8g6eWyj8vu4HdzS8U7p31Vg5KXmbuuu1i6_zc64fUuZxh9vO3XSEbpuVa7SXW48biykbNcFBWWDu56oxBPslTCqkaSEW88Z-k8sGM-r1-EN_tjrAmkc1m2cziBSQuVjhn22TaqSfY-bDmHl6ba55iJ_Y9rTSt6fEOvg9GyYJnE8eqHf7g7g

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js Show response
pagead2.googlesyndication.com/bg/ Frame 0EAD 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad8b12962ae8e7b1e5a90d30d5daf381777909bcc20b06faa9d148b888f6cc8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 15:10:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 210477
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13232
x-xss-protection: 0
last-modified: Tue, 19 Oct 2021 13:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 28 Oct 2022 15:10:36 GMT

GET
H2 200 dc_oe=ChMIoaew8MHz8wIVrYf9Bx39RAyMEAAYACDmuJRMQhMIm5OU8MHz8wIVo-K7CB0G_ATv;met=1;&timestamp=1635644313111;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=1;eid3=11;ecn3=1;etm3=0;eid5=12;ecn5=1;etm5=0;
ade.googlesyndication.com/ddm/activity/ Frame 4F2F 42 B
251 B 55ms
47ms Image
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIoaew8MHz8wIVrYf9Bx39RAyMEAAYACDmuJRMQhMIm5OU8MHz8wIVo-K7CB0G_ATv;met=1;&timestamp=1635644313111;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=1;eid3=11;ecn3=1;etm3=0;eid5=12;ecn5=1;etm5=0;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 base.js Show response
d.tailtarget.com/ 20 KB
8 KB 8ms
8ms Script
application/javascript 35.201.123.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.tailtarget.com/base.js
Requested by: Host: d.tailtarget.com
URL: https://d.tailtarget.com/conversion.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.123.184 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 184.123.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 54930f8d5930ea73a5643b6e7cd4f3e5142609ed371fd9d1969ad38dba591ab4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 23:31:38 GMT
content-encoding: gzip
age: 7615
x-guploader-uploadid: ADPycdv4NPvZM-gzcVZlmHGtbbv3OFEpr4fs0wusYwuR2gA2Mq64y7m1g81fL-FitkKc_GoneEJH5tdoS3gDSrM7gG2h4wQ6ZQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 8332
last-modified: Thu, 23 Sep 2021 17:37:36 GMT
server: UploadServer
etag: "3bd196ed5cd9e1a21cd3f4a34c4baf1b"
x-goog-hash: crc32c=QnHpIw==, md5=O9GW7VzZ4aIc0/SjTEuvGw==
content-language: en
x-goog-generation: 1632418656026668
cache-control: public, max-age=86400,no-transform
x-goog-stored-content-length: 8332
accept-ranges: bytes
content-type: application/javascript
expires: Sun, 31 Oct 2021 23:31:38 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D5A5 0
62 B 18ms
17ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BoWJdlfN9YZS_G5OG9u8Pg_qUgAEAAAAAOAHgBAI&bg=!HxylHFjNAAZzbWp4c207ACkAdvg8Wue_QfWN6MDTD6p5AygfnuA68Sa5sQnYyWxZrC4gPPaFXECLRAIAAAQdUgAAANhoAQeZAyEUAJsGDmQbX6s7d1O-Garbe_eIvM5V3p2hsvSpUd41HrHexq8MF4xS_paSm2bG5SbCNSNK8UaJjCPIjtr1TUMITjezaSmR7DPrw-h7_nL5_q_jL5qP2QVMGFIZv9Po3njye3TKdCp4NQC1pOgaQ5KdCSj43o8mdBiQGx81s3MoYemq0bi6XbmZTwQ54-EM2aOB8GPZAraRxzo4aeXm6p-UIyVzwfy0b5mQ5XhtTwuCwFLeVEYi46ONief6x4TrLB478Gs66kQm6WQdUz7OdpxnzSdjNMHFZx9t1aoIeHJpaMLOY7CudnVWpQa1IgNnLs0XIrK5OqGXwp6UmCV7SQMmfRdSM7V-VmD98xxvtvPQ9qfeBPpIizsf0WJKIicLxyoYFDmlcyPJWgp0rVmB8ogoe_0VgDBjTooiU12YGDDHRTzWpX9xBJGqAxadTiU3Ycta9GODO5fjuYq1nG8Hk_fyZe9ycm_JdL9PZUFiSlwehXl00H9fnwq1ZgOA6xDWS0GDm4S5vql-TO-OBqwsuUrFk_lgn4jiADci84msEM6e6TqTEZf3FTrFY2tbrY-tSYrd_loLWNpJhPhxE8qW7RGoYt0qEo9E3Bke18T6yP6EYob6DNeln6s6WkoLzs5rnKEVWqC50hxkk38St61EPtEc2rAgyE07IOVYHsPa7_x6NbdlJ_DtT8UsjLrLxpvx_K9JzHdazFtAehrzJ13ldvS8EgSSoWcsgnNuySAa7CRbqwrYa7hKCwavaoyQmxJRXRaig0IMb8F4JEWs0q57ebFHhl0qltDAfK_1QKGoZaBLOsUHNjJ_dVVmjfFSqdSZkbcPuXVnUDrvLeENmztYIWaYipbBFDUo-QCq-xZuBXReFgWlvBbrfDnPiJfDCBxlCkSwevT1oBhHxCXqehXYKPJIgZyNLfiIolCMnXVcrS4k0nAydl5PY91XqHNzOKBQ_MBDwkC1f_pjoPPqnR012P0uHYnNpzOJh9lh68gX2d1JTQWLt7fONMYBwy6t6Pyw51-PxAF6rW2XHH8BX3QXq_OZQTSb00QwRRrA4ZzbsG-j7UA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4C8D 0
62 B 17ms
17ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BIWjylfN9YfnIH62P9u8P_Ymx4AgAAAAAOAHgBAI&bg=!W1ilWBzNAAZzbWp4c207ACkAdvg8Wi-Uk-veg4jBIm1cY3MFsIAjNTuZ9VAu-BwkM7mYKjt3WEZNnwIAAAMFUgAAANhoAQeZAy7B16d7WuirFf6gvUl9EWBp6YPfcnhEDDNY4Yeg0V2b0dqKhLcsRxGB1Bc1b0VP2EgKJ3naYOJhk7iUTfWYfGB0RsL60VZCtKxP9C9Da8xhZ0yT18Ez3HvTpnQHSVMRorYllZVXucFIr_ruFEvEBRDOsBvxC162MjedI7Ov6hEe2dgL2mX0aFgtcQyXrygV4KMlNBpGz-0cdQWTnD4_DwxX6yA0KEtJKcAl88fvOcAX7KHAXnr-_30IXMmp18KQpGuXYNQ3napdgewqFLuEyAAv6AwXyJbz6JRE9Fyj3xhD0xH1i1VDye9DgqyqD1rcYMDuq3jrg8OmIaE5nnSmpjchlYPQJ_iXsBpSfL7IrS1P18ZDyWzacHv7ROT-aLKRhoREMxLFgxslUTrTSGFpFaQaN0xsPCzyz0uNyx3OjmN6lH5Jw5nmKnAiVO5piNv8zUit26pNlMPA0SqfFFnpjQ6QkpeHaAZ8ZM8OGrotxdLqkcFueLpcWTZ53D1QiO8bO9j1uCN42pymajXFrL7jDPiQo4DCQjNNmk1tusxOgnn1lPBFYrNmax5NfbmS4eZcWPTh38KNFPTojhxoX7NjcawB5KA9e_WktK_qiAXZcn6Uu-7jkFmdD7tHoZC6hv0qvq3K3CYCfgWnpFs3R0FR5olLrgS3F31-oAYm7SYRZMFfE6C_KALNaf3qKaR6FwJFodv8tGdKQzXEiAJ_fnQ4znCdXmwRv9bQPKdnhoadNtvMSVEFh3cfjF-N0gnfyxNtKGcu4rZO17Ys6yWu7Uhcdnw5xLsG74N2CQPNYWpHbQzTtegtsBEVqFZ3EtrQso-iv8QDtBdmQXZ2gdgR_NfhUyTOm2G28yPowMOjLZgBe6eh9a_5ygh4930HW6-YGnlQGoOyJi4XT4744W7jSKr65IKcoflUaNroWR_yQot96kyKp7_JFwyVeUITrjDRhqHd0RJ3G7lIMyomT1vL8UDNaanXB5uuDZkoZgnUnir3dVu1ESpGoRN-fdHbH_ay66J6LkDEBiflVkto5ckvRAw8EJfQdJU6dh92sqdWVmUaOPiJYxj8A6VPEgXC6NstbX5O

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame AD8F 12 KB
5 KB 9ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Sat, 30 Oct 2021 22:31:15 GMT
expires: Sun, 30 Oct 2022 22:31:15 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 11238
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame C81A 783 B
759 B 24ms
20ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3e6a677f020945204f2ec33d9284cd6af5d0bcb18051de7ef6fb43211ef50ac6

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-UGt7DKYIrbC/uRNpdzuWrg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sun, 31 Oct 2021 01:38:33 GMT
date: Sun, 31 Oct 2021 01:38:33 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-UGt7DKYIrbC/uRNpdzuWrg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 511
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CEBB 0
62 B 18ms
18ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021102601&jk=2375784301372285&bg=!Z2SlZCDNAAbUs_yW1LM7ACkAdvg8Wqk4YWH-tivlAX3XeAYr76CGCFKEMBtm8T_G18qTpM3OS9BmHgIAAAKRUgAAANNoAQeZAt72DfT1E84f1GXkTbQ5N8GXYYk8-VE7CdD5JPzm6GM4uVinC2VBZ9zhA5RVseFqKuC3jKPm5q14DhNtkLRKSS4RRvZEDoyNQ4p5PPLSdRj6967ujXyPJyL7WQ9wfm_R_Jk2JsouoxZN2F-50bnT4zajiM6Tig2GNopsuFVhlL0wm1j8Pkv_Jr9Ubl_3IGNsxGiuws65OfODnxLbjDo3dk5tuZ0m61_3HR7OpAUcArvgsyWPDl6P8yJVMTZflf_VePdydD-UnXBFvw1o-nlCsXtzWjom_FIqpBX0O-9Nn05-1QkXc_CTUMeDvHwwD2d9nj0gufnEjU2OzAOJcwhAWuf3YIPU2CIAG7oBHpLVofC1kUBs2Bi08nbGDyMLs2K-23QKzJthiqjr4y250KfLZoPjo7eUGTQbNpMNQyVwFSV_dCV0_Zit-7kbrkVI6HDd9aeIcWl-fzzL9_yu8a53qtwuNf0w2FCCDIJqslILZidN_WhUJ5PTPNAdEz1oi9BKw3qE3obmwFvIALvXtpS7qNhE5BrfMeYYsgeEmnrrhepSF0hQQR5R-5L7A-_L8cet6a5CKdefZpwWIGb2m781SKSdCsWGmyUapWS0qm82ErWoxDaHo71C0BnfjVVeTGZF2yhksacbBMkEZtKlBCOsp7gydSgYHtYxJG9iJ_xp5N27OPRNI3U_U3RdVWCjjD5neQgtEPsovCiRPRac_sT401KANrqOpOpSL22kswWWl9VTpjujvxYogoDJ_YJ16vbZ6VJL7nVHl5QuJ0eQZ1K8c2fCu11gPk-ejoI1yyHVde9Y31Zd1BwDDMfTBvwUc5V-pxN7UKzFjk1iUigaAxKMvjRDxGAtda-1hueRAFRa7JWVBrrdRYvL5fRVbG-4LaEFbE58pOYOJ80HHGAwhzKQEWJdF4cL9eT-NyTYntn0mDXPcJ7CDtmWZOlGFTtl_jDO-vfLeOc6peFFvWdZUg73GA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 u Show response
b.t.tailtarget.com/ 76 B
485 B 128ms
104ms Script
application/x-javascript 34.102.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://b.t.tailtarget.com/u?env=_ttq_tteurekaads
Requested by: Host: d.tailtarget.com
URL: https://d.tailtarget.com/base.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.185.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 99.185.102.34.bc.googleusercontent.com
Software: nginx/1.17.8 /
Resource Hash: 69d774246195b9abe605a10066981c9200d4ffec15250bfd8d29e2c216d0b9f7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:33 GMT
via: 1.1 google
server: nginx/1.17.8
p3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
vary: Accept-Encoding, Accept-Encoding
content-type: application/x-javascript
cache-control: private, proxy-revalidate
content-encoding: gzip
alt-svc: clear

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame C81A 0
0 37ms
36ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20211026&jk=1961414005332091&rc=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8A53 0
62 B 17ms
17ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BsFHUlfN9YeGIH62P9u8P_Ymx4AgAAAAAOAHgBAI&bg=!CgmlCU3NAAZzbWp4c207ACkAdvg8Whjz4VwmktkaLJsITFcZSDX7jlc5TlrAOpq9ouViJbuORw4DgQIAAANKUgAAADVoAQcKAEdler06pNPa4jkuofclDm-zJH69K6JMefGewEADrTLYPesEr_mahYWA_a6ic3qhANWOx88RCRwoquK9He7PFJqAMC4Dg5roA5kDFzJvrDYAXkG8JE_0RHYTVQmS7BJcnnt2h-HJU8ET_ReG8VAotVGg9gndV3Y9hTDWkgKjimlBhJ3kFljdmVNeIYxGG9zDKK7DRirmtzayPF12osbKiPZVh4FjLXw_07bkW718nVIY4p2bXNZXXS7S33XpceFpzbjXn8kBLbqo1hMMtBf4EsGGH567OWupsWT0iNgnLynbdjmTOFeEUb6n934P6NQgjgwwMwMszFHc_fiIkdNbCEUPO5FfA5q9CpTSXPwBOuxR3UI_2DyulJaSrCeX55pIEE8B8JbvmysT2ZB4ratGyBaam2I5j2iCWZLn9iQ9E4df-Na0BnvwNphWSYKm6kiaRShhZmJ3KU5LVwVVUBQottgfulcYlnyHdEUQLYg7hS57-vDgcORbBys1lH71-E7iA7j43AgMohvYT6BPAEXlKXmMtAvEK8Ks3S9obuY48db4T1qXBB17YfWwhB9CkXpXO9SAHi8U7tU_QH55WeyT0dvlBORoB3wh8VmebyfNFJsoMMVxAhbios50HtiGBXcP7DJQASzBOEVSeFAdQZxmbyER6qMKd_EeipOam3AI1bYURYWkY-87IdyIobrcU0R3hfkXjQCsUw8Td1vMUraw9cwp1Ucvt-zuF9pA--9XhcQ89P9uDCiKbEscuMJP1JTg7J6hkIcbmuqXH8aY972SNGzs9hWfSf4civUaOyvdTQqUJI9H3C0RTe38tE370N0emd4AElWDIJyQvxAJhnw775AhlZqnw-mNi5B4a48hTeaPjYmq-MdgPO2Q18oONF4VV1W_9MHw_OJrRP52KYoJu_IctE61aoFXX0VJAJ3XJijHNpnX_Ai_EcH3rmqpkSRp3PjNAgY77R_4JVQ7Cagp4zBYl8w5NA7T0LbbZWNpdvcUoGW6uYnrZVX8VrYZWCpr2trlT1ew9bmOHcQZIgMnSCp8jFH5PRB1jVHe9Hmd7J32ZbOuoWz9bd-igMRiipD98R_4Ub8P-Pm4FICEm6IusYI1ypogjTPj0mf6WU2nAkY0215BS4PPWthAecG92SC-l9Pw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8A63 0
62 B 17ms
17ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BbNsKlfN9YbGgM9vV7_UPmYyRqAcAAAAAOAHgBAI&bg=!WFulWx_NAAZzbWp4c207ACkAdvg8WtwjA5uqO00luRuc-6MZ_wrvlEKsGL6GQQ8ONhfQHL6kipBU8gIAAANNUgAAADhoAQcKAIqRhZVMbxXxPQHgKJdT0nEMA4EbSTXWIy6sI64vYhYvonHixqHH0U-xwJgbGwjCkiRS119OXejztPhR5tC6Do7EAMENUahC7IsrKKdsSJK-zfnl7v3Gw13axmrvNr55tfkl9RWB9QCW0n3L2nvpLRM8s5PN-mqzfoVKT0-9OcY5zEeAK3dqrTU8fL2ZAv2-pfSQTXu8oL8jY-fSdo2Xfva0WBK6KlgB14IKTayyES65GYQFllgzanuATdT3vE0Q1H8hreuEiNolWN0ATMosar-2M7sIdgs71SIZj3PRWNcjw9vTpJoKbiIwdNFvESjL85FOOwbT1ESOu3pQilZSdwWIEX0JpzliaGwJR1j4CQBFiZ5Y3JtztxdV_Q08ivLe_1t23bsG3PF5FxorCf4unFOkXIus-4ozj7nXLAhwykP1Ln5RSHBxpIfgw9Gj0ATsDkB-uL7WW-8GolinHutmUEgn84W594-1Inws8U-HCR23HHkkPszI28tZaZ1M_HO_JWn-TE9HA_BSk9uDEZyp3QK_QM9Gh2J_a9qxMuqsl_YOBYpLuW8nbnHaMtKeHdshLvxhCYRj2WRzRzDSnRg_e_XmyRXbciH77LXbvmOtLCpXu6QS1bb5ocgGtPkqaKNn2qZcuflo4jY-0KJJQAg8W2uaUV9luAME4M_JcKIPRLs9z2Vn8WLRdXagOW8wVCISt6r9gPBP_TpbsroIVSZO-0UCEWsz9R9ECWoWAiqBtkaZsmM551Lpe-qgYS6TKaCUCkmr0EhserlA4WkDwsf3Z064c6zl9kWVIFMrl3ARurcH5oO1gMSrebaGepR0MI6YubQp3w3M7Rx6qma26ZDfGrGn439aJ6LvQD-xMgIgIPI5vxsWNrAimWQdbMRfFNs6lOlbB1dLbVaSF-40BZn_qqT-eU9FfE8ujXj3Jun6LVN0SEyNCqknkJulsMKYnamM7F2UTOPloPfstEcnVRjPRubtsyhntw5yE-zF8b4Ji4lragt7rqlUPto64S3g4yrbRkwkmz3RnF3rLx0OILBVMYqNc4AsT1Bd51PHxYkavYaeiF-c3xD5CdOMsJ0zBoh2J9eYk0IotEUxpB4ducq7MNjiGgM3vCsQdWiwmq2pIV6QoItu_f_UF1ta8sQFtmde-uKL7UIIa3s9cDGpC2pKk53f9cAad8h9v6uugHInypWVRdC4sk6po4LhuRk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js Show response
pagead2.googlesyndication.com/bg/ Frame AD8F 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad8b12962ae8e7b1e5a90d30d5daf381777909bcc20b06faa9d148b888f6cc8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 15:10:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 210477
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13232
x-xss-protection: 0
last-modified: Tue, 19 Oct 2021 13:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 28 Oct 2022 15:10:36 GMT

GET
H2 200 b Show response
b.t.tailtarget.com/ 136 B
564 B 106ms
106ms Script
application/javascript 34.102.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://b.t.tailtarget.com/b?tA=TT-11382-4&tY=1&tS=1&tU=0100007F99F37D61B206929D02F2A025&tX=b.52&tZ=372838349&env=_ttq_tteurekaads
Requested by: Host: d.tailtarget.com
URL: https://d.tailtarget.com/base.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.185.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 99.185.102.34.bc.googleusercontent.com
Software: nginx/1.17.8 /
Resource Hash: a0aafd519f77b9a38b7d41d1456df8e1b582456737d3df87363ea931b3b55b5c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:33 GMT
via: 1.1 google
server: nginx/1.17.8
p3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cache-control: no-cache, private, proxy-revalidate
content-encoding: gzip
alt-svc: clear

GET /
tracker.arc.io/ 0
0

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B4F1 0
62 B 17ms
17ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B1jlZlvN9YfZenYT27w_LiJXICgAAAAA4AeAEAg&bg=!TE-lTwvNAAZzbWp4c207ACkAdvg8WhDUKWJJRuHB26Ed_eINoqHxxRbFJdPZf0xPendHzlla9fE7zgIAAAINUgAAAB9oAQeZAzK-96_jZ4U5LMXrFepn8Q0sbR8ghl-pgCKmrm-LJDfEIeD-xYgGGSbL2pxeDs9LQAzSayNSFfTcOsmNHOXRJ1iKWuAanKYfsAtnKskQ-Td4aEJB_09TSPQDkl5sSRTy084AIF4QAAHn02nQGK_lsDLAwXfioKBKgQycYu_aUQEL7LotUBa-5BBLG_DPQ7fliSSzap-mN02icFBriSiuizepLzbNU6RyiZ9x10fywrudQTTwLYadX9badj86p3JaFYARxD5UbVeN4Nzr6eF7FQpJQLFled9oanPIRY1vSvlBu_qt39oxsv3gerGDQrUrE-40Fmlm2kJV389cRWqxKQKmzpuOVexSGeyEEKg1ijwAOk0My_T6o49iUj7mtzOivUF4ATyxW7_gBbhVYc2rdk7Ly-AH0Yr8MrQdhjBVDTlSPKn3fgNNo--_99mt9mIEoB0WVS0UiBI7rXJ5UdnZbz7PAlgITFaYJQJfAG-lI2UjuMkC01lnJBh4zXksysAtCTSjv4iVV9bUCM8AWo9xkRqqtSbXmQcYTki8v9RrBQS0qOgzGdiBeqPIoVwakmLcoXXYFTUGUQdC2F3KMMOI4ATJ1VnoWD0EbPqUUtDekFpJ5naO9NyqTAFJtaeeBvicK17G2KwTItS6jkrnESlarl8g37b0iOh_Ti4r9PambV1N6ReHUntMYaSGt1l7MsIm0VWmQZSvo751Sx6-SsrhKhWM3v_g_LN-kpnAAPNbJK5pL_e598RLMlJDac2S00Vo6UcpwMwUyhmq6sjY8Ki9_J5m8Jh6ycR4nPdHNRLo4MHNhHZtBeXrwcFiplmpBI3JTNW-5iy6a8NMZhlHDhnDBtmHAhD2eml_E0JkovM3mlKgLAwlgykTHgZFVGFpF08ndDEkyEQNSL3oynGmzF7dtPNhh0u6THL-rYVcOLMEqKOETzGSbKJxsBe51znhEyAEb8ixgVaUo156OrA-TtTqAWbBEL-Hw0rXfmMDIhjpJrRB0fdaT4rDszpx3TzaW4waTIs5T7fTNgrzBGk2_luh26duzE7SkRAKR6DfUYTopOiIUi51onD1yMFSJMuBU5Z6eyU5UA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C20F 0
62 B 17ms
17ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BdjBnlvN9Yd-xCZSG7_UPqO-I6AwAAAAAOAHgBAI&bg=!MDOlM3fNAAZzbWp4c207ACkAdvg8Wvgrnw_ItRbbG6PIAda9FtCQYcpkYsnGeRWChCmzD7Gogscw0gIAAAHiUgAAACZoAQeZAykG2mBQx6weHsnZR6glRUa-7TbC1bp3hGDARELYxerf8HDKH5gd3KHEQaK6PwXsFETO697mGo8U5Cz2heUzF18Pkwdvb_lvi4oyurB9lIlb-cCu-XEaz8gDBoYEBUnWQw6m7x9tDsRZ0GIDU7OPxM5JxYoMEA82DhfTIROn1-wJrxHMewt82XD-bFuytuaenmyoR-egg8ZFrS5zMnX294n8cbXZRzBa6QoPmXeNjORi-xISSAAoyBKGd1-TdmSkPXILp0Vwfl6eN-8Vbj015BluktU95KtqKvncncrDVdumb2q8xyE34WHic8H-FYjj3otlMaCQ1kZz21ARUlLutEASRTBrB1KylK_0o-Lf_dzqfIAE8qVeTR_RQWAigpr_EyNoff14NpU3lTounx4hqSV_lGXmMBDEfe-Sec9CsauwgviCX4qJIvzFJNfUI3rIwZRJB0L4KOe3OT0iEaSu24DXhmFNNN4exfJ8-g7uJ5rs4CpkOK3HDlpSWFUcVrbxpoTfn33mRt2xp5CLmnNy_H9kSOBKcgbAfNm4XPuFfQwpkNE2bC3j_v0bRoR6nhMKzHSWKgnCRzRhblHFsJa_wfnOzEBR0TnINK9NmiKSDTTck-p7KPw8bLWgaO9e71LwNH4eqZJMl-HFdQETNZ6bxMovBPd7WbRQUPSIumnIOyov6pTJukE7Zn7DvWY6KnIctl3LHgpNSZej8pt51tFmnM6eM3eYlU9C3DyMgb1XdbZu_BBzfLEOA3H_hv-jPCFwY0ELCAE4YeP83tTqEtTNX4-MmI8hYWhOEZuiTdMcKtDRiMolSPSt-Ci9RIP619lEKRsguri_p9QmWLQby1wFL9NHgafkDIJftasJaAhdzw4Kcq0Fx6AprkTdJJC1NKR2YT4pHPvmKchBz4kC6LF9-cWKo89AxynKi8mMSgIaw4g0QiZTTPQocPd-AKN1bxM1LHYza42YStFnxBXET9M-n0zWyAkCFoLCuVUVLpBEeV4xT41s3_0GmJPyasox-ML9DfYne9uUUXZUgYm1VO0MXZaYeU2nhcTtQLlzqux9aSp2Fcm8q-TswXGvrQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ca Show response
tt-11382-4.seg.t.tailtarget.com/ 83 B
344 B 122ms
106ms Script
application/javascript 34.102.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tt-11382-4.seg.t.tailtarget.com/ca?tZ=897878297&env=_ttq_tteurekaads
Requested by: Host: d.tailtarget.com
URL: https://d.tailtarget.com/base.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.185.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 99.185.102.34.bc.googleusercontent.com
Software: nginx/1.17.8 /
Resource Hash: 3729de07090fb8cfeb2d3810f33faede05a4d7fbe9cb16bf703c8445811a7dbc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:33 GMT
via: 1.1 google
server: nginx/1.17.8
p3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cache-control: no-cache, private, proxy-revalidate
content-encoding: gzip
alt-svc: clear

POST
H2 204 Y2x5y2pHkRfqH3YTnbkJ2y
warden.arc.io/mailbox/nodes/ 0
0 339ms
107ms Fetch 18.223.141.84
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://warden.arc.io/mailbox/nodes/Y2x5y2pHkRfqH3YTnbkJ2y

Requested by

Host: static.arc.io
URL: https://static.arc.io/widget/js/core.js?2326f2d

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

18.223.141.84 Columbus, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-223-141-84.us-east-2.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://gruposdewhatsapp.bar/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sun, 31 Oct 2021 01:38:33 GMT
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
strict-transport-security: max-age=15724800; includeSubDomains

GET
H2 200 lazy-iwc.9b430e25.js Show response
static.arc.io/broker/js/ Frame 874A 14 KB
5 KB 17ms
16ms Script
application/javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/broker/js/lazy-iwc.9b430e25.js
Requested by: Host: static.arc.io
URL: https://static.arc.io/broker/js/broker.dcd0e0f1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f2a7e5ade77d712f4303757e9c0c3185f72f24cfa5f5da33bcabc63abd376a1b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://core.arc.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:33 GMT
content-encoding: br
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-azure-ref-originshield: 02T58YQAAAACFpIdC2Z2WTbFLkwrZ6EE2TE9OMjFFREdFMTUxNwBhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
x-amz-request-id: 2DBZ3D15J2VFVZ1F
x-cache: TCP_HIT
x-azure-ref: 0mfN9YQAAAABhLgcPnxhPQrVEZMYxgn5iQU1TMDRFREdFMTkxOQBhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
x-amz-id-2: 5/TeCReNO3hhmMtbYF+M6tdm0PB9jiQ4LESFu9Q1cZNinHUvym0cE394ifYUDflpqS7kKEp+Yc8=
last-modified: Sat, 14 Aug 2021 05:04:21 GMT
server: AmazonS3
etag: "7fd8734437dbdc553c3513d10d0c0a97"
access-control-max-age: 86400
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
cache-control: public, max-age=2592000
accept-ranges: bytes

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 05A0 107 B
165 B 16ms
15ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=gruposdewhatsapp.bar

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102701.js?31063350

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 05A0 107 B
165 B 16ms
16ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=gruposdewhatsapp.bar

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102701.js?31063350

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 05A0 15 KB
9 KB 312ms
311ms XHR
text/plain 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2841142893738159&correlator=3467617547629402&output=ldjh&impl=fif&eid=31063136%2C31063213%2C31063350&vrg=2021102701&ptt=17&sc=1&sfv=1-0-38&ecs=20211031&iu_parts=4676908%2C2fe0a2f3c1b1be95772ea227d115c8be_2311&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1%7C468x60%7C970x90%7C728x90%7C300x250%7C336x280%7C300x600%7C160x600%7C120x600%7C580x400%7C640x480%7C900x600%7C980x600%7C970x250&prev_scp=estilo%3D0%26adformat%3Dfloating&eri=4&cookie=ID%3D6dd818f9cc4d2108%3AT%3D1635644308%3AS%3DALNI_MZfoMACvw8IIn9Ehwptd0NsJooBAA&cdm=gruposdewhatsapp.bar&bc=31&abxe=1&lmt=1635644313&dt=1635644313704&dlt=1635644308622&idt=198&frm=23&biw=1600&bih=1200&isw=1600&ish=1&oid=2&adxs=0&adys=1209&adks=719540908&ucis=tl971s6pbrfb&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fgruposdewhatsapp.bar%2F&top=gruposdewhatsapp.bar&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x1&msz=1600x1&ga_vid=1284460905.1635644314&ga_sid=1635644314&ga_hid=2132920216&ga_fc=false&fws=4&ohw=1600&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102701.js?31063350

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

c5c2e05e9b7f4a7ffa59fa2c56023a710e816db99b78d7d24ecdf9678195165c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:34 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9031
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://gruposdewhatsapp.bar
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C21D 6 KB
3 KB 60ms
15ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102701.js?31063350

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 31 Oct 2021 01:38:33 GMT
expires: Mon, 31 Oct 2022 01:38:33 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 vendors~widget-sc-client.js Show response
static.arc.io/widget/js/ 60 KB
14 KB 18ms
17ms Script
application/javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/widget/js/vendors~widget-sc-client.js?35fccb86
Requested by: Host: static.arc.io
URL: https://static.arc.io/widget/js/core.js?2326f2d
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c7659ffb0d3df377c1234d14b4070c72e387079e938702120b7c4dd2be608f8d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:33 GMT
content-encoding: br
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-azure-ref-originshield: 0LWV8YQAAAAC/C1hFSh0dSI9tyQWImj9oTE9OMjFFREdFMDExMQBhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
x-amz-request-id: XN2T2SQFK5H61VZS
x-cache: TCP_HIT
x-azure-ref: 0mfN9YQAAAACPFwa7dVMTTopACJXxOH4LQU1TMDRFREdFMTkxOQBhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
x-amz-id-2: jTzCQ8SKC+b30ln35Wg+gg8y8PeX7Bj08wXQ5+86mBYomGYSA6A4XaPyAdHXToi1LixlSGto+88=
last-modified: Thu, 28 Oct 2021 19:32:37 GMT
server: AmazonS3
etag: "fa12476f8ee3c92b8369e0c9d3b915f9"
access-control-max-age: 86400
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
cache-control: public, max-age=2592000, stale-while-revalidate=864000
accept-ranges: bytes

GET
H2 200 widget-sc-client.js Show response
static.arc.io/widget/js/ 4 KB
2 KB 17ms
17ms Script
application/javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.arc.io/widget/js/widget-sc-client.js?5230d45a
Requested by: Host: static.arc.io
URL: https://static.arc.io/widget/js/core.js?2326f2d
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e234d40f147f882074ec0cdc8056cbef522781262830a7e41594815da1839f7d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:33 GMT
content-encoding: br
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-azure-ref-originshield: 06U58YQAAAABZMkm0B2SpSZJsLhRHRcPWTE9OMjFFREdFMDIxOABhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
x-amz-request-id: YRJP2H6SA7JFY4TQ
x-cache: TCP_HIT
x-azure-ref: 0mfN9YQAAAAB65lGXy4epToO99J8fAhcBQU1TMDRFREdFMTkxOQBhNWMxYjA1Mi04YjNkLTRjOWUtOWFkMi0wODc4MjVkM2E4NDg=
x-amz-id-2: PguNPV3oiH+0V8Ian6h2Lcctw+dWJNz29JAUmBpYUQElP7rwn1j61OtXh04jlENt3irPT7lyYpA=
last-modified: Thu, 28 Oct 2021 19:32:37 GMT
server: AmazonS3
etag: "d89aac5aa14dfdd92a465a008245a510"
access-control-max-age: 86400
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Content-MD5, ETag
cache-control: public, max-age=2592000, stale-while-revalidate=864000
accept-ranges: bytes

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
62 B 17ms
17ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20211026&jk=1961414005332091&bg=!qaqlqu7NAAbUs_yW1LM7ACkAdvg8WqFWuEkYg5Lut1RJCpTl7JLWjZZw6AUHNqvMigXN8ggfQKX5KgIAAACcUgAAAA5oAQcKABV10qnyOQwmZhqPlNp8yDa-ZQ4HhuuZArPRseKgl1rhGABdV_ZHJQIoWuIBZ9IwkI_zpq_Yw0ypPvgi9RQZpXza44IBBpwJZKdF4jz7sKQHosP5-jV9P-3WzI5lYHAQFEeXLx1zw7UMr970KrLVfb8T7qkKHitTxlb0TeMeKwtCkrXsl1uic3lyljCoW7TFDGN0cnRzujXlpbmF9NENqCt-9Tez2jr8IdeNfl9CKGl3rdewU8vs9GQbpgEVQTD9fzyD9MVa1axuG0I36tLTnIZVAJE369Rjd2BJuka3-lCaWk17ObfEkuMpAu3inGZx9Fp1_nEg6wGk8ednEGDYogYuXVOxKBcNbKKoSSnShbheW-safuUzSx9O5zdLWzkFQrtgiMfD6KiTKaD3jBPMw4JRbnpt6G6wqY5OHf4Os-BuJXZYXVONKRyz4dSDugQjkNo0olL_MXXBKB21HnxwTGNhpHAkfXmHgrOtG-67XIA4Du5okkybSzy1J9r_rpE5kU3SOD7JAu2NerKVMatoJuYbcjDZh0x5ToeI44o0ZAUraP5uD60BL0wXGirtfMzNQ0XzXD6ZXL2dpk8dadaaD-v2m9hWBVDtODW3PqmPODiYz_-yiP-dX8T9rSz705bcqj5T-3QFqCZ-njjyLJIUXgVUgNddz-uqd99uQksWpdGVhR3ITSnnBFC3vLQwvVsTMZREkg-zUtBI4WYT8P2TG7NIfNMi8Zbf9RSFuMjbPGYxSSkxYan0BT27w3ZikEcVzcbtc7kKRXyfD5omtZDbHoVni8i611bpJkfcT5Z8buWRw0y1__xvOQ6jOhHQcMtvEkkuGqdG3qqciZOGJI8IExmn0ptuNM4et92or7UuHjlC9X3Xa4KiflSMnnrXKN8P2CpfqY-OVJ0W_u1DelhifTyYBQebAwgajIPUi6iUmQUrIeYjzzk1q5VuEcoS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 __tt.gif
t.tailtarget.com/ 43 B
299 B 110ms
103ms Image
image/gif 34.102.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.tailtarget.com/__tt.gif?tA=TT-11382-4&tE=0&tF=&tI=___de_1635644313593_2826377665&tJ=&tU=0100007F99F37D61B206929D02F2A025&tX=b.52&tY=1&tZ=585019985
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.185.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 99.185.102.34.bc.googleusercontent.com
Software: nginx/1.17.8 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:33 GMT
via: 1.1 google
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: nginx/1.17.8
p3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, private, proxy-revalidate
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 container.html Show response
4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 139F 6 KB
3 KB 9ms
7ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102701.js?31063350

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 31 Oct 2021 01:38:33 GMT
expires: Mon, 31 Oct 2022 01:38:33 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 05A0 11 KB
8 KB 18ms
18ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021102701&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102701.js?31063350

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

993a3ec7ad5a571ba327884c4636d9f2ee454ddd8db918b094e9a1a7504e79f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8443
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C3EE 363 B
273 B 19ms
17ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNj8mwIQq6iuAhiqoueuATAB&v=APEucNXkijgGT5gD7SBCM-V5O5ouWiEBYwz0Kzb45ruqgF3ZyJYplGEKnxjOWknvtyQBTYYuR1Ey05TSRS5jfRW22yRCEovx8aftBkOhbsKjFKnJyhvOiZ57emqFQKtmfnuD79UmoqZWpCFzey5E7-vR_rE6Tcm1ux6P2dG7rcQ6AblA7kKphAQ

Requested by

Host: 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
URL: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6edfad1d5d6275fc7ade68ffb1f07d480fdbb39579fa359bc9c7ea1d4649fce9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 31 Oct 2021 01:38:34 GMT
server: cafe
cache-control: private
content-length: 206
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 139F 72 KB
29 KB 47ms
45ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CT05uEkbcQq27MBfKMhLNuMOJF4BxEjeskyP-WKwB9-1eCxGulh1O62Raygx5C1xqco31HpuV-am-Gh8q7NwmLtNUD0C82QDe-6yvIcKy5qvPVuz4FMrPYAJhT2cY-9AbjxL5nUjJRmTol_pg_HuqDPZzqtw&dbm_d=AKAmf-CCZuroUfYOztlwPk3NVCcuoAuHZji_FQMj5hvyoQga7Z-pwD4VmJglFJB6lW5_kXmyhRxsCufPZ7n1p0cZdrqXJylxP-1uU29cW7JB_P7R5IPGNi-Q-fCHAzu6j12Uae5dNIXEHyB7Cem-165VceBtaHlBN0nVT9W6oJEizXbAKE2ZSCewKr0nhofBm7ZFJhNqcUO9yUqI_rRI49Pgz2HRrD_6vMg1tPg7AadQfddlCue_RBuz3eVogn1dfXc-uUM33VxYzQlTv-FT6Mrc9fVVLKBlAM9HylfooxlNUFNy2epVSf6chOA95wA7VaI_o64oWRE1qboKNSesWrxej4jxGgX26WFQYkI6H08DlYzhjR-RLXz-h-X8AHJzwwUz6ZTS0qGiZocq51b1cR6aF8Dcd-mn343BUh4mj2mOKOg8nfEE6Gffo8Vm9yZNOAPH3KxlpVoIYQxGOf2p47I_RFwmSzPG7fw6GIajEtK9nFzxVBouX_2hJEBIIe66Q-5ajbVQKmOViOGTfSLc-OCxo6l1BuGjili9ztd_tIFje-jyJrAA1-A_F6PD6TOt6Ak8WAs3GFeJiD0u8QzGqH-zfUZORAV3XogxLxmONAEL04b85Xa6JQrRs25Hf5hM7WAMSx7R67tzxwpy1Gj0Mn1fnzPw3zq6OH8z81dhS74a5ASoUHj2MEolH38CkV7_wXzThZh6S8O16YoYL6ULxXPhGDFCEtVSNPYJT6f2GHWfTcRLOD6Pla6Xitz6C4H7zPhznCaf62FmJpaL1gRn6qaX8HW9BoisvXh87IGBHtCem2bu_Pb-m5-LQkitq9c6VG_1Rdvffv55UQPxDYvsKe3d19IzCSZaJnHBPkPfUTRiHKE-FLIfDaX6PDFTO7uW08G1ZmF5szas88l2IcEnMELTu9NfYPHhCHSruCRyVbhUnG4uLxP6p7jzHBqChCL_xZVCE-d7mh9WqA2ttvW758pEyd7x0f72RnsLvQ4EDirGTjr5TBm37wouiI9eiDgI57OVk4-XbK0Z66zyYjFQGcU0I-IgbjDQ6BE5LhXukw6Vc7zgYAwpVubYXJkTgFU6cVZcb8X1_XXx5rmEpPhfbjSGDpXYnBYls_w7TerEFy8U1UR_JlzqrN-ZPQbwkKQIlDWRe9Ewy33l_W-THFeFSMoM0_RyvMUUY3fRsOo4GMo1K5wVkWZSP1y4xu0B5RzhLEol1f6As6f9NVr-UjEqDLxSzkDYSuX13nJx3AAqcy3wPX2mAeHdlRdRfTHtnb_mg_X7qdYFG60Z6_O_didYjgNj4E6M5FkCZIcULqjvsG4o_JauIFQ45fB9QFG82e-oj9UvygOFByqM8huPh8FSPSW7RbB3VKwf66Cm5hclif3NxBAxFbbr9KBXBMF4XDDySW48M3C0cv5YfyYZ662X-aCykAh-Jqv4ieLb5urcyywP17p2TCXDsT9tWhi572Z4zm2CJQdOqKURfAEekqhKbYFYU6imWm_7ZfbhKrhYAlxgjSPRpGC1SnfhNImwLPPAhKlp0dgP3QB6RT83DCJU-7wjz3I3pfuhW_01pXDd91YP_oJhsKZubw4YdzI3HLocpknr9jwDqmudmL-j8DZ5Qn3a9HcufxZBwZMQFjdfmIedfPqodoyFV8O1pfCLQoWQ7butGIFuElQPj3u0tyTHpam3gt9aXrII7eUMgm6mKSRtsjyWUPLFEJexraPw0CaaIrNFP5FBzD4A7KxjnqmQNp_x3P1Jz_Gv4zb7dHtMcKfSaouUQcjRd2HztH4RjrcXxqPdbAif8R6XKT6tjc-9HWSAe4Sgq8Ajk6qqY3HT0riur0Hd0xZOksPtSimteuZLCAhJlmBhB1Zg7XXR-16li6LmGcfQfD2cOtTkkQ3iV2APpECz1jB8CB-p1iKGNJA1aSIImNFIKSjJEuid0CL8Naiq8JZcKbXvpe_AxmrOLlSC37v9FAzUo4-QRsc00DTOBQVPZD2RKRxuxBc2kbQkgUOC4PRU6sKzRlhmCT-xiCWzlgsOcjmwLE3nZfpDWF7jE2V7C36wD3HUN43wBEJEkr9TInklgstRTZxgZqClevJumx_affKYG0b2MxqtwGrPpNlBsY5q0rLgNpXLM5I4twlc4N9ID1N2gyWu0YYwBno6kFKM0ZFOzy9rf5on__mhc5DmVIVU5k7jCj-lN1lBD4VZYD7Roem9H3FKBqBKMIwrIKY7UbGSb0tx8ZTVH-fbeT8yBSVluhy1qYHIlBz2fHbMeRKGey9jDsdx7xcbutSOX0namWL18SPJ8Yudtdub1DSnV8QvnJOLSDs2jAIbausvkuS586Z6ZHcwyc42h1BLfRRn-DyIP-vK9JkF_ce66Roo86i5xqDmYzxSoWvbc7YhgA47GVi8bE5wjMBVzOYnEqUMPMW_3B409ASR8ockYIYS1iwW7OovOUuC4GpsDySoJ55iztt_h0UW1abP6Bzor71lOm4Mk7TLdnBF9yhJ3vscfcj6txFEw1dngt3GpvGW2juRyBsVJfYepSVzBEljXmGLSs6EMwfGJwKr2UcH4-TqG0cSAmb4h8HnvIe_oqVrtGfnyMXl-OBUWGaZqaXE8q1y5dWwaveRWhRFAzg5-jqcL_K7mmkKD3ePbNMF8xBeR4wfPS5AavUKgs3WjibWN0mt7olihp-M7BYLEgh7Z8hIdeLYBpRKkQmrt7wnpKTMlkvMWsdUYi7cASOYMflLJXRHc3FvoG-HcnMiIPsR1JOCe54x_uDTiOjLhX6BCNBXpDiEY6-dJ3KtDq72TtKsHQIhf34hSUYNmDScCEGnw2RiPUAhwJaCGv8Nz5_xmOKJ9jmDz1mruQElHAmOXMto0n7KNvNAlhLta5DCYB6Rhl9xlwF-CBNDFpcSpSw-YiPeT_qUrSdYvCXY_eYwgf_INPOUgwLtO6UwthPk1WzNnHXtiiaUXaq_EL6DjvgeEKdvRItRDUtJOpfeUE32IxXWjOKHGPQYptVN4jHNikrX0zpDvJvifN0uhArFmmjGHFQklWh3I_FmvwLEGtVFdG_Cg1Gwh6hy02qp1leE3jDKy4XWiUuBE9jAV691eWGsO5U9XjX6BmnJlyUjjCASaGhLQWIsZQYT9o9M7fVlz_WHI2Wj1ahjS7PP9dxx2cLy13hEc60AOZJbnm5EH3pPRhreR-t11Jvuv93KbzDHF6HqxuUEQbQ9ghXqmNX9p0Nv9va0DGRvFy27zz_8kI6lKCCxwey6x33pDlVvUWESJdOjlA9Bak_yEVs_g92Vmg4O_PklVpVUxpfHvQNgCS5MaYZ-zDGujBmhBzWt1NSjbmGaLzuVaNTw_YWwVL8QFHgv5hTDYnlr0_DEGFVmMjxr_clW8XRBZJgGRslBFa97Nh1_4iP4fryLXNHF3dV-tmEe7-j9N-ji3RLB1BwCL4WHGsXQl0GPSeuMRQp5yszgopdfdiR4m49PkWqH&cid=CAASEuRobz-avXxFFswJv1YVC7EMHQ&rfl=2%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%242%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%252F%240

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b3eaceb315bdb4b26a0a31521a230be2332ef34429226ab735d0757c4d13c7ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:34 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29846
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 139F 42 B
113 B 16ms
15ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DuYD2HuLJc5ySEeKK63THUzQVv5RCZDRs9QFcdEK9gyDdYXOlMpVfLPk7RWRUhdN_q-mNJ9hFky2bLbQnBvsdUI4mipTtAynA5TmQrLp2M3zIbpZQ

Requested by

Host: 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
URL: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 139F 3 KB
2 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/window_focus_fy2019.js

Requested by

Host: 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
URL: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4af635698cb6488a8df86b99febedbc979c76e04f675f3a9cdc66f7b4d86aff6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 00:36:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3712
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1470
x-xss-protection: 0
server: cafe
etag: 9165589572046851897
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 00:36:42 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 139F 120 KB
37 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
URL: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eaaa6059ef4c9ca12e78fcc03ae77ad4cbf05dc73c1fedf64b28a632868bd829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37344
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1635161763799786"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 31 Oct 2021 01:38:34 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 139F 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
URL: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7155d8dd40ece849d72213770b3a5b84467de8c6cab5c3bda3266808502cb69b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:32:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 361
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6337
x-xss-protection: 0
server: cafe
etag: 7721474052657771746
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:32:33 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 05A0 17 KB
6 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102701.js?31063350

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sun, 31 Oct 2021 01:38:34 GMT

GET
H2 200 close_btn.png
frame.ageureka.com/ Frame 05A0 440 B
861 B 23ms
6ms Image
image/png 23.111.9.64
HIGHWINDS2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://frame.ageureka.com/close_btn.png
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.9.64 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: a3b36b66c12deec718c88225fb468f9c98750178414ec918f69e9ca402fd996d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:34 GMT
last-modified: Mon, 23 Sep 2019 17:30:39 GMT
server: NetDNA-cache/2.2
etag: "1b8-5933bc7438dc0"
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT
content-type: image/png
access-control-allow-origin: *
x-cache: HIT
accept-ranges: bytes
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Access-Control-Max-Age, Access-Control-Allow-Methods, x-requested-with, Content-Type, origin, authorization, accept, client-security-token
content-length: 440

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 06E5 12 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Sat, 30 Oct 2021 22:31:15 GMT
expires: Sun, 30 Oct 2022 22:31:15 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 11239
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 27F7 783 B
761 B 17ms
17ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8ba5f7dd90330236b3679e21e7fcabaacebed717b7f2844d21195659e4901b72

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-0cXegnq8GNxbqRYCuzA/JQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sun, 31 Oct 2021 01:38:34 GMT
date: Sun, 31 Oct 2021 01:38:34 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-0cXegnq8GNxbqRYCuzA/JQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1

204
No Content

sync
ups.analytics.yahoo.com/ups/55946/ Frame C3EE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_cm&google_dbm&_origin=1
https://pixel.advertising.com/ups/55946/sync?uid=CAESED6I_8Il-9H6nXXqf3CcxpM&_origin=1&google_cver=1
https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESED6I_8Il-9H6nXXqf3CcxpM&_origin=1&google_cver=1&apid=UP40ed6440-39eb-11ec-b616-024c40ea4836

0
1 KB

11ms
11ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESED6I_8Il-9H6nXXqf3CcxpM&_origin=1&google_cver=1&apid=UP40ed6440-39eb-11ec-b616-024c40ea4836

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNj8mwIQq6iuAhiqoueuATAB&v=APEucNXkijgGT5gD7SBCM-V5O5ouWiEBYwz0Kzb45ruqgF3ZyJYplGEKnxjOWknvtyQBTYYuR1Ey05TSRS5jfRW22yRCEovx8aftBkOhbsKjFKnJyhvOiZ57emqFQKtmfnuD79UmoqZWpCFzey5E7-vR_rE6Tcm1ux6P2dG7rcQ6AblA7kKphAQ

Protocol

HTTP/1.1

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/7.1.2.138 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 01:38:34 GMT
Server: ATS/7.1.2.138
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESED6I_8Il-9H6nXXqf3CcxpM&_origin=1&google_cver=1&apid=UP40ed6440-39eb-11ec-b616-024c40ea4836
date: Sun, 31 Oct 2021 01:38:34 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C3EE
Redirect Chain

https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true
https://ups.analytics.yahoo.com/ups/55946/sync?_origin=1&redir=true&apid=UP40ed6440-39eb-11ec-b616-024c40ea4836
https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVA0MGVkNjQ0MC0zOWViLTExZWMtYjYxNi0wMjRjNDBlYTQ4MzY%3D

170 B
188 B

18ms
17ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVA0MGVkNjQ0MC0zOWViLTExZWMtYjYxNi0wMjRjNDBlYTQ4MzY%3D

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sun, 31 Oct 2021 01:38:34 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVA0MGVkNjQ0MC0zOWViLTExZWMtYjYxNi0wMjRjNDBlYTQ4MzY%3D
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C3EE
Redirect Chain

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1oWHd3OU1GRTJ1RjhHN1JUZ20xX1JLSy5WdTIwOFZFY35B

170 B
188 B

17ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1oWHd3OU1GRTJ1RjhHN1JUZ20xX1JLSy5WdTIwOFZFY35B

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sun, 31 Oct 2021 01:38:34 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1oWHd3OU1GRTJ1RjhHN1JUZ20xX1JLSy5WdTIwOFZFY35B
Connection: keep-alive
Content-Length: 0

GET
H2 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 139F 106 KB
37 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/
Origin: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 14:19:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40730
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 14:19:44 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/elements/html/ Frame 139F 8 KB
3 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CT05uEkbcQq27MBfKMhLNuMOJF4BxEjeskyP-WKwB9-1eCxGulh1O62Raygx5C1xqco31HpuV-am-Gh8q7NwmLtNUD0C82QDe-6yvIcKy5qvPVuz4FMrPYAJhT2cY-9AbjxL5nUjJRmTol_pg_HuqDPZzqtw&dbm_d=AKAmf-CCZuroUfYOztlwPk3NVCcuoAuHZji_FQMj5hvyoQga7Z-pwD4VmJglFJB6lW5_kXmyhRxsCufPZ7n1p0cZdrqXJylxP-1uU29cW7JB_P7R5IPGNi-Q-fCHAzu6j12Uae5dNIXEHyB7Cem-165VceBtaHlBN0nVT9W6oJEizXbAKE2ZSCewKr0nhofBm7ZFJhNqcUO9yUqI_rRI49Pgz2HRrD_6vMg1tPg7AadQfddlCue_RBuz3eVogn1dfXc-uUM33VxYzQlTv-FT6Mrc9fVVLKBlAM9HylfooxlNUFNy2epVSf6chOA95wA7VaI_o64oWRE1qboKNSesWrxej4jxGgX26WFQYkI6H08DlYzhjR-RLXz-h-X8AHJzwwUz6ZTS0qGiZocq51b1cR6aF8Dcd-mn343BUh4mj2mOKOg8nfEE6Gffo8Vm9yZNOAPH3KxlpVoIYQxGOf2p47I_RFwmSzPG7fw6GIajEtK9nFzxVBouX_2hJEBIIe66Q-5ajbVQKmOViOGTfSLc-OCxo6l1BuGjili9ztd_tIFje-jyJrAA1-A_F6PD6TOt6Ak8WAs3GFeJiD0u8QzGqH-zfUZORAV3XogxLxmONAEL04b85Xa6JQrRs25Hf5hM7WAMSx7R67tzxwpy1Gj0Mn1fnzPw3zq6OH8z81dhS74a5ASoUHj2MEolH38CkV7_wXzThZh6S8O16YoYL6ULxXPhGDFCEtVSNPYJT6f2GHWfTcRLOD6Pla6Xitz6C4H7zPhznCaf62FmJpaL1gRn6qaX8HW9BoisvXh87IGBHtCem2bu_Pb-m5-LQkitq9c6VG_1Rdvffv55UQPxDYvsKe3d19IzCSZaJnHBPkPfUTRiHKE-FLIfDaX6PDFTO7uW08G1ZmF5szas88l2IcEnMELTu9NfYPHhCHSruCRyVbhUnG4uLxP6p7jzHBqChCL_xZVCE-d7mh9WqA2ttvW758pEyd7x0f72RnsLvQ4EDirGTjr5TBm37wouiI9eiDgI57OVk4-XbK0Z66zyYjFQGcU0I-IgbjDQ6BE5LhXukw6Vc7zgYAwpVubYXJkTgFU6cVZcb8X1_XXx5rmEpPhfbjSGDpXYnBYls_w7TerEFy8U1UR_JlzqrN-ZPQbwkKQIlDWRe9Ewy33l_W-THFeFSMoM0_RyvMUUY3fRsOo4GMo1K5wVkWZSP1y4xu0B5RzhLEol1f6As6f9NVr-UjEqDLxSzkDYSuX13nJx3AAqcy3wPX2mAeHdlRdRfTHtnb_mg_X7qdYFG60Z6_O_didYjgNj4E6M5FkCZIcULqjvsG4o_JauIFQ45fB9QFG82e-oj9UvygOFByqM8huPh8FSPSW7RbB3VKwf66Cm5hclif3NxBAxFbbr9KBXBMF4XDDySW48M3C0cv5YfyYZ662X-aCykAh-Jqv4ieLb5urcyywP17p2TCXDsT9tWhi572Z4zm2CJQdOqKURfAEekqhKbYFYU6imWm_7ZfbhKrhYAlxgjSPRpGC1SnfhNImwLPPAhKlp0dgP3QB6RT83DCJU-7wjz3I3pfuhW_01pXDd91YP_oJhsKZubw4YdzI3HLocpknr9jwDqmudmL-j8DZ5Qn3a9HcufxZBwZMQFjdfmIedfPqodoyFV8O1pfCLQoWQ7butGIFuElQPj3u0tyTHpam3gt9aXrII7eUMgm6mKSRtsjyWUPLFEJexraPw0CaaIrNFP5FBzD4A7KxjnqmQNp_x3P1Jz_Gv4zb7dHtMcKfSaouUQcjRd2HztH4RjrcXxqPdbAif8R6XKT6tjc-9HWSAe4Sgq8Ajk6qqY3HT0riur0Hd0xZOksPtSimteuZLCAhJlmBhB1Zg7XXR-16li6LmGcfQfD2cOtTkkQ3iV2APpECz1jB8CB-p1iKGNJA1aSIImNFIKSjJEuid0CL8Naiq8JZcKbXvpe_AxmrOLlSC37v9FAzUo4-QRsc00DTOBQVPZD2RKRxuxBc2kbQkgUOC4PRU6sKzRlhmCT-xiCWzlgsOcjmwLE3nZfpDWF7jE2V7C36wD3HUN43wBEJEkr9TInklgstRTZxgZqClevJumx_affKYG0b2MxqtwGrPpNlBsY5q0rLgNpXLM5I4twlc4N9ID1N2gyWu0YYwBno6kFKM0ZFOzy9rf5on__mhc5DmVIVU5k7jCj-lN1lBD4VZYD7Roem9H3FKBqBKMIwrIKY7UbGSb0tx8ZTVH-fbeT8yBSVluhy1qYHIlBz2fHbMeRKGey9jDsdx7xcbutSOX0namWL18SPJ8Yudtdub1DSnV8QvnJOLSDs2jAIbausvkuS586Z6ZHcwyc42h1BLfRRn-DyIP-vK9JkF_ce66Roo86i5xqDmYzxSoWvbc7YhgA47GVi8bE5wjMBVzOYnEqUMPMW_3B409ASR8ockYIYS1iwW7OovOUuC4GpsDySoJ55iztt_h0UW1abP6Bzor71lOm4Mk7TLdnBF9yhJ3vscfcj6txFEw1dngt3GpvGW2juRyBsVJfYepSVzBEljXmGLSs6EMwfGJwKr2UcH4-TqG0cSAmb4h8HnvIe_oqVrtGfnyMXl-OBUWGaZqaXE8q1y5dWwaveRWhRFAzg5-jqcL_K7mmkKD3ePbNMF8xBeR4wfPS5AavUKgs3WjibWN0mt7olihp-M7BYLEgh7Z8hIdeLYBpRKkQmrt7wnpKTMlkvMWsdUYi7cASOYMflLJXRHc3FvoG-HcnMiIPsR1JOCe54x_uDTiOjLhX6BCNBXpDiEY6-dJ3KtDq72TtKsHQIhf34hSUYNmDScCEGnw2RiPUAhwJaCGv8Nz5_xmOKJ9jmDz1mruQElHAmOXMto0n7KNvNAlhLta5DCYB6Rhl9xlwF-CBNDFpcSpSw-YiPeT_qUrSdYvCXY_eYwgf_INPOUgwLtO6UwthPk1WzNnHXtiiaUXaq_EL6DjvgeEKdvRItRDUtJOpfeUE32IxXWjOKHGPQYptVN4jHNikrX0zpDvJvifN0uhArFmmjGHFQklWh3I_FmvwLEGtVFdG_Cg1Gwh6hy02qp1leE3jDKy4XWiUuBE9jAV691eWGsO5U9XjX6BmnJlyUjjCASaGhLQWIsZQYT9o9M7fVlz_WHI2Wj1ahjS7PP9dxx2cLy13hEc60AOZJbnm5EH3pPRhreR-t11Jvuv93KbzDHF6HqxuUEQbQ9ghXqmNX9p0Nv9va0DGRvFy27zz_8kI6lKCCxwey6x33pDlVvUWESJdOjlA9Bak_yEVs_g92Vmg4O_PklVpVUxpfHvQNgCS5MaYZ-zDGujBmhBzWt1NSjbmGaLzuVaNTw_YWwVL8QFHgv5hTDYnlr0_DEGFVmMjxr_clW8XRBZJgGRslBFa97Nh1_4iP4fryLXNHF3dV-tmEe7-j9N-ji3RLB1BwCL4WHGsXQl0GPSeuMRQp5yszgopdfdiR4m49PkWqH&cid=CAASEuRobz-avXxFFswJv1YVC7EMHQ&rfl=2%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%242%2Chttps%253A%252F%252Fgruposdewhatsapp.bar%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

67cf5c21bfc71ee46210832792237e4a6ccd99e5c7bc198b046a38c9167fd0ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:26:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 741
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3128
x-xss-protection: 0
server: cafe
etag: 3658073882064373855
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:26:13 GMT

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/ Frame 139F 24 KB
9 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/abg_lite.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df660fd3ad4168b7c32eadc3b588ee90334003a7ea1af3299536be4e6697fcd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:03:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2130
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9375
x-xss-protection: 0
server: cafe
etag: 6887285106501176819
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 01:03:04 GMT

GET
H2 200 index.html Show response
s0.2mdn.net/sadbundle/14735266241682150625/ Frame 8009 83 KB
18 KB 9ms
7ms Document
text/html 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/14735266241682150625/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35192762fa623e317af4ae958d5b4ccad4bf6f396615542277dea76637c1a264

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
date: Fri, 29 Oct 2021 05:19:58 GMT
expires: Sat, 29 Oct 2022 05:19:58 GMT
last-modified: Wed, 30 Jun 2021 12:20:04 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 18638
age: 159516
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 139F 0
24 B 53ms
52ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss-rLoOWwyvEcvvqycITsxnCBGREnq_E_Vt4bfkVjY_rvaI9Mhmlnk0SHBggpy2TL5BuLmeX_lLN9pOUnhswMeSn0skYyyTSI74-_rckfLF43dZges07XGbWdEL5GmVScTcZN9Frh7OIfumsI0azqIvmCs0IY5fewHhdKhMTbb5E8bKgMU1Ru3b5RDNrsSF4US3v41kPH4vuE_mNB3Of3RyAnSvNjsWcGl-wVberHyoPxb-qA2P-8BuEtMKAJTqRTCNwQcTDz6fpTxAkG8vNI_HBvp14Vw6IiVdUMRAy9rjNDdspV3KRTl5C-x1DBxqoDmtA6oDapebmQwEtpXSGeu3t9RPpiRoTMTqnFuET1FEf-zVQrx1lQlWXUJnb5_-U6-5sbIWFFtnD8U5jgvg2bvbx7ifaPyETcJ_Ty8AsdqWC_YBPGGEgLmmW6dEqSP8_e9ebpfNwUqCerNJmO97Xe1AHJgUaPxj0kA2EAQDmUqs0H30Xaejir5ED7-6_H2ey5V22XUYGw_jKcARFQ9VCYbWECxCCjz4cKDCmr6SPAan0y1RrmMiAdJ0o3e0CRyfUCHF-Wv5r7g46p7cOh5TXaUTXidm0fn4TsbdnsvpisO73Qk1qZqlTuTxLpRoq8hgDTZGBWypJYB4Zug0aRTaTB6n3m5DTiFnSlsSSTZHQfbxIx-IOQuAM6joZxWQ_pVvGqzXqPJcIwElZmZA6iXEfKBdA7Dc-gj7vAeG1XRPKw5xJUJySJzXINcpzw6ix4IcLmyf_0lwT_V8QGBvRBnR9pGc0itpHKJ7Kos6SCpe4xdy7aObykfz9FryceGodeOjMxTWHMrrGopgTdgsC4eKPn9SJQXPZ6tUx6QdwvjRdL_2QAxGLDxb3oTZjJWQIIg2omVKp0k1Pyjn77vbDuvELWMeGHjQb5G_9Bp6PMw7PwsD78kgUUbj2ZK99s15MU53V1uzMDjR66iVldBNgj3dosz35eHiqMwri1YHpMckcz9_S35NiUPRSH-CJBr3dIB590x8449xTfzjAldRoF9OwXxPUp5dJFXYFpUx-p0xGdpwgOaTjjd3pF85aHzefCATde73HmDymLFEDwaSm-v-RoIpsa_ehVAruAjFS-tU85JdE1nWNyxaI4N91Et0d-rvXGMZSxoRrIcNJUv8V2AbysWm_8ojsl1U67Hbl3CXwvco8_iHH8WkiIn8VPE7UwyveK4_boH1yRlzayDAHSM6jNa_lLgcyq85xtrStbIqCV4PcOeOUwyVjhsTnUIKCo3USc5fn5qv6ruXcNDF_U7PvVJS4g&sai=AMfl-YTu8E1D8cT9txTTHNbiZ-Hibto2dWUTU4QYTeGRR6O3h3Yxxj-z4wZswq5fxva1_h003aZPybdZak02VaQea8Y_bMGNucgqxuuZwdoXtuLi58moUPIkJcUxc5E9MSd0rNQqXCtaWxPo3_cV5U2_uPPPiTfcxQ&sig=Cg0ArKJSzIwDkCuZW5ejEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=27&cbvp=1&cstd=25&cisv=r20211027.88914&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sun, 31 Oct 2021 01:38:34 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 139F 41 KB
15 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
URL: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 14:15:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 386570
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Wed, 26 Oct 2022 14:15:44 GMT

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame FE95 1 KB
797 B 8ms
8ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
URL: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 30 Oct 2021 08:58:57 GMT
expires: Sun, 31 Oct 2021 08:58:57 GMT
content-type: text/html; charset=ISO-8859-1
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 59977
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 139F 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0e3a834272c75d9de3cbf142e8a825517c2079a8d3e984f80240b497f7b0bc23

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 27F7 0
0 23ms
23ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021102701&jk=2841142893738159&rc=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 200 rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js Show response
pagead2.googlesyndication.com/bg/ Frame 06E5 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad8b12962ae8e7b1e5a90d30d5daf381777909bcc20b06faa9d148b888f6cc8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 15:10:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 210478
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13232
x-xss-protection: 0
last-modified: Tue, 19 Oct 2021 13:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Fri, 28 Oct 2022 15:10:36 GMT

GET
H2 200 DcmEnabler_01_246.js Show response
s0.2mdn.net/879366/ Frame 8009 28 KB
10 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_246.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14735266241682150625/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

44e04e4776c58b34580006ef8e8a1e1ae336f3e9c429ae242fe9a8f090889b79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14735266241682150625/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 23:50:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6457
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10121
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:50 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 23:50:57 GMT

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 7B50 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Tue, 26 Oct 2021 14:15:44 GMT
expires: Wed, 26 Oct 2022 14:15:44 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 386570
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame FE95 70 B
264 B 32ms
30ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEITPhf-BiA-YLW3tb9P1BwM&google_cver=1&google_push=AYg5qPKw6a3H0YVFRSBPLI-MoGL29cQYOm4ox0bdi4HAkkiTum5tdyIMfmJQI-dfs2u6bq4uxr7zfWNK1LGeg2xZ7TfBPKnes_T0
Requested by: Host: 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
URL: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:34 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame FE95 0
191 B 25ms
23ms Image
text/plain 66.155.71.149
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEG-_TLBI2fF5Xh_xeI82vwA&google_cver=1&google_push=AYg5qPLf24aK6xzRbK2N3diwGpLQwRDTp9dy4-DR7bGTvw62jXBMP_t-d8_Wu8laTG1d5z80FIuQKkBdYL0_7RDX2Q8pBKUvRfOQ
Requested by: Host: 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
URL: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.149 Southampton, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:33 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame FE95 0
141 B 38ms
15ms Image
text/plain 34.96.105.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEIna70hjEaQL-Evf5nGYmEE&google_cver=1&google_push=AYg5qPKkgeREFADR8n58sIVaXbNackJurT7CTRgFqOwHGdN9OPTz9Yf1xHdEYNGCW8YcQ8Eg_MJeEq91d8OdH5QWmrLV-nKTXlrnMA
Requested by: Host: 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
URL: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:34 GMT
via: 1.1 google
alt-svc: clear

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame FE95
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEBaWkr8fYbf8BXa9CD3hVYc&google_cver=1&google_push=AYg5qPJB6qoxgRB1uZX7BLGShspd_iv9PgtNIodRpcKmjKoZkUvIxUoclwdKrvHYYqdvZfqwdFZLOMacwOkZSQ4as8SQSXa...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPJB6qoxgRB1uZX7BLGShspd_iv9PgtNIodRpcKmjKoZkUvIxUoclwdKrvHYYqdvZfqwdFZLOMacwOkZSQ4as8SQSXakrEa51g&google_hm=NDgwMzYyNjM3OTE2MzMz...

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPJB6qoxgRB1uZX7BLGShspd_iv9PgtNIodRpcKmjKoZkUvIxUoclwdKrvHYYqdvZfqwdFZLOMacwOkZSQ4as8SQSXakrEa51g&google_hm=NDgwMzYyNjM3OTE2MzMzMTQyOQ%3D%3D

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 31 Oct 2021 01:38:34 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPJB6qoxgRB1uZX7BLGShspd_iv9PgtNIodRpcKmjKoZkUvIxUoclwdKrvHYYqdvZfqwdFZLOMacwOkZSQ4as8SQSXakrEa51g&google_hm=NDgwMzYyNjM3OTE2MzMzMTQyOQ%3D%3D
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame FE95
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEF5WbyRI5b1rwslwO5Ex0Y4&google_cver=1&google_push=AYg5qPJwfJqXGWmf8KKK_sQ5Nryl8bT6rxwgHRcR4GYhR5g1ne0lh_aQIg5vCIPQFxokrcj6uQv...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0U2M1gtMVctRUlNSQ==&google_push=AYg5qPJwfJqXGWmf8KKK_sQ5Nryl8bT6rxwgHRcR4GYhR5g1ne0lh_aQIg5vCIPQFxokrcj6uQv7t4HAla0TfF4w9k7pvstFYadA0Q

170 B
188 B

17ms
17ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0U2M1gtMVctRUlNSQ==&google_push=AYg5qPJwfJqXGWmf8KKK_sQ5Nryl8bT6rxwgHRcR4GYhR5g1ne0lh_aQIg5vCIPQFxokrcj6uQv7t4HAla0TfF4w9k7pvstFYadA0Q

Requested by

Host: 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
URL: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1ZFS0U2M1gtMVctRUlNSQ==&google_push=AYg5qPJwfJqXGWmf8KKK_sQ5Nryl8bT6rxwgHRcR4GYhR5g1ne0lh_aQIg5vCIPQFxokrcj6uQv7t4HAla0TfF4w9k7pvstFYadA0Q
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame FE95
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEIaPrgRtU3-jaCVR8DEFx4c&google_cver=1&google_push=AYg5qPKTPbTfK6ChqdZ08PqvZQP1bBq0tEKKFthMmuL8Ovc_CkD-xQcSAI3KCLCuoekrt5VF1To8zh0dPDJV4aUn...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPKTPbTfK6ChqdZ08PqvZQP1bBq0tEKKFthMmuL8Ovc_CkD-xQcSAI3KCLCuoekrt5VF1To8zh0dPDJV4aUnIe51J6Jvy4W4LA

170 B
188 B

18ms
17ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPKTPbTfK6ChqdZ08PqvZQP1bBq0tEKKFthMmuL8Ovc_CkD-xQcSAI3KCLCuoekrt5VF1To8zh0dPDJV4aUnIe51J6Jvy4W4LA

Requested by

Host: 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
URL: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 31 Oct 2021 01:38:34 GMT
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-P5
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPKTPbTfK6ChqdZ08PqvZQP1bBq0tEKKFthMmuL8Ovc_CkD-xQcSAI3KCLCuoekrt5VF1To8zh0dPDJV4aUnIe51J6Jvy4W4LA
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: Aan6AjgkRGzkYQUJXfT1Y8m2TTBnWp3WLFjiHwr6rlzpCjR4C_5mig==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame FE95
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEN_LUKgHx6n8d31Na2yW7Nw&google_cver=1&google_push=AYg5qPIBmmb3Pjqxz27KEle1Ru97VQ7AWYmWKcdZ-e_gBWuSrIjSywH3kt1g1d54zJgjCedgfV...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS13by44VEN0RTJ1SGpHQ0dOUEY0NlZWaTdxVmpzWldHRH5B&google_push=AYg5qPIBmmb3Pjqxz27KEle1Ru97VQ7AWYmWKcdZ-e_gBWuSrIjSywH3k...

170 B
188 B

18ms
17ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS13by44VEN0RTJ1SGpHQ0dOUEY0NlZWaTdxVmpzWldHRH5B&google_push=AYg5qPIBmmb3Pjqxz27KEle1Ru97VQ7AWYmWKcdZ-e_gBWuSrIjSywH3kt1g1d54zJgjCedgfVt8m7kdZnB-k5Xtb_NPSQdve8z4MKM

Requested by

Host: 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
URL: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:34 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sun, 31 Oct 2021 01:38:34 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS13by44VEN0RTJ1SGpHQ0dOUEY0NlZWaTdxVmpzWldHRH5B&google_push=AYg5qPIBmmb3Pjqxz27KEle1Ru97VQ7AWYmWKcdZ-e_gBWuSrIjSywH3kt1g1d54zJgjCedgfVt8m7kdZnB-k5Xtb_NPSQdve8z4MKM
Connection: keep-alive
Content-Length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame FE95 0
12 B 16ms
15ms Image
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LmzAjPz1pYutTMKXpoLgN-Dt0Jz4IZZUKZ96YbKCuTdNpjbGXlV_lRX9LR3Qkzi3fnlOi0CQ

Requested by

Host: 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
URL: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:38:34 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 139F 0
23 B 46ms
45ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss-rLoOWwyvEcvvqycITsxnCBGREnq_E_Vt4bfkVjY_rvaI9Mhmlnk0SHBggpy2TL5BuLmeX_lLN9pOUnhswMeSn0skYyyTSI74-_rckfLF43dZges07XGbWdEL5GmVScTcZN9Frh7OIfumsI0azqIvmCs0IY5fewHhdKhMTbb5E8bKgMU1Ru3b5RDNrsSF4US3v41kPH4vuE_mNB3Of3RyAnSvNjsWcGl-wVberHyoPxb-qA2P-8BuEtMKAJTqRTCNwQcTDz6fpTxAkG8vNI_HBvp14Vw6IiVdUMRAy9rjNDdspV3KRTl5C-x1DBxqoDmtA6oDapebmQwEtpXSGeu3t9RPpiRoTMTqnFuET1FEf-zVQrx1lQlWXUJnb5_-U6-5sbIWFFtnD8U5jgvg2bvbx7ifaPyETcJ_Ty8AsdqWC_YBPGGEgLmmW6dEqSP8_e9ebpfNwUqCerNJmO97Xe1AHJgUaPxj0kA2EAQDmUqs0H30Xaejir5ED7-6_H2ey5V22XUYGw_jKcARFQ9VCYbWECxCCjz4cKDCmr6SPAan0y1RrmMiAdJ0o3e0CRyfUCHF-Wv5r7g46p7cOh5TXaUTXidm0fn4TsbdnsvpisO73Qk1qZqlTuTxLpRoq8hgDTZGBWypJYB4Zug0aRTaTB6n3m5DTiFnSlsSSTZHQfbxIx-IOQuAM6joZxWQ_pVvGqzXqPJcIwElZmZA6iXEfKBdA7Dc-gj7vAeG1XRPKw5xJUJySJzXINcpzw6ix4IcLmyf_0lwT_V8QGBvRBnR9pGc0itpHKJ7Kos6SCpe4xdy7aObykfz9FryceGodeOjMxTWHMrrGopgTdgsC4eKPn9SJQXPZ6tUx6QdwvjRdL_2QAxGLDxb3oTZjJWQIIg2omVKp0k1Pyjn77vbDuvELWMeGHjQb5G_9Bp6PMw7PwsD78kgUUbj2ZK99s15MU53V1uzMDjR66iVldBNgj3dosz35eHiqMwri1YHpMckcz9_S35NiUPRSH-CJBr3dIB590x8449xTfzjAldRoF9OwXxPUp5dJFXYFpUx-p0xGdpwgOaTjjd3pF85aHzefCATde73HmDymLFEDwaSm-v-RoIpsa_ehVAruAjFS-tU85JdE1nWNyxaI4N91Et0d-rvXGMZSxoRrIcNJUv8V2AbysWm_8ojsl1U67Hbl3CXwvco8_iHH8WkiIn8VPE7UwyveK4_boH1yRlzayDAHSM6jNa_lLgcyq85xtrStbIqCV4PcOeOUwyVjhsTnUIKCo3USc5fn5qv6ruXcNDF_U7PvVJS4g&sai=AMfl-YTu8E1D8cT9txTTHNbiZ-Hibto2dWUTU4QYTeGRR6O3h3Yxxj-z4wZswq5fxva1_h003aZPybdZak02VaQea8Y_bMGNucgqxuuZwdoXtuLi58moUPIkJcUxc5E9MSd0rNQqXCtaWxPo3_cV5U2_uPPPiTfcxQ&sig=Cg0ArKJSzIwDkCuZW5ejEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=108&vt=11&dtpt=81&dett=3&cstd=25&cisv=r20211027.88914&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: gruposdewhatsapp.bar
URL: https://gruposdewhatsapp.bar/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 01:38:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 geld.png
s0.2mdn.net/sadbundle/14735266241682150625/ Frame 8009 5 KB
6 KB 10ms
9ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14735266241682150625/geld.png

Requested by

Host: 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
URL: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6bfbd69a1d047d98bedbc48cad25793a5d7c054dabc0418573a59083be00f7b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14735266241682150625/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 23:55:03 GMT
x-content-type-options: nosniff
age: 265411
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5572
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 12:20:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Oct 2022 23:55:03 GMT

GET
H2 200 cta3.png
s0.2mdn.net/sadbundle/14735266241682150625/ Frame 8009 2 KB
2 KB 9ms
9ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14735266241682150625/cta3.png

Requested by

Host: 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
URL: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79bae354099f2a59ad59d3cd079994ac27dfb9cc445c901745cefb753a8bdb42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14735266241682150625/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 13:31:02 GMT
x-content-type-options: nosniff
age: 302852
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1872
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 12:20:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Oct 2022 13:31:02 GMT

GET
H2 200 smily.png
s0.2mdn.net/sadbundle/14735266241682150625/ Frame 8009 3 KB
3 KB 8ms
8ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14735266241682150625/smily.png

Requested by

Host: 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
URL: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

546cddbcaae7b24edd1ecbaeb399c1eaafb39e1b1ef2047427926f2451806a7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14735266241682150625/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 03:39:57 GMT
x-content-type-options: nosniff
age: 251917
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3411
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 12:20:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 28 Oct 2022 03:39:57 GMT

GET
H2 200 02.png
s0.2mdn.net/sadbundle/14735266241682150625/ Frame 8009 49 KB
49 KB 11ms
10ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14735266241682150625/02.png

Requested by

Host: 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
URL: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

277efaf77277e9c32321838ef9480109ca75db052dfb0dd7558821f36b671dfe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14735266241682150625/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 25 Oct 2021 14:07:05 GMT
x-content-type-options: nosniff
age: 473489
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50149
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 12:20:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 25 Oct 2022 14:07:05 GMT

GET
H2 200 biltz.png
s0.2mdn.net/sadbundle/14735266241682150625/ Frame 8009 3 KB
3 KB 13ms
12ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14735266241682150625/biltz.png

Requested by

Host: 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
URL: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f79352743bcb9548df3493418e1b70a26ac1585c6de173820d0f7057ed10f966

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14735266241682150625/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 09:57:18 GMT
x-content-type-options: nosniff
age: 315676
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2771
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 12:20:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 27 Oct 2022 09:57:18 GMT

GET
H2 200 01.png
s0.2mdn.net/sadbundle/14735266241682150625/ Frame 8009 59 KB
59 KB 13ms
13ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14735266241682150625/01.png

Requested by

Host: 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
URL: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f37e1576660d99680e6d7680fe3b9d971a06b7cbec45c97f8d62acc95985f02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14735266241682150625/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 01:56:45 GMT
x-content-type-options: nosniff
age: 171709
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60336
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 12:20:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 29 Oct 2022 01:56:45 GMT

GET
H2 200 hintergrund.png
s0.2mdn.net/sadbundle/14735266241682150625/ Frame 8009 5 KB
5 KB 12ms
11ms Image
image/png 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/14735266241682150625/hintergrund.png

Requested by

Host: 4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
URL: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fb8b68bec1476f00142126c374d93b39ae7bed02a43fdc08534529900f8cb61c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/14735266241682150625/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 23:52:33 GMT
x-content-type-options: nosniff
age: 179161
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4852
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 12:20:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 28 Oct 2022 23:52:33 GMT

GET
H2 200 LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js Show response
pagead2.googlesyndication.com/bg/ Frame 7B50 35 KB
13 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/LnuN3C34rR70L3hG8w6Spma0p50xn6UkBXRbbJn0q6o.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e7b8ddc2df8ad1ef42f7846f30e92a666b4a79d319fa52405745b6c99f4abaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 21:11:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 275207
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13394
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 18:58:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Thu, 27 Oct 2022 21:11:47 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 05A0 0
63 B 18ms
18ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021102701&jk=2841142893738159&bg=!FxSlFFDNAAbUs_yW1LM7ACkAdvg8Ws-7WpX2mTV3hjPyL8ynjGxFFEBh-JwKBALyZsq5sEPKPYfv5QIAAACfUgAAABZoAQcKAEaH-QrsFu2Dw0jtTyZaxvjHCAqtTHl0sxqhO-JufgEUbnE7rryvhK-wTDam87sKw0oseyMyyVwP3JD54tL-A6GNv5NyO-D9mQLkipP2IL0CpS3cIPuNWpO2-stBd-U6XZsYDCDkZBUhqqzo5msoiVlQR4OZUcKvQ0iJYLVU3RiuxubxMfyXsmxCYG5OzygHJbTpwua_aiBIzXl4Auy0wTpj_WPiOH8ho7lNIFI-RtE-E68JJdzwrt7omWxPwag1bhpWmcfmtjGeJa7MNtYTkI_NAZuoaOUObjloTWdpjjJp2bFheX_AJcIHyL33J8pJe_jHUBXv4_UTTpKQqnf7J2n2UFsLGGWyDjYSdg7AczBXVkJzvmwE11jBMmVpC53GcyESCI_4m5nkNyb98Ni0F4jGKwhPa2Wv3gl7oPNfS6cOB9FoEYbWI7Lw5TMX70PsMfD0M2PK93C7jmPGUaZZVyJHXnwagmbAVCOF2hMN1J205NC_kr7PPP7vJZgfq_S-KAtsiXjLvVl2g3ATafD8pMmy5SANbA4TOsST8CaR5Ea4_DPQPeMs-vkWhiHakKYUfD0FHS_wggKktZud9AHLj2lcrmKh_MMIfu6N538mrXGuvGqU4hcKlOt6qDtpUYqnpSnsP2uJd-682zDixaQl63vaeR4rN2LHP7Lxgqn8sTcPE_vJNxhxATdZyhY2viYOt8GbEIHhQIDWZrgbQL3YGzOFSYfh_H0_VMzABPNzFgabO-0l-WGfXaTcyaPOa8DMm20P0wvI9Y0Cs-fOVXEY77l9ll5XVQfwRGYC2J5NBZfG-eGDsewqJuAoyg3SoA8MbLM7kQzJdTIdldtb0afutx5JRVvhPQvBPYKL4KatceGYWenGhpmZIqvA9byf1sS8izRi7ms0YxPmVt0OfgVZJddAqJYc66IgON3-_4eHV85Co8dpP7LNgSKjFZB4SgQbKKavDp_mEkGFj6PzpwiWyayRj4zBcgSRQkOFHVjVctiCMtsGiR7f4rVTM6Z2xr-mOrtbrr_ZCRhulyqcGpQrgyETV2euMZtwgIKFDVjofpOCgzm0MxMOUpfeG12KDmw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gruposdewhatsapp.bar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7B50 0
54 B 17ms
17ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BYiv_mvN9YYT5A62P9u8P_Ymx4AgAAAAAOAHgBAI&bg=!YWKlYibNAAZzbWp4c207ACkAdvg8WtPp0U0hGHz9n76FlIzRpMu9088ETR5SvguzjEs2nkO04M197AIAAACgUgAAAA1oAQeZAzObAMf7wKGG89zckQvkh4Sdx6ZFESmozMYfZDLKPV3GQfxWAp3qwcuvD7VIcFEICgxkJWoaSkigpNzJ5BV2lzVAHO7HoUyoDQLUrdoBfvVmxDYyhZLvvMZMFOnFC--E-0jFmcRwlTVNUYGmdMWgB0qjCCoQQ-FwOTpaBwAjlVAQj30L2e3EfCR1DSsOLy1qdev-AwWd3uzTOtQXyjV5nnckEdLwhTWYRT3UO7yX87GOzD__wJi8zxNbkYrR5clThI_p48kpue6PBYTkYO6k8V-_-qC2bs3nEEDIMTKhFd0wB_erio03aGOUSIvY7FcIQpnZmJNQnRzCmfSPjnoUuG2bA-RmgheBe4qOibQAq6oUoiiCxIrKifCd7yUkuE0pXSNcSKcHIKaw_zaZBOnYXMa_NnUqVLLYemdwRllpavqaUdlAO9sgSU7V4U7SamLbtjApTSsJBjSo4YoJ030LVzBb2Tlgfm5gyjA4z2wHEqo7HgrVJQhpJj-P1bmXyKRWcvHPYjapY1BUpqr5TrCyUmtlqA1SXQJ_0nefE0D8DgiwpRbM1llKjuSp6G217ZMphUYr-zWq81BR6gzYtrQGj8LaSi9v0bhM5fVQrgqHv33fAoQDhvNQUnQpn81rY2I_qJmg1a5G4ZGqgfjrJHAPzK02qoPQjSRD_XdJnHaUtHOr6KHVqir6jioQdYqpnTU9WAKiO1Myl13PQ_npE6Zd4E36mQpNq6rNxSBv34L0eL_koOEkfSDtkGtLsbTWYxQlIoj6M06FCe6OGEIQrbTj2U4PkiuU59EWu0mfDiIWMTvN9kOA_b_VcnFGHcyEuLGamULOZEzFI6MpRbjSqyyCh1ShCYeKBBAhK0w-9ecqXUeFzRmUd3kUZDpV8OWWRM8zFbGDRbkdogJdA_AMkXNsE7AW4DnlEyybdJYkRGq-ZQRKspbBHklOVt9eaYQTw7SWL1wo0WDlDm6yhWxcF-3fo7XrGKqM-_EVvn3HaAKS5AzMZY8O4f-YsctjCsZToslH10jtvL9ZEUiBQjxNfW45HJbCE3CgIOS-zUhT8QPu1t9bDiLiZfwzUPJUKjIHqiwmtr2E9Bw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 139F 42 B
108 B 25ms
21ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssKjTJkCAUmTuuCy6sz_xcI5Ui9FmvKQpBXLZpi8zROnEgQHybkAlULQGTNbdymQBYOejmp676u-PROZu6gkPFBSlfMOM9y0mYsY4JZQDNUN113Fg3RbQ&sai=AMfl-YQQR-wDW7r9oulwkBomERffG3Zphn68eBHsDHQ-QEi9TZRLYxYZr7FEuLU-Ex5WvWnuRmtB1GYF0b9EcU0SQWD5jeLMtzxewrOZJ9uWZtFXW8lI1UxrtzC8TsU&sig=Cg0ArKJSzFkqa1zuBixdEAE&cid=CAASEuRobz-avXxFFswJv1YVC7EMHQ&id=lidar2&mcvt=1000&p=330,1276,930,1576&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20211025&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=719540908&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1635644314029&rpt=136&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
s0.2mdn.net/creatives/assets/1881029/ Frame C9EE 57 KB
57 KB 8ms
8ms Font
font/woff 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/1881029/86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/4528516/1039192214543590/index.html
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:33:05 GMT
x-content-type-options: nosniff
age: 331
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58447
x-xss-protection: 0
last-modified: Wed, 15 Feb 2017 10:23:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 01:48:05 GMT

POST
H2 200 batch
www.google-analytics.com/ 35 B
0 37ms
14ms Fetch
image/gif 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/batch

Requested by

Host: static.arc.io
URL: https://static.arc.io/widget/js/core.js?2326f2d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gruposdewhatsapp.bar/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 01:38:37 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: https://gruposdewhatsapp.bar
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: google2waycm.netmng.com
URL: https://google2waycm.netmng.com/cm/?google_gid=CAESEOCKQkmqIh5H4D03dfWygzA&google_cver=1&google_push=AYg5qPKMh_LijTmtgxrETS4sHXhkg6JBV0CLYoYePvPFAVqXq1esny497PwlX2wf0L_hW_uJq9guLegi3UUnmXdxUcbCH4oz0wIt

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw16593-n-q14&google_gid=CAESEPok39eb_THqR2742tbB_S0&google_cver=1

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf3HYWe2T9Owni2mnog2wqGipxNwsoq12ncTzc4iw9AaegGK9Ltg5g1HKtdLykRo8hw

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-RPKYNJhoK_&google_gid=CAESECcqWczW73mJIPEbUc_K6Fg&google_cver=1

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu7uwBnLsCzhcQ&google_gid=CAESEOjK6OZZsOOlHSpXXvMKz9o&google_cver=1

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktSPijaMo76k2DAuiNYQ82s2BS4BPhttqsNFsZaCJs5d8I8rfDoid37xZpW-wbZw4

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV1MLmeHtD1pcSLTndT70ag9K2DiZl2eHRt7M9n4Vd3dguu0DnLS3c295VrcNAw

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruAGqS9k7D74P&google_gid=CAESEM6pfD0GILacsYvbb5N7xNM&google_cver=1

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy9mzAWdzgm3DA&google_cver=1&google_gid=CAESEJOjQSJpSvWK0D3mskFbJlw

Domain: tracker.arc.io
URL: https://tracker.arc.io/

Verdicts & Comments Add Verdict or Comment

122 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

76 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.clevernt.com/	1969-12-31 23:59:59	Name: hstpv4user Value: eyJJRCI6IjM4OTEzNDQ2d2FuNjE3ZGYzOTQ5ZjhhNyIsIkNUUiI6IkRFIiwiUmVnaW9uIjpudWxsLCJCcm93c2VyIjoiQ2hyb21lIiwiUGxhdGZvcm0iOiJXaW5kb3dzIiwiTW9iaWxlIjowLCJCb3QiOjAsInJlbW90ZV9hZGRyIjoiMjgyNjM3NzY2NSIsIkxhc3RVcGRhdGUiOjE2MzU2NDQzMDh9
.gruposdewhatsapp.bar/	1970-01-20 07:42:20	Name: __gads Value: ID=6dd818f9cc4d2108:T=1635644308:S=ALNI_MZfoMACvw8IIn9Ehwptd0NsJooBAA
.doubleclick.net/	1970-01-19 22:20:47	Name: DSID Value: NO_DATA
.casalemedia.com/	1970-01-20 07:06:20	Name: CMID Value: YX3zlbtJTfjVXfVMmN-7igAA
.casalemedia.com/	1970-01-20 00:30:20	Name: CMPS Value: 5205
.casalemedia.com/	1970-01-20 00:30:20	Name: CMPRO Value: 1179
.doubleclick.net/	1970-01-20 07:42:20	Name: IDE Value: AHWqTUmFMmxwi_Yc7EpM4VYxfGqivLWZsCoZgai4dbTSTuHeYuzf9btOOMv7-8R-vMA
core.arc.io/	1970-01-20 07:06:20	Name: _immortal\|Arc_nodeId Value: Y2x5y2pHkRfqH3YTnbkJ2y
.yahoo.com/	1970-01-20 07:06:41	Name: A3 Value: d=AQABBJXzfWECEIM-_hoXqiBIwMdylvNDgxMFEgEBAQFFf2GHYQAAAAAA_eMAAA&S=AQAAAmESK0bJMG4Qcn-4i1ufz-g
.adnxs.com/	1970-01-20 00:30:20	Name: uuid2 Value: 9114484382790432953
.openx.net/	1970-01-20 07:06:20	Name: i Value: aa2c296a-cada-4bdd-893a-a518873a5a6a\|1635644309
.spotxchange.com/	1970-01-20 07:06:24	Name: audience Value: 403863fb-39eb-11ec-92d9-1bf0cf250306
.casalemedia.com/	1970-01-20 07:06:20	Name: CMRUM3 Value: 2d617df3962760CAESECyDErByL_gaLrg0c_Y2wnY
.adnxs.com/	1970-01-20 00:30:20	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GVQm$%Az!]tb[8i_iqf!oN/@E'zz<*Z0Qu^x:%j#_CA[n[I8s.@[?JBw.LCnyxthgJa4<QG=%9sk@3@'s>TBi^Ds
m.exactag.com/	1970-01-20 00:30:20	Name: exactag_new_gk Value: 2517b6fecc8a4d7db06fd542d3e29648%7c30.12.2021+01%3a38%3a30
m.exactag.com/	1970-01-20 02:39:56	Name: exactag_new_uk Value: fd8274dbeebb4072b44481172ea3dddc%7c
m.exactag.com/	1969-12-31 23:59:59	Name: session_session Value: cf46a598bb6540f798fb78ad
.redintelligence.net/	1970-01-20 00:30:20	Name: 8lcfmzhxc8d6_uid Value: 4783579d5704aa6c
.quantserve.com/	1970-01-20 00:30:20	Name: d Value: EHIBCQHOJIEA
.quantserve.com/	1970-01-20 07:50:58	Name: mc Value: 617df396-a9fc7-a4211-f1211
.pubmatic.com/	1970-01-19 22:22:10	Name: KTPCACOOKIE Value: YES
.mathtag.com/	1970-01-20 07:46:39	Name: uuid Value: 8a6d617d-f396-4700-8888-a39ca2e03184
.mathtag.com/	1970-01-19 23:03:56	Name: mt_mop Value: 4:1635644310
.m6r.eu/	1970-01-19 22:20:47	Name: test Value: true
.pubmatic.com/	1970-01-20 00:30:20	Name: KADUSERCOOKIE Value: 0BD9DFC5-3E18-4225-86B7-8901121F6AF4
.mookie1.com/	1970-01-20 07:49:32	Name: id Value: 10810327956863280587
.mookie1.com/	1970-01-20 07:49:32	Name: mdata Value: 1\|10810327956863280587\|1635644310847
.mookie1.com/	1970-01-20 07:49:32	Name: ov Value: 3e68eacd26548e1f6ae35e8238f8d4b1
.agkn.com/	1970-01-20 07:06:20	Name: u Value: C\|0CEApELAWKRCwFgAAAAAAAQ13AQCAAQpAAAAAAA
.agkn.com/	1970-01-20 07:06:20	Name: ab Value: 0001%3A4hddVZYkwqSQeWyQKGF%2FfzxMgGT4B78E
.turn.com/	1970-01-20 02:39:56	Name: uid Value: 2801801330616571653
.e.dlx.addthis.com/	1970-01-20 07:50:58	Name: na_tc Value: Y
.rlcdn.com/	1970-01-20 07:06:20	Name: rlas3 Value: woJP9YsH8Rdgqmmm3NP2OuHTHr3oU909ippcKvCeAzY=
.rlcdn.com/	1970-01-19 23:47:08	Name: pxrc Value: CJfn94sGEgUI6AcQABIGCOndKhAA
.m6r.eu/	1970-01-20 00:30:20	Name: cct Value: 1635644311050
.m6r.eu/	1970-01-20 00:30:20	Name: id Value: b1774dc382c36ff9736855a54d3e35bc
.casalemedia.com/	1970-01-19 22:22:10	Name: CMST Value: YX3zlWF985cA
.advertising.com/	1970-01-20 07:07:46	Name: APID Value: UP40ed6440-39eb-11ec-b616-024c40ea4836
.1rx.io/	1970-01-20 07:06:20	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-b134b67d-23aa-4b5b-a01b-41bc511ad974-003%22%7D
.krxd.net/	1970-01-20 02:39:56	Name: _kuid_ Value: Oc-_Vkt5
.addthis.com/	1970-01-20 07:50:58	Name: na_tc Value: Y
.dlx.addthis.com/	1970-01-19 23:03:56	Name: na_sr Value: 20211031
.dlx.addthis.com/	1970-01-19 22:20:44	Name: na_srp Value: 3614
.targeting.unrulymedia.com/	1970-01-20 07:06:20	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-b134b67d-23aa-4b5b-a01b-41bc511ad974-003%22%7D
.yahoo.com/	1970-01-19 23:49:55	Name: APID Value: UP40ed6440-39eb-11ec-b616-024c40ea4836
.addthis.com/	1970-01-20 07:50:58	Name: na_id Value: 2021103101383100040741485864
.addthis.com/	1970-01-20 07:50:58	Name: uid Value: 617df397906ca286
.addthis.com/	1970-01-20 07:50:58	Name: ouid Value: 617df397000178e96f5aafa5841ad764c55f983089b3d0a2d91f
.dlx.addthis.com/	1970-01-19 23:03:56	Name: na_rn Value: 1
.dlx.addthis.com/	1970-01-19 23:03:56	Name: na_sc_e Value: 1
.travelaudience.com/	1970-01-20 07:50:58	Name: _tracker Value: %7B%22UUID%22%3A%22C7FC03F8-63EF-40DD-AB75-1DC605806DF7%22%7D
.adform.net/	1970-01-19 23:03:56	Name: C Value: 1
.adform.net/	1970-01-19 23:47:08	Name: uid Value: 1438861306692402358
.innovid.com/	1970-01-20 00:30:20	Name: uuid Value: f7f145d1-98b0-4bdc-9e21-418e0b5c0173-20211030 21:38:32
.tribalfusion.com/	1970-01-20 00:30:20	Name: ANON_ID Value: amnseFy4ZawEBA9MAJP7btZaVCvSfvMUfUh3ScBgQc6biZc6gYZcxZcqWWf6KCCZcZc86FLge0bwR0ohtYI7lOZc3d8G
.smartadserver.com/	1970-01-20 07:50:58	Name: pid Value: 1824485894085902964
.o2online.de/	1970-01-19 22:30:49	Name: webShopPV Value: ?partnerId=O2_DSP_TRA_HAV_14114_PV&mediacode=25124645_4307561_316931993_137415464_-0&ref=25124645_4307561_316931993_137415464_-0
gruposdewhatsapp.bar/	1970-01-19 22:20:46	Name: tt_c_vmt Value: 1635644313
gruposdewhatsapp.bar/	1970-01-19 22:20:46	Name: tt_c_c Value: direct
gruposdewhatsapp.bar/	1970-01-19 22:20:46	Name: tt_c_s Value: direct
gruposdewhatsapp.bar/	1970-01-19 22:20:46	Name: tt_c_m Value: direct
gruposdewhatsapp.bar/	1970-01-20 15:37:32	Name: _ttuu.s Value: 1635644313281
.t.tailtarget.com/	1970-01-20 07:06:20	Name: u Value: fwAAAWF985mdkgayJaDyAgB=
.t.tailtarget.com/	1970-01-19 22:23:37	Name: _ssc Value: y
gruposdewhatsapp.bar/	1970-01-20 07:06:20	Name: tt.u Value: 0100007F99F37D61B206929D02F2A025
.t.tailtarget.com/	1970-01-19 23:03:56	Name: ttbprf Value: ___de_1635644313593_2826377665
.t.tailtarget.com/	1970-01-19 22:20:46	Name: ttc Value: 1
.t.tailtarget.com/	1970-01-19 23:03:56	Name: ttnprf Value:
.arc.io/	1970-01-25 02:32:38	Name: widgetOptState Value: {%22state%22:%22UNDECIDED%22%2C%22date%22:%222021-10-31T01:38:28.590Z%22%2C%22dismissedAt%22:null}
gruposdewhatsapp.bar/	1970-01-19 22:22:10	Name: tt.nprf Value:
.tt-11382-4.seg.t.tailtarget.com/	1970-01-19 22:20:47	Name: ttca Value: _1635644313
.gruposdewhatsapp.bar/	1970-01-19 22:20:47	Name: _ttdmp Value: \|LS:
.t.tailtarget.com/	1970-01-19 23:03:56	Name: n Value: 1635644313
.yahoo.com/	1970-01-19 22:22:10	Name: APIDTS Value: 1635644314
.analytics.yahoo.com/	1970-01-20 07:07:46	Name: IDSYNC Value: "18wq~219d:18yl~219d:1762~219d:18yx~219d"
.blismedia.com/	1970-01-20 07:06:24	Name: b Value: 617DF39AC94E8EB93525C68ABLIS

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPJB2uqKWUyDBVpHyuqr9jkG7M8-ItvhA8R3el8BtJpVnsGEEHY7CthhPjU00G5VyV0NbTbWZwqRMk8x39slw16593-n-q14&google_gid=CAESEPok39eb_THqR2742tbB_S0&google_cver=1 Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_gid=CAESEFnNVR--8uLnG2fvCM0kbjM&google_cver=1&google_push=AYg5qPK-BHPMAaVjTV0HvzZPVQLBcgaLAwjtf3HYWe2T9Owni2mnog2wqGipxNwsoq12ncTzc4iw9AaegGK9Ltg5g1HKtdLykRo8hw Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIIlLE3R6IM_vWtKAn3HSVxTr0DUzTjnwqjcfytcr8Pcihhb0RW4afjr3_wjgDa2q4XAEcheH3hvbVLz3S5q-RPKYNJhoK_&google_gid=CAESECcqWczW73mJIPEbUc_K6Fg&google_cver=1 Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESELEOD-SovCikGWy4q8vM3qw&google_push=AYg5qPKMtg6RE5W_SUV_IGvphMXllDAehoktSPijaMo76k2DAuiNYQ82s2BS4BPhttqsNFsZaCJs5d8I8rfDoid37xZpW-wbZw4 Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_cver=1&google_gid=CAESEIRTyXCkfU7dZwvD_CeZvA0&google_push=AYg5qPLDbG-dIBSO1HPBevnrh5o7DXwiDbnrV1MLmeHtD1pcSLTndT70ag9K2DiZl2eHRt7M9n4Vd3dguu0DnLS3c295VrcNAw Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPKDkxd2c7nupQ5_K0Tey3X6BySFnpteCwN4sTlV0fp7Qr46adHbjpIX2_PvDYDsjERqCr1hbCiQM59yaworpu7uwBnLsCzhcQ&google_gid=CAESEOjK6OZZsOOlHSpXXvMKz9o&google_cver=1 Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPLFOQkaRmJIm9ZxoMS155A2-GeeiN0HbXzC0NzK27whw4jhUij0KcnR2ImORnIdoAS1b-hgRrW-Ft31iGKruAGqS9k7D74P&google_gid=CAESEM6pfD0GILacsYvbb5N7xNM&google_cver=1 Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YX3zlbtJTfjVXfVMmN_7igAABJsAAAIB&google_push=AYg5qPIuE4JL5VhfsUYgu_WNNtC_Yhrz1fOA91zB-x2xiAaUI9vyS2wf_zbiN10YpYP8uNWwtRumwXK1BrsksRCTxy9mzAWdzgm3DA&google_cver=1&google_gid=CAESEJOjQSJpSvWK0D3mskFbJlw Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

06f335b3e8106d77cc8287d47841ca5e.safeframe.googlesyndication.com
2761bc58de536222df6e4fb194b0fec9.safeframe.googlesyndication.com
4a73f112390e58ffe5dd302c4a8b9294.safeframe.googlesyndication.com
5994599.fls.doubleclick.net
97c0288906c2116bb7bff03a5fa07e2c.safeframe.googlesyndication.com
a.tribalfusion.com
a107e1d6470dc721e0a390fad1d4c694.safeframe.googlesyndication.com
aa02e02ba40b9a565d7af3c41dbd0600.safeframe.googlesyndication.com
ad.doubleclick.net
ad.turn.com
ade.googlesyndication.com
ads.travelaudience.com
ads.yahoo.com
adservice.google.com
adservice.google.de
ag.innovid.com
arc.io
b.t.tailtarget.com
beacon.krxd.net
c1.adform.net
cdn.contentspread.net
cdn.krxd.net
cdnjs.cloudflare.com
cm.g.doubleclick.net
cms.quantserve.com
code.createjs.com
code.jquery.com
consumer.krxd.net
core.arc.io
d.agkn.com
d.tailtarget.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
e.dlx.addthis.com
e82277aa744b3a1d5f4027fc17944c51.safeframe.googlesyndication.com
encrypted-tbn1.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
frame.ageureka.com
fw.adsafeprotected.com
gcdn.2mdn.net
google2waycm.netmng.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
googlecm.hit.gemius.pl
gruposdewhatsapp.bar
hal9000.redintelligence.net
hal900019.redintelligence.net
ib.adnxs.com
id.rlcdn.com
image6.pubmatic.com
m.exactag.com
match.adsrvr.org
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel-sync.sitescout.com
pixel.adsafeprotected.com
pixel.advertising.com
pixel.everesttech.net
pixel.rubiconproject.com
portal.o2online.de
pr-bh.ybp.yahoo.com
r.turn.com
r4---sn-4g5edns6.c.2mdn.net
rtb.openx.net
s.ad.smaato.net
s.tribalfusion.com
s0.2mdn.net
scripts.cleverwebserver.com
secure-gg.imrworldwide.com
securepubads.g.doubleclick.net
sender.clevernt.com
ssbsync.smartadserver.com
static.adsafeprotected.com
static.arc.io
sync.1rx.io
sync.mathtag.com
sync.search.spotxchange.com
sync.targeting.unrulymedia.com
sync.teads.tv
t.tailtarget.com
tag.ageureka.com
tags.t.tailtarget.com
tpc.googlesyndication.com
tr.blismedia.com
tracker.arc.io
tracking.m6r.eu
tt-11382-4.seg.t.tailtarget.com
ui.cleverwebserver.com
ups.analytics.yahoo.com
us-u.openx.net
warden.arc.io
www.google-analytics.com
www.google.com
www.googletagservices.com
www.gstatic.com
cm.g.doubleclick.net
google2waycm.netmng.com
tracker.arc.io
104.92.106.130
142.250.185.66
142.250.186.166
142.250.186.66
148.69.64.76
151.101.194.133
172.217.18.98
173.236.179.96
178.63.52.121
18.184.201.8
18.223.141.84
184.30.16.79
185.29.134.244
185.33.221.90
185.86.138.132
185.94.180.125
198.47.127.19
2001:4de0:ac18::1:a:3b
2001:678:cb4:bbbb::11
213.19.147.45
213.202.235.10
217.182.200.20
23.111.9.64
23.111.9.67
23.218.208.246
2600:1f14:d24:9300:e494:24e3:c795:8468
2600:9000:223f:de00:1b:5138:8a40:93a1
2606:4700:10::6816:4c5b
2606:4700::6810:125e
2606:4700::6812:d05
2620:112:f000:bbbb::11
2620:116:800d:21:f916:5049:f87f:108e
2620:1ec:46::45
2620:1ec:bdf::45
2a00:1288:80:800::7000
2a00:1450:4001:6d::9
2a00:1450:4001:800::200e
2a00:1450:4001:801::2003
2a00:1450:4001:80e::2006
2a00:1450:4001:811::2002
2a00:1450:4001:812::2001
2a00:1450:4001:812::2002
2a00:1450:4001:813::2004
2a00:1450:4001:827::2003
2a00:1450:4001:829::2002
2a00:1450:4001:82a::200e
2a00:1450:4001:82b::2002
2a00:1450:4001:830::2001
2a00:1450:4001:831::2002
2a00:1450:4001:831::200a
2a02:26f0:f7::5c7b:e033
2a05:d018:d29:3601:f879:a4cf:9cbb:9098
3.124.136.236
3.126.56.137
34.102.185.99
34.96.105.8
34.98.64.218
34.98.67.61
35.190.0.66
35.201.123.184
35.227.252.103
35.244.174.68
35.71.131.137
37.157.6.253
52.18.11.109
52.211.234.106
52.222.214.85
54.154.149.33
54.224.22.215
54.229.249.145
54.36.108.3
63.32.255.93
66.155.71.149
69.173.144.138
72.251.244.142
78.46.90.238
82.113.101.132
009bf00d3831fb62595adb20e170ed288d8a157493fb6028b1888b05875ed8f3
00c89e128779eadd9c372c8dd74786910f790b72c00976fc08044182b1c9d9ec
01c30d5b9a12177acd4db8eaef8e96e9f713b74c615d5752c043ad170123389f
024bf58839434bcdbb669f44e683ecbb58be25cde0d0e721d68031a67a40dd40
03be1282d705d91f9eab5f97d002610e2c2478fd6b24c6b9a0972bfb7bdda931
068a10c134968f5b4e31e5bbbe09435b445e451903424098699c484b7d1b25ba
06e13e753ce02eb311a0491eada8d8671a0c4fa4f85d3b94bb78ed1d0aa76289
076b222b1d056f5506eea927973c18c7d736195002f105e918b86481db21e20a
09afb3aa2916598b8cf8a3a0961403053a21fc846ef212574528bf62875cc36d
0b0cde6cfa913a4ae74911c4638f0ec6898d21f4f733f7f6bb9b14a04a6d4924
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c3dc6e13250f032cfa24b0eb3a80ba8dea1900849d165d3429e5f713539c658
0d708e6899a77c81a9547e6d36f81d91d4391f1202c6cc973df9f5c106ece767
0e06b42d5fb5e0205cc8b55ad86c899efc9c4159818a166543f2b9c4955fe3a3
0e3a834272c75d9de3cbf142e8a825517c2079a8d3e984f80240b497f7b0bc23
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0ee2c3ecefa1a87e8db59bf7fef560c7b14007d073b97dbda9c80494a77a2669
0f24863a3d15acc434a6be64ac2d54b606012abeb004960ac1215f764251aaa6
1000b7d7d1a3eafb517dff8af1747033f0d0885570b0b37af3d653b726d4ec17
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1437cdd25532919299784f840c613a46dbcf783903d558bcf5386defd7cceb1c
14dbb435fe86816e0aa258d5dd9361ebfdfd20bfe96523b9eab592cbecf36075
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
19311967464cd6447bb7fba382aa67939dcca903a56f1ac925ac2a80ff33642e
1aa316c3dd2fbb1b874bef31fa50cd9564e1813a2987c2d2c67257c90c849675
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
1b4e852fde612daeb72f1f4cca801a99cc2730875048c5ac3faa9f5ca5854155
1e68cbacbe27a32e9d10df40b6cc724e9c29abed6152c7b454426d5b76c5a5db
22505fbaebad399c3081bd160240ec910f78b83454eed1506e63c67a826a6607
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285
24f3cdcac4fa0f70e18f5e668b7306076960c6ecd6ea81a708afb8ee4013ed23
26231a92d159f0ba32c17a9aa6fde2e5038f59e1a5a9b15058c5cc2ee8e40f1f
277efaf77277e9c32321838ef9480109ca75db052dfb0dd7558821f36b671dfe
2a0d5016c9be45fd2d7534bf47f3b2c67d3d1d47e64e31572c28a94b984e7014
2a570c9f841ac209406cf22612c7d383941480fd2a9ce43fd53e4d43448ff5f3
2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396
2d76d64fb91e3321e030f273de25963bbc2992ca234086efedca4ef9bfd6135a
2dc4a6f94ef60d217d41f440b35753db8a1af821246bf762c2aac722ded27903
2e7b8ddc2df8ad1ef42f7846f30e92a666b4a79d319fa52405745b6c99f4abaa
3082b0f5d766f08f34a2077d48da01d41c9283376883472fa0965bf1b77283e0
3176406817d7d64c95cefe214cad4ec7287c7636f2c98caa92dbed8b4cd02f61
31e0cb36013a6726120a21ccf47bb434a0712b9d7490a4c0252472e73bcc4e40
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
35192762fa623e317af4ae958d5b4ccad4bf6f396615542277dea76637c1a264
35e8d96d42f0ffa258060a98b45f013829bc57b3ae7be71c9f54c037b6e0e707
3729de07090fb8cfeb2d3810f33faede05a4d7fbe9cb16bf703c8445811a7dbc
385a356efa4114b719beed902aba094c8a9ca1a9381d262b598857c23fdd635a
3b5169cf7eef762a1dd4062c29e63c2bab2f3691ae47f3b8c37182fbbaf4104b
3db51ab50308ac63d24f672051ae46a7fd355653204f3cfae4773684c66d6522
3e2273757db82c512c7724a56acb665cb430985d237d01303add41f5aa2a59e0
3e6a677f020945204f2ec33d9284cd6af5d0bcb18051de7ef6fb43211ef50ac6
3f06a0c7d32aa12a6591b19926eabd9c084ef27adaa66cc88ba19911aee89e73
3f3dd6455ce99ce966ac4e2fdfb0075b9a090d07f2643b48e9636f1ec19ddcda
3fa26ebef6d2e2ae33d1f2be60ef7a5f3a940bed5830101a0fb2ec3365b440f6
405c18f9cfa166607debeab6a076361150bbfb3d91c1c8ec5481aec54df84923
40a1b3366662d4c052b65b0e7842e3e7f78c4514afb3b4a387f550108ecdab03
44e04e4776c58b34580006ef8e8a1e1ae336f3e9c429ae242fe9a8f090889b79
44fbf6d6ad72224ebcef63f7c8e2280fdf1b5a2f15d1749115ea41ee76b76f66
45344ec706e661760887e42f8797c4dd446805b24657d99318b08d211f2e549b
4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b
475700259e64d480d1a70023e14741bb298a025e338bb608552e2472d4505a65
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
499b5e85f090790d4816e771edb671c960e9a76be40ca04a613c36a79387b0c9
4af635698cb6488a8df86b99febedbc979c76e04f675f3a9cdc66f7b4d86aff6
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4dba1e011745c1bec0b32691b466bf85c8972935bdb186a45fc96296136b23d8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
4fa9dd214c4a6848e3bb1fb60931194e912db4435550b032218658b020f0c4af
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5115fa77544d15c7371d108be6c4ca65aa2d6b5b9f848b0e11e4e738911ec535
5209704cbc1cb533211db54cd28d32624c2a4f70852d181f5e61915b49156557
526d16b4f5bdbd079227dbef6dbc47f8e7ba4c71aaa901394f0c0e77dd26a778
5271a09f674120f3162f5fbff8afbde580258b5a52ad05aa24f2eb44ee4870e1
546cddbcaae7b24edd1ecbaeb399c1eaafb39e1b1ef2047427926f2451806a7f
54930f8d5930ea73a5643b6e7cd4f3e5142609ed371fd9d1969ad38dba591ab4
54dfb935abb6204a5e45888d14297e054b9f2f94416fae2bb40d6fb443d08fac
583eda12fed77c078f7391866e53eedd80aec5b9b178a3537a3c4c3b09575485
58d6350da5588a52d6baa4efc27a3362b4ee69dba3504fc762f934d7bb5d0bc4
5a57cecd2bf4d6d3b8498c67487333f6dc9e102371f5e48ffc7fcf18a6e8487e
5b54e07cd55fa2cc3803bdffff6b3ce04466c4805b120e7231b0e3b76973516f
5b85d1fd2022391164cdf06047740161c67231b13de578b70280b03e4e54bc0e
5c270fc7accd11519a2045bad5b2c060dc5d20893a62f59c11320f2123ca6a62
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
6079fe6551eac3122b7cd973f4d7e646759fef9d369537190543efd872afd102
60ff47dd82f8534f9648d87f9a2a19c4bdc9982319e00fafc2c350a5ec6a53c5
62758a2fe5b802f8f861ac931b348d29cfa4c1bece4b86c79dfe54e199ef3388
659aba74af795768d9d8d2ed688e49cd5f47d9425d5a1630329a845759b4591d
65dbc5382d6b3f90cdd386f26822de72ea4d3a82c5e8286ce9cfa903b7cb69de
66a40c269af4405d2119e9e1614938c53b62e52e46bad28eeb6a4af38041476d
67cf5c21bfc71ee46210832792237e4a6ccd99e5c7bc198b046a38c9167fd0ab
69d774246195b9abe605a10066981c9200d4ffec15250bfd8d29e2c216d0b9f7
6a9a5bafa80bff7a29351962671bfafad98917892a6ae4830b45fc7aa4d11bcf
6af01199741c29eb5a39480ce0f027872dad0cbe236a949d0b453794df042a3d
6bfbd69a1d047d98bedbc48cad25793a5d7c054dabc0418573a59083be00f7b4
6edfad1d5d6275fc7ade68ffb1f07d480fdbb39579fa359bc9c7ea1d4649fce9
6f0d69280cbcbe935847ebe50153a7d6713a2e4a751d8160cf92850c44911b73
6f37e1576660d99680e6d7680fe3b9d971a06b7cbec45c97f8d62acc95985f02
6fdd4e9b40aca531e10530f776c3fbb6ef8c74d360d93a75a23cb22153fbecbc
7155d8dd40ece849d72213770b3a5b84467de8c6cab5c3bda3266808502cb69b
72112391117dac0ad750bc347974b7cf574070e6801d0b458d46c3ec492eb8e8
749a8f4e159531f6dbc5f3699f7fff2e791dd829840bae6c79dbecad8a1740d9
766993796aa7ab3025c7e0f757ef7c8c62179adf2e7487ee18b9e99ed24c3337
7681381e1638aeab76152fbe305d3bb0690438e388a01512e8d313adefe31bf6
78b8b9c06e8648b397191402eb4ca35c9a83400e71f2338c84f2ef1393ef32cf
79054cc265700080b7d945a9b1797607e3a166c6c3393a5abb59b4ea1c448476
79bae354099f2a59ad59d3cd079994ac27dfb9cc445c901745cefb753a8bdb42
7b07c02003e6165d5cf4edd56009f27a6857a582e5dd7cdbc4dcc8768501df76
7c310a100b2bb38cd97a6ed696abe3dd3556b707607d207a13b838cd89f73e78
7c8e92d534c0854cb3089c6c9959626d66a0ae148bbee71fecd9709856cc2344
7d10fa1d9aefa7b26452bc6daff08105c29f61ed71d64e727a30d0fe71b8ea52
7f2f64ba75042bdb3dffcbf33c695c84f2ee9883ae6f314951f528a5700d964b
7fb740dab4620f2d5de41d2d9f0bcb6028e02cb761490bce0c88a14c1a907727
80b6cb45660038ca8664df098c41002469441da18a13ad4c53d9c85898c22a5a
8156274be416705f770f8d4e0338e9886f99a863f433e105dc497f2e998f1812
822417f3e1ffd4b0b0f13e20c0d28ddc16471fefbc05917c24bc6245c23ac68c
832a6fb3e7801ed064d4533e56f0d444284e8d92793a3184639425aced41fbd4
84f8061a68058b0dd35d1c7c2bd4b475e6ab38d4374dc9f8394257be457570cb
853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb
86528dae2901b5f4d10b42f3a38beb86267c534423ad2284c9e387fdd55f1162
87c161b2701b2efa2b6651fc7c5f2d159b8038b9f67b7a5ecaf5df441b751ddd
88a23ca533975c52e52d9fb5a7940851ba1da60e4f38e6e4b13fa43331a089e8
89742b37321a6bc1cd0bd68556ca954b3cde7e0afa490b585a66aef5bf5c4a4b
8acf26e5da31fbcf97b58ad60baa4121ab276efd4ab78661e842fee1ff975071
8ba5f7dd90330236b3679e21e7fcabaacebed717b7f2844d21195659e4901b72
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e66e181781d55afc5ebbf791ad856bf448ab0f068e2c58c7a2cf17f8973ee33
8fcfb0cfa4ea8b4a1d192b51eecb0f6be078d706b99adbee8c6c700faa7e3777
8fe9d28d12e8c33e9f1d5ab109c2570547ee6648ca11fdd79b7523c6d2e2f6a2
8ff1ba9168acd72b164d43b76293ebc0dd85bb6ead45bc4eafc573cca190987a
9098bce32fa311e967ba3bae1f3c4763801acf08ba95c67fb477f468e42a69a2
91ca886b63c6b4e99d88dbaa8fbb151a1a7222b15b4efc43753de9142991aa34
92fd4a755e535332f1ee8f4876f155dcbd98f8a5dfb45b0b61c464cdf8431fd7
936047e29bc4ae82f5dd26383d9039abddb5569d5fa4b9f85762628446ba14b6
94c861b3e4bc918650205113892b86d7768e0fbc75fdfcd8e103e87988eea6aa
95ed394f2278bc0f10f9d454413268ae015d38b42c01cc0437e3eaf84847b50b
9646082bc88855cb4ed8d308ce7104a23f09d029d1772d57f00470aa35ad16ef
993a3ec7ad5a571ba327884c4636d9f2ee454ddd8db918b094e9a1a7504e79f5
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b08cb6068e70fb67de0576ef27d427a403e1f0055777b7fc5d736963e6c1ea6
9d07f01e075074db0154aae1cd5fc2f2f3ffe87d787783f686444f5583503437
9d72dece8ed48f4ba9c11e021a9cec5bc4e698ff95da7e378d71bca8a18c5667
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0aafd519f77b9a38b7d41d1456df8e1b582456737d3df87363ea931b3b55b5c
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a12ac29d1617bc71b7d520627ea3f63ccd6e8deed2254c97d274f03b6449579e
a14c5bd9b77327adfa00669612c289eec1ef14d28cd1843301f069d237a1339e
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a3b36b66c12deec718c88225fb468f9c98750178414ec918f69e9ca402fd996d
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a61d67250a5c36640e22099937af31613e68d6134439d5d4329efea0372aea79
a69ba7b00246d812d6023132ad38944a8bc93933dc805c9bcb512d04a383fb55
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a96d4f0941ee39c51a38bb5c6215fb390139d6dda4d21bd4a70d44302d7dea8d
a9e6082bea565f92e7d344131babb21a5aa9036288b25b4a145f20c98d379880
a9f0577d4c9c7d50ec09a98133538069ba395981e51cf89b985db151294e73af
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
aaee98f612d8fb2a52e2f77849e016f4fa235c8362b47c7835ce974e905068ec
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
ac16dcb2069f804fdd08720f5e6ad56b53b456576394a01f1536f8dfab0b3d2d
ac99a7e078d69db7c7d7b6abdeb6f4ec954dfa3c78855db52c87d163612acc31
ad8b12962ae8e7b1e5a90d30d5daf381777909bcc20b06faa9d148b888f6cc8b
ae01152c9fefe2dc623fa8705a829fb0ef694605c398d7a7f8db8596ac3d6f17
ae8fc06de3bf41915d227c897a89b47a0f32a3a75c09dde8d39ea1dc27d95318
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
aff60aab429342ca14acac768a91f1877a51c6e7bf9d96f07f421f26f90bb9d6
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1ea339daaa89b586a011d5bd1950ac69401da87ac9b364d631847cf3e2cd7ca
b27a895783d81dc3f25cbc7c638264fdcaa56844aa8d874aef77fb5cdc80c9fe
b3eaceb315bdb4b26a0a31521a230be2332ef34429226ab735d0757c4d13c7ef
b4b97f786e58c9a4e231d62b35d544128a3dc6962432abcbfdcd7ba68d73e940
b5d46e8963ed3a4b9b3bdc29e1dcd88106022412618ae555b7690080f1fdf822
b684dd040789421a46a73d15a17624fca22594a692d2200d4b8362f497a59948
b6f09484d794a76a45ec6a8fa0efb3f2814f8505e7a76ce8dced3288547d7613
b7b1b2da2c4d6d87ac46494543585def2fd0ea30d762a0c72b63ff856374c40e
b987ccce88aa8270b5d5c31459cababbaf8d62e3986e3b9d3b837a4df342e3b2
bb8d29797644e3e1a87f7ec24a8fc106e59751e0159f0c7a0510ed0ec0f867b0
bcef07a0db2d0b2949012cf65343bae0c1615ec230c5237ba603c61575f2a07f
bd04460df3ca7cd883522619b5c98bcf2dbe6f8bc48ca5ca62af7efd20925ce2
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
bf6fb3ef177aa1402800cb8b2c3fed81553af4d0099295a6690538f82c1e3461
bfd119aa87db56d4524f4ba43ff5d050459b7053b66b3874992eb215bbf8f675
bffb5af21748fb67041d582fced65b85329b9e293b6f6d9032187d68ad441d2a
c0ad5608f211342564118d3b5249a7fe5d40f709ddab2f2079cd8c6cc8a8df67
c110419995948214e5b16d9d0df8f7d91536cc42783edd90c7fc1810308309ac
c271a4ac1499269ed566e50e5f5ff63d0fe849196bed4096228e544dd7720116
c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95
c2bddab4c08abf1443397ace5c9701b4cebe0d04a861504db50c7f667f6a8f70
c31fbf9b444b488ab8ad169b089d4fbc3b6bc7ece221cfcac3c95f843ef72b33
c3b9597a90a43830b2a92897a5ef015ce5310e7f32dbb5cd1db2c807c5e6b036
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
c5c2e05e9b7f4a7ffa59fa2c56023a710e816db99b78d7d24ecdf9678195165c
c6332686191be692c9e3123f851619c97f699084560e4370a00a8d1b5e5cb32a
c7659ffb0d3df377c1234d14b4070c72e387079e938702120b7c4dd2be608f8d
c82a5a2ee3456f2dfb44a85ea68a6b11878deac48e2bd9a7ffaaa2ef85661a10
cc18f16a6649d7057b804750cfdf44ce66a547da0d1292f6c11dc57b3e5b06a4
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ccd14dda4c2d3d47ad9a99644b1bd3b9fba62e24f7a3d450f4f190dcfb5d9566
cd1b986921be892a8a35adf08e9f19b7065593708080f2d4c476d8e4b4918041
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfae236a298e8dbb945b2a0fbce027a47e90262f256eab639014f11a145831f7
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d7436f5c0edcf552e5913dfc6b19cf74c39cabd08a2922261951a73b7385bd45
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d7a6c57be84a2088f7cdfd0d3a289ced1e5097cc8a6ced0de0185d4943267f52
d7d84b52ad69af4ad3a3c9866a03a9f5f006b8c391254ce8d26639067f7a5a7e
d9bdfc3e070d8550ec5e8e0bd255d4e9d01ae36993a321d04243d54018b4f28d
d9c894588132662e56bfd636ab19a57831c4fe106a207a453f20b3be316732b5
dc847fd8b49a823b27d677fdcda9a357cdb6549b65e5dba2aba71c4aa5484d81
dcd346804a786db16b40af2672924a5b8787623f71d648a017da7e236e1b19b4
deaca6282c048bb3fdae63b3158bb0f93b2755ed07ba852a54b5bf56e9bc3e86
df660fd3ad4168b7c32eadc3b588ee90334003a7ea1af3299536be4e6697fcd9
dfb5f646e583b7f7566b512d01ad4fe7a8bb81b83d8225cb31efe8375c1aa7ab
e12f8dc7ef1dc835c5ff78bf2b0a5dfe3da5804498489494fcf095ef61b72303
e138f3efc551dc31b46688f12a95c4e668929588b8c0d7e6e2a986090b965e8c
e234d40f147f882074ec0cdc8056cbef522781262830a7e41594815da1839f7d
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839
e4a31566b5d0ce7aee7fd533563b30f3fd7ebb8a46567f06bdd8c3cbf8699098
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e7390d3bd5a07554ca871a7f02f8585f0709b3fe6422fa75f20fbe0b9b05c94a
e89a316ebf1c63ea09e2b7b5889fb55e1ffb326c7b2b172027da0948f5709f6a
eaaa6059ef4c9ca12e78fcc03ae77ad4cbf05dc73c1fedf64b28a632868bd829
ebd46e76988d8286060ccab9ea7424878d810904da05e4e37eb57c1614c3dab3
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2a7e5ade77d712f4303757e9c0c3185f72f24cfa5f5da33bcabc63abd376a1b
f39ebecadf4bc3f96d0e1f85088b4fceb1ba2b51e01544ba4b29fc95400fc5c5
f3d70165d1438b13b94b2aebf55f853777b6f44c8ca0b3473728bfefa90b115f
f5c427415dfd4dd8527a74d0c65a126834cb37f721450a2e9b1092ac60a4abe1
f6c471262cfb55248a92cd1347abd7675a752cbbf6c36f9162e06006b758b31f
f79352743bcb9548df3493418e1b70a26ac1585c6de173820d0f7057ed10f966
f7c6de2f5b4b0401816dc0eb716d4123ba7c388b66799e9eade8ee155d66d0b1
f87a4b2a4acbaa053da2e6df56367f4396be15a72f719cedd071e7812725a443
f8c250368fe43eadddcef1351e8ddbf5b0f45f4e20669b04437975fa8eb7c852
faeadd049e132b35030e113af8f70aa45d35852c4b07e9304d683bc50674d173
fb1d7b6144bde90327cd64b86e7742a9b11a3b2b3658d71dd80115195ff2debb
fb1ec483c57494c1fab03ad45072746064a7fc84fe66d8c1b07aeb1edf3c6acf
fb2b1971e54b31144a8794057598aba69ebe1d416c8c75d3a142942917f5e58b
fb8b68bec1476f00142126c374d93b39ae7bed02a43fdc08534529900f8cb61c
fb9268e99659f17a183de7aa0d4e27453f96c159a7ba99d6482522f8f72d1009
fcc1440384916e24bfba896ac169c4bd8d59b2463e999a4b85a577069e19eb4d
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
fefbef456d0bbdd2d5b8bb6afd9b048b4e992256f0929d14f555309508494e4e

gruposdewhatsapp.bar Open in urlscan Pro 173.236.179.96 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

667 Requests

84 %HTTPS

38 %IPv6

57 Domains

97 Subdomains

60 IPs

11 Countries

7776 kBTransfer

18067 kBSize

76 Cookies

26 Outgoing links

Redirected requests

667 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 28 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

gruposdewhatsapp.bar Open in urlscan Pro
173.236.179.96 Public Scan

Screenshot
Live screenshot

Full Image

667
Requests

84 %
HTTPS

38 %
IPv6

57
Domains

97
Subdomains

60
IPs

11
Countries

7776 kB
Transfer

18067 kB
Size

76
Cookies

667 HTTP transactions
28 data transactions