urlscan.io logo urlscan.io
SecurityTrails logo

investmenttotal.com Open in urlscan Pro
192.232.219.83  Public Scan

Go To Rescan Add Verdict Report
URL: https://investmenttotal.com/iframe/336by280/?utm_source=facebook&utm_medium=social&utm_campaign=remarketing
Submission: On October 08 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 2 countries across 5 domains to perform 27 HTTP transactions. The main IP is 192.232.219.83, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is investmenttotal.com.
TLS certificate: Issued by R3 on September 18th 2023. Valid for: 3 months.
This is the only time investmenttotal.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

1    192.232.219.83 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 192-232-219-83.unifiedlayer.com
investmenttotal.com
4    2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
securepubads.g.doubleclick.net
1    2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ac9b9e57320bb186688ecf991b4b2756.safeframe.googlesyndication.com
5    2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
9    2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
6    2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
cdn.ampproject.org
1    2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
Apex Domain
Subdomains		 Transfer
15 googlesyndication.com
ac9b9e57320bb186688ecf991b4b2756.safeframe.googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 108
tpc.googlesyndication.com — Cisco Umbrella Rank: 157
60 KB
6 ampproject.org
cdn.ampproject.org — Cisco Umbrella Rank: 379
127 KB
4 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 214
175 KB
1 google.com
www.google.com — Cisco Umbrella Rank: 2
1 KB
1 investmenttotal.com
investmenttotal.com
3 KB
27 5
Domain Requested by
9 tpc.googlesyndication.com securepubads.g.doubleclick.net
investmenttotal.com
tpc.googlesyndication.com
6 cdn.ampproject.org securepubads.g.doubleclick.net
5 pagead2.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
4 securepubads.g.doubleclick.net investmenttotal.com
securepubads.g.doubleclick.net
1 www.google.com tpc.googlesyndication.com
1 ac9b9e57320bb186688ecf991b4b2756.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 investmenttotal.com
27 7

This site contains no links.

Subject Issuer Validity Valid
investmenttotal.com
R3		 2023-09-18 -
2023-12-17		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-09-18 -
2023-12-11		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2023-09-18 -
2023-12-11		 3 months crt.sh
misc-sni.google.com
GTS CA 1C3		 2023-09-18 -
2023-12-11		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-09-18 -
2023-12-11		 3 months crt.sh

This page contains 5 frames:

Primary Page: https://investmenttotal.com/iframe/336by280/?utm_source=facebook&utm_medium=social&utm_campaign=remarketing
Frame ID: 07CCF8ADC43B4C645C61048FA4A5AED0
Requests: 7 HTTP requests in this frame

Frame: https://ac9b9e57320bb186688ecf991b4b2756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 800A058376B642336473A4F11A33650B
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012309181453000/amp4ads-v0.mjs
Frame ID: C88CECB90821378FCA9CC5BC4997142C
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 34833DB9B71C10A8298AEB09AB1E1E1D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 25E239C2132374003D2847BC2D30DA47
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Mesothelioma Cancer TreatmentMan and Van Removals Stockwell, UK

Detected technologies

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Page Statistics

27
Requests

100 %
HTTPS

86 %
IPv6

5
Domains

7
Subdomains

8
IPs

2
Countries

365 kB
Transfer

1141 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

27 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
investmenttotal.com/iframe/336by280/ 		5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://investmenttotal.com/iframe/336by280/?utm_source=facebook&utm_medium=social&utm_campaign=remarketing
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.232.219.83 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
192-232-219-83.unifiedlayer.com
Software
Apache / W3 Total Cache/2.5.0
Resource Hash
7def0d3fbcf3c57a7f7da8cda7ae863956a6f6cba002095a41e23c6fba84c74e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=3600, public
content-encoding
gzip
content-length
2634
content-type
text/html
date
Sun, 08 Oct 2023 03:37:14 GMT
expires
Sun, 08 Oct 2023 04:37:14 GMT
last-modified
Fri, 21 Jul 2023 10:57:10 GMT
pragma
public
referrer-policy
server
Apache
vary
Accept-Encoding
x-powered-by
W3 Total Cache/2.5.0
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		99 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: investmenttotal.com
URL: https://investmenttotal.com/iframe/336by280/?utm_source=facebook&utm_medium=social&utm_campaign=remarketing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9b5cc8134dc534008712ee1c01cb2f927100e63482c7313e193499fdfbd79b92
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://investmenttotal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sun, 08 Oct 2023 03:37:14 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29567
x-xss-protection
0
server
cafe
etag
133 / 19638 / 31078611 / config-hash: 4974023841911941900
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Sun, 08 Oct 2023 03:37:14 GMT
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310040101/ 		419 KB
132 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310040101/pubads_impl.js?cb=31078611
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ebcd7bdb5554e57888241a02b80e12230b08db50cffa39d16002b3726a55806
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://investmenttotal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sat, 07 Oct 2023 10:36:52 GMT
content-encoding
br
x-content-type-options
nosniff
age
61222
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
134827
x-xss-protection
0
server
cafe
etag
8968824880815585736
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Sun, 06 Oct 2024 10:36:52 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		58 KB
14 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1062212611251995&correlator=3970042493966962&eid=31078611%2C31077697&output=ldjh&gdfp_req=1&vrg=202310040101&ptt=17&impl=fifs&iu_parts=22964279705%2C336x280&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&ifi=1&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1696736234434&lmt=1689929830&adxs=632&adys=0&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&url=https%3A%2F%2Finvestmenttotal.com%2Fiframe%2F336by280%2F%3Futm_source%3Dfacebook%26utm_medium%3Dsocial%26utm_campaign%3Dremarketing&vis=1&psz=1600x280&msz=1600x280&fws=0&ohw=0&ga_vid=387269717.1696736234&ga_sid=1696736234&ga_hid=192851748&ga_fc=false&dlt=1696736234204&idt=207&adks=3046019658&frm=20
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310040101/pubads_impl.js?cb=31078611
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5dbcfbc598046cee783703eb9b67f41f07be6cee80a654773e704f2d48314821
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://investmenttotal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sun, 08 Oct 2023 03:37:14 GMT
content-encoding
br
x-content-type-options
nosniff
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14322
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://investmenttotal.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
ac9b9e57320bb186688ecf991b4b2756.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 800A 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ac9b9e57320bb186688ecf991b4b2756.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310040101/pubads_impl.js?cb=31078611
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://investmenttotal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 08 Oct 2023 03:37:14 GMT
expires
Mon, 07 Oct 2024 03:37:14 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ 		16 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202310040101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310040101/pubads_impl.js?cb=31078611
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18f295f5f18c790518c9ab5e7236022cab91052c1cd7d26c9f08d0358162f8d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://investmenttotal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sun, 08 Oct 2023 03:37:14 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12053
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310040101/pubads_impl.js?cb=31078611
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://investmenttotal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sun, 08 Oct 2023 03:37:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sun, 08 Oct 2023 03:37:14 GMT
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012309181453000/ Frame C88C 		223 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012309181453000/amp4ads-v0.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310040101/pubads_impl.js?cb=31078611
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fd48a69933bfa6d5e51393b093d776d09a1e7bfb4b7c1e6d4aa00d75f0b3d2d1
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://investmenttotal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 03 Oct 2023 09:05:22 GMT
age
412312
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
62203
x-xss-protection
0
server
sffe
etag
"59b685ca39a652ba"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 02 Oct 2024 09:05:22 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012309181453000/v0/ Frame C88C 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012309181453000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310040101/pubads_impl.js?cb=31078611
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f335a91239c4af1c0491727be910330d3231f01b7498352ddea85ebc5480007a
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://investmenttotal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 05 Oct 2023 12:44:02 GMT
age
226392
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5217
x-xss-protection
0
server
sffe
etag
"38a16d64b8e81628"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 04 Oct 2024 12:44:02 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012309181453000/v0/ Frame C88C 		94 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012309181453000/v0/amp-analytics-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310040101/pubads_impl.js?cb=31078611
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3d23cbcfd35d90cfb139e6f05b6a7fbc22891e2936b6a706ef8147300d66aa08
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://investmenttotal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 05 Oct 2023 10:07:53 GMT
age
235761
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29033
x-xss-protection
0
server
sffe
etag
"ac3d68f1a1bd2015"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 04 Oct 2024 10:07:53 GMT
amp-animation-0.1.mjs
cdn.ampproject.org/rtv/012309181453000/v0/ Frame C88C 		72 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012309181453000/v0/amp-animation-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310040101/pubads_impl.js?cb=31078611
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f868cbd9df854b57d6bec145062030a53542f58b259e7c43790db3bc0aa8e071
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://investmenttotal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 05 Oct 2023 05:48:46 GMT
age
251308
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16652
x-xss-protection
0
server
sffe
etag
"82d94758bb25d178"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 04 Oct 2024 05:48:46 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012309181453000/v0/ Frame C88C 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012309181453000/v0/amp-fit-text-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310040101/pubads_impl.js?cb=31078611
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
309773fa6c23f46befd5880e169b6bc47fe53c4fd326ec1c84d7d53cde803bc9
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://investmenttotal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 05 Oct 2023 15:20:34 GMT
age
217000
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1919
x-xss-protection
0
server
sffe
etag
"93680ba5e670b6a8"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 04 Oct 2024 15:20:34 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012309181453000/v0/ Frame C88C 		40 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012309181453000/v0/amp-form-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310040101/pubads_impl.js?cb=31078611
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f90a0bfda110d40a81d391edeccd1143806c608fd7c64786142c222709d55499
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://investmenttotal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 05 Oct 2023 07:07:22 GMT
age
246592
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12946
x-xss-protection
0
server
sffe
etag
"6bacf375b2677883"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Fri, 04 Oct 2024 07:07:22 GMT
truncated
/ Frame C88C 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0d0508d88192e6bbb5d91699173f463b4f6d31b4c4c44ac8b812a1d760888f17

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type
image/png
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame C88C 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: investmenttotal.com
URL: https://investmenttotal.com/iframe/336by280/?utm_source=facebook&utm_medium=social&utm_campaign=remarketing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://investmenttotal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sat, 07 Oct 2023 21:19:17 GMT
x-content-type-options
nosniff
server
cafe
age
22677
etag
14819457070020093239
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2502
x-xss-protection
0
expires
Sun, 08 Oct 2023 21:19:17 GMT
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame C88C 		295 B
371 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: investmenttotal.com
URL: https://investmenttotal.com/iframe/336by280/?utm_source=facebook&utm_medium=social&utm_campaign=remarketing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://investmenttotal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sat, 07 Oct 2023 21:19:17 GMT
x-content-type-options
nosniff
server
cafe
age
22677
etag
426692510519060060
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/png
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
295
x-xss-protection
0
expires
Sun, 08 Oct 2023 21:19:17 GMT
6dd44ce1e3432e945bf3ac1305444444.png
tpc.googlesyndication.com/sadbundle/4400906419685103384/media/ Frame C88C 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/4400906419685103384/media/6dd44ce1e3432e945bf3ac1305444444.png
Requested by
Host: investmenttotal.com
URL: https://investmenttotal.com/iframe/336by280/?utm_source=facebook&utm_medium=social&utm_campaign=remarketing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
26e7e406ab4f01bf136bfe4cfb0ac7f10c21ccfa18f5d2d059ffafadba8ea823
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://investmenttotal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Thu, 05 Oct 2023 21:10:55 GMT
x-content-type-options
nosniff
age
195979
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2393
x-xss-protection
0
last-modified
Fri, 22 Sep 2023 13:21:39 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 04 Oct 2024 21:10:55 GMT
bec1c24d1cc97866002982e08826f81b.svg
tpc.googlesyndication.com/sadbundle/4400906419685103384/media/ Frame C88C 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/4400906419685103384/media/bec1c24d1cc97866002982e08826f81b.svg
Requested by
Host: investmenttotal.com
URL: https://investmenttotal.com/iframe/336by280/?utm_source=facebook&utm_medium=social&utm_campaign=remarketing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
effc34c1e39466e79101851b35f99d102271278607a8cad4c86f7feb4b44fc1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://investmenttotal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Thu, 05 Oct 2023 21:10:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
195979
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2055
x-xss-protection
0
last-modified
Fri, 22 Sep 2023 13:21:39 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 04 Oct 2024 21:10:55 GMT
2264eb005a7fed9a8a06919472395d16.png
tpc.googlesyndication.com/sadbundle/4400906419685103384/media/ Frame C88C 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/4400906419685103384/media/2264eb005a7fed9a8a06919472395d16.png
Requested by
Host: investmenttotal.com
URL: https://investmenttotal.com/iframe/336by280/?utm_source=facebook&utm_medium=social&utm_campaign=remarketing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3ffa536fcb9b0a966928fdf47acf3a573f3603e472b04ff096f1cee6db3be4d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://investmenttotal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Thu, 05 Oct 2023 21:15:35 GMT
x-content-type-options
nosniff
age
195699
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7497
x-xss-protection
0
last-modified
Fri, 22 Sep 2023 13:21:39 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 04 Oct 2024 21:15:35 GMT
b5e34479a35b76c177428ace034f60f9.png
tpc.googlesyndication.com/sadbundle/4400906419685103384/media/ Frame C88C 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/4400906419685103384/media/b5e34479a35b76c177428ace034f60f9.png
Requested by
Host: investmenttotal.com
URL: https://investmenttotal.com/iframe/336by280/?utm_source=facebook&utm_medium=social&utm_campaign=remarketing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cf564bb078608a5c3c3e0880629ac062d819fe567683ed909e196201c50da12f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://investmenttotal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Thu, 05 Oct 2023 21:10:55 GMT
x-content-type-options
nosniff
age
195979
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3029
x-xss-protection
0
last-modified
Fri, 22 Sep 2023 13:21:39 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 04 Oct 2024 21:10:55 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 3483 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://investmenttotal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
21202
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 07 Oct 2023 21:43:52 GMT
expires
Sun, 06 Oct 2024 21:43:52 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 25E2 		829 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
a6d6e89c5adb3594d8d3a47f281533186a9c71aa2085a92ea186f5c16cb21280
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-7cVeWioIZXLb3uu7hz5rqA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://investmenttotal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-7cVeWioIZXLb3uu7hz5rqA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sun, 08 Oct 2023 03:37:14 GMT
expires
Sun, 08 Oct 2023 03:37:14 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
YeTNF82ErcXtSc42GSWrie2SEIEL8DxR64dbf1nZkSc.js
pagead2.googlesyndication.com/bg/ Frame 3483 		37 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/YeTNF82ErcXtSc42GSWrie2SEIEL8DxR64dbf1nZkSc.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61e4cd17cd84adc5ed49ce361925ab89ed9210810bf03c51eb875b7f59d99127
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sat, 07 Oct 2023 19:05:51 GMT
content-encoding
br
x-content-type-options
nosniff
age
30683
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14663
x-xss-protection
0
last-modified
Mon, 02 Oct 2023 14:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 06 Oct 2024 19:05:51 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 25E2 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202310040101&jk=1062212611251995&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers
adview
securepubads.g.doubleclick.net/pagead/ Frame C88C 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=COrPR6iMiZZmFHb-TjuwP7dS46Aj9vqOuc6jti56fEo6UwOJ4EAEgyaCMI2CVgrOCwAegAaSKu5kqyAEJqQLOG7AQ3cKxPuACAKgDAcgDCKoEuQJP0EdDpBR9jI5DPqw6tKbJ05GWyd1wJbAcl57XpNYSc37z0S4c2CNg0rsuYO6coSymU5jaUJsoihyPECfLS7O6E1fXzPXOBsKrXPyqOenM7HS0gpEtxnx2n8U5tRXZi7Hn-KcOzd5BpHMr9UR_n7amKlvXF4z6MLFgIrVNX1kgge4ZvdvuZLftxMFDqJP4qwa2QbhhDdQ0QevL1U4Ys-Zxd65CwYfwYrKCffrGYjpm6eqQ-LnA-k-0d9ihbb044J9NSRVcJFDh2ESkc5-h6JKnlc_OlFAQ3xIAsnO2UQMtW-9l5sAtIqXYialP4NOmqryUIEskngVmhP69orR8s-dBu41fYCAHcy91bXOJFo5rl9nndKb2lSpbQkqQeFmuf-L3SvSwmrLF_pbnVX-ZXUgn7UVlZSwa6-WiwASqwrOBwQTgBAGIBdjCztRMoAYugAekwov5BKgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEJeQGdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqaCZUBaHR0cHM6Ly93d3cubW92dS1yb2JvdGljcy5jb20vZGU_dXRtX3NvdXJjZT1nb29nbGUtZGlzcGxheSZ1dG1fbWVkaXVtPWRpc3BsYXkmdXRtX2NhbXBhaWduPTIwMjMtMDktMjJfREVfRGlzcGxheV9Bd2FyZW5lc3MmdXRtX2NvbnRlbnQ9ZGlzcGxheS1iYW5uZXKACgHICwHiDRMIqrShhMPlgQMVv4mDBx1tKg6N2BMDiBQB0BUBgBcBshcfCh0IABIUcHViLTU5OTc1Mjc4OTgyOTM2OTYY97GXAQ&sigh=eiwkrLZ02Ys&uach_m=[]&ase=2&nis=5&cid=CAQSTADICaaNhe7eNd7_t-eNjh-Wg1MSfMVNJ4bunk24YycJFxZSEBUFQrriOl3T53lzbMRj2yHog8-mZk81lAUJoXvv-h6tE7O4tDAJyN4YAQ&template_id=419&cbvp=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://investmenttotal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers
generate_204
tpc.googlesyndication.com/ Frame 3483 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?q0Ukrg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sun, 08 Oct 2023 03:37:15 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202310040101&jk=1062212611251995&bg=!YGOlYyzNAAbjlzx0w5c7ADQBe5WfOAgxiYVweYEIIilrwZVoiiENpQEusKYlzKOTVS4MevufSxxHxNB_EC5fpkpZLhqbAgAAAHhSAAAACGgBB5kCwpW1NtB-m1BKjuY8lL6LgAcNH62Jh3Nai7fG9behCcROEC9VvKwEs9sqHEtd1-IuQLhEj7HNPgTqyby7XxIiXRdo4yVEu9BMiIcZ6NZOuvcQi8_L5hcy8vlfuBagaKvc92klXvmpUkrui8SFEOsUi3r7g3QLaBxwAGfuEeHUQmqarLQ5mTrCW-K9eGd_-J45lA9lFUFrGHUEzxP5RaFTCjBD59VjhiClZGLgWb3es3A9HsjGIOrwVd-Gd-NXO-EtdQHwm_UoqekDqDySG4AetzJXsn91NymLXJ0COan3Q2icgiN36XhKoKhWSpVkxBg2Tq6Gx-xdHc5OE-W074etwEp0bZmTpjTt89m5wgnqsWxfhD3htkDuHky9YREkNkEVOebot6DmfXdyP9RSojK9JiCCOYFntSseNb3RU9A89fHMAeRUtBI7WkdKVvirHxrdE1mIjQr5ds8M_mNQfcVlBXF_UE7cZWXb1SZQfoonYD4YCuzAhxU4N1cr7bM0sSznq_yxU2W63t4QMZ2_KMGfaOTpTG7gRakS0ciYeqMdr319wBtTgiXjh1YTALoMZStg6YdbhtGa3q7X8jgNbbqBQeEteg727Iuo1XLBWPHm2Pmd90C4m_rmKqbLHejRC898EjHvPV8ruDAD2ORLuzt78A7gb6CvdFbPzKrGoUz94ywzUB5jCyTQ3fUsYCLOatlm2DsqxBsuHIeUmOhyk6ZboBx1iS1226B7waEQvqDyt7IMWCVUG_9fiY9Wbenzzs9o_XCf27BNH8nuCCTywBZlL7v16TRVi6rA-qHnqscYdXpoaUwoDkSqVv1KsmEFYXoWeIhuJw9Z199R57xs5Go1UTwbEpFZSf9_Ysl3vAP6_x1bO6e4kalfqf6kvigAQgrfReAN4aa4qUcVmg2aMN6B3cGlOubye8JW1MggTs1w66skxBQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://investmenttotal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers
activeview
pagead2.googlesyndication.com/pcs/ Frame C88C 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvkVrIQ_tC9-FpY9itgya7vROLyJxpDhhagN2xZC0gCXBzqrWhdx2k2-CkhqMQvg6LhFIbuDqWnUaVGsOlQo_qYZQtYBLTB2clSCAphXfYWzi5d7jRCIKZ8IGB0kyIPpQfmE2nj6RjTK14wmnpwCxotb-_82y33qX-J2vZT7OTCxWVIIdf8jsetu4y6UyIH1cxDtt8Ulm9OL1kUyGrOz8eIuAR-fZsRnD2em4DGSR6HuK6lXtpmMp4JEEmRCPxf0FdwgFq2hlduZGOeHMFUVG493_MJlEfdGzMpgGBDsO_LENer7v88mFd_Ug5_jK4OfHGcoMWHCiZ7ODX6M9dNkSYAMpo4i6WrRp_Es4SApnbIi18CdojXUaFQLqp4xE1pjuo3WwpjFEhrPsFDlvw-SlHZledM6Vqdq03TYXcy_zXeCTBcJIhAlL9SaqaGaoksXqyrTz4L5TQkreMefRX9t5WfclpU8LZJUXuFIetOm62B3AZkMxswt4kMl_ZrWnHnIBlKslCZMx2vgm037vE5Plshij02NbQ6prYat0VofDVsn3JmHBDDbyFvBDWL1JOc_XHM-UwJSevNtjK_rihYy_3lVXSyl12Y9rZ8m8ZQy_XfiBI3b6G82kmEmsh4nMMvOy6y1kqS6FdYo7T92JCw6Gx4yeMmEhC-1TIuPjQsO_g8N2K1_aVkTkhgxfvCaOX6ysyWxzMgQDQvwUugDlbvJAEJy78Qu8eBe304Iu3vHtewIaIiptCU-_0u0sma0EN_4uNYDckR5TD9FZAEoWEJm8dPsKDRwP428uhhyJLuIlM6g3sHFXbIXsY1TwidSPTtxTTwaRSUE6kLmt3wWN1geQ3L5E0IsVBvLDk0iHMWImxhw_QQvrCoGlSUYlymF5br5rdo2ovsW4ueODoYP3O3OhXKUKRGudniTkd6jfVvikviHKUtnU5JiCuEexuI_e5IDPjUj1S8J3AgpxY6Y_VHEVSpwjTSTySEPng-8JLBXE3x8dTSDWiyrAVK_VqVfRhsLdt0LauvJPzfYPcg1XiVhKkzi31Bbph3dQYBPAmlDRa96i8CwNeb1GSqjqWf8etYlIY-IVMx4f73oEMBL1_CHfj8Lt4CTJ563nFz8sf1F9sY8aciJedsJ5TuZm5YcB-wuKyZWwTHjFpaua9uYJ8luoVvi2UM06PXq01x4vxPswsuc-kYs7r8Y_l3sOP0vNbPuaxAZiiv4FXE4EMd_vPTYiS1xWe4zNSz1KKyygGhcikxFQvf2BvRq3VvOhPeHWsHyEMIdhEZqY5sbyBfVEiPc4ytCGERnJbDPMOa0B0oZGS_htw5456pwzqjJ7BFde29BX-CbZ0kM-sQFgQjqF-N4kzuFJB0BWMG2PqVMCXBv8csJMKeOe6ijbH_5ulnY9F6Tg5221rqXIiOR7sdROmSNqZaXglNEL-znU36E9zuMGoOiCFRgSQqXJTuOXbMPDCD1MjzUm6Q9Wn96zEeg2l2bnY3f3woF_MkvjYw8SDlvZgL&sai=AMfl-YTjl6t8pNghQfcsUSbpi4lz-79TOMvpPB6HA9-xpTueE-OEl5jYJZkuOUUA6aEQ20jfCmr0XtndJOBKRGGYhzZsRBLqU75vRi4wkirtLXAKY9VH9NKtatSbb5F3fvojxbEGpanJxyKJZ2jFMZs54DjuVVt3PZelRig&sig=Cg0ArKJSzLzADhrejQWiEAE&cid=CAQSTADICaaNhe7eNd7_t-eNjh-Wg1MSfMVNJ4bunk24YycJFxZSEBUFQrriOl3T53lzbMRj2yHog8-mZk81lAUJoXvv-h6tE7O4tDAJyN4YAQ&id=ampim&o=632,0&d=336,280&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=274&tls=1274&g=100&h=100&tt=1274&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://investmenttotal.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 08 Oct 2023 03:37:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| googletag object| ggeac object| google_tag_data object| google_js_reporting_queue undefined| google_measure_js_timing number| google_unique_id object| gaGlobal object| GoogleGcLKhOms object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager object| google_image_requests

3 Cookies

Domain/Path Name / Value
.investmenttotal.com/ Name: __gads
Value: ID=c3f0fd948d5d2aa0:T=1696736234:RT=1696736234:S=ALNI_MYA7FdmDIBugRW-XnNj5kzCz6x8hA
.investmenttotal.com/ Name: __gpi
Value: UID=00000c919b56753b:T=1696736234:RT=1696736234:S=ALNI_MbQqFr0nWjFOHhSkWI7XaMfLDN2xg
.doubleclick.net/ Name: IDE
Value: AHWqTUkvPr9ptHQOporWrzDfGJP8cb2UC9RLIeBd9_vvy0rRWEOAyh9rNyzuxv79Hu4

1 Console Messages

Source Level URL
Text
rendering error
Message:
Failed to set referrer policy: The value '' is not one of 'no-referrer', 'no-referrer-when-downgrade', 'origin', 'origin-when-cross-origin', 'same-origin', 'strict-origin', 'strict-origin-when-cross-origin', or 'unsafe-url'. The referrer policy has been left unchanged.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ac9b9e57320bb186688ecf991b4b2756.safeframe.googlesyndication.com
cdn.ampproject.org
investmenttotal.com
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
www.google.com
192.232.219.83
2a00:1450:4001:808::2002
2a00:1450:4001:80e::2001
2a00:1450:4001:810::2001
2a00:1450:4001:828::2004
2a00:1450:4001:82b::2001
2a00:1450:4001:831::2002
0d0508d88192e6bbb5d91699173f463b4f6d31b4c4c44ac8b812a1d760888f17
18f295f5f18c790518c9ab5e7236022cab91052c1cd7d26c9f08d0358162f8d4
26e7e406ab4f01bf136bfe4cfb0ac7f10c21ccfa18f5d2d059ffafadba8ea823
309773fa6c23f46befd5880e169b6bc47fe53c4fd326ec1c84d7d53cde803bc9
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3d23cbcfd35d90cfb139e6f05b6a7fbc22891e2936b6a706ef8147300d66aa08
3ffa536fcb9b0a966928fdf47acf3a573f3603e472b04ff096f1cee6db3be4d8
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5dbcfbc598046cee783703eb9b67f41f07be6cee80a654773e704f2d48314821
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61e4cd17cd84adc5ed49ce361925ab89ed9210810bf03c51eb875b7f59d99127
7def0d3fbcf3c57a7f7da8cda7ae863956a6f6cba002095a41e23c6fba84c74e
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
9b5cc8134dc534008712ee1c01cb2f927100e63482c7313e193499fdfbd79b92
9ebcd7bdb5554e57888241a02b80e12230b08db50cffa39d16002b3726a55806
a6d6e89c5adb3594d8d3a47f281533186a9c71aa2085a92ea186f5c16cb21280
cf564bb078608a5c3c3e0880629ac062d819fe567683ed909e196201c50da12f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
effc34c1e39466e79101851b35f99d102271278607a8cad4c86f7feb4b44fc1e
f335a91239c4af1c0491727be910330d3231f01b7498352ddea85ebc5480007a
f868cbd9df854b57d6bec145062030a53542f58b259e7c43790db3bc0aa8e071
f90a0bfda110d40a81d391edeccd1143806c608fd7c64786142c222709d55499
fd48a69933bfa6d5e51393b093d776d09a1e7bfb4b7c1e6d4aa00d75f0b3d2d1