www.elfinancierocr.com Open in urlscan Pro
2a02:26f0:6c00::210:ba19 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://links.elfinancierocr.com/u/nrd.php?p=YigU0v6Dg3_36810_4523827_1_5&ems_l=5597227&d=RWRpY2klQzMlQjNuK1Zlc3BlcnRpbmE...
Effective URL:
https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_sou...
Submission: On December 10 via api (December 10th 2021, 12:59:11 pm UTC) from US — Scanned from DE

Summary HTTP 406 Redirects Links 22 Behaviour Indicators

Summary

This website contacted 76 IPs in 8 countries across 52 domains to perform 406 HTTP transactions. The main IP is 2a02:26f0:6c00::210:ba19, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is www.elfinancierocr.com.
TLS certificate: Issued by R3 on November 11th 2021. Valid for: 3 months.

This is the only time www.elfinancierocr.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	217.175.192.17 217.175.192.17	1764 (NEXTLAYER-AS) (NEXTLAYER-AS)
1 12	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba19	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a04:4e42:a00... 2a04:4e42:a00::282	54113 (FASTLY) (FASTLY)
3	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
11	2600:9000:20e... 2600:9000:20eb:c400:8:2ae1:d740:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2001:4860:480... 2001:4860:4802:34::15	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:6c0... 2a02:26f0:6c00:2b9::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2606:4700::68... 2606:4700::6812:e234	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6811:b7b1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
4	52.7.239.78 52.7.239.78	14618 (AMAZON-AES) (AMAZON-AES)
5	2a02:26f0:6c0... 2a02:26f0:6c00:2a7::268b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
3	2600:1f18:44f... 2600:1f18:44f0:4832:5e20:6d31:3296:b71b	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6810:f015	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:fb:... 2a02:26f0:fb:187::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	147.75.85.120 147.75.85.120	54825 (PACKET) (PACKET)
1	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
1	178.63.12.147 178.63.12.147	24940 (HETZNER-AS) (HETZNER-AS)
8	2a00:1450:400... 2a00:1450:4001:801::200e	15169 (GOOGLE) (GOOGLE)
9	2606:4700::68... 2606:4700::6811:bab1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
2	2600:9000:223... 2600:9000:223c:7a00:18:1fcd:34f:cdc1	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	3.129.250.65 3.129.250.65	16509 (AMAZON-02) (AMAZON-02)
2	178.63.12.208 178.63.12.208	24940 (HETZNER-AS) (HETZNER-AS)
1	52.20.40.56 52.20.40.56	14618 (AMAZON-AES) (AMAZON-AES)
2	2a00:1450:400... 2a00:1450:400c:c0a::9b	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
7	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
6	151.139.128.11 151.139.128.11	20446 (HIGHWINDS3) (HIGHWINDS3)
1 1	66.155.71.149 66.155.71.149	13768 (COGECO-PEER1) (COGECO-PEER1)
3	3.122.218.60 3.122.218.60	16509 (AMAZON-02) (AMAZON-02)
3 3	18.193.230.138 18.193.230.138	16509 (AMAZON-02) (AMAZON-02)
1 1	2a05:d018:d29... 2a05:d018:d29:3601:ed2c:619f:ea25:d0b6	16509 (AMAZON-02) (AMAZON-02)
1	99.83.189.147 99.83.189.147	16509 (AMAZON-02) (AMAZON-02)
9	2.21.142.210 2.21.142.210	16625 (AKAMAI-AS) (AKAMAI-AS)
24	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
2	35.227.246.163 35.227.246.163	15169 (GOOGLE) (GOOGLE)
1	52.7.16.67 52.7.16.67	14618 (AMAZON-AES) (AMAZON-AES)
4	146.20.128.68 146.20.128.68	27357 (RACKSPACE) (RACKSPACE)
42	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
1 2	52.50.67.198 52.50.67.198	16509 (AMAZON-02) (AMAZON-02)
67	2a00:1450:400... 2a00:1450:4001:811::2006	15169 (GOOGLE) (GOOGLE)
19 24	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
10 20	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
16 21	185.33.223.38 185.33.223.38	29990 (ASN-APPNEX) (ASN-APPNEX)
9	146.20.128.192 146.20.128.192	27357 (RACKSPACE) (RACKSPACE)
10	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
3	151.101.194.133 151.101.194.133	54113 (FASTLY) (FASTLY)
1	35.227.201.248 35.227.201.248	15169 (GOOGLE) (GOOGLE)
1	142.250.186.166 142.250.186.166	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba1a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	52.30.186.249 52.30.186.249	16509 (AMAZON-02) (AMAZON-02)
3	2600:9000:224... 2600:9000:224a:a200:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
7	52.27.219.1 52.27.219.1	() ()
2	37.157.6.253 37.157.6.253	198622 (ADFORM) (ADFORM)
2	2600:1f18:612... 2600:1f18:612b:4216:9401:1738:df44:473b	() ()
1	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
3	3.66.59.71 3.66.59.71	() ()
9	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:9000:236... 2600:9000:236e:8600:15:6f6c:b180:93a1	() ()
1	198.47.127.19 198.47.127.19	() ()
3 4	37.157.2.235 37.157.2.235	() ()
2 2	213.155.156.181 213.155.156.181	() ()
4	185.64.190.80 185.64.190.80	() ()
1	178.250.0.163 178.250.0.163	() ()
1 1	85.114.159.118 85.114.159.118	() ()
4	185.64.189.110 185.64.189.110	() ()
2 2	185.29.132.241 185.29.132.241	() ()
1	198.47.127.20 198.47.127.20	() ()
3 3	141.94.170.77 141.94.170.77	() ()
2 2	52.208.103.128 52.208.103.128	() ()
3 3	52.223.40.198 52.223.40.198	() ()
1 2	2606:4700:10:... 2606:4700:10::6816:1857	() ()
1	169.50.137.184 169.50.137.184	() ()
406	76

1 217.175.192.17 (Austria)

ASN1764 (NEXTLAYER-AS, AT)

links.elfinancierocr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a02:26f0:6c00::210:ba19 (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)

www.elfinancierocr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:a00::282 (United States)

ASN54113 (FASTLY, US)

polyfill.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2600:9000:20eb:c400:8:2ae1:d740:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.viafoura.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::15 (United States)

ASN15169 (GOOGLE, US)

gtm.nacion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:2b9::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

s.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:e234 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:b7b1 (United States)

ASN13335 (CLOUDFLARENET, US)

api.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
buy.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.7.239.78 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-7-239-78.compute-1.amazonaws.com

targeting.arc-perso.aws.arc.pub	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hybrid-gruponacion.arc-perso.aws.arc.pub	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:26f0:6c00:2a7::268b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

scdn.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1f18:44f0:4832:5e20:6d31:3296:b71b (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

api.viafoura.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:f015 (United States)

ASN13335 (CLOUDFLARENET, US)

c2.piano.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:fb:187::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.85.120 (Schiphol, Netherlands)

ASN54825 (PACKET, US)

api.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.63.12.147 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: de715.cxense.com

p1cluster.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:801::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

news.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6811:bab1 (United States)

ASN13335 (CLOUDFLARENET, US)

buy.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223c:7a00:18:1fcd:34f:cdc1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.129.250.65 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-129-250-65.us-east-2.compute.amazonaws.com

ads.vidoomy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.63.12.208 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: de716.cxense.com

comcluster.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
id.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.20.40.56 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-20-40-56.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0a::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

play.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.139.128.11 (United States)

ASN20446 (HIGHWINDS3, US)

ad.lkqd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.155.71.149 (Portsmouth, United Kingdom) 1 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.122.218.60 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-218-60.eu-central-1.compute.amazonaws.com

a.vidoomy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.193.230.138 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-193-230-138.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3601:ed2c:619f:ea25:d0b6 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.83.189.147 (United States)

ASN16509 (AMAZON-02, US)
PTR: ae6a0aaac8071ff4b.awsglobalaccelerator.com

stg.vidoomy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2.21.142.210 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-21-142-210.deploy.static.akamaitechnologies.com

ads.stickyadstv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.246.163 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 163.246.227.35.bc.googleusercontent.com

rdc.m32.media	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.7.16.67 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-7-16-67.compute-1.amazonaws.com

i.viafoura.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 146.20.128.68 (United States)

ASN27357 (RACKSPACE, US)

v.lkqd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.50.67.198 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-67-198.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

67 2a00:1450:4001:811::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 142.250.185.66 (United States) 19 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2.18.234.21 (Frankfurt am Main, Germany) 10 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 185.33.223.38 (Amsterdam, Netherlands) 16 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 146.20.128.192 (United States)

ASN27357 (RACKSPACE, US)

t.lkqd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.194.133 (United States)

ASN54113 (FASTLY, US)

cdn.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
consumer.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.201.248 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 248.201.227.35.bc.googleusercontent.com

geoloc.m32.media	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.166 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00::210:ba1a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

code.createjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.30.186.249 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-186-249.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:224a:a200:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 52.27.219.1 (None, )

ASN- ()

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.6.253 (Denmark)

ASN198622 (ADFORM, DK)
PTR: s1.adform.net

adx.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:612b:4216:9401:1738:df44:473b (None, )

ASN- ()

4cywq-eqnre.ads.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

vidoomy-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.66.59.71 (None, )

ASN- ()

ads.adaptv.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

vpaid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:236e:8600:15:6f6c:b180:93a1 (None, )

ASN- ()

vpaid.springserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.47.127.19 (None, )

ASN- ()

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.2.235 (None, ) 3 redirects

ASN- ()

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.181 (None, ) 2 redirects

ASN- ()

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.190.80 (None, )

ASN- ()

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.163 (None, )

ASN- ()

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.118 (None, ) 1 redirects

ASN- ()

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.189.110 (None, )

ASN- ()

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.29.132.241 (None, ) 2 redirects

ASN- ()

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.47.127.20 (None, )

ASN- ()

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 141.94.170.77 (None, ) 3 redirects

ASN- ()

pixel.onaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.208.103.128 (None, ) 2 redirects

ASN- ()

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.223.40.198 (None, ) 3 redirects

ASN- ()

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:1857 (None, ) 1 redirects

ASN- ()

spl.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mwzeom.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.50.137.184 (None, )

ASN- ()

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
67	2mdn.net s0.2mdn.net	1 MB
62	googlesyndication.com 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	422 KB
53	doubleclick.net 19 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net googleads4.g.doubleclick.net ad.doubleclick.net	343 KB
24	google.com adservice.google.com news.google.com analytics.google.com www.google.com play.google.com	68 KB
21	adnxs.com 16 redirects ib.adnxs.com	20 KB
20	casalemedia.com 10 redirects dsum-sec.casalemedia.com	19 KB
19	pubmatic.com vpaid.pubmatic.com ads.pubmatic.com image6.pubmatic.com image2.pubmatic.com simage2.pubmatic.com image4.pubmatic.com vid.pubmatic.com Failed	89 KB
19	lkqd.net ad.lkqd.net v.lkqd.net cs.lkqd.net Failed t.lkqd.net	150 KB
14	gstatic.com fonts.gstatic.com www.gstatic.com	284 KB
13	elfinancierocr.com 1 redirects links.elfinancierocr.com www.elfinancierocr.com	559 KB
12	adsafeprotected.com 1 redirects pixel.adsafeprotected.com static.adsafeprotected.com dt.adsafeprotected.com	97 KB
12	tinypass.com api.tinypass.com cdn.tinypass.com buy.tinypass.com	359 KB
11	viafoura.net cdn.viafoura.net	235 KB
9	stickyadstv.com ads.stickyadstv.com	11 KB
9	cxense.com scdn.cxense.com api.cxense.com cdn.cxense.com p1cluster.cxense.com comcluster.cxense.com id.cxense.com	93 KB
8	googletagservices.com www.googletagservices.com	241 KB
6	adform.net 3 redirects adx.adform.net c1.adform.net	3 KB
5	krxd.net cdn.krxd.net beacon.krxd.net consumer.krxd.net	88 KB
5	vidoomy.com ads.vidoomy.com a.vidoomy.com stg.vidoomy.com	7 KB
4	google-analytics.com www.google-analytics.com	20 KB
4	viafoura.co api.viafoura.co i.viafoura.co	4 KB
4	arc.pub targeting.arc-perso.aws.arc.pub hybrid-gruponacion.arc-perso.aws.arc.pub	556 B
3	adsrvr.org 3 redirects match.adsrvr.org	1 KB
3	onaudience.com 3 redirects pixel.onaudience.com	1 KB
3	advertising.com ads.adaptv.advertising.com	1 KB
3	m32.media rdc.m32.media geoloc.m32.media	18 KB
3	bidswitch.net 3 redirects x.bidswitch.net	2 KB
3	google.de adservice.google.de www.google.de	1 KB
3	onesignal.com cdn.onesignal.com onesignal.com	73 KB
3	googleapis.com fonts.googleapis.com	3 KB
2	zeotap.com 1 redirects spl.zeotap.com mwzeom.zeotap.com	927 B
2	crwdcntrl.net 2 redirects sync.crwdcntrl.net	1 KB
2	mathtag.com 2 redirects sync.mathtag.com	1 KB
2	de17a.com 2 redirects d5p.de17a.com	634 B
2	tremorhub.com 4cywq-eqnre.ads.tremorhub.com	941 B
2	facebook.com www.facebook.com	425 B
2	facebook.net connect.facebook.net	113 KB
2	chartbeat.com static.chartbeat.com mab.chartbeat.com Failed	24 KB
2	go-mpulse.net s.go-mpulse.net c.go-mpulse.net	52 KB
1	simpli.fi um.simpli.fi	616 B
1	adition.com 1 redirects dsp.adfarm1.adition.com	501 B
1	criteo.com dis.criteo.com	334 B
1	springserve.com vpaid.springserve.com	87 KB
1	openx.net vidoomy-d.openx.net	351 B
1	createjs.com code.createjs.com	63 KB
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com	866 B
1	sitescout.com 1 redirects pixel-sync.sitescout.com	263 B
1	chartbeat.net ping.chartbeat.net	201 B
1	googletagmanager.com www.googletagmanager.com	61 KB
1	piano.io c2.piano.io	4 KB
1	nacion.com gtm.nacion.com	59 KB
1	polyfill.io polyfill.io	587 B
406	52

	Domain	Requested by
67	s0.2mdn.net	links.elfinancierocr.com s0.2mdn.net 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com www.elfinancierocr.com
32	pagead2.googlesyndication.com	1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com ad.doubleclick.net s0.2mdn.net www.googletagservices.com www.elfinancierocr.com
24	cm.g.doubleclick.net	19 redirects googleads.g.doubleclick.net
24	tpc.googlesyndication.com	securepubads.g.doubleclick.net 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net
21	ib.adnxs.com	16 redirects googleads.g.doubleclick.net vpaid.springserve.com
20	dsum-sec.casalemedia.com	10 redirects googleads.g.doubleclick.net
12	www.elfinancierocr.com	1 redirects www.elfinancierocr.com
11	cdn.viafoura.net	www.elfinancierocr.com cdn.viafoura.net
10	googleads4.g.doubleclick.net	links.elfinancierocr.com
10	googleads.g.doubleclick.net	1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com links.elfinancierocr.com
10	buy.tinypass.com	cdn.tinypass.com buy.tinypass.com
10	fonts.gstatic.com	fonts.googleapis.com news.google.com
9	t.lkqd.net	ad.lkqd.net
9	ads.stickyadstv.com	www.elfinancierocr.com ad.lkqd.net
8	www.googletagservices.com	securepubads.g.doubleclick.net 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com www.googletagservices.com
8	news.google.com	cdn.tinypass.com news.google.com links.elfinancierocr.com www.gstatic.com
7	dt.adsafeprotected.com	1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com www.elfinancierocr.com
7	play.google.com	www.gstatic.com
7	www.google.com	www.elfinancierocr.com securepubads.g.doubleclick.net 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
6	vpaid.pubmatic.com	ad.lkqd.net vpaid.springserve.com blank
6	ad.lkqd.net	links.elfinancierocr.com ad.lkqd.net
6	1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
6	securepubads.g.doubleclick.net	www.elfinancierocr.com securepubads.g.doubleclick.net links.elfinancierocr.com www.googletagservices.com
4	simage2.pubmatic.com	ads.pubmatic.com
4	image2.pubmatic.com	ads.pubmatic.com
4	c1.adform.net	3 redirects ads.pubmatic.com
4	v.lkqd.net	ad.lkqd.net
4	www.gstatic.com	news.google.com www.gstatic.com
4	www.google-analytics.com	gtm.nacion.com www.elfinancierocr.com
4	cdn.cxense.com	scdn.cxense.com cdn.cxense.com links.elfinancierocr.com
3	match.adsrvr.org	3 redirects
3	pixel.onaudience.com	3 redirects
3	ads.pubmatic.com	vpaid.pubmatic.com ads.pubmatic.com
3	ads.adaptv.advertising.com	ad.lkqd.net vpaid.springserve.com
3	static.adsafeprotected.com	pixel.adsafeprotected.com 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
3	x.bidswitch.net	3 redirects
3	a.vidoomy.com	links.elfinancierocr.com www.elfinancierocr.com ad.lkqd.net
3	api.viafoura.co	cdn.viafoura.net
3	fonts.googleapis.com	www.elfinancierocr.com buy.tinypass.com client
2	sync.crwdcntrl.net	2 redirects
2	sync.mathtag.com	2 redirects
2	d5p.de17a.com	2 redirects
2	4cywq-eqnre.ads.tremorhub.com	ad.lkqd.net
2	adx.adform.net	ad.lkqd.net
2	beacon.krxd.net	1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com cdn.krxd.net
2	cdn.krxd.net	s0.2mdn.net cdn.krxd.net
2	pixel.adsafeprotected.com	1 redirects 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
2	rdc.m32.media	cdn.viafoura.net rdc.m32.media
2	www.facebook.com	www.elfinancierocr.com
2	www.google.de	www.elfinancierocr.com
2	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
2	connect.facebook.net	links.elfinancierocr.com connect.facebook.net
2	static.chartbeat.com	gtm.nacion.com links.elfinancierocr.com
2	hybrid-gruponacion.arc-perso.aws.arc.pub	www.elfinancierocr.com
2	targeting.arc-perso.aws.arc.pub	www.elfinancierocr.com
2	cdn.onesignal.com	www.elfinancierocr.com cdn.onesignal.com
1	um.simpli.fi	ads.pubmatic.com
1	mwzeom.zeotap.com	ads.pubmatic.com
1	spl.zeotap.com	1 redirects
1	image4.pubmatic.com	ads.pubmatic.com
1	dsp.adfarm1.adition.com	1 redirects
1	dis.criteo.com	ads.pubmatic.com
1	image6.pubmatic.com	ads.pubmatic.com
1	vpaid.springserve.com	ad.lkqd.net
1	vidoomy-d.openx.net	ad.lkqd.net
1	consumer.krxd.net	cdn.krxd.net
1	code.createjs.com	s0.2mdn.net
1	ad.doubleclick.net	www.googletagservices.com
1	geoloc.m32.media	rdc.m32.media
1	i.viafoura.co	www.elfinancierocr.com
1	stg.vidoomy.com	www.elfinancierocr.com
1	pr-bh.ybp.yahoo.com	1 redirects
1	pixel-sync.sitescout.com	1 redirects
1	analytics.google.com	www.googletagmanager.com
1	ping.chartbeat.net	www.elfinancierocr.com
1	id.cxense.com	scdn.cxense.com
1	comcluster.cxense.com	cdn.cxense.com
1	ads.vidoomy.com	gtm.nacion.com
1	www.googletagmanager.com	gtm.nacion.com
1	p1cluster.cxense.com	cdn.cxense.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	api.cxense.com	scdn.cxense.com
1	c.go-mpulse.net	s.go-mpulse.net
1	c2.piano.io	cdn.tinypass.com
1	onesignal.com	cdn.onesignal.com
1	scdn.cxense.com	www.elfinancierocr.com
1	cdn.tinypass.com	api.tinypass.com
1	api.tinypass.com	www.elfinancierocr.com
1	s.go-mpulse.net	www.elfinancierocr.com
1	gtm.nacion.com	www.elfinancierocr.com
1	polyfill.io	www.elfinancierocr.com
1	links.elfinancierocr.com
0	vid.pubmatic.com Failed	vpaid.pubmatic.com
0	cs.lkqd.net Failed	ad.lkqd.net
0	mab.chartbeat.com Failed	static.chartbeat.com
406	96

This site contains links to these domains. Also see Links.

Domain
lanacioncostarica.pressreader.com
www.facebook.com
twitter.com
www.nacion.com
www.lateja.cr
sso.gruponacion.biz
www.yuplon.com
www.parqueviva.com
www.elempleo.com
printea.com
www.fussio.com
gncomercial.com

Subject Issuer	Validity	Valid
links.elfinancierocr.com R3	`2021-11-24` - `2022-02-22`	3 months	crt.sh
gruponacion.web.arc-cdn.net R3	`2021-11-11` - `2022-02-09`	3 months	crt.sh
polyfill.io GlobalSign Atlas R3 DV TLS CA 2020	`2021-06-04` - `2022-07-06`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
viafoura.com Amazon	`2021-10-07` - `2022-11-05`	a year	crt.sh
gtm.nacion.com GTS CA 1D4	`2021-11-11` - `2022-02-09`	3 months	crt.sh
akstat.io DigiCert SHA2 Secure Server CA	`2021-06-08` - `2022-06-13`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-04` - `2022-07-03`	a year	crt.sh
*.piano.io Sectigo RSA Domain Validation Secure Server CA	`2021-08-19` - `2022-09-18`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.perso.aws.arc.pub Amazon	`2021-03-09` - `2022-04-07`	a year	crt.sh
*.cxense.com DigiCert SHA2 Secure Server CA	`2021-05-21` - `2022-05-26`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.news.google.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.chartbeat.com Thawte RSA CA 2018	`2021-05-20` - `2022-06-03`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-09-18` - `2021-12-17`	3 months	crt.sh
*.vidoomy.com Sectigo RSA Domain Validation Secure Server CA	`2021-08-06` - `2022-09-05`	a year	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2021-12-01` - `2022-12-30`	a year	crt.sh
www.google.de GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
ad.lkqd.net R3	`2021-12-02` - `2022-03-02`	3 months	crt.sh
ads.stickyadstv.com DigiCert SHA2 Secure Server CA	`2021-09-19` - `2022-09-20`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.m32.media Sectigo RSA Domain Validation Secure Server CA	`2020-11-18` - `2021-12-19`	a year	crt.sh
*.lkqd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-07-09` - `2022-07-14`	a year	crt.sh
fw.adsafeprotected.com Amazon	`2021-08-11` - `2022-09-09`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
cdn.krxd.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2021-02-08` - `2022-02-07`	a year	crt.sh
tls.adobe.com DigiCert SHA2 Secure Server CA	`2020-06-01` - `2022-06-06`	2 years	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-11-03` - `2022-11-02`	a year	crt.sh
static.adsafeprotected.com Amazon	`2021-09-05` - `2022-10-04`	a year	crt.sh
consumer.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-07-13` - `2022-07-12`	a year	crt.sh
dt.adsafeprotected.com Amazon	`2021-11-19` - `2022-12-18`	a year	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
*.tremorhub.com Amazon	`2021-06-27` - `2022-07-26`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.v.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-10-19` - `2022-04-13`	6 months	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2021-03-30` - `2022-04-04`	a year	crt.sh
*.springserve.com Amazon	`2021-04-30` - `2022-05-29`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-12-01` - `2022-02-26`	3 months	crt.sh
*.simpli.fi DigiCert TLS RSA SHA256 2020 CA1	`2021-10-27` - `2022-11-27`	a year	crt.sh

This page contains 47 frames:

Primary Page: https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
Frame ID: D56FE502461C751E903C9B987DF19F0D
Requests: 110 HTTP requests in this frame

Frame: https://cdn.cxense.com/sp1.html
Frame ID: 912A22E57532DB2AB0C1C599CEC95296
Requests: 4 HTTP requests in this frame

Frame: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: ED1D72B58411D2DA2E7876EC48DCD51E
Requests: 1 HTTP requests in this frame

Frame: https://buy.tinypass.com/checkout/template/cacheableShow?aid=BM6tVBSjXE&templateId=OT4VIKTXZK7K&offerId=fakeOfferId&experienceId=EXSUBF9IPHPC&iframeId=offer_877be5e6aa79db64e0b6-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.elfinancierocr.com
Frame ID: 107AFF4B54B32A2B9038AB8A4F25F705
Requests: 12 HTTP requests in this frame

Frame: https://news.google.com/swg/_/ui/v1/serviceiframe?_=455316
Frame ID: C12B33FC90A5EF01ED4BE12DD1E25391
Requests: 13 HTTP requests in this frame

Frame: https://ad.lkqd.net/vpaid/formats.js
Frame ID: CE641BF51A60B53B5E181E00B12728A8
Requests: 2 HTTP requests in this frame

Frame: https://ad.lkqd.net/vpaid/formats.js
Frame ID: DC51EAFA3589CBDAA70D168F4BDF3182
Requests: 2 HTTP requests in this frame

Frame: https://a.vidoomy.com/api/rtbserver/cookie?i=CEN&uid=no-consent
Frame ID: C1A8DE7F7856A9C6278A2D73CDDA3A9E
Requests: 1 HTTP requests in this frame

Frame: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: ACFC9D5B557BA7D6B2E44E5EF903891D
Requests: 20 HTTP requests in this frame

Frame: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: C4D64E8E83D667EE0455729DFC4E3B49
Requests: 14 HTTP requests in this frame

Frame: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: D6FE432A930AD19C247692DB8E6325B9
Requests: 14 HTTP requests in this frame

Frame: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 2B8C2DCFF9B18A2F72DC95A55DA0151F
Requests: 29 HTTP requests in this frame

Frame: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 9DE72DD880BD2A8F631EFBB402BD05A3
Requests: 14 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstRcQWNIc3cIfGxirMYlpqgTPRK01PiORmrRQc950O9y3u4hBtsMrFmMKvhcbNkALMEhSVmgMOolvTUhlU54CJ9adeGWzzyGYMM3ctIbenPmZQsQjLr7LvsYSFiHkhCQdV2928sUQZTZ0FjU38w2Mjxz3gPC0OYWSftcsLtsIB5kuqSIGHIymhGbK1CdvJfCM0aLAx7QuUksBz0epqy-3DzOmZ8ystWkHF_3hdxljNM6NhENLMKx2TTLMnQDpAKyJ0zRu03_u7VVkM2M_pudArST7GqLZF4nNUrCbDDxWXrwJmJccmeQq5nHnsQkN8CnBAr4qmiG77PKEP2f7nVJ2dWg3i0maQ&sai=AMfl-YS9-7SmZOulQaxeomjSqXTyNDiLcrWalldgP0A-6Csr2H_WfE7OllkRWhIZAxhwYwtOB5t4xMNJCKh78I0vo57Yux0-3PRJUhbo5HHffqcKiIMkPdarJq0lkIdRw3BH&sig=Cg0ArKJSzPmPF_6k8YgKEAE&uach_m=[UACH]&adurl=
Frame ID: 3A33FBE435279A775C227C55E83FAD14
Requests: 6 HTTP requests in this frame

Frame: https://ad.lkqd.net/cookie-sync/usync.html
Frame ID: 6AC024EABB3B0AFECA239283B318F803
Requests: 6 HTTP requests in this frame

Frame: https://ad.lkqd.net/cookie-sync/usync.html
Frame ID: 7F49477C7B5D7876C231CA7B47DA7026
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COed9gIQ96fYjQIY0umUuwEwAQ&v=APEucNXpq_xcmM85pWsr3u5j1lLDmNvD4VxbKgXhxzxMB8BMCmQzFiVQaxfJWU9--QFpeD62d_zpivVYn5_ST6fjjgGx35MmPJi8mDW7HMcRQHogEo96P_3bnHLXPJ6sqQmVdCyH3LqRlY0SIMqxIRCLqjTI2txTsEbjW0EXcUGpcA_4ne_Lt7g
Frame ID: AD0AACE08E6315AA9D853FCC38F642CB
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPXNsaQCENmL1rACGKKr77gBMAE&v=APEucNVdCyGYMYKrzwFywGR1LC_2IuLkri2YEvVDb29ghydd0mZv5Bho-zoOHpYN-pxP6QTjySyMKzVwO6sgArUmUU8ZzgWXHZNT8Vu2zLPlAACCr-naxAE-v8iiXaTktSfvwnJcZGHMLeI6ZmNPi_h5yX7_0i-Fy6Q-JBs9aYqwPKzOVlLSInE
Frame ID: E9C25D078592E272B60E718F23F1F35B
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COed9gIQ96fYjQIY0umUuwEwAQ&v=APEucNVSe_Kyie5PUUtJq1GcTGEX8kNWr733wxMoeAiiK3wMNP7VRB6kGnaP8Ok66NliOmSJ4EFbs5Iee7Nhq3Fz1nFhcng9JBURcYC43Q3BkHsxAXCep7AUw2KMDl1euBlF25vlmvpk7sRpqsPT54Qyu9doqDeU12Agbv5thRXh_4tOGRZj2GI
Frame ID: 9617867047B7F891211ECD335081C972
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYkOCEGzAB&v=APEucNVtU9v6LgI-BwB411ROfFCgQ2YvZTcQtx5lzeoPfcfFj7WpzXc4VPGRM_wNS_yxcQy4mhWBLt56q2kyU-atE6ovWXciOQ-mIhKrDD-n2KpidNpfd3tnfbethfFUSp7mh2DxnGMzUMVBN13wlZ-3V5xxGJ08BeGdibVAg-5GXqkCFbJ5j-k
Frame ID: 3D656146645805C42CDF17F4786340AE
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COed9gIQ96fYjQIYn-KUuwEwAQ&v=APEucNV75vw3LwGlqAZ73lEgzDMBIUz2e7XzQvEgNGLg4BGMaE3FL94hNXapS1IY-RfZt9AQD_gmLVDQXxz9x8sHGONTrs8xpeC2YdJexfG5KaZwsh9iXjmTf-8sBBrW38OH1afKCDdMD8H6W3yOPUj7ZteqIlFnjWX7VQYnbs1B1yEdLOIG7_s
Frame ID: 69731320DDF17FAEC39BA106714304C3
Requests: 5 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 6767C679F53E553142A18F3877F646BE
Requests: 1 HTTP requests in this frame

Frame: https://t.lkqd.net/t
Frame ID: 1A3B36C2D71AF8D926290E310C049E58
Requests: 1 HTTP requests in this frame

Frame: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Frame ID: 249CBE4607266B02D63A7ABEF664949C
Requests: 2 HTTP requests in this frame

Frame: https://t.lkqd.net/t
Frame ID: 3958E9505A93176D73F53CBE91277EA3
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/355119113619368022/index.html
Frame ID: EA17AA84A88F448D70039A0566C46C90
Requests: 13 HTTP requests in this frame

Frame: https://s0.2mdn.net/4528516/1018994438718716/index.html
Frame ID: 639E0770DD8B43F39BB96FADFD494566
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/7528030847950618035/index.html
Frame ID: 23307466650BF2D502DDBF4EB562B8E6
Requests: 13 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/12403946963978149558/index.html
Frame ID: 1A47FAD6FEB0A3084BA9636A5A3890D6
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 1815ECE7851AD5073F78CB034EFE6802
Requests: 3 HTTP requests in this frame

Frame: https://ad.lkqd.net/cookie-sync/usync.html
Frame ID: CE7EA3CB7E2730DF4EF7B01873F63C39
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: B25F7EB88A06D5FB592199F5E6F08DE6
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D3BDFDD46001C8B29C387347F0FF77D6
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 97889579E1C55794BABA02761612F50B
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 249BA2EFAB8437989C9853429F47FABA
Requests: 3 HTTP requests in this frame

Frame: https://t.lkqd.net/t
Frame ID: AE50C1A8E5D67E38FE869D0A8FD3CAEB
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8603EA698C3F4568C528D0525E5D6097
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/12595753840344563712/index.html?e=69&leftOffset=0&topOffset=0&c=w17kDGcjpn&t=1&renderingType=2
Frame ID: D342FF7A58D9E1760CB3574BFE89AF51
Requests: 19 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: A2DF2A3FD0672997652D2C4DC2346048
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js
Frame ID: F69CE1B1EDE1419DEA5760AEA524B779
Requests: 1 HTTP requests in this frame

Frame: https://vpaid.springserve.com/production/vpaid_25214542.js
Frame ID: 91BD8FC67FCD934935D8096ECA3ED950
Requests: 4 HTTP requests in this frame

Frame: https://vpaid.pubmatic.com/ads/video/PMAdMgr.js?adtype=13&pubId=156498&siteId=399115&adId=1801592&vadFmt=2&vapi=2&vminl=1&vmaxl=181&vh=225&vw=400&placement=1&vtype=1&vpos=1&vplay=2&vskip=0&vcom=0&vfmt=1+3+5+6+7+9+11&sec=1&gdpr==&gdpr_consent=&kadpageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&schain=1.0,1!vidoomy.com,53160,1,1639141149379,,
Frame ID: 905403EC6177F1BDAF0752A7B22607D0
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: C164801BC448F3747A8DBBD855E0977D
Requests: 12 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=7BF74D6E-E11B-47B5-BA7B-E816043A1B17
Frame ID: 1CB1F0C749DAC86C266C7DE7DD55D1BE
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=406533723891133348
Frame ID: 004AC58B7D08CBA1442E779A6ADC6931
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: 43EF4CDDC7721A823A18C6C8DFEA8C28
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7040057632803453069
Frame ID: E14E6DB7DD623BC0812ECEF63EF93167
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Candid Co. hace “ajustes” en su planilla local a menos de un mes de haber iniciado operaciones en Costa Rica | El Financiero

Page URL History Show full URLs

https://links.elfinancierocr.com/u/nrd.php?p=YigU0v6Dg3_36810_4523827_1_5&ems_l=5597227&d=RWRpY2klQzM... Page URL
http://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4V... HTTP 301
https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4V... Page URL

Page Statistics

406
Requests

88 %
HTTPS

46 %
IPv6

52
Domains

96
Subdomains

76
IPs

8
Countries

4838 kB
Transfer

13531 kB
Size

53
Cookies

22 Outgoing links

These are links going to different origins than the main page.

URL: https://lanacioncostarica.pressreader.com/
Title: Edición Impresa(Se abre en una nueva ventana)

Search URL Search Domain Scan URL

URL: https://www.facebook.com/elfinancierocr

Search URL Search Domain Scan URL

URL: https://twitter.com/elfinancierocr

Search URL Search Domain Scan URL

URL: https://www.nacion.com/gruponacion/
Title: Grupo Nación(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.lateja.cr/
Title: La Teja(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.nacion.com/revista-perfil/
Title: Revista Perfil(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.nacion.com/sabores/
Title: Sabores(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.nacion.com/gnfactory/apps/landing/index.html
Title: Aplicaciones(Opens in new window)

Search URL Search Domain Scan URL

URL: https://sso.gruponacion.biz/public/newsletter.html
Title: Boletines(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.nacion.com/todobusco/
Title: Todo Busco(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.yuplon.com/
Title: Yuplón(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.parqueviva.com/
Title: Parque Viva(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.elempleo.com/cr/ofertas-empleo/
Title: El Empleo(Opens in new window)

Search URL Search Domain Scan URL

URL: https://printea.com/es/
Title: Printea(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.fussio.com/
Title: Fussio(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.nacion.com/gnfactory/especiales/gruponacion/privacidad.html
Title: Políticas de privacidad(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.nacion.com/gnfactory/especiales/gruponacion/condiciones.html
Title: Condiciones de uso(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.nacion.com/gnfactory/especiales/gruponacion/estados-financieros.html
Title: Estados financieros(Opens in new window)

Search URL Search Domain Scan URL

URL: http://gncomercial.com/reglamentos/
Title: Reglamentos(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.nacion.com/gnfactory/especiales/gruponacion/contacto.html
Title: Contáctenos(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.nacion.com/gnfactory/especiales/gruponacion/centro_de_ayuda.html
Title: Centro de ayuda(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.nacion.com/gnfactory/comercial/2021/TARIFARIO_2021.pdf
Title: Anúnciese(Opens in new window)

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://links.elfinancierocr.com/u/nrd.php?p=YigU0v6Dg3_36810_4523827_1_5&ems_l=5597227&d=RWRpY2klQzMlQjNuK1Zlc3BlcnRpbmErMjAyMS0xMi0wOSsxOSUzQTA2JTNBMTA*3D*7C*7CMjAyMQ*3D*3D*7CMTI*3D*7CMTA*3D*7CMDI*3D*7C&_esuh=_11_4bb8107192af1f4973a18cadeb8b68706108f6c779364ed45b497cbae988f1eb Page URL
http://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02 HTTP 301
https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 106

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=120&redir=https%3A%2F%2Fa.vidoomy.com%2Fapi%2Frtbserver%2Fcookie%3Fi%3DCEN%26uid%3D%7BuserId%7D HTTP 302
https://a.vidoomy.com/api/rtbserver/cookie?i=CEN&uid=no-consent

Request Chain 107

https://x.bidswitch.net/sync?ssp=vidoomy&user_id=898482357.04425621194328170.9183593 HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=vidoomy&user_id=898482357.04425621194328170.9183593 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/iponweb?bidswitch_ssp_id=vidoomy&ssp_user_id=600cb62b-fdf7-4696-9c73-e6da27cf414d HTTP 302
https://x.bidswitch.net/sync?dsp_id=74&&user_id=171315989&expires=5&ssp=vidoomy HTTP 302
https://a.vidoomy.com/api/rtbserver/cookie?i=BS&uid=600cb62b-fdf7-4696-9c73-e6da27cf414d

Request Chain 186

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1

Request Chain 187

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbNPHNH.SmvfDC18WVlgTwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1&google_hm=2

Request Chain 188

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEO5fxdPFHPMYZcWwgrmmpOM&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO5fxdPFHPMYZcWwgrmmpOM%26google_cver%3D1

Request Chain 189

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzg5NDQzNDc5NTU5MDk3NjI4Nw%3D%3D

Request Chain 190

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1

Request Chain 191

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbNPHNH.SmvfDC18WVlgTwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1&google_hm=2

Request Chain 192

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEO5fxdPFHPMYZcWwgrmmpOM&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO5fxdPFHPMYZcWwgrmmpOM%26google_cver%3D1

Request Chain 193

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjIwMTE0Njg2NDUxNjMyNzI4OQ%3D%3D

Request Chain 197

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1

Request Chain 198

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbNPHNH.SmvfDC18WVlgTwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1&google_hm=2

Request Chain 199

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEO5fxdPFHPMYZcWwgrmmpOM&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO5fxdPFHPMYZcWwgrmmpOM%26google_cver%3D1

Request Chain 200

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzg5NDQzNDc5NTU5MDk3NjI4Nw%3D%3D

Request Chain 204

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1

Request Chain 205

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbNPHNH.SmvfDC18WVlgSwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1&google_hm=2

Request Chain 206

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEO5fxdPFHPMYZcWwgrmmpOM&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO5fxdPFHPMYZcWwgrmmpOM%26google_cver%3D1

Request Chain 207

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzI5Nzc5NTkzMDQ4OTY1NTUyOQ%3D%3D

Request Chain 208

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1

Request Chain 209

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbNPHNH.SmvfDC18WVlgSwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1&google_hm=2

Request Chain 210

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEO5fxdPFHPMYZcWwgrmmpOM&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO5fxdPFHPMYZcWwgrmmpOM%26google_cver%3D1

Request Chain 211

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzI5Nzc5NTkzMDQ4OTY1NTUyOQ%3D%3D

Request Chain 216

https://ad.turn.com/r/cs?pid=65 HTTP 302
https://cs.lkqd.net/cs?partnerId=94&partnerUserId=8721002282992361908

Request Chain 221

https://ad.turn.com/r/cs?pid=65 HTTP 302
https://cs.lkqd.net/cs?partnerId=94&partnerUserId=9081290253182001588

Request Chain 299

https://ad.turn.com/r/cs?pid=65 HTTP 302
https://cs.lkqd.net/cs?partnerId=94&partnerUserId=9081290253182001588

Request Chain 322

https://pixel.adsafeprotected.com/rfw/st/774473/57793669/skeleton.js?adsafe_url=https%3A%2F%2Fwww.elfinancierocr.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:5d70f9be-ca18-0982-eeae-a1fc951df554,c:woKqXS,sl:na,em:true,fr:false,thd:1,mn:app33ie,rg:ie,pt:1-5-15,br:c,abv:na,an:n,oam:0,scm:publ1,nbld:0,mtim:178,fm:sRc9dtw+11%7C12%7C131%7C14%7C151%7C152%7C161%7C17%7C181%7C182%7C183%7C191%7C192%7C193%7C1a1%7C1a2%7C1a3%7C1b*.774473-57793669%7C1b1%7C1b21%7C1b3%7C1b4%7C1c1%7C1c2%7C1c3%7C1d%7C1e1%7C1e2,idMap:1b*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:1,renddet:DIV.qs.sn,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,tt:rjss,et:199,oid:f682e234-59b8-11ec-a0e6-0a553b00fa25,v:19.8.270,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js

Request Chain 399

https://c1.adform.net/serving/cookie/match?party=14&cid=7BF74D6E-E11B-47B5-BA7B-E816043A1B17 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=7BF74D6E-E11B-47B5-BA7B-E816043A1B17

Request Chain 400

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=406533723891133348

Request Chain 402

https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7040057632803453069

Request Chain 403

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=e_dNbuEbR7W6e-gWBDobFw%3D%3D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 404

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=45b361b3-4f1e-4a00-a0c1-53a754363f79

Request Chain 405

https://pixel.onaudience.com/?partner=214&mapped=7BF74D6E-E11B-47B5-BA7B-E816043A1B17 HTTP 302
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=f19bad584fed473c849c48df4e89193d HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1 HTTP 302
https://pixel.onaudience.com/?partner=147&mapped=25e7b323-3e7f-44d2-a64e-7235b82148ae&icm HTTP 302
https://spl.zeotap.com/?zdid=1332&zcluid=2f73a5fa364e3c52 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=da80db61-7fcc-4e38-4c7e-b292a2504189&reqId=b585b1f2-a4eb-42a2-6cd8-a9a30652e83e&zcluid=2f73a5fa364e3c52&zdid=1332 HTTP 302
https://mwzeom.zeotap.com/mw?google_gid=CAESEF3HaIC3aAW7HJQaYcJ7nd0&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=da80db61-7fcc-4e38-4c7e-b292a2504189&reqId=b585b1f2-a4eb-42a2-6cd8-a9a30652e83e&zcluid=2f73a5fa364e3c52&zdid=1332

Request Chain 406

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=N0JGNzRENkUtRTExQi00N0I1LUJBN0ItRTgxNjA0M0ExQjE3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 407

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEDLM4FfNP1RNUstEBB62Ci0&google_cver=1

Request Chain 409

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:764161b3-4f1e-4a00-a379-2bd2afb4ddff&gdpr=0&gdpr_consent=

Request Chain 410

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=25e7b323-3e7f-44d2-a64e-7235b82148ae

Request Chain 411

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=6033156809273630072

Request Chain 412

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=7297795930489655529&gdpr=0&gdpr_consent=

406 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK nrd.php Show response
links.elfinancierocr.com/u/ 1013 B
871 B 184ms
144ms Document
text/html 217.175.192.17
NEXTLAYER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://links.elfinancierocr.com/u/nrd.php?p=YigU0v6Dg3_36810_4523827_1_5&ems_l=5597227&d=RWRpY2klQzMlQjNuK1Zlc3BlcnRpbmErMjAyMS0xMi0wOSsxOSUzQTA2JTNBMTA*3D*7C*7CMjAyMQ*3D*3D*7CMTI*3D*7CMTA*3D*7CMDI*3D*7C&_esuh=_11_4bb8107192af1f4973a18cadeb8b68706108f6c779364ed45b497cbae988f1eb

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

217.175.192.17 , Austria, ASN1764 (NEXTLAYER-AS, AT),

Reverse DNS

Software

Apache /

Resource Hash

678a2016a47c3c45eb0aebc30c3551b419bc74806c80b3f2d6c3bd600f66a461

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Fri, 10 Dec 2021 12:59:05 GMT
server: Apache
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
content-encoding: gzip
x-af: suite6-web1
cache-control: max-age=0, no-cache, no-store, must-revalidate
pragma: no-cache
content-length: 494
content-type: text/html; charset=utf-8
x-hf: suite-haproxy01c

GET
H2

200

Primary Request / Show response
www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/
Redirect Chain

http://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+20...
https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2...

168 KB
39 KB

919ms
876ms

Document
text/html

2a02:26f0:6c00::210:ba19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

openresty /

Resource Hash

4b1c84c10d3648666c1e54980de692c85354af649aeb0645cfd04efb04a17019

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://links.elfinancierocr.com/u/nrd.php?p=YigU0v6Dg3_36810_4523827_1_5&ems_l=5597227&d=RWRpY2klQzMlQjNuK1Zlc3BlcnRpbmErMjAyMS0xMi0wOSsxOSUzQTA2JTNBMTA*3D*7C*7CMjAyMQ*3D*3D*7CMTI*3D*7CMTA*3D*7CMDI*3D*7C&_esuh=_11_4bb8107192af1f4973a18cadeb8b68706108f6c779364ed45b497cbae988f1eb

Response headers

content-type: text/html; charset=utf-8
server: openresty
content-encoding: gzip
etag: W/"28de9-8VCYZptbWeI5o49gdlAM4f+7imw"
last-modified: Fri, 10 Dec 2021 12:59:06 GMT
vary: Accept-Encoding
x-akamai-transformed: 9 36755 0 pmb=mRUM,2
cache-control: private, max-age=60
expires: Fri, 10 Dec 2021 13:00:07 GMT
date: Fri, 10 Dec 2021 12:59:07 GMT
server-timing: cdn-cache; desc=REVALIDATE edge; dur=15 origin; dur=841
content-security-policy: upgrade-insecure-requests

Redirect headers

Server: AkamaiGHost
Content-Length: 0
Location: https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
Cache-Control: private, max-age=0
Expires: Fri, 10 Dec 2021 12:59:06 GMT
Date: Fri, 10 Dec 2021 12:59:06 GMT
Connection: keep-alive
Server-Timing: cdn-cache; desc=HIT edge; dur=1
Content-Security-Policy: upgrade-insecure-requests

GET
H2 200 polyfill.min.js Show response
polyfill.io/v3/ 101 B
587 B 63ms
18ms Script
text/javascript 2a04:4e42:a00::282
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://polyfill.io/v3/polyfill.min.js?features=IntersectionObserver%2CElement.prototype.prepend%2CElement.prototype.remove%2CArray.prototype.find%2CArray.prototype.includes

Requested by

Host: www.elfinancierocr.com
URL: https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:a00::282 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

dd1b5e04d54c4420fe3e8e6abe2875fc7f13a3cd6384b6c2afc1a35e302dd846

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
x-content-type-options: nosniff
content-type: text/javascript; charset=utf-8
age: 2218131
detected-user-agent: Chrome Mobile/96.0.4664
server-timing: HIT, fastly;desc="Edge time";dur=0, HIT, fastly;desc="Edge time";dur=1
content-length: 101
referrer-policy: origin-when-cross-origin
last-modified: Sun, 14 Nov 2021 16:39:56 GMT
date: Fri, 10 Dec 2021 12:59:07 GMT
vary: User-Agent, Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
normalized-user-agent: chrome/96.0.0
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 react.js Show response
www.elfinancierocr.com/pf/dist/engine/ 314 KB
96 KB 25ms
24ms Script
application/javascript 2a02:26f0:6c00::210:ba19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfinancierocr.com/pf/dist/engine/react.js?d=131

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

openresty /

Resource Hash

2d3392ee6ac1a9b7a9d10b015b51fbafddedec77e5fda7905f60e15b8b588125

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Fri, 10 Dec 2021 12:59:07 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 21:00:40 GMT
server: openresty
x-amz-request-id: 61R8Q58D1F7JB99Y
etag: W/"3c3e93985a12dd6eaed03c6d89da6437"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
content-security-policy: upgrade-insecure-requests
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 97696
x-amz-id-2: o7MqzjfsSFBxxrroGj4WCnH0oRISdFgFJXHb8mXt6mYi3M5hkDVQRlD17mko7jkdtMPC+Q37Uo8=
expires: Sat, 10 Dec 2022 12:59:07 GMT

GET
H2 200 default.js Show response
www.elfinancierocr.com/pf/dist/components/combinations/ 1 MB
286 KB 21ms
21ms Script
application/javascript 2a02:26f0:6c00::210:ba19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfinancierocr.com/pf/dist/components/combinations/default.js?d=131

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

openresty /

Resource Hash

da1986030b191b42a24d8f95f6246b1f42c4bfd1ec1dc53e2551a32f89b34848

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Fri, 10 Dec 2021 12:59:07 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 21:00:40 GMT
server: openresty
x-amz-request-id: V6SA5K4JDKNE275W
etag: W/"0b22ed62b74607c50fbd5593c5e16bf3"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
content-security-policy: upgrade-insecure-requests
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 291317
x-amz-id-2: fyIhEdxu0CtJGuBoZ780Cg3XkNrj8b0BX7c+kViOokK/h9NGF/e0zlMTfiPwN5JgofaAHsaccz8=
expires: Sat, 10 Dec 2022 12:59:07 GMT

GET
H2 200 default.css
www.elfinancierocr.com/pf/dist/components/output-types/ 33 KB
5 KB 50ms
49ms Stylesheet
text/css 2a02:26f0:6c00::210:ba19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfinancierocr.com/pf/dist/components/output-types/default.css?d=131

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

openresty /

Resource Hash

ada22e6eba70375c2b46ed604b28c317d19c3208d9354f2d714b1e020d08d7fa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Fri, 10 Dec 2021 12:59:07 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 21:00:40 GMT
server: openresty
x-amz-request-id: MZ5WHJP2PVBFB6A7
etag: W/"b85a56d0b2f48a049db57c189c0a816d"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
cache-control: public, max-age=31536000
content-security-policy: upgrade-insecure-requests
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 4204
x-amz-id-2: sdgECOdL2P6poLS/pc33bgimOCbI5e53j9PMtUKgIaC0NZGRdUZeNY35+7/nyxg9FYATf7l/G4w=
expires: Sat, 10 Dec 2022 12:59:07 GMT

GET
H2 200 default.css
www.elfinancierocr.com/pf/dist/components/combinations/ 83 KB
16 KB 61ms
61ms Stylesheet
text/css 2a02:26f0:6c00::210:ba19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfinancierocr.com/pf/dist/components/combinations/default.css?d=131

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

openresty /

Resource Hash

aeaa6078a758995f23fbad8f680d98c2b63515a7c2e5acc30d318efdb4854bb8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Fri, 10 Dec 2021 12:59:07 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 21:00:40 GMT
server: openresty
x-amz-request-id: 3NN6E5DD0CWW0WRW
etag: W/"eeb68d5f3c1c35861c1181c253354c65"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
cache-control: public, max-age=31536000
content-security-policy: upgrade-insecure-requests
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 15801
x-amz-id-2: K+jKfVV6l6Ri1EqfO1DGh+FjdvcdgllNWJ7LdJTys0oqtBsvLlcDZZ94jQTWqOJ0l8fR4wWFhZI=
expires: Sat, 10 Dec 2022 12:59:07 GMT

GET
H2 200 overwrite.css
www.elfinancierocr.com/pf/resources/global/ 7 KB
2 KB 71ms
70ms Stylesheet
text/css 2a02:26f0:6c00::210:ba19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfinancierocr.com/pf/resources/global/overwrite.css?d=131

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

openresty /

Resource Hash

42e18cf3e34929b45ad8fc524c72c82898c2a9ebe89dd3eb9f8feed643fbc368

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:07 GMT
content-encoding: gzip
x-amz-request-id: SEDKSXMPVSWY2BYV
x-amz-server-side-encryption: AES256
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1571
x-amz-id-2: u+uo6mxlTFvcJ5b3hs6QB73/XHI75T4ZoHAU0u2jNe6V8ntRQ6lwobJeA9YH1Y+kessIjYi6CmM=
last-modified: Thu, 09 Dec 2021 21:00:40 GMT
server: openresty
etag: W/"e2c8963f2c1ae225002a67245811f455"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
content-security-policy: upgrade-insecure-requests
expires: Sat, 10 Dec 2022 12:59:07 GMT

GET
H2 200 css2
fonts.googleapis.com/ 12 KB
1 KB 41ms
16ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lora:wght@400;700&family=Roboto:wght@300;400;700;900&display=swap

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

36f424145fc49aeb31e34362c9f4263af9ddebb7e3815d0c40c9d07aafc88d49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 10 Dec 2021 12:59:07 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 10 Dec 2021 12:59:07 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 10 Dec 2021 12:59:07 GMT

GET
H2 200 logo.svg
www.elfinancierocr.com/pf/resources/el-financiero/ 13 KB
5 KB 33ms
33ms Image
image/svg+xml 2a02:26f0:6c00::210:ba19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.elfinancierocr.com/pf/resources/el-financiero/logo.svg?d=131

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

openresty /

Resource Hash

2a858776bb6bd9226815d72d9d3458d1449c1e46a3ca53340988f22bd247759f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:07 GMT
content-encoding: gzip
x-amz-request-id: 61R6VHK71279H8Y3
x-amz-server-side-encryption: AES256
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 4636
x-amz-id-2: 0uyszTigitoMuNTHc1LFXCpGGzBOf9L7xx7+SYdeMIpZa4z0le3tCds3AIrcW9vyg9gTIPi0rL4=
last-modified: Thu, 09 Dec 2021 21:00:40 GMT
server: openresty
etag: W/"312679b5836c87268047387621ab78ac"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
content-security-policy: upgrade-insecure-requests
expires: Sat, 10 Dec 2022 12:59:07 GMT

GET
H2 200 vf-v2.js Show response
cdn.viafoura.net/ 658 KB
156 KB 50ms
12ms Script
application/javascript 2600:9000:20eb:c400:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/vf-v2.js
Requested by: Host: www.elfinancierocr.com
URL: https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c400:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 478ad9a744a81ca0e6799fa27fc3b127eb67eb346cb61fe8cef59b795b2683bf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: BL94ddboL26A8sXy9gX.WI2n0U9tANA4
content-encoding: br
last-modified: Thu, 09 Dec 2021 19:40:17 GMT
server: AmazonS3
age: 212
etag: W/"504c0d32cc258cf6b140ed260e4f4b7c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 b6d1611761652d7a383651f2bf480596.cloudfront.net (CloudFront)
cache-control: max-age=300
date: Fri, 10 Dec 2021 12:55:36 GMT
x-amz-replication-status: COMPLETED
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: jbux_e633yJUSp9jkBeIMmYtDj6V_t3t-81_8SkCgN6eC2joYecsmQ==

GET
H2 200 gtm.js Show response
gtm.nacion.com/ 153 KB
59 KB 549ms
522ms Script
application/javascript 2001:4860:4802:34::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://gtm.nacion.com/gtm.js?id=GTM-58RCN8
Requested by: Host: www.elfinancierocr.com
URL: https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 3c42d82cabb963570626e82fe5e3f8208244e27054180efa1b7b2032091c4a66

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:07 GMT
via: 1.1 google
last-modified: Fri, 10 Dec 2021 12:00:00 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=450
content-encoding: gzip
expires: Fri, 10 Dec 2021 13:04:11 GMT

GET
H2 200 K2F2J-U4J6X-CUK55-UT5LV-F8L4T Show response
s.go-mpulse.net/boomerang/ 202 KB
51 KB 53ms
15ms Script
application/javascript 2a02:26f0:6c00:2b9::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.go-mpulse.net/boomerang/K2F2J-U4J6X-CUK55-UT5LV-F8L4T
Requested by: Host: www.elfinancierocr.com
URL: https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:2b9::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 95a439c4e11ace2484e8d42c30ff56cf7db5ea7c6463df9ce2fdafa7f6ccbf54

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:07 GMT
content-encoding: br
last-modified: Tue, 16 Nov 2021 02:52:40 GMT
x-serial: 4518
x-akamai-pragma-client-ip: 10.202.51.110, 209.170.100.130
x-n: S
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-check-cacheable: YES
cache-control: max-age=604800
timing-allow-origin: *
content-length: 51580

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 73ms
34ms Script
application/javascript 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by: Host: www.elfinancierocr.com
URL: https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55b4a8ebd4ce4144242d6bb9d0ebb65a01b2759e67243ed5badc3ac96c6fd396

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:07 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 335
etag: W/"2d763adca2b6a93c45e5b76bff1f8c5d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 6bb6a60a08ca3747-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Mon, 13 Dec 2021 12:59:07 GMT

GET
H2 200 load Show response
api.tinypass.com/xbuilder/experience/ 4 KB
2 KB 86ms
40ms Script
application/javascript 2606:4700::6811:b7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.tinypass.com/xbuilder/experience/load?aid=BM6tVBSjXE

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

592b2d7cbc5a7cad13de7f9a94f0e7d6112515896fb866303c71a2ad9d7a96c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:07 GMT
content-encoding: br
vary: accept-encoding
cf-cache-status: HIT
age: 2684
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-request-id: Czbfw3rUrZ3
pragma
wn: prod-dash-10-0-92-175
last-modified: Fri, 10 Dec 2021 12:14:23 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript;charset=utf-8
server-time: 0.008
cache-control: public, max-age=1800
cf-ray: 6bb6a60a1bf883a6-MXP
expires: Fri, 10 Dec 2021 13:29:07 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
16 KB 35ms
8ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lora:wght@400;700&family=Roboto:wght@300;400;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.elfinancierocr.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 13:39:48 GMT
x-content-type-options: nosniff
age: 602359
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 03 Dec 2022 13:39:48 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
16 KB 39ms
13ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lora:wght@400;700&family=Roboto:wght@300;400;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.elfinancierocr.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 17:56:19 GMT
x-content-type-options: nosniff
age: 154968
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 08 Dec 2022 17:56:19 GMT

GET
H2 200 0QIvMX1D_JOuMwr7Iw.woff2
fonts.gstatic.com/s/lora/v20/ 35 KB
35 KB 42ms
15ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lora/v20/0QIvMX1D_JOuMwr7Iw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lora:wght@400;700&family=Roboto:wght@300;400;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef7da2ea9165f4486462c7f1dccddb7485e6a1922d220a1c393a8fa7214829fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.elfinancierocr.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 18:05:24 GMT
x-content-type-options: nosniff
age: 154423
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35440
x-xss-protection: 0
last-modified: Wed, 10 Nov 2021 18:00:32 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 08 Dec 2022 18:05:24 GMT

GET
H2 200 DQ2UNUHRAVFXTOO3ZDCSWR7YRY.jpg
www.elfinancierocr.com/resizer/uQsKoQW2GsWS3VimXYT8IRjSRNA=/1440x0/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/ 106 KB
106 KB 36ms
36ms Image
image/jpeg 2a02:26f0:6c00::210:ba19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.elfinancierocr.com/resizer/uQsKoQW2GsWS3VimXYT8IRjSRNA=/1440x0/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/DQ2UNUHRAVFXTOO3ZDCSWR7YRY.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

b4b91a9918203e32376e5481e50936c0ba8cb75a018a45c6bd31702ed7ea7af9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:07 GMT
last-modified: Tue, 16 Nov 2021 01:38:04 GMT
server: Akamai Image Manager
etag: "5d542a357cfa8a101c275b8ffb4511c26576e089"
content-type: image/jpeg
cache-control: private, no-transform, max-age=29421424
content-security-policy: upgrade-insecure-requests
server-timing: cdn-cache; desc=HIT, edge; dur=8
content-length: 108183
expires: Wed, 16 Nov 2022 01:36:11 GMT

GET
H2 200 054264e1-96b0-479c-ba5b-dd5cfc02aab4.png
www.elfinancierocr.com/resizer/6ceCGdbGFmW1MCRAptqf-wHEEtE=/84x0/filters:format(png):quality(70)/s3.amazonaws.com/arc-authors/gruponacion/ 2 KB
2 KB 42ms
42ms Image
image/webp 2a02:26f0:6c00::210:ba19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.elfinancierocr.com/resizer/6ceCGdbGFmW1MCRAptqf-wHEEtE=/84x0/filters:format(png):quality(70)/s3.amazonaws.com/arc-authors/gruponacion/054264e1-96b0-479c-ba5b-dd5cfc02aab4.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

79383342fc38d1b87771128c18bea1331baaac4e386203baa2d700066ac5c727

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:07 GMT
x-check-cacheable: YES
x-serial: 1
etag: "ee5c9a9f6944f3a08909e0f3e956e6a5a47eda2f"
content-type: image/webp
cache-control: private, no-transform, max-age=26625674
last-modified: Thu, 14 Oct 2021 17:03:50 GMT
content-security-policy: upgrade-insecure-requests
server-timing: cdn-cache; desc=HIT, edge; dur=5
content-length: 1938
server: Akamai Image Manager
expires: Fri, 14 Oct 2022 17:00:21 GMT

GET
H2 200 OneSignalPageSDKES6.js Show response
cdn.onesignal.com/sdks/ 283 KB
68 KB 29ms
28ms Script
application/javascript 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151510
Requested by: Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba83c227cde7d4c34fb514ccd483305e8dfef365e6b2b70a126f2d73adaa1691

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:07 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 303
etag: W/"bac537a7eba0b66473f70a7a4bf837c4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 6bb6a60a796c3747-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Mon, 13 Dec 2021 12:59:07 GMT

GET
H2 200 tinypass.min.js Show response
cdn.tinypass.com/api/ 395 KB
123 KB 38ms
37ms Script
application/javascript 2606:4700::6811:b7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.tinypass.com/api/tinypass.min.js

Requested by

Host: api.tinypass.com
URL: https://api.tinypass.com/xbuilder/experience/load?aid=BM6tVBSjXE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

550e48ce8660782ce65aa5ab0119b93b0a35c5f76620e6b568a1cf36445e7f81

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:07 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 6
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
wn: prod-dash-10-0-92-194
last-modified: Fri, 10 Dec 2021 09:20:08 GMT
server: cloudflare
etag: W/"404947-1639128008025"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript
server-time: 0.000
cache-control: public, max-age=7200
cf-ray: 6bb6a60a7cf083a6-MXP
expires: Fri, 10 Dec 2021 14:59:07 GMT

OPTIONS
H2 204 targeting
targeting.arc-perso.aws.arc.pub/api/v1/ Frame 0
0 517ms
99ms Preflight 52.7.239.78
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://targeting.arc-perso.aws.arc.pub/api/v1/targeting
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.7.239.78 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-7-239-78.compute-1.amazonaws.com
Software: nginx/1.10.3 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: arc-org-name,content-type
Origin: https://www.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 10 Dec 2021 12:59:07 GMT
server: nginx/1.10.3
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: POST,GET,OPTIONS,DELETE
access-control-allow-headers: Origin,X-Requested-With,Content-Type,Accept,Authorization,Arc-Org-Name,Arc-Organization

OPTIONS
H2 200 recommend
hybrid-gruponacion.arc-perso.aws.arc.pub/hybrid/hybrid-filter/ Frame 0
0 321ms
103ms Preflight 52.7.239.78
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://hybrid-gruponacion.arc-perso.aws.arc.pub/hybrid/hybrid-filter/recommend
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.7.239.78 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-7-239-78.compute-1.amazonaws.com
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 10 Dec 2021 12:59:07 GMT
content-length: 0
server: nginx/1.10.3 (Ubuntu)
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH

GET
H/1.1 200
OK cx.js Show response
scdn.cxense.com/ 118 KB
28 KB 61ms
19ms Script
application/x-javascript 2a02:26f0:6c00:2a7::268b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://scdn.cxense.com/cx.js
Requested by: Host: www.elfinancierocr.com
URL: https://www.elfinancierocr.com/pf/dist/components/combinations/default.js?d=131
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a7::268b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 61a9a4924579af06533a09ad0072612a6bcc4e69e54349a53fdb2d081cc8d81d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Fri, 10 Dec 2021 12:59:07 GMT
Content-Encoding: gzip
Last-Modified: Thu, 09 Dec 2021 20:01:46 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 28194
Expires: Fri, 10 Dec 2021 13:59:07 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 80 KB
27 KB 50ms
22ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.elfinancierocr.com
URL: https://www.elfinancierocr.com/pf/dist/components/combinations/default.js?d=131

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

f45530ee93fe1451632f4c4da09ff7b9dcbbe6a64f2ae824c058c78fababd34c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1066 / 70 of 1000 / last-modified: 1639137928"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27033
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 10 Dec 2021 12:59:07 GMT

GET
H2 200 newsletter-recommendation Show response
www.elfinancierocr.com/pf/api/v3/content/fetch/ 595 B
694 B 431ms
431ms Fetch
application/json 2a02:26f0:6c00::210:ba19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfinancierocr.com/pf/api/v3/content/fetch/newsletter-recommendation?query=%7B%22mainSectionPath%22%3A%22%2Fel-financiero%2Fnegocios%22%7D&d=131&_website=el-financiero

Requested by

Host: www.elfinancierocr.com
URL: https://www.elfinancierocr.com/pf/dist/engine/react.js?d=131

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

openresty /

Resource Hash

d02b92776598568047e1ef87f4df4166933bc6cbb7c1151089d8fb2512b09dd0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:07 GMT
content-encoding: gzip
last-modified: Fri, 10 Dec 2021 12:59:07 GMT
server: openresty
etag: W/"253-lXqrjwQWie8SIKRouI1HnqoKSG4"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
cache-control: max-age=300
content-security-policy: upgrade-insecure-requests
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=22, origin; dur=372
content-length: 368
expires: Fri, 10 Dec 2021 13:04:07 GMT

POST
H2 200 targeting Show response
targeting.arc-perso.aws.arc.pub/api/v1/ 28 B
308 B 118ms
116ms Fetch
application/json 52.7.239.78
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://targeting.arc-perso.aws.arc.pub/api/v1/targeting
Requested by: Host: www.elfinancierocr.com
URL: https://www.elfinancierocr.com/pf/dist/components/combinations/default.js?d=131
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.7.239.78 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-7-239-78.compute-1.amazonaws.com
Software: nginx/1.10.3 /
Resource Hash: 79d73807994e13624800e85d65db3c1d5f0a691ae2774d00bb3c3ee2fec2ad80

Request headers

Referer: https://www.elfinancierocr.com/
Accept-Language: de-DE,de;q=0.9
arc-org-name: el-financiero
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
server: nginx/1.10.3
access-control-allow-methods: POST,GET,OPTIONS,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Origin,X-Requested-With,Content-Type,Accept,Authorization,Arc-Org-Name,Arc-Organization
content-length: 28

POST
H2 200 recommend Show response
hybrid-gruponacion.arc-perso.aws.arc.pub/hybrid/hybrid-filter/ 14 B
248 B 109ms
108ms Fetch
application/json 52.7.239.78
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://hybrid-gruponacion.arc-perso.aws.arc.pub/hybrid/hybrid-filter/recommend
Requested by: Host: www.elfinancierocr.com
URL: https://www.elfinancierocr.com/pf/dist/components/combinations/default.js?d=131
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.7.239.78 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-7-239-78.compute-1.amazonaws.com
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 5021e624e752b001ce3e3846e8f158ed4aeb93a4c9a72fdb35a0c5b14a0eea84

Request headers

Referer: https://www.elfinancierocr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Fri, 10 Dec 2021 12:59:07 GMT
server: nginx/1.10.3 (Ubuntu)
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
content-length: 14
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json;charset=utf-8

GET
H2 200 newsletter-recommendation Show response
www.elfinancierocr.com/pf/api/v3/content/fetch/ 595 B
695 B 404ms
404ms Fetch
application/json 2a02:26f0:6c00::210:ba19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfinancierocr.com/pf/api/v3/content/fetch/newsletter-recommendation?query=%7B%22mainSectionPath%22%3A%22%2Fel-financiero%2Fnegocios%22%7D&d=131&_website=el-financiero

Requested by

Host: www.elfinancierocr.com
URL: https://www.elfinancierocr.com/pf/dist/engine/react.js?d=131

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

openresty /

Resource Hash

d02b92776598568047e1ef87f4df4166933bc6cbb7c1151089d8fb2512b09dd0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:07 GMT
content-encoding: gzip
last-modified: Fri, 10 Dec 2021 12:59:07 GMT
server: openresty
etag: W/"253-lXqrjwQWie8SIKRouI1HnqoKSG4"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
cache-control: max-age=300
content-security-policy: upgrade-insecure-requests
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=14, origin; dur=367
content-length: 368
expires: Fri, 10 Dec 2021 13:04:07 GMT

POST
H2 200 v2 Show response
api.viafoura.co/v2/www.elfinancierocr.com/bootstrap/ 6 KB
3 KB 302ms
107ms XHR
application/json 2600:1f18:44f0:4832:5e20:6d31:3296:b71b
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viafoura.co/v2/www.elfinancierocr.com/bootstrap/v2
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:44f0:4832:5e20:6d31:3296:b71b Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 847be9f4a35ef78beaa493c9092832231bdb790ba0da7d63c357d5ee9e17dd21

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.elfinancierocr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: gzip
server: nginx/1.18.0 (Ubuntu)
x-instance-id: i-0aa4b71b3551468e2
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH, HEAD
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
expires: Fri, 10 Dec 2021 12:59:08 GMT

OPTIONS
H2 204 v2
api.viafoura.co/v2/www.elfinancierocr.com/bootstrap/ Frame 0
0 290ms
94ms Preflight 2600:1f18:44f0:4832:5e20:6d31:3296:b71b
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viafoura.co/v2/www.elfinancierocr.com/bootstrap/v2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:44f0:4832:5e20:6d31:3296:b71b Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 10 Dec 2021 12:59:07 GMT
server: nginx/1.18.0 (Ubuntu)
expires: Fri, 10 Dec 2021 12:59:07 GMT
cache-control: max-age=0
access-control-allow-origin: https://www.elfinancierocr.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH, HEAD
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-max-age: 1728000

GET
H2 200 web Show response
onesignal.com/api/v1/sync/ed42b0eb-86e1-445d-b83e-a6cf15f859cb/ 5 KB
2 KB 31ms
30ms Script
text/javascript 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/sync/ed42b0eb-86e1-445d-b83e-a6cf15f859cb/web?callback=__jp0

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151510

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

380ae99699404953783f154027e0fe151f67759ede82069429df8c1e53505fcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:07 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 332
cf-polished: origSize=5169
status: 200 OK
x-envoy-upstream-service-time: 32
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: 002f4e6b-79a8-40a2-9db5-c1d49a0d18a2
x-runtime: 0.031203
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"3572760556a60d0727a999a75b1b8c96"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
cf-ray: 6bb6a60c2cc43747-MXP
access-control-allow-headers: SDK-Version
expires: Fri, 10 Dec 2021 13:59:07 GMT

POST
H2 200 execute Show response
c2.piano.io/xbuilder/experience/ 19 KB
4 KB 188ms
150ms XHR
application/json 2606:4700::6810:f015
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c2.piano.io/xbuilder/experience/execute?aid=BM6tVBSjXE

Requested by

Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:f015 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1134d331d79b895a1512dab2fab634276b22871c93b838de0ed6b8bc58a63f31

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept: */*
Referer: https://www.elfinancierocr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Fri, 10 Dec 2021 12:59:07 GMT
content-encoding: gzip
vary: Accept-Encoding, Origin
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-request-id: 34xkkyuyhe
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: no-cache, no-store
access-control-allow-credentials: true
cf-ray: 6bb6a60cafda599b-MXP

GET
H2 200 get.js Show response
buy.tinypass.com/api/v3/anon/captcha/ 153 B
297 B 36ms
35ms Script
application/javascript 2606:4700::6811:b7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/api/v3/anon/captcha/get.js?callback=jsonpCallback&aid=BM6tVBSjXE

Requested by

Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0329847bed56508b9aa400220f158a203b77e4f12814837b4e52bf8b6091cca6

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:07 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 248
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-request-id: Cn7hw3rPovG
pragma
wn: prod-dash-10-0-133-91
last-modified: Fri, 10 Dec 2021 12:54:59 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript
server-time: 0.004
cache-control: public, max-age=1200
cf-ray: 6bb6a60c699e83a6-MXP
expires: Fri, 10 Dec 2021 13:19:07 GMT

GET
H3 200 pubads_impl_2021120601.js Show response
securepubads.g.doubleclick.net/gpt/ 348 KB
117 KB 34ms
19ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

2d5ae5a515a688823dc98d032242c2ed6f490a74c4281bdd599567898f9fa675

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119476
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 09:34:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 10 Dec 2021 12:59:07 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 197 B
152 B 31ms
16ms XHR
application/json 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.elfinancierocr.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

8b03951013852c8273718fdfb5f1de5e91f45dd7857e372c57fdd2b99017c449

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 10 Dec 2021 12:59:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127
x-xss-protection: 0
expires: Fri, 10 Dec 2021 12:59:07 GMT

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/ 5 KB
1 KB 253ms
225ms XHR
application/json 2a02:26f0:fb:187::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=K2F2J-U4J6X-CUK55-UT5LV-F8L4T&d=www.elfinancierocr.com&t=5463804&v=1.632.0&sl=0&si=4axiyqjn8h2-r3whej&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,Angular,Backbone,Ember,History,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,LOGN&acao=&ak.ai=642712
Requested by: Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/K2F2J-U4J6X-CUK55-UT5LV-F8L4T
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:fb:187::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 51d9d410182884fc5cb7f1a20dfe1950ec9e6eb19cb3610179abb10c70985676

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Fri, 10 Dec 2021 12:59:07 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 1075

GET
H/1.1 200
OK segment Show response
api.cxense.com/profile/user/ 77 B
693 B 56ms
16ms Script
text/javascript 147.75.85.120
PACKET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cxense.com/profile/user/segment?callback=cXJsonpCBkx0ebg0ubx4nnu55&persisted=b15320daa6193bf072303805114e1600484395c8&json=%7B%22identities%22%3A%5B%7B%22id%22%3A%22kx0ebg0sih33i8n8%22%2C%22type%22%3A%22cx%22%7D%5D%7D

Requested by

Host: scdn.cxense.com
URL: https://scdn.cxense.com/cx.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

147.75.85.120 Schiphol, Netherlands, ASN54825 (PACKET, US),

Reverse DNS

Software

Jetty(9.4.28.v20200408) /

Resource Hash

d39ea4830518090c9da456ae315de53c781abc541e0dcfc44b0e96893d023b87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:07 GMT
x-content-type-options: nosniff
server: Jetty(9.4.28.v20200408)
strict-transport-security: max-age=31536000
p3p: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-store, no-cache, must-revalidate
content-type: text/javascript;charset=utf-8
content-length: 77
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK sp1.html Show response
cdn.cxense.com/ Frame 912A 1 KB
888 B 51ms
18ms Document
text/html 2a02:26f0:6c00:2a7::268b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/sp1.html
Requested by: Host: scdn.cxense.com
URL: https://scdn.cxense.com/cx.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a7::268b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a739cc97a54df824e12fc75392160360e56e55f623a445f99fa26108fa84e6fb

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/

Response headers

Accept-Ranges: bytes
Last-Modified: Mon, 29 Nov 2021 08:03:18 GMT
Server: AkamaiNetStorage
Content-Length: 518
Cache-Control: max-age=864000
Expires: Mon, 20 Dec 2021 12:59:07 GMT
Date: Fri, 10 Dec 2021 12:59:07 GMT
Connection: keep-alive
Content-Type: text/html
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Vary: Accept-Encoding

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 40ms
17ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.elfinancierocr.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 10 Dec 2021 12:59:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 41ms
18ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.elfinancierocr.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 10 Dec 2021 12:59:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 105 KB
35 KB 562ms
561ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4481179748623336&correlator=612765875579639&output=ldjh&impl=fifs&eid=31061167%2C31063246%2C31062554&vrg=2021120601&ptt=17&sc=1&sfv=1-0-38&ecs=20211210&iu_parts=175346488%2Cfinanciero%2Cfinanciero_negocios&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2&prev_iu_szs=728x90%2C300x250%2C300x250%2C300x250%2C300x250%7C300x600%2C728x90&prev_scp=Pos%3Dx01%26user_type%3Danonymous%26without_ads%3D0%26subscriber_status%3DUNKNOW%26ad_type%3Dleaderboard_medium%26position%3D1%7CPos%3Dx04%26user_type%3Danonymous%26without_ads%3D0%26subscriber_status%3DUNKNOW%26ad_type%3Dcube%26position%3D1%7CPos%3Dx07%26user_type%3Danonymous%26without_ads%3D0%26subscriber_status%3DUNKNOW%26ad_type%3Dcube%26position%3D2%7CPos%3Dx02%26user_type%3Danonymous%26without_ads%3D0%26subscriber_status%3DUNKNOW%26ad_type%3Dcube%26position%3D3%7CPos%3Dx03%26user_type%3Danonymous%26without_ads%3D0%26subscriber_status%3DUNKNOW%26ad_type%3Dflex_cube%26position%3D1%7CPos%3Dx35%26user_type%3Danonymous%26without_ads%3D0%26subscriber_status%3DUNKNOW%26ad_type%3Dleaderboard_medium%26position%3D2&eri=1&cust_params=page_type%3Darticle%26section_id%3D%252Ffinanciero_negocios%26ContentId%3DWAGYHTRXTJAO3KK7GYO4VECBTM%26SeoKeywords%3DNegocios%252Cempresas%252Cdespidos&cookie_enabled=1&bc=31&abxe=1&lmt=1639141146&dt=1639141147714&dlt=1639141147065&idt=608&frm=20&biw=1600&bih=1200&oid=2&adxs=800%2C437%2C437%2C1043%2C1043%2C-12245933&adys=78%2C1407%2C2226%2C420%2C1581%2C-12245933&adks=840744514%2C2001954463%2C3046175923%2C2624869551%2C2704464526%2C420293827&ucis=1%7C2%7C3%7C4%7C5%7C6&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1147x130%7C721x291%7C721x291%7C361x291%7C361x274%7C0x-1&msz=0x106%7C300x267%7C300x267%7C300x267%7C300x250%7C0x-1&ga_vid=1828842467.1639141148&ga_sid=1639141148&ga_hid=1514449554&ga_fc=false&fws=0%2C0%2C0%2C0%2C512%2C640&ohw=0%2C0%2C0%2C0%2C0%2C0&btvi=0%7C1%7C2%7C0%7C3%7C-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

bcaa2b4bd57d9be206ec5b910480231906274cbb5db68a44bbf679ef15c83088

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35294
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1,-1,5849348051
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,-1,-1,-1,-1,138374623439
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame ED1D 6 KB
4 KB 88ms
14ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Fri, 10 Dec 2021 12:59:07 GMT
expires: Sat, 10 Dec 2022 12:59:07 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK cx.js Show response
cdn.cxense.com/ Frame 912A 118 KB
28 KB 19ms
19ms Script
application/x-javascript 2a02:26f0:6c00:2a7::268b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/cx.js
Requested by: Host: cdn.cxense.com
URL: https://cdn.cxense.com/sp1.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a7::268b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 61a9a4924579af06533a09ad0072612a6bcc4e69e54349a53fdb2d081cc8d81d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.cxense.com/sp1.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Fri, 10 Dec 2021 12:59:07 GMT
Content-Encoding: gzip
Last-Modified: Thu, 09 Dec 2021 20:01:46 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 28194
Expires: Fri, 10 Dec 2021 13:59:07 GMT

GET
H/1.1 200
OK p1.js Show response
p1cluster.cxense.com/ Frame 912A 47 B
637 B 54ms
14ms Script
text/javascript 178.63.12.147
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://p1cluster.cxense.com/p1.js
Requested by: Host: cdn.cxense.com
URL: https://cdn.cxense.com/sp1.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.63.12.147 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: de715.cxense.com
Software: Jetty(9.4.28.v20200408) /
Resource Hash: 89486f5a9a4df154072818eea872ea5d9193406e56152c4176900d9bb44bae13

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.cxense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Fri, 10 Dec 2021 12:59:07 GMT
Last-Modified: Thu, 10 Jun 2021 12:59:07 GMT
Server: Jetty(9.4.28.v20200408)
ETag: 1fw6uul57aay42rihj8w2m4234
P3P: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: private, proxy-revalidate
Content-Type: text/javascript;charset=utf-8
Content-Length: 47
Expires: Sat, 10 Dec 2022 12:59:07 GMT

GET
H2 200 swg.js Show response
news.google.com/swg/js/v1/ 139 KB
44 KB 31ms
8ms Script
text/javascript 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg.js

Requested by

Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7baa007c35a2be99bbefd42c149d7bf7d6b38268c7873193d497a08404fe112

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:09:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2980
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44196
x-xss-protection: 0
last-modified: Wed, 08 Dec 2021 19:29:32 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/javascript
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Fri, 10 Dec 2021 12:59:27 GMT

POST
H3 200 loadTemplateContext Show response
buy.tinypass.com/api/v3/anon/template/ 554 B
868 B 154ms
135ms XHR
application/json 2606:4700::6811:bab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/api/v3/anon/template/loadTemplateContext?aid=BM6tVBSjXE

Requested by

Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:bab1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

29a5aa71dd8a960c14c0d6d551a455e1904c0d9a274bd6f2e0cf8ea7b8208d70

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.elfinancierocr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Fri, 10 Dec 2021 12:59:07 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-request-id: Cjehw3rcIJ2
pragma: no-cache
wn: prod-dash-10-0-133-91
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
server-time: 0.005
cf-ray: 6bb6a60dcf066903-FRA
expires: 0

GET
H3 200 cacheableShow Show response
buy.tinypass.com/checkout/template/ Frame 107A 9 KB
4 KB 205ms
159ms Document
text/html 2606:4700::6811:bab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/checkout/template/cacheableShow?aid=BM6tVBSjXE&templateId=OT4VIKTXZK7K&offerId=fakeOfferId&experienceId=EXSUBF9IPHPC&iframeId=offer_877be5e6aa79db64e0b6-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.elfinancierocr.com

Requested by

Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:bab1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8cc7870a999894c7c44d7b5483fa2fca5a85103a978a2548d2f2af330e2bdb46

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/

Response headers

date: Fri, 10 Dec 2021 12:59:07 GMT
content-type: text/html;charset=UTF-8
access-control-allow-methods: *
access-control-allow-origin: https://dashboard.piano.io
cache-control: public, max-age=10800
expires: Fri, 10 Dec 2021 15:59:07 GMT
p3p: CP="NON DSP COR OUR IND"
pragma
server-time: 0.001
strict-transport-security: max-age=86400; includeSubDomains
vary: accept-encoding
wn: prod-dash-10-0-122-104
x-forwarded-https: on
x-request-id: Cjehw3rfPvK
x-xss-protection: 0
cf-cache-status: MISS
last-modified: Fri, 10 Dec 2021 12:59:07 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6bb6a60e0ebe5a07-MXP
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 166 KB
61 KB 49ms
24ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-619EW470MQ&l=dataLayer&cx=c

Requested by

Host: gtm.nacion.com
URL: https://gtm.nacion.com/gtm.js?id=GTM-58RCN8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b4fc45ced0d3674403f2d2cf802cecb4d5790c54e0df805a49708fde4e2f1a98

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:07 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62415
x-xss-protection: 0
expires: Fri, 10 Dec 2021 12:59:07 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 36ms
7ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: gtm.nacion.com
URL: https://gtm.nacion.com/gtm.js?id=GTM-58RCN8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 7080
date: Fri, 10 Dec 2021 11:01:07 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Fri, 10 Dec 2021 13:01:07 GMT

GET
H2 200 chartbeat_mab.js Show response
static.chartbeat.com/js/ 22 KB
10 KB 27ms
9ms Script
application/x-javascript 2600:9000:223c:7a00:18:1fcd:34f:cdc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat_mab.js
Requested by: Host: gtm.nacion.com
URL: https://gtm.nacion.com/gtm.js?id=GTM-58RCN8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:7a00:18:1fcd:34f:cdc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 3d54d65d1a3e03ee57b6b3bea623447a1d39393610bdd51bb389fe20c0b17f78

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:25:17 GMT
content-encoding: gzip
last-modified: Thu, 28 Oct 2021 00:17:06 GMT
server: nginx
age: 2030
etag: W/"6179ec02-59c1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 9015971351bc982a04ee209a022bb1f9.cloudfront.net (CloudFront)
cache-control: max-age=7200
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: FJpIceN2E1GA2sGM4esI0w9sgFMsFmodAGfx2Z1YsMDPiz7hTMwppg==
expires: Fri, 10 Dec 2021 14:25:17 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 23ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: links.elfinancierocr.com
URL: https://links.elfinancierocr.com/u/nrd.php?p=YigU0v6Dg3_36810_4523827_1_5&ems_l=5597227&d=RWRpY2klQzMlQjNuK1Zlc3BlcnRpbmErMjAyMS0xMi0wOSsxOSUzQTA2JTNBMTA*3D*7C*7CMjAyMQ*3D*3D*7CMTI*3D*7CMTA*3D*7CMDI*3D*7C&_esuh=_11_4bb8107192af1f4973a18cadeb8b68706108f6c779364ed45b497cbae988f1eb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 25965
x-xss-protection: 0
pragma: public
x-fb-debug: GbUt+QCPZZ3eaXuhEDfwkBdFZmYJdS/KNm9CgYt7WmxSrU1f5LFe0+159qLJUL75axYL60xY+4Ll2hhQ+H+ssQ==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Fri, 10 Dec 2021 12:59:07 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK cx.cce.js Show response
cdn.cxense.com/ 22 KB
6 KB 20ms
20ms Script
application/x-javascript 2a02:26f0:6c00:2a7::268b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/cx.cce.js
Requested by: Host: links.elfinancierocr.com
URL: https://links.elfinancierocr.com/u/nrd.php?p=YigU0v6Dg3_36810_4523827_1_5&ems_l=5597227&d=RWRpY2klQzMlQjNuK1Zlc3BlcnRpbmErMjAyMS0xMi0wOSsxOSUzQTA2JTNBMTA*3D*7C*7CMjAyMQ*3D*3D*7CMTI*3D*7CMTA*3D*7CMDI*3D*7C&_esuh=_11_4bb8107192af1f4973a18cadeb8b68706108f6c779364ed45b497cbae988f1eb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a7::268b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 78b341647e8bf718869378550c0c14b87bfe33967b4944d7dac6a2a1f3290d4c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Fri, 10 Dec 2021 12:59:07 GMT
Content-Encoding: gzip
Last-Modified: Thu, 08 Jul 2021 14:49:19 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5864
Expires: Fri, 10 Dec 2021 13:59:07 GMT

GET
H/1.1 200
OK elfinancierocr_4269.js Show response
ads.vidoomy.com/ 5 KB
6 KB 398ms
125ms Script
application/javascript 3.129.250.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.vidoomy.com/elfinancierocr_4269.js
Requested by: Host: gtm.nacion.com
URL: https://gtm.nacion.com/gtm.js?id=GTM-58RCN8
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.129.250.65 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-129-250-65.us-east-2.compute.amazonaws.com
Software: Apache/2.4.46 (Amazon) OpenSSL/1.0.2k-fips PHP/7.0.33 / PHP/7.0.33
Resource Hash: b3d173296f5ec2b5e243ae8ecc76bfd48251d38ac0caf7c5e235efc982a20ed0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:08 GMT
Server: Apache/2.4.46 (Amazon) OpenSSL/1.0.2k-fips PHP/7.0.33
X-Powered-By: PHP/7.0.33
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Connection: Keep-Alive
Keep-Alive: timeout=2, max=300
Content-Length: 5356

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 36 KB
14 KB 27ms
14ms Script
application/x-javascript 2600:9000:223c:7a00:18:1fcd:34f:cdc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: links.elfinancierocr.com
URL: https://links.elfinancierocr.com/u/nrd.php?p=YigU0v6Dg3_36810_4523827_1_5&ems_l=5597227&d=RWRpY2klQzMlQjNuK1Zlc3BlcnRpbmErMjAyMS0xMi0wOSsxOSUzQTA2JTNBMTA*3D*7C*7CMjAyMQ*3D*3D*7CMTI*3D*7CMTA*3D*7CMDI*3D*7C&_esuh=_11_4bb8107192af1f4973a18cadeb8b68706108f6c779364ed45b497cbae988f1eb
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:7a00:18:1fcd:34f:cdc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e2c28f3e8b6a2e5170859e67cff3e8240e6b888d02005306ef3d2129f5cbd74c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:52:54 GMT
content-encoding: gzip
last-modified: Thu, 28 Oct 2021 00:27:20 GMT
server: nginx
age: 373
etag: W/"6179ee68-8e96"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 9015971351bc982a04ee209a022bb1f9.cloudfront.net (CloudFront)
cache-control: max-age=7200
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: nHnYeIJEiwtXRlCL4qDSTMkDLGCMa1JG_zCtwCn164OAgp500pu-3g==
expires: Fri, 10 Dec 2021 14:52:54 GMT

GET
H3 200 swg-button.css
news.google.com/swg/js/v1/ 21 KB
6 KB 25ms
7ms Stylesheet
text/css 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg-button.css

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

128921b242c2b1953c2a1691cfd681f716ecbe620ec1a2424a644b9487c23760

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:52:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 383
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6439
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 17:26:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Fri, 10 Dec 2021 13:42:44 GMT

GET
H3 200 serviceiframe Show response
news.google.com/swg/_/ui/v1/ Frame C12B 23 KB
7 KB 75ms
75ms Document
text/html 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/_/ui/v1/serviceiframe?_=455316

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

38ebe8011cb84a37d8a85611c86d78bbd8d4a4fc598412b6d7882947591c9456

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-hRPXsYHHElP4iehiY0dKrg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'nonce-hRPXsYHHElP4iehiY0dKrg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/

Response headers

content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-ua-compatible: IE=edge
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 10 Dec 2021 12:59:07 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000
cross-origin-opener-policy-report-only: unsafe-none; report-to="SubscribewithgoogleClientUi"
content-security-policy: script-src 'report-sample' 'nonce-hRPXsYHHElP4iehiY0dKrg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'nonce-hRPXsYHHElP4iehiY0dKrg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
cross-origin-resource-policy: same-site
report-to: {"group":"SubscribewithgoogleClientUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/SubscribewithgoogleClientUi/external"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 loader.svg
news.google.com/swg/js/v1/ 0
1 KB 9ms
8ms Other
image/svg+xml 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/loader.svg

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:52:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 368
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1049
x-xss-protection: 0
last-modified: Mon, 16 Mar 2020 18:14:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: image/svg+xml
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Fri, 10 Dec 2021 13:42:59 GMT

GET
H3 200 entitlements Show response
news.google.com/swg/_/api/v1/publication/elfinancierocr.com/ 2 B
58 B 82ms
82ms Fetch
application/json 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/_/api/v1/publication/elfinancierocr.com/entitlements

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientHttp/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: text/plain, application/json
Referer: https://www.elfinancierocr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK rep.gif
comcluster.cxense.com/Repo/ Frame 912A 43 B
467 B 54ms
15ms Image
image/gif 178.63.12.208
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://comcluster.cxense.com/Repo/rep.gif?ver=1.1.2&typ=pgv&rnd=kx0ebg01uospxkhg&sid=1127341995055146356&loc=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&new=0&arf=0&ltm=1639141147585&ref=&tzo=0&res=1600x1200&dpr=1&col=24&bln=en-US&chs=UTF-8&cks=kx0ebg0xt9v8viaw&ckp=kx0ebg0sih33i8n8&glb=&wsz=1600x1200&cp_estadoUsuario=ANONIMO&cp_EF_ACCESS=false&cp_LT_ACCESS=false&cp_LN_ACCESS=false&cst=1fw6uul57aay42rihj8w2m4234
Requested by: Host: cdn.cxense.com
URL: https://cdn.cxense.com/sp1.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.63.12.208 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: de716.cxense.com
Software: Jetty(9.4.28.v20200408) /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.cxense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Fri, 10 Dec 2021 12:59:07 GMT
Server: Jetty(9.4.28.v20200408)
P3P: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 43
Content-Type: image/gif

GET
H/1.1 200
OK id Show response
id.cxense.com/public/user/ 116 B
688 B 53ms
15ms Script
text/javascript 178.63.12.208
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://id.cxense.com/public/user/id?json=%7B%22identities%22%3A%5B%7B%22type%22%3A%22ckp%22%2C%22id%22%3A%22kx0ebg0sih33i8n8%22%7D%2C%7B%22type%22%3A%22lst%22%2C%22id%22%3A%221fw6uul57aay42rihj8w2m4234%22%7D%2C%7B%22type%22%3A%22cst%22%2C%22id%22%3A%221fw6uul57aay42rihj8w2m4234%22%7D%5D%2C%22siteId%22%3A%221127341995055146356%22%2C%22location%22%3A%22https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02%22%7D&callback=cXJsonpCBkx0ebg93541bc1gc

Requested by

Host: scdn.cxense.com
URL: https://scdn.cxense.com/cx.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.63.12.208 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

de716.cxense.com

Software

Jetty(9.4.28.v20200408) /

Resource Hash

6584d1f57b0306c799c3edf1d36535d03402ce0f0df09cdd9234d67fd0c587eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:07 GMT
X-Content-Type-Options: nosniff
Server: Jetty(9.4.28.v20200408)
P3P: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/javascript;charset=utf-8
Content-Length: 116
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK cx.js Show response
cdn.cxense.com/ 118 KB
28 KB 22ms
22ms Script
application/x-javascript 2a02:26f0:6c00:2a7::268b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/cx.js
Requested by: Host: cdn.cxense.com
URL: https://cdn.cxense.com/cx.cce.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a7::268b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 61a9a4924579af06533a09ad0072612a6bcc4e69e54349a53fdb2d081cc8d81d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Fri, 10 Dec 2021 12:59:07 GMT
Content-Encoding: gzip
Last-Modified: Thu, 09 Dec 2021 20:01:46 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 28194
Expires: Fri, 10 Dec 2021 13:59:07 GMT

GET
H2 200 ping
ping.chartbeat.net/ 43 B
201 B 316ms
102ms Image
image/gif 52.20.40.56
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=elfinancierocr.com&p=%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F&u=BE2u8BuwGn_CsYkKu&d=elfinancierocr.com&g=45503&g0=negocios&g1=Nicole%20P%C3%A9rez&n=1&f=00001&c=0&x=0&m=0&y=3455&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=1829&_c=Edici%C3%B3n%20Vespertina%202021-12-09%2019%3A06%3A10&_m=newsletter&_x=Email&_y=-2021-12-10-02&t=C6c3YwB7e3LZDLkAkmFqmGS6m3h1&V=129&i=Candid%20Co.%20hace%20%E2%80%9Cajustes%E2%80%9D%20en%20su%20planilla%20local%20a%20menos%20de%20un%20mes%20de%20haber%20iniciado%20operaciones%20en%20Co&tz=0&_acct=anon&sn=1&sv=B7RJn4BInGATdZ1gmDx4AWNDTroyw&sd=1&im=067b9fff&_
Requested by: Host: www.elfinancierocr.com
URL: https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.20.40.56 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-20-40-56.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:08 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 43
expires: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
447 B 65ms
24ms XHR
text/plain 2a00:1450:400c:c0a::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-3958088-1&cid=1828842467.1639141148&jid=1215294250&gjid=317724219&_gid=1130417351.1639141148&_u=YChAgEABAAAAAE~&z=1525721344

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0a::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfinancierocr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 10 Dec 2021 12:59:07 GMT
content-type: text/plain
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 27ms
10ms Image
image/gif 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1514449554&t=pageview&_s=1&dl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&ul=en-us&de=UTF-8&dt=Candid%20Co.%20hace%20%E2%80%9Cajustes%E2%80%9D%20en%20su%20planilla%20local%20a%20menos%20de%20un%20mes%20de%20haber%20iniciado%20operaciones%20en%20Costa%20Rica%20%7C%20El%20Financiero&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YChAgEAB~&jid=1215294250&gjid=317724219&cid=1828842467.1639141148&tid=UA-3958088-1&_gid=1130417351.1639141148&gtm=2ygc1058RCN8&cg1=default&cg2=metered&cg3=story&cg4=&cg5=negocios&cd1=anonymous&cd2=%7CNicole%20P%C3%A9rez%7C&cd3=2021-12-09&cd8=1828842467.1639141148&cd9=1639141147828.h520gecug&cd10=2021-12-10T12%3A59%3A07.828%2B00%3A00&cd12=default&cd19=metered&cd20=story&z=669503518

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 09:26:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 12785
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 26ms
9ms Image
image/gif 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1514449554&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&ul=en-us&de=UTF-8&dt=Candid%20Co.%20hace%20%E2%80%9Cajustes%E2%80%9D%20en%20su%20planilla%20local%20a%20menos%20de%20un%20mes%20de%20haber%20iniciado%20operaciones%20en%20Costa%20Rica%20%7C%20El%20Financiero&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Set%20User%20ID&ea=anonymous&_u=YCjAgEABAAAAAE~&jid=&gjid=&cid=1828842467.1639141148&tid=UA-3958088-1&_gid=1130417351.1639141148&gtm=2ygc1058RCN8&cd1=anonymous&cd2=%7CNicole%20P%C3%A9rez%7C&cd3=2021-12-09&cd8=1828842467.1639141148&cd9=1639141147836.qbpayhw&cd10=2021-12-10T12%3A59%3A07.836%2B00%3A00&cd12=default&cd14=2021-12-10&cd16=0&cd17=0&cd18=1&z=2094616059

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 09:26:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 12785
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 344621399451357 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 20ms
10ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/344621399451357?v=2.9.48&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

dd46847a9813d9c75ce9cfba3a988aabeef1d0bc1d7f9a1edd9be8c5234cccc8

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 88865
x-xss-protection: 0
pragma: public
x-fb-debug: 0EpHpt1om1ZXLtDX4uUBBQANGcnnQpBMC5DskFE6t1IofdUlavvAeak5KxX1dcuv8u9jkJgQ48cQX/tq/zBsAA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 10 Dec 2021 12:59:07 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET /
mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/ 0
0

POST
H2 204 collect
analytics.google.com/g/ 0
352 B 42ms
14ms Ping
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-619EW470MQ&gtm=2oec10&_p=1514449554&sr=1600x1200&_gaz=1&ul=en-us&cid=1828842467.1639141148&_s=1&dl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&dt=Candid%20Co.%20hace%20%E2%80%9Cajustes%E2%80%9D%20en%20su%20planilla%20local%20a%20menos%20de%20un%20mes%20de%20haber%20iniciado%20operaciones%20en%20Costa%20Rica%20%7C%20El%20Financiero&sid=1639141147&sct=1&seg=0&en=page_view&_fv=1&_ss=1&ep.content_display_date=2021-12-09&ep.author=%7CNicole%20P%C3%A9rez%7C
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-619EW470MQ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfinancierocr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:08 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
56 B 24ms
23ms Ping
text/plain 2a00:1450:400c:c0a::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-619EW470MQ&cid=1828842467.1639141148&gtm=2oec10&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-619EW470MQ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0a::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfinancierocr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:08 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 56ms
31ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-619EW470MQ&cid=1828842467.1639141148&gtm=2oec10&aip=1&z=201984845

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 cspreport
news.google.com/_/SubscribewithgoogleClientUi/ Frame C12B 0
22 B 62ms
62ms Other
text/html 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/_/SubscribewithgoogleClientUi/cspreport

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport, script-src 'report-sample' 'nonce-/vKfPYBDq3MsLcsicabMZw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self', script-src 'nonce-/vKfPYBDq3MsLcsicabMZw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/swg/_/ui/v1/serviceiframe?_=455316
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:08 GMT
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport, script-src 'report-sample' 'nonce-/vKfPYBDq3MsLcsicabMZw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self', script-src 'nonce-/vKfPYBDq3MsLcsicabMZw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 swg-button.css
news.google.com/swg/js/v1/ Frame C12B 21 KB
6 KB 7ms
6ms Stylesheet
text/css 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg-button.css

Requested by

Host: news.google.com
URL: https://news.google.com/swg/_/ui/v1/serviceiframe?_=455316

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

128921b242c2b1953c2a1691cfd681f716ecbe620ec1a2424a644b9487c23760

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:52:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 384
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6439
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 17:26:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Fri, 10 Dec 2021 13:42:44 GMT

GET
H2 200 m=_b,_tp Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/am=AgAI/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXT... Frame C12B 160 KB
57 KB 32ms
8ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/am=AgAI/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI5L3LLXZ0Fgis6GByEmucK6c1cajA/m=_b,_tp

Requested by

Host: news.google.com
URL: https://news.google.com/swg/_/ui/v1/serviceiframe?_=455316

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16eac1eb2aae66e8bab630958963fabc35cff3ca7935d724c0de9c5ab32299c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 16:46:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72768
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57574
x-xss-protection: 0
last-modified: Thu, 09 Dec 2021 02:53:28 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
expires: Fri, 09 Dec 2022 16:46:20 GMT

GET
H3 200 template.bundle.1.0.css
buy.tinypass.com/widget/dist/template/css/ Frame 107A 33 KB
6 KB 34ms
33ms Stylesheet
text/css 2606:4700::6811:bab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/widget/dist/template/css/template.bundle.1.0.css

Requested by

Host: buy.tinypass.com
URL: https://buy.tinypass.com/checkout/template/cacheableShow?aid=BM6tVBSjXE&templateId=OT4VIKTXZK7K&offerId=fakeOfferId&experienceId=EXSUBF9IPHPC&iframeId=offer_877be5e6aa79db64e0b6-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.elfinancierocr.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:bab1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

734421d9e2fa5fe78c7bbd157c8de6a60bd1e0752c8abfcd2ca27f4a477ff2e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://buy.tinypass.com/checkout/template/cacheableShow?aid=BM6tVBSjXE&templateId=OT4VIKTXZK7K&offerId=fakeOfferId&experienceId=EXSUBF9IPHPC&iframeId=offer_877be5e6aa79db64e0b6-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: br
vary: accept-encoding
cf-cache-status: HIT
age: 5894
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
wn: prod-dash-10-0-86-22
last-modified: Mon, 06 Dec 2021 02:53:08 GMT
server: cloudflare
etag: W/"33843-1638759188000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: text/css
server-time: 0.001
cache-control: public, max-age=7200
cf-ray: 6bb6a60f49985a07-MXP
expires: Fri, 10 Dec 2021 14:59:08 GMT

GET
H3 200 loadTranslationMap Show response
buy.tinypass.com/showtemplate/general/ Frame 107A 35 KB
9 KB 143ms
142ms Script
application/javascript 2606:4700::6811:bab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/showtemplate/general/loadTranslationMap?aid=BM6tVBSjXE&version=1618854563000&language=es_MX

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:bab1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d69cd54a374f720234b5eb529d12718e9c587ade711ec97574ce5636b72c9e1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://buy.tinypass.com/checkout/template/cacheableShow?aid=BM6tVBSjXE&templateId=OT4VIKTXZK7K&offerId=fakeOfferId&experienceId=EXSUBF9IPHPC&iframeId=offer_877be5e6aa79db64e0b6-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: br
vary: accept-encoding
cf-cache-status: DYNAMIC
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-request-id: Ckehw3r4btC
pragma
wn: prod-dash-10-0-92-194
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript;charset=UTF-8
server-time: 0.002
cache-control: public, max-age=86400, s-maxage=86400
cf-ray: 6bb6a60f499a5a07-MXP
expires: Sat, 11 Dec 2021 07:59:08 EST

GET
H3 200 platform-translation-map_es_MX.js Show response
buy.tinypass.com/ng/common/i18n/ Frame 107A 146 KB
40 KB 47ms
46ms Script
application/javascript 2606:4700::6811:bab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/ng/common/i18n/platform-translation-map_es_MX.js?version=14.38.1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:bab1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf6915c9dc74d8576271930c0acabac10cfd2be67da37e88b49f74cf49d21537

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://buy.tinypass.com/checkout/template/cacheableShow?aid=BM6tVBSjXE&templateId=OT4VIKTXZK7K&offerId=fakeOfferId&experienceId=EXSUBF9IPHPC&iframeId=offer_877be5e6aa79db64e0b6-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 13006
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
wn: prod-dash-10-0-133-91
last-modified: Thu, 09 Dec 2021 13:08:34 GMT
server: cloudflare
etag: W/"149161-1639055314000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript;charset=UTF-8
server-time: 0.000
cache-control: public, max-age=86400
cf-ray: 6bb6a60f499c5a07-MXP
expires: Sat, 11 Dec 2021 12:59:08 GMT

GET
H3 200 H4sIAAAAAAAAAD3IMQ6AIAwAwA9JG5j8jSnSkJKCxpbo893YLoevlMqORczRud9KzthsGfIcRXlDlWxIo06lJ0RIkBJK3Mc6vU5SPthC_6DZD0qT6bRaAAAA Show response
buy.tinypass.com/_sam/ Frame 107A 518 KB
156 KB 71ms
70ms Script
text/javascript 2606:4700::6811:bab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/_sam/H4sIAAAAAAAAAD3IMQ6AIAwAwA9JG5j8jSnSkJKCxpbo893YLoevlMqORczRud9KzthsGfIcRXlDlWxIo06lJ0RIkBJK3Mc6vU5SPthC_6DZD0qT6bRaAAAA?compressed=true&v=14.38.1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:bab1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8140454fe8ed332221bb81b5cd7af6164efe46dcdbb8188c4715f869b38cba91

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://buy.tinypass.com/checkout/template/cacheableShow?aid=BM6tVBSjXE&templateId=OT4VIKTXZK7K&offerId=fakeOfferId&experienceId=EXSUBF9IPHPC&iframeId=offer_877be5e6aa79db64e0b6-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 1614
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
wn: prod-dash-10-200-72-85
last-modified: Thu, 09 Dec 2021 13:08:34 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: text/javascript
server-time: 0.004
cache-control: public, max-age=603185
x-optimized-by: _sam
cf-ray: 6bb6a60f499d5a07-MXP
expires: Fri, 17 Dec 2021 12:32:13 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 107A 9 KB
817 B 34ms
17ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Noto+Serif:400,700|Roboto:400,700&display=swap

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2ac04714ec58571a4ea3d2a6d6c5d6a191098032883a50dd642f9859891ae065

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://buy.tinypass.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 10 Dec 2021 12:50:13 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 10 Dec 2021 12:59:08 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 10 Dec 2021 12:59:08 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 56ms
33ms Image
image/gif 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-3958088-1&cid=1828842467.1639141148&jid=1215294250&_u=YChAgEABAAAAAE~&z=744666056

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 32ms
32ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-3958088-1&cid=1828842467.1639141148&jid=1215294250&_u=YChAgEABAAAAAE~&z=744666056

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
407 B 27ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=344621399451357&ev=PageView&dl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&rl=&if=false&ts=1639141148048&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1639141148043.952986761&it=1639141147960&coo=false&exp=p0&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Fri, 10 Dec 2021 12:59:08 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame C12B 15 KB
15 KB 22ms
7ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: news.google.com
URL: https://news.google.com/swg/_/ui/v1/serviceiframe?_=455316

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/
Origin: https://news.google.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 07 Dec 2021 17:06:41 GMT
x-content-type-options: nosniff
age: 244347
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 07 Dec 2022 17:06:41 GMT

GET
H3 200 m=byfTOb,lsjVmc,LEikZe Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.uewZWcn_Cs4.L.B1... Frame C12B 37 KB
13 KB 22ms
7ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.uewZWcn_Cs4.L.B1.O/am=AgAI/d=1/exm=_b,_tp/excm=_b,_tp,serviceiframeview/esmo=1/ed=1/wt=2/rs=ABXTjI5kfIQ74-8tGq-F-HAdYZnSquv4Qw/ee=cEt90b:ws9Tlc;uY49fb:COQbmf;Oj465e:KG2eXe;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:O1Gjze;iFQyKf:vfuNJf;dIoSBb:SpsfSb;NPKaK:SdcwHb;LBgRLc:SdcwHb;zxnPse:GkRiKb;NSEoX:lazG7b;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;pXdRYb:MdUzUe;SNUn3:ZwDk9d/m=byfTOb,lsjVmc,LEikZe

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/am=AgAI/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI5L3LLXZ0Fgis6GByEmucK6c1cajA/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68414970e5ebeed5b7e4c413985c9e66ff415c493afc4bf8e64ed24467a14344

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 16:48:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72627
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13600
x-xss-protection: 0
last-modified: Thu, 09 Dec 2021 00:01:46 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
expires: Fri, 09 Dec 2022 16:48:41 GMT

GET
H3 200 m=xUdipf,blwjVc,fKUV3e,aurFic,ws9Tlc,COQbmf,U0aPgd,zG9H6c,NwH0H,OmgaI,gychg,lfpdyf,ZfAoz,PQaYAf,lPKSwe,yDVVkb,KG2eXe,DfBslb Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.uewZWcn_Cs4.L.B1... Frame C12B 102 KB
35 KB 22ms
10ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.uewZWcn_Cs4.L.B1.O/am=AgAI/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,serviceiframeview/esmo=1/ed=1/wt=2/rs=ABXTjI5kfIQ74-8tGq-F-HAdYZnSquv4Qw/ee=cEt90b:ws9Tlc;uY49fb:COQbmf;Oj465e:KG2eXe;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:O1Gjze;iFQyKf:vfuNJf;dIoSBb:SpsfSb;NPKaK:SdcwHb;LBgRLc:SdcwHb;zxnPse:GkRiKb;NSEoX:lazG7b;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;pXdRYb:MdUzUe;SNUn3:ZwDk9d/m=xUdipf,blwjVc,fKUV3e,aurFic,ws9Tlc,COQbmf,U0aPgd,zG9H6c,NwH0H,OmgaI,gychg,lfpdyf,ZfAoz,PQaYAf,lPKSwe,yDVVkb,KG2eXe,DfBslb

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

13cad5d2aa60f7e2ed1c5439addc8a741567b8289801208e1c55024b22e0d5b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 16:48:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72627
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35580
x-xss-protection: 0
last-modified: Thu, 09 Dec 2021 00:01:46 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
expires: Fri, 09 Dec 2022 16:48:41 GMT

GET
H2 200 thirdpartycookie Show response
api.viafoura.co/v2/www.elfinancierocr.com/ 45 B
654 B 101ms
101ms XHR
application/json 2600:1f18:44f0:4832:5e20:6d31:3296:b71b
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viafoura.co/v2/www.elfinancierocr.com/thirdpartycookie?section=
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:44f0:4832:5e20:6d31:3296:b71b Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 61a2b2588acde0ccae626edbff25bbe32c1ff43cc0d89859c4ef48af507cd356

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.elfinancierocr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: gzip
server: nginx/1.18.0 (Ubuntu)
x-instance-id: i-009ee1bc6ab903e7b
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH, HEAD
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
expires: Fri, 10 Dec 2021 12:59:08 GMT

POST
H3 200 batchexecute Show response
news.google.com/_/SubscribewithgoogleClientUi/data/ Frame C12B 528 B
298 B 30ms
30ms XHR
application/json 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/_/SubscribewithgoogleClientUi/data/batchexecute?rpcids=SlvRf&f.sid=-8248706356540261843&bl=boq_subscribewithgoogleclientserver_20211208.11_p0&hl=de&soc-app=673&soc-platform=1&soc-device=1&_reqid=46749&rt=c

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

28e6b21cf5119835c12020c47420b0477884457b1d052d3e5cc356078dac5a58

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-Same-Domain: 1
Referer: https://news.google.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: same-site
content-disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-security-policy: require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 m=Wt6vjf,hhhU8,FCpbqb,WhJNk Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.uewZWcn_Cs4.L.B1... Frame C12B 17 KB
7 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.uewZWcn_Cs4.L.B1.O/am=AgAI/d=1/exm=COQbmf,DfBslb,KG2eXe,LEikZe,NwH0H,OmgaI,PQaYAf,U0aPgd,ZfAoz,_b,_tp,aurFic,blwjVc,byfTOb,fKUV3e,gychg,lPKSwe,lfpdyf,lsjVmc,ws9Tlc,xUdipf,yDVVkb,zG9H6c/excm=_b,_tp,serviceiframeview/esmo=1/ed=1/wt=2/rs=ABXTjI5kfIQ74-8tGq-F-HAdYZnSquv4Qw/ee=cEt90b:ws9Tlc;uY49fb:COQbmf;Oj465e:KG2eXe;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:O1Gjze;iFQyKf:vfuNJf;dIoSBb:SpsfSb;NPKaK:SdcwHb;LBgRLc:SdcwHb;zxnPse:GkRiKb;NSEoX:lazG7b;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;pXdRYb:MdUzUe;SNUn3:ZwDk9d/m=Wt6vjf,hhhU8,FCpbqb,WhJNk

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4167c604ee5a719f314eebb2329408b3ea76d3e72d09e113f155435e62444d1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 16:48:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72627
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7293
x-xss-protection: 0
last-modified: Thu, 09 Dec 2021 00:01:46 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
expires: Fri, 09 Dec 2022 16:48:41 GMT

POST
H2 200 log Show response
play.google.com/ Frame C12B 131 B
672 B 42ms
18ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://news.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Fri, 10 Dec 2021 12:59:08 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 107A 15 KB
15 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Serif:400,700|Roboto:400,700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://buy.tinypass.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 13:39:48 GMT
x-content-type-options: nosniff
age: 602360
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 03 Dec 2022 13:39:48 GMT

GET
H3 200 platform-translation-map_en_US.js Show response
buy.tinypass.com/ng/common/i18n/ Frame 107A 59 KB
12 KB 44ms
44ms Script
application/javascript 2606:4700::6811:bab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/ng/common/i18n/platform-translation-map_en_US.js?version=14.38.1

Requested by

Host: buy.tinypass.com
URL: https://buy.tinypass.com/_sam/H4sIAAAAAAAAAD3IMQ6AIAwAwA9JG5j8jSnSkJKCxpbo893YLoevlMqORczRud9KzthsGfIcRXlDlWxIo06lJ0RIkBJK3Mc6vU5SPthC_6DZD0qT6bRaAAAA?compressed=true&v=14.38.1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:bab1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd0b53e2d3257253a3d5f7c993763c1cd69ae7dc701ea5cb6fb1334336b4334a

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://buy.tinypass.com/checkout/template/cacheableShow?aid=BM6tVBSjXE&templateId=OT4VIKTXZK7K&offerId=fakeOfferId&experienceId=EXSUBF9IPHPC&iframeId=offer_877be5e6aa79db64e0b6-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 13095
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
wn: prod-dash-10-0-122-104
last-modified: Thu, 09 Dec 2021 13:08:34 GMT
server: cloudflare
etag: W/"60841-1639055314000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript;charset=UTF-8
server-time: 0.000
cache-control: public, max-age=86400
cf-ray: 6bb6a6107cd35a07-MXP
expires: Sat, 11 Dec 2021 12:59:08 GMT

GET
H3 200 loadTranslationMap Show response
buy.tinypass.com/showtemplate/general/ Frame 107A 30 KB
6 KB 151ms
150ms Script
application/javascript 2606:4700::6811:bab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/showtemplate/general/loadTranslationMap?aid=BM6tVBSjXE&version=1618854563000&language=en_US

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:bab1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d1ddd87e48b65c981cff34b7dafeb66c912fe02ef7ff89703ecb875e65e080a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://buy.tinypass.com/checkout/template/cacheableShow?aid=BM6tVBSjXE&templateId=OT4VIKTXZK7K&offerId=fakeOfferId&experienceId=EXSUBF9IPHPC&iframeId=offer_877be5e6aa79db64e0b6-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: br
vary: accept-encoding
cf-cache-status: DYNAMIC
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-request-id: Ckehw3rc7B7
pragma
wn: prod-dash-10-0-128-232
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript;charset=UTF-8
server-time: 0.002
cache-control: public, max-age=86400, s-maxage=86400
cf-ray: 6bb6a6107cd65a07-MXP
expires: Sat, 11 Dec 2021 07:59:08 EST

GET
H3 200 fail-icon.png
buy.tinypass.com/widget/dist/template/css/img/ Frame 107A 2 KB
3 KB 38ms
37ms Image
image/png 2606:4700::6811:bab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://buy.tinypass.com/widget/dist/template/css/img/fail-icon.png

Requested by

Host: buy.tinypass.com
URL: https://buy.tinypass.com/widget/dist/template/css/template.bundle.1.0.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:bab1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be36cf242d7b206d66842ab5b36af859b780372bba70cb5d72acda2626ffe52e

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://buy.tinypass.com/widget/dist/template/css/template.bundle.1.0.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
cf-cache-status: HIT
age: 5894
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
strict-transport-security: max-age=86400; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 2177
wn: prod-dash-10-0-125-28
last-modified: Thu, 09 Dec 2021 13:21:08 GMT
server: cloudflare
etag: W/"2177-1639056068000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
server-time: 0.001
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 6bb6a6108d3b5a07-MXP
expires: Fri, 10 Dec 2021 14:59:08 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 107A 15 KB
15 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Serif:400,700|Roboto:400,700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://buy.tinypass.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 17:56:19 GMT
x-content-type-options: nosniff
age: 154969
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 08 Dec 2022 17:56:19 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 107A 12 KB
12 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Serif:400,700|Roboto:400,700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

336bb30461d407ee72236de87aca4fe68d611e1bee0030326778c858a4685b1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://buy.tinypass.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 06 Dec 2021 21:18:23 GMT
x-content-type-options: nosniff
age: 315645
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11836
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:22 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 06 Dec 2022 21:18:23 GMT

GET
H2 200 intl-messageformat.06c238bfc76d6e0e6833.js Show response
cdn.viafoura.net/chunks/vendors~languages/ 17 KB
5 KB 9ms
8ms Script
application/javascript 2600:9000:20eb:c400:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/chunks/vendors~languages/intl-messageformat.06c238bfc76d6e0e6833.js
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c400:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 746ea217d97acf20cdc0b81fcbf171d21337861cb596446bfb9bba8582025507

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 19:40:29 GMT
content-encoding: br
last-modified: Thu, 09 Dec 2021 19:39:51 GMT
server: AmazonS3
age: 62320
etag: W/"a2c6f9dfc2f0ec66875f3af508ccdfe2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: OpHZf43l0JzQdNYMxciv4dDvXO7_ac_q
via: 1.1 b6d1611761652d7a383651f2bf480596.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-replication-status: COMPLETED
x-amz-cf-pop: FRA2-C1
content-type: application/javascript; charset=utf-8
x-amz-cf-id: cSL2F3rvh2AhxVdYJlR_oMzr-5Ulj2SSijMJ_o2I-CIYy9euTNs_EQ==

GET
H2 200 intl-messageformat.9c9b9e914db65728c80a.js Show response
cdn.viafoura.net/chunks/languages/ 134 B
562 B 9ms
9ms Script
application/javascript 2600:9000:20eb:c400:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/chunks/languages/intl-messageformat.9c9b9e914db65728c80a.js
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c400:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f2b56a0633deb0afff95a7242062134c704d6782a10f2345be43fb3fe65a3ab2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 19:40:30 GMT
via: 1.1 b6d1611761652d7a383651f2bf480596.cloudfront.net (CloudFront)
last-modified: Thu, 09 Dec 2021 19:39:57 GMT
server: AmazonS3
age: 62319
etag: "d2c88014fabe4c73fe643c7c7f6a2c88"
x-cache: Hit from cloudfront
x-amz-version-id: NWONitkdM2KRKxC3gTBRaxQ3vrxVXS6B
cache-control: max-age=31536000
x-amz-replication-status: COMPLETED
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 134
x-amz-cf-id: OE0g5gLth33eVkA3E3yF-d_GCr27z7QUfPQoB9zUovjy0I91ySF8KQ==

GET
H2 200 es-es-base-json.787689ac2da8d1855d4b.js Show response
cdn.viafoura.net/chunks/languages/ 21 KB
6 KB 9ms
9ms Script
application/javascript 2600:9000:20eb:c400:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/chunks/languages/es-es-base-json.787689ac2da8d1855d4b.js
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c400:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4c1f769e0989b07be35f71827cd019f5031d01c09689409aac92774f6afbe18e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 19:40:32 GMT
content-encoding: br
last-modified: Thu, 09 Dec 2021 19:39:56 GMT
server: AmazonS3
age: 62317
etag: W/"aafa1419553ad6dd7b339b255ec7a6ab"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: Ue9SxMmpU_S46dk6Ps8qPuJYH0dlR2g_
via: 1.1 b6d1611761652d7a383651f2bf480596.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-replication-status: COMPLETED
x-amz-cf-pop: FRA2-C1
content-type: application/javascript; charset=utf-8
x-amz-cf-id: 5DxQT0h0dwZf1x1j7yCswXZJKHv96UX-0XUT9EjTbsV9udKB-1we3Q==

POST
H3 200 log Show response
play.google.com/ Frame C12B 131 B
155 B 33ms
17ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://news.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Fri, 10 Dec 2021 12:59:08 GMT

OPTIONS
H3 200 log
play.google.com/ Frame 0
0 30ms
15ms Preflight
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://news.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://news.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Fri, 10 Dec 2021 12:59:08 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 10 Dec 2021 12:59:08 GMT
cache-control: private

POST
H3 200 log Show response
play.google.com/ Frame C12B 131 B
155 B 33ms
17ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://news.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Fri, 10 Dec 2021 12:59:08 GMT

OPTIONS
H3 200 log
play.google.com/ Frame 0
0 27ms
15ms Preflight
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://news.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://news.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Fri, 10 Dec 2021 12:59:08 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 10 Dec 2021 12:59:08 GMT
cache-control: private

POST
H3 200 log Show response
play.google.com/ Frame C12B 131 B
155 B 33ms
18ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://news.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Fri, 10 Dec 2021 12:59:08 GMT

OPTIONS
H3 200 log
play.google.com/ Frame 0
0 27ms
16ms Preflight
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://news.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://news.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Fri, 10 Dec 2021 12:59:08 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 10 Dec 2021 12:59:08 GMT
cache-control: private

GET
H2 200 formats.js Show response
ad.lkqd.net/vpaid/ Frame CE64 118 KB
35 KB 69ms
22ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.lkqd.net/vpaid/formats.js
Requested by: Host: links.elfinancierocr.com
URL: https://links.elfinancierocr.com/u/nrd.php?p=YigU0v6Dg3_36810_4523827_1_5&ems_l=5597227&d=RWRpY2klQzMlQjNuK1Zlc3BlcnRpbmErMjAyMS0xMi0wOSsxOSUzQTA2JTNBMTA*3D*7C*7CMjAyMQ*3D*3D*7CMTI*3D*7CMTA*3D*7CMDI*3D*7C&_esuh=_11_4bb8107192af1f4973a18cadeb8b68706108f6c779364ed45b497cbae988f1eb
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: 7cfe458faed6fe5c3094bd51f1f10174604be983739ade9d828b0aad190043e5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: gzip
last-modified: Fri, 11 Dec 2020 00:09:23 GMT
etag: "286704660baa2c113268f28385080796"
x-hw: 1639141148.cds071.lo4.hn,1639141148.cds030.lo4.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1209600
accept-ranges: bytes
content-length: 35765

GET
H2 200 formats.js Show response
ad.lkqd.net/vpaid/ Frame DC51 118 KB
35 KB 77ms
35ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.lkqd.net/vpaid/formats.js
Requested by: Host: links.elfinancierocr.com
URL: https://links.elfinancierocr.com/u/nrd.php?p=YigU0v6Dg3_36810_4523827_1_5&ems_l=5597227&d=RWRpY2klQzMlQjNuK1Zlc3BlcnRpbmErMjAyMS0xMi0wOSsxOSUzQTA2JTNBMTA*3D*7C*7CMjAyMQ*3D*3D*7CMTI*3D*7CMTA*3D*7CMDI*3D*7C&_esuh=_11_4bb8107192af1f4973a18cadeb8b68706108f6c779364ed45b497cbae988f1eb
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: 7cfe458faed6fe5c3094bd51f1f10174604be983739ade9d828b0aad190043e5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: gzip
last-modified: Fri, 11 Dec 2020 00:09:23 GMT
etag: "286704660baa2c113268f28385080796"
x-hw: 1639141148.cds071.lo4.hn,1639141148.cds030.lo4.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1209600
accept-ranges: bytes
content-length: 35765

GET
H2

200

cookie Show response
a.vidoomy.com/api/rtbserver/ Frame C1A8
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=120&redir=https%3A%2F%2Fa.vidoomy.com%2Fapi%2Frtbserver%2Fcookie%3Fi%3DCEN%26uid%3D%7BuserId%7D
https://a.vidoomy.com/api/rtbserver/cookie?i=CEN&uid=no-consent

43 B
289 B

31ms
9ms

Document
image/gif

3.122.218.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://a.vidoomy.com/api/rtbserver/cookie?i=CEN&uid=no-consent
Requested by: Host: links.elfinancierocr.com
URL: https://links.elfinancierocr.com/u/nrd.php?p=YigU0v6Dg3_36810_4523827_1_5&ems_l=5597227&d=RWRpY2klQzMlQjNuK1Zlc3BlcnRpbmErMjAyMS0xMi0wOSsxOSUzQTA2JTNBMTA*3D*7C*7CMjAyMQ*3D*3D*7CMTI*3D*7CMTA*3D*7CMDI*3D*7C&_esuh=_11_4bb8107192af1f4973a18cadeb8b68706108f6c779364ed45b497cbae988f1eb
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.122.218.60 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-218-60.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-type: image/gif
content-length: 43
content-encoding: none
vary: Origin

Redirect headers

cache-control: max-age=0,no-cache,no-store
pragma: no-cache
expires: Tue, 11 Oct 1977 12:34:56 GMT
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://a.vidoomy.com/api/rtbserver/cookie?i=CEN&uid=no-consent
content-length: 0
date: Fri, 10 Dec 2021 12:59:08 GMT
server: AC1.1

GET
H2

200

cookie
a.vidoomy.com/api/rtbserver/
Redirect Chain

https://x.bidswitch.net/sync?ssp=vidoomy&user_id=898482357.04425621194328170.9183593
https://x.bidswitch.net/ul_cb/sync?ssp=vidoomy&user_id=898482357.04425621194328170.9183593
https://pr-bh.ybp.yahoo.com/sync/iponweb?bidswitch_ssp_id=vidoomy&ssp_user_id=600cb62b-fdf7-4696-9c73-e6da27cf414d
https://x.bidswitch.net/sync?dsp_id=74&&user_id=171315989&expires=5&ssp=vidoomy
https://a.vidoomy.com/api/rtbserver/cookie?i=BS&uid=600cb62b-fdf7-4696-9c73-e6da27cf414d

43 B
368 B

8ms
8ms

Image
image/gif

3.122.218.60
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.vidoomy.com/api/rtbserver/cookie?i=BS&uid=600cb62b-fdf7-4696-9c73-e6da27cf414d
Requested by: Host: www.elfinancierocr.com
URL: https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
Protocol: H2
Server: 3.122.218.60 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-218-60.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: none
content-length: 43
vary: Origin
content-type: image/gif

Redirect headers

Location: //a.vidoomy.com/api/rtbserver/cookie?i=BS&uid=600cb62b-fdf7-4696-9c73-e6da27cf414d
Date: Fri, 10 Dec 2021 12:59:08 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2 200 ve
stg.vidoomy.com/api/rtbserver/ 9 B
90 B 35ms
9ms Image
application/json 99.83.189.147
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stg.vidoomy.com/api/rtbserver/ve?ad_type=Video&adomain=&c=DE&category=&crid=4269&deal=&domain=vidoomy.com&dsp=&dsp_ssp=&dt=1&gdpr=&gdprcs=&os=&p=&p_id=1&s=a&seat=1&size=&sspid=0&sync=0&zid=0&uimp=1
Requested by: Host: www.elfinancierocr.com
URL: https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.83.189.147 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ae6a0aaac8071ff4b.awsglobalaccelerator.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-length: 9
vary: Origin
content-type: application/json

GET
H/1.1 200
OK auto-user-sync
ads.stickyadstv.com/ 43 B
600 B 85ms
51ms Image
image/gif 2.21.142.210
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.stickyadstv.com/auto-user-sync
Requested by: Host: www.elfinancierocr.com
URL: https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.142.210 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-142-210.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:08 GMT
Server: nginx
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 43
x-sticky-vk: 1639141147763057-414
Expires: Fri, 10 Dec 2021 12:59:08 GMT

GET
H3 200 container.html Show response
1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame ACFC 6 KB
3 KB 37ms
21ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Fri, 10 Dec 2021 12:59:07 GMT
expires: Sat, 10 Dec 2022 12:59:07 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C4D6 6 KB
3 KB 33ms
21ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Fri, 10 Dec 2021 12:59:07 GMT
expires: Sat, 10 Dec 2022 12:59:07 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D6FE 6 KB
3 KB 26ms
19ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Fri, 10 Dec 2021 12:59:07 GMT
expires: Sat, 10 Dec 2022 12:59:07 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2B8C 6 KB
3 KB 23ms
20ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Fri, 10 Dec 2021 12:59:07 GMT
expires: Sat, 10 Dec 2022 12:59:07 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 vf-css.a8f768d66798d43605eb.js Show response
cdn.viafoura.net/chunks/ 119 KB
17 KB 9ms
8ms Script
application/javascript 2600:9000:20eb:c400:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/chunks/vf-css.a8f768d66798d43605eb.js
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c400:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4253eeffa7e2615ed928c93b3a121f78f5204a9d309b0f337a99df4e075c7f0c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 19:40:29 GMT
content-encoding: br
last-modified: Thu, 09 Dec 2021 19:40:11 GMT
server: AmazonS3
age: 62320
etag: W/"54839dd8565ca6a510830e450ea486ed"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: uP7v1Hl5n.g2hr5IrGYYsE8suM0G9f0b
via: 1.1 b6d1611761652d7a383651f2bf480596.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-replication-status: PENDING
x-amz-cf-pop: FRA2-C1
content-type: application/javascript; charset=utf-8
x-amz-cf-id: ErNNiiT4tS5tOOmAQF7jpD9V3EtwcENh68fndewWDdJcsMbeKSKGyw==

GET
H3 200 container.html Show response
1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9DE7 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Fri, 10 Dec 2021 12:59:07 GMT
expires: Sat, 10 Dec 2022 12:59:07 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 3A33 0
0 43ms
43ms Fetch
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstRcQWNIc3cIfGxirMYlpqgTPRK01PiORmrRQc950O9y3u4hBtsMrFmMKvhcbNkALMEhSVmgMOolvTUhlU54CJ9adeGWzzyGYMM3ctIbenPmZQsQjLr7LvsYSFiHkhCQdV2928sUQZTZ0FjU38w2Mjxz3gPC0OYWSftcsLtsIB5kuqSIGHIymhGbK1CdvJfCM0aLAx7QuUksBz0epqy-3DzOmZ8ystWkHF_3hdxljNM6NhENLMKx2TTLMnQDpAKyJ0zRu03_u7VVkM2M_pudArST7GqLZF4nNUrCbDDxWXrwJmJccmeQq5nHnsQkN8CnBAr4qmiG77PKEP2f7nVJ2dWg3i0maQ&sai=AMfl-YS9-7SmZOulQaxeomjSqXTyNDiLcrWalldgP0A-6Csr2H_WfE7OllkRWhIZAxhwYwtOB5t4xMNJCKh78I0vo57Yux0-3PRJUhbo5HHffqcKiIMkPdarJq0lkIdRw3BH&sig=Cg0ArKJSzPmPF_6k8YgKEAE&uach_m=[UACH]&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 10 Dec 2021 12:59:08 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Fri, 10 Dec 2021 12:59:08 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 3A33 2 KB
2 KB 32ms
7ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:57:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 90
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 12:57:38 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3A33 119 KB
37 KB 41ms
19ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 10 Dec 2021 12:59:08 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 3A33 0
0 33ms
16ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS-u93AN77nYyoWZskZSA2DpXLBd-WxVcXsgoYJBp0JbBNgXHezNLrvNLPi_DkRN3hcF9vAC5SHKqdu0pAXRfezzbUDDg
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H2 200 8319082104461661309
tpc.googlesyndication.com/simgad/ Frame 3A33 72 KB
72 KB 31ms
8ms Image
image/gif 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8319082104461661309

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b4ea12de9c5d47e950cbd83d2de38d60a763895ed48ae90b6033eea787556640

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 20:57:26 GMT
x-content-type-options: nosniff
age: 57702
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 73817
x-xss-protection: 0
last-modified: Thu, 09 Dec 2021 14:07:21 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 09 Dec 2022 20:57:26 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
7ms Image
image/gif 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1514449554&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&ul=en-us&de=UTF-8&dt=Candid%20Co.%20hace%20%E2%80%9Cajustes%E2%80%9D%20en%20su%20planilla%20local%20a%20menos%20de%20un%20mes%20de%20haber%20iniciado%20operaciones%20en%20Costa%20Rica%20%7C%20El%20Financiero&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Error&ea=Uncaught%20TypeError%3A%20window.vf.%24prepublish%20is%20not%20a%20function%20%7C%20L%C3%ADnea%2060&el=https%3A%2F%2Fwww.elfinancierocr.com%2Fpf%2Fdist%2Fcomponents%2Fcombinations%2Fdefault.js%3Fd%3D131&_u=aCjAgEABAAAAAE~&jid=&gjid=&cid=1828842467.1639141148&tid=UA-3958088-1&_gid=1130417351.1639141148&gtm=2ygc1058RCN8&cd1=anonymous&cd2=%7CNicole%20P%C3%A9rez%7C&cd3=2021-12-09&cd8=1828842467.1639141148&cd9=1639141148383.dbhkmv59&cd10=2021-12-10T12%3A59%3A08.383%2B00%3A00&cd12=default&z=1541344354

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 09:26:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 12786
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ 16 KB
952 B 16ms
16ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i

Requested by

Host: client
URL: about:client

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9583896b055daf21c4eb2e4badf13da0f2a0415d52107f5cf32717fac3eac9fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 10 Dec 2021 12:39:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 10 Dec 2021 12:59:08 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 10 Dec 2021 12:59:08 GMT

GET
H2 200 es-es-trending_articles-json.f8de01348fff6223ae4f.js Show response
cdn.viafoura.net/chunks/languages/ 2 KB
1 KB 8ms
8ms Script
application/javascript 2600:9000:20eb:c400:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/chunks/languages/es-es-trending_articles-json.f8de01348fff6223ae4f.js
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c400:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d1cd94c79864996686b437f0141bde20c7184f6b4bca677aff607141b9b29c98

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 19:41:14 GMT
content-encoding: br
last-modified: Thu, 09 Dec 2021 19:39:56 GMT
server: AmazonS3
age: 62275
etag: W/"4e42274f2446fb51e67774053c07958f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: VV8S5E3WwjD5.hGUbTVwU3uJ8sXmgCE0
via: 1.1 b6d1611761652d7a383651f2bf480596.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-replication-status: COMPLETED
x-amz-cf-pop: FRA2-C1
content-type: application/javascript; charset=utf-8
x-amz-cf-id: DJis7OVWPkfK3a0dSyIAnXyoI-ipApXVOY0NAL7ju7fCJfxIW6WJMw==

GET
H2 200 madops.min.js Show response
rdc.m32.media/ 60 KB
17 KB 133ms
117ms Script
application/javascript 35.227.246.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rdc.m32.media/madops.min.js
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.246.163 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 163.246.227.35.bc.googleusercontent.com
Software: nginx/1.10.3 /
Resource Hash: f3cd4dfe6f2850712e6284d9b7c39859d93c45a3aa9c60c3aa9f2fc6346a377b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: gzip
last-modified: Thu, 04 Nov 2021 16:10:21 GMT
server: nginx/1.10.3
etag: W/"618405ed-f091"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=900, public
alt-svc: clear
via: 1.1 google
expires: Fri, 10 Dec 2021 13:14:08 GMT

GET
H2 200 es-es-conversations-json.5be3580e925a4841513b.js Show response
cdn.viafoura.net/chunks/languages/ 15 KB
4 KB 8ms
8ms Script
application/javascript 2600:9000:20eb:c400:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/chunks/languages/es-es-conversations-json.5be3580e925a4841513b.js
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c400:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e8a669e713405269b31197812a668430a2116a284753cb8a38a78c5559ea0f7d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 19:40:34 GMT
content-encoding: br
last-modified: Thu, 09 Dec 2021 19:39:58 GMT
server: AmazonS3
age: 62315
etag: W/"2c705e5d1cea1d96cfbea369c6038d9b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: V556TREK.3mEhH00vSKOveExPkhPH3.O
via: 1.1 b6d1611761652d7a383651f2bf480596.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-replication-status: COMPLETED
x-amz-cf-pop: FRA2-C1
content-type: application/javascript; charset=utf-8
x-amz-cf-id: uHxxonFdOGqNoyXHHom3SUiArQjNA438RGjyf_9VFF4WcjoLUudnFg==

GET
H2 200 0.14315e14057ef1169f50.css
cdn.viafoura.net/ 85 KB
10 KB 8ms
7ms Stylesheet
text/css 2600:9000:20eb:c400:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/0.14315e14057ef1169f50.css
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c400:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2ec855206935e32d9ad48b5919e4c66b5f4366e04ab07fdade79bab9ff58033c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 19:40:29 GMT
content-encoding: br
last-modified: Thu, 09 Dec 2021 19:40:17 GMT
server: AmazonS3
age: 62320
etag: W/"e49f659039883c906a18c5cf42510824"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: 9h29oFsGMXXI307Syu2gpYj5ssKeWeGu
via: 1.1 b6d1611761652d7a383651f2bf480596.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-replication-status: PENDING
x-amz-cf-pop: FRA2-C1
content-type: text/css; charset=utf-8
x-amz-cf-id: mBmrzpdreK6eNuJhafvmsqp5Wf5hc9veM5ZyYZSwJCqzMiOQ4-1hqA==

GET
H2 200 da.bbe004bec7aeb1943f27.js Show response
cdn.viafoura.net/chunks/ 143 KB
34 KB 9ms
8ms Script
application/javascript 2600:9000:20eb:c400:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/chunks/da.bbe004bec7aeb1943f27.js
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c400:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: aea93cd57674c1df4ebbfe01b3de8f6b03ea7c793d520e4b504c73b22ea6cd64

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 19:40:33 GMT
content-encoding: br
last-modified: Thu, 09 Dec 2021 19:40:04 GMT
server: AmazonS3
age: 62316
etag: W/"4cb5f625c6666bd7b87efd83be5a6faa"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: EsJ7HV8rxV59drSusiMuV5eol6GnyqC_
via: 1.1 b6d1611761652d7a383651f2bf480596.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-replication-status: PENDING
x-amz-cf-pop: FRA2-C1
content-type: application/javascript; charset=utf-8
x-amz-cf-id: bzxyaNAuC-uxthLNnVSmaDbv9oKPExfkjtTAWaw78SOezvBCY7ooNQ==

GET
H2 200 134.0ad8e18897abff22b7ee.css
cdn.viafoura.net/ 1 KB
854 B 10ms
9ms Stylesheet
text/css 2600:9000:20eb:c400:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/134.0ad8e18897abff22b7ee.css
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c400:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 64754f168a3b1f3fe4366208ef01c05a57681dc8e0be47377c8917b5fa1d415f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 19:40:32 GMT
content-encoding: br
last-modified: Thu, 09 Dec 2021 19:40:17 GMT
server: AmazonS3
age: 62317
etag: W/"e52c5e71fc5dc7fb2c9069bea4045f14"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: 46Ot.qDL_1UnCd46WiXWfgh40vyWb4jB
via: 1.1 b6d1611761652d7a383651f2bf480596.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-replication-status: PENDING
x-amz-cf-pop: FRA2-C1
content-type: text/css; charset=utf-8
x-amz-cf-id: J33Bn18_lJf4b-gwZIxiFc8KeA1uQezPcJKJ6Eo_n3MJha7SsnWLDw==

GET
H2 200 tray-trigger.b79b86af6398adcb232f.js Show response
cdn.viafoura.net/chunks/ 4 KB
2 KB 10ms
10ms Script
application/javascript 2600:9000:20eb:c400:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/chunks/tray-trigger.b79b86af6398adcb232f.js
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:c400:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f8376f9f128934b771ddbece3d1cd6692db14b65b5335f8b25afc6d749084827

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 19:40:31 GMT
content-encoding: br
last-modified: Thu, 09 Dec 2021 19:40:12 GMT
server: AmazonS3
age: 62318
etag: W/"ee40fcd321f4ecdd41bf37f63453ea52"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: XyUaPHpZU0qn2_lZw0iUHd0h547.u1bK
via: 1.1 b6d1611761652d7a383651f2bf480596.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-replication-status: PENDING
x-amz-cf-pop: FRA2-C1
content-type: application/javascript; charset=utf-8
x-amz-cf-id: b-yNIReOxIMB66ZL15HnLXaBvebdRYWtnblmCUmI-82yjm0pf78gHw==

GET
H2 200 ingest
i.viafoura.co/v3/www.elfinancierocr.com/ 67 B
325 B 327ms
110ms Image
image/png 52.7.16.67
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.viafoura.co/v3/www.elfinancierocr.com/ingest?t=%7B%22view%22%3A%7B%22domain%22%3A%22www.elfinancierocr.com%22%2C%22siteUuid%22%3A%2200000000-0000-4000-8000-07550c3b83ae%22%2C%22pageViews%22%3A1%2C%22outgoing%22%3A10%2C%22sessionStart%22%3A1639141148%2C%22isRecirculation%22%3Afalse%2C%22referrerStart%22%3A1639141148%2C%22refVisitCount%22%3A1%2C%22ref%22%3A%7B%22medium%22%3A%22direct%22%2C%22source%22%3A%22%22%2C%22sharer_uuid%22%3A%22%22%2C%22terms%22%3A%22%22%7D%2C%22uniqueId%22%3A%22db5ef5f2-24b7-499d-b10b-78c0581a70ad%22%2C%22firstVisit%22%3A1639141148%2C%22previousVisit%22%3A1639141148%2C%22currentVisit%22%3A1639141148%2C%22visitCount%22%3A1%7D%2C%22meta%22%3A%7B%22domain%22%3A%22www.elfinancierocr.com%22%2C%22site%22%3A%2200000000-0000-4000-8000-07550c3b83ae%22%2C%22section%22%3A%2200000000-0000-4000-8000-07550c3b83ae%22%2C%22pageImage%22%3A%22https%3A%2F%2Fwww.elfinancierocr.com%2Fresizer%2FuQsKoQW2GsWS3VimXYT8IRjSRNA%3D%2F1440x0%2Ffilters%3Aformat(jpg)%3Aquality(70)%2Fcloudfront-us-east-1.images.arcpublishing.com%2Fgruponacion%2FDQ2UNUHRAVFXTOO3ZDCSWR7YRY.jpg%22%2C%22ref%22%3A%7B%7D%2C%22vf%22%3Afalse%2C%22url%22%3A%22https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%22%2C%22path%22%3A%22%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%22%2C%22title%22%3A%22Candid%20Co.%20hace%20%E2%80%9Cajustes%E2%80%9D%20en%20su%20planilla%20local%20a%20menos%20de%20un%20mes%20de%20haber%20iniciado%20operaciones%20en%20Costa%20Rica%22%2C%22privilege%22%3A%22guest%22%2C%22page_type%22%3A%22article%22%2C%22page_description%22%3A%22Cinde%20inform%C3%B3%20a%20EF%20que%20la%20empresa%20estadounidense%20Candid%20Co.%20%E2%80%94la%20cual%20inici%C3%B3%20operaciones%20en%20el%20pa%C3%ADs%20el%2015%20de%20noviembre%E2%80%94%20tuvo%20que%20realizar%20%E2%80%9Cajustes%20leves%20en%20su%20planilla%20local%E2%80%9D%2C%20debido%20a%20cambios%20en%20una%20de%20las%20divisiones%20globales%20que%20impactan%20a%20una%20%E2%80%9Cminor%C3%ADa%20de%20las%20personas%20contratadas%20en%20Costa%20Rica%E2%80%9D.%22%2C%22topics%22%3A%5B%5D%2C%22git%22%3A%22e906dbce27e8ae8bbb9e8e5751f963a6c223099e%22%2C%22amp%22%3Afalse%2C%22thirdparty_enabled%22%3Atrue%7D%2C%22ua%22%3A%7B%22nl%22%3A%22en-US%22%2C%22nu%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F96.0.4664.93%20Safari%2F537.36%22%2C%22sr%22%3A%221600x1200%22%2C%22sd%22%3A24%2C%22vp%22%3A%221600x1200%22%2C%22dt%22%3A%22Candid%20Co.%20hace%20%E2%80%9Cajustes%E2%80%9D%20en%20su%20planilla%20local%20a%20menos%20de%20un%20mes%20de%20haber%20iniciado%20operaciones%20en%20Costa%20Rica%20%7C%20El%20Financiero%22%2C%22de%22%3A%22UTF-8%22%2C%22dl%22%3A%22es%22%7D%2C%22rq%22%3A%22804867d4-84b9-4c4c-93e6-2cdc42380a1c%22%2C%22rs%22%3A0%2C%22w%22%3A%5B%22vf-content-recirculation%22%2C%22vf-conversations%22%2C%22vf-tray-trigger%22%2C%22vf-tray%22%5D%2C%22v%22%3A5%2C%22event_type%22%3A%22analytics.view%22%7D
Requested by: Host: www.elfinancierocr.com
URL: https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.7.16.67 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-7-16-67.compute-1.amazonaws.com
Software: /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/png
content-length: 67
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 usync.html Show response
ad.lkqd.net/cookie-sync/ Frame 6AC0 5 KB
2 KB 22ms
21ms Document
text/html 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.lkqd.net/cookie-sync/usync.html
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/formats.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: b6ff02c733394664dbb2178c88a0d8ab1292602aaad412e44ee83c3ab7943faf

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: gzip
content-length: 1909
content-type: text/html
last-modified: Tue, 26 Oct 2021 15:08:45 GMT
accept-ranges: bytes
etag: "10c6626c1705141142b0302e29b3bd0e"
cache-control: public, max-age=1209600
x-hw: 1639141148.cds071.lo4.hn,1639141148.cds074.lo4.c
access-control-allow-origin: *

GET
H2 200 ad Show response
v.lkqd.net/ Frame CE64 2 KB
2 KB 299ms
92ms XHR
application/xml 146.20.128.68
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://v.lkqd.net/ad?pid=430&sid=1010002&formats=true&output=vastvpaid&support=html5&execution=outstream&placement=slider&playinit=auto&volume=0&width=400&height=225&gdpr=0&gdprcs=&pageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&dnt=0&c1=&c2=0&c3=1.0%2C1!vidoomy.com%2C53160%2C1%2C&c5=&c6=53160&rnd=67523446&m=
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/formats.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.68 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: 2ea2b55446961172a279e5c8d258ac64885c1a54c1d9d62aba87ea25e5c2364b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: gzip
server: nginx
content-type: application/xml; charset=UTF-8
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 1590

GET
H2 200 usync.html Show response
ad.lkqd.net/cookie-sync/ Frame 7F49 5 KB
2 KB 22ms
21ms Document
text/html 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.lkqd.net/cookie-sync/usync.html
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/formats.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: b6ff02c733394664dbb2178c88a0d8ab1292602aaad412e44ee83c3ab7943faf

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: gzip
content-length: 1909
content-type: text/html
last-modified: Tue, 26 Oct 2021 15:08:45 GMT
accept-ranges: bytes
etag: "10c6626c1705141142b0302e29b3bd0e"
cache-control: public, max-age=1209600
x-hw: 1639141148.cds071.lo4.hn,1639141148.cds074.lo4.c
access-control-allow-origin: *

GET
H2 200 ad Show response
v.lkqd.net/ Frame DC51 180 B
359 B 296ms
99ms XHR
application/xml 146.20.128.68
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://v.lkqd.net/ad?pid=430&sid=1010004&formats=true&output=vastvpaid&support=html5&execution=outstream&placement=slider&playinit=auto&volume=0&width=400&height=225&gdpr=0&gdprcs=&pageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&dnt=0&c1=&c2=0&c3=1.0%2C1!vidoomy.com%2C53160%2C1%2C&c5=&c6=53160&rnd=45392466&m=
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/formats.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.68 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: 45fa735c6df15f15a1293a9cb3125033408874bf284280e8bcac23f95ad8feac

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: gzip
server: nginx
content-type: application/xml; charset=UTF-8
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 150

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 3A33 0
0 46ms
46ms Fetch
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuHOuzL0jaCYNNFNAKDlsP778iqQCbCqmhJjXMELVoddCjPEevUcjZpuodPMx73OKL5qPcF4QeqAev8mcMeDoGVujKFKLVHUek2QkPan5_9UGtPOz6g2k6ZQJV3eriY4k8VNB73p3_ZqIk9uENSB3aBNDosBDBV_G_tkBOSBbXrnUbdGRBbeKbFZcVmWjMyJtvMBd6NlYsxlREOwJl__OcdWVi-GMgyyrcipY2EjItlAXRt7Cm3NnD-YkNpv1tQ1LjeWKzTzx0uFReuSPJzXjDpMlS3XBdgKUnCy7ZKvGPbSK43FH7jZugSxldrP8Hr9hdt4Q0eE9kOJIC3y1egoMnoXo13rwCVMw&sai=AMfl-YTPF2kskLXTh-7gzmiq4Zkv2sH12GbQzv56JOvFg_wYYmkMRw_S-JoLe4N_uF-WgXA8kXExbV8Q61fpHk0xZF9CqcMY6y17OW0Uyx_SG-PuMzjLfW8Uwm7iv3Dp1drs&sig=Cg0ArKJSzNh8bwlLn2dXEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 10 Dec 2021 12:59:08 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Fri, 10 Dec 2021 12:59:08 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame AD0A 624 B
340 B 46ms
20ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COed9gIQ96fYjQIY0umUuwEwAQ&v=APEucNXpq_xcmM85pWsr3u5j1lLDmNvD4VxbKgXhxzxMB8BMCmQzFiVQaxfJWU9--QFpeD62d_zpivVYn5_ST6fjjgGx35MmPJi8mDW7HMcRQHogEo96P_3bnHLXPJ6sqQmVdCyH3LqRlY0SIMqxIRCLqjTI2txTsEbjW0EXcUGpcA_4ne_Lt7g

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 10 Dec 2021 12:59:08 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame D6FE 72 KB
30 KB 76ms
50ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Cp1I2UUgGYtGIZhn6lnwH1WNjDnbRcb6zu3hZyWdJmCb0x6eHDHEBv1EkloIFcZhYRZUhN_gPb3ILHPAdAebfMQdDVa35pGSIlm6EJJXp6Z2D1Cws2LdklugPo-5zCO7s2Tgxb5jmk54EWsXJI_OYQLrLQqw&dbm_d=AKAmf-A7RnCswrRmX8w_P-crAB_JccNUjzkC6Sbp60XD5K7OTnus40QvZ4QBXMMysAFRcDFatt4w8fBDU5JpOrMsYnIH8jdS3bcygJESPyT-qBHnMB4jcVzAWjlzDF13TpZi0eboEheR7tXQKNUXuH5fyqEH0ztN5R857-atUdblZ-tytKa64LdsYHT93fDmf4SyDuq3DtdqohFXl7CnQ__Iwt13JTFFTYPBg8VtX3n60s8UG2XG7fAEgyPZQ6Fsmm_ky3Bf3MOJPc0c5meX15wd969Qs5kw-d3ULaw7fnga5s_qXZNGD1bl0k30Fj3GNTkV3Qr9UGTqBqhkPU90KwaSAJRSKWfmx3R_95yG7H6zQ9R3V8lv4uyNDqpvK2jzJq14oapkGU6iZ33SgDCl8CK2xDuXsJPiKachfLrQ4eLGG2pOa5n3bkct84-RXQHze31xUi15slQGvH5l6S49uenQrgsjyvTKbrKdzAKhmj0Mmh1-E2G0PB1RvgTD-gl2eIWtLXDsfNzXmMwADoNAWj9XCG0qy9Q1S7Slbrr84woSFe_34jZDqAvy7jaXwDwQXD0_IOvYq2H2iQNa-LdxFSo3Ef7PWsWxDni9zhVMPZQVB6mpMPBbyfRjMs3lxZpnhzfdtOMKRFEQssYp0FuJMHugTIq_Aa096OGwDBunGJyvsyKLfdUupR2xEKCMCL6NJigJIhR7t5ZOpjcL71WeypFlPMOkvGPf45turMXrELE6psSG--VixRigZeEmvYrU3w-kGGk9GvjNAIs-sMFdxwIOxzsYz-Ft7I26pCOxVcAdvF-5UcEmclbJiuzKp4tugnBxURT7HU-PH6t_va9WNfgCg2TPHZPM3Mi0LCXtoqAP_56gK4NnnHj2GWD3DEKe3SubHPhrHNS3z9vzB8JIru5hmEAMGnimUHh-CRaj1AIdAJrZy9D0dTZQ6MCtcBmOa1_7IepuY7JYyZgfMYlfeDnMJutuMnTTasJGuEtrpIJxy8pJzQJAy91zjOx90UK8DHgnEYxEajKZrrRrbUxTm7rrzAFTflMWl1Cp30WczaKGshqh7F67cvSaWpG9ZkfIcV88yVzFn7P1zOzVg65STLLpBEx8-y69mR-2cV5XsgHVW1gsHJwEi6NbRIKw--iICN9dtwXFSWwUdXCYlVwhZYQsrtRM3UzUp7ZeCWKTvd9oJvFAgSyiZLdULKarDeCZqYGL7GpzDBq46LM3_BdXvyRgYd4f8LAXR4ZxhO5cAIdIu-NAGCzhDo_nw0Jh7WQGCwrAN6GSiA3Q9lobnSnjC8Rd_A7JpFsgPIqQQhsBG6jow7BZq3P7WXnnHCHDx9vswJUBId5z_ldkifEzTfIHbyqO9CJHvgb7uhgENtAWMu8kNUwguCiMgxLnMbASei_BMGwdMG25fkI9gHcDfiKYk8NDu_Pk9MZCLzhRRSRyKBwqr4dKeU650dCIHSL4xNGW65sfS6rLbybBDXNWA_1lMCdtMxXIistKr2YylkEkCiLRcOWPm7S6R52KzImRrCktA-FcbiIixO5THv2hji17kGU6kEwfdw7Tr6kk0E4JopbwzSSU0-ulzRhJ4YfkNv7YmFW-Yhb0Ny2ldHQLU2_zPaXYb7QSoJbr3g4Uo2B6E3UHw78rgTm7c0OPwew8LOIAl7KSTxZsSBYMX_jqpgEuPb8_UGIY5bGyWLYi-PFVWOtAfdZSrrAsmTF0OZ3kQTB7ZXa7TO6uks4VSbXT9490u5A6u4zcQgHcOPq1_8Ibb3BQlpwmRVd-YVypps1jf94ZdJ7fCe5f6pVGDSRwE89DYHDxs71rogVCnJcq138eUJyvaFYXEaxOTvAlnpAFfnx8q9-CPxS_hGle9wsSDEtqHWtpPVmelzPdHjluo4cBMh9IcYlpNSaOM9MZ8r1jPWgy9aFZMx9BxzvKiq9E_cByb2HWX6T4394AjjO52FlNx_v1ShkUsXlOgcsZfyEce4x3r-gKdUxGqX56-ydkl7qpB2xsJirZKTOjpa55tcNsTZI0Cmsdpf07BeeXZA_iZL-YEv-D2MAg282_NH1s0qfmyPzrEMSuKfOzI3JFUyUeYSPY028Uw-JeTmb0_E0C4Yctw2SlHCnL0ymQWidQbd1b6DyjAwaAAs5571l2NPObYvAJy_G-iqyh27EVwsK7YMd6KF-IZH-nVwXyotrYycZ5ipyM6j53Fh6iQkBPkphv5yrPwbryWh_z0M5brHHVS2YzM0oXxraBPLbXI2Q0PVJ7JDtUM62PFwiQ9ORQfUtKVIKuJuFHQMM4Kyluo9jWSxzw5QNyMv_X4NhR36zuiSZxZP3HHP2GWYxl-Uc_ymStexCKHrfur5F6rrSXp1K9iHdfTFq0YnGaovzkjGidfczPsK6PsyXfibCTUg8FmCb-oYWAZVz3qGbQinMrvwYoQMvjVODYkPa71qtjwCBrSzCDivEXp75iIAqfYyjJ24F1bTAxzk_ukqydLoMDqc6vvaOokLayPMRHHPWDFIIfKn2v2SNVrnP4Uc7WHq47dFmYQNRtajj2xzlHcpx30oM1hEWCvOy3Mlwx7HegVOJkNpfMNBNFy7riCYzmmjiLwSi59t6CQz-kXSRCW--jzPzzSeeRc8uzark6Yr09aHvNG7h3iw0A5uJb4lT_gXLhMVQJ5LnDQdsMgr11S1h-9QXxze2qK2oivxypoCcW8IMy1TbYy3GLM5WXeD9eNvqmn5xJA1Ib4GsufnqeekdMYZJr-xFTzeBJO832c11r6__HsiUCljPQ70BUkfR4IbTQErAaSR2lPz38gVIMrb7EbtqCYxU_UHdui3CxXCNBELvBRcqnwjjTSowOtblRa4hf6yPkb2vGbIxWXtg3RB7EL-ErIJSXs-qX_WU3P4N1S5Uf-WRzVxU_IiH-FsaGGGsb3mnDOW6XcK_KrqF3f4gtl46MgwqkFwozwRn29S4fBBWod8BCyHUgN7pVE0AOUyXtMbCIi6hPhTByI98u7tfhxzFEjc9aRVhfvigsayS5f77_qnL6X5BsIHIiiPwKqeeNhVC1rPqML2w9WUaTIqXcATwT5VfGQZ9d0viMvvLh5JxXDIN86NAz3Xc1KXLJNQAUgnCA2xpnrIBybEH157P1jxc-rAV0TWVznnxXISstim7by8sQ-1s_BIPlQJuED6bfhB9j7oyfSFJMILTXzpsUz_mnPLkCP01BgmwYeO9PccsP3J9FbJU1FBbtNY3yRDuC882lkwhND565UAEk_mGxcfraWLhwxIbQ6kM0HH3qbHdTKa-xJXHpXOjhX4HPekz9ze46smVisAtt9RU7aIU3fT_mL_6ualjb1a54Zx_qm4DyoPmkzuglpLKwTHgmzySTH3mL8ciXvSTqoKitdrhnz1ECCz9DfrY8wt3D31CB2-S9WsrzCexDYS4Uvuv-P5ILY5e46K0S6xOSr6xAJICuozfDSbx3czKo0JNU5w0pmfuCRv5RtFGz21f8k4lqCap164BXXeFCmBk-QCw3p-gin7epOpQ_Hul6W-2V64pOk0lgOY4jBMfFHVXy2pdGWA&cid=CAASFeRoyAf9LNezqu4mRLkRpXWbM7_yxw&rfl=1%2Chttps%253A%252F%252Fwww.elfinancierocr.com%252F%240

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

46f2f44f6ba778a2ef95106aef1dd669b5eb48bd5f18a4e5b818ebc62217c739

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30325
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame D6FE 42 B
494 B 79ms
39ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CxyGiPvTURWwSa4yiu7PHQwwBV4W6PCE7WAmQQZ-qhm8aMMlCOepDPNINUE0jdOFbBy3uxFYQic_45zBb6upydxy99sMIWE50n2YizA-cF0Kx1AIM

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame D6FE 2 KB
1 KB 35ms
18ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:57:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 90
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 12:57:38 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D6FE 119 KB
36 KB 63ms
47ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 10 Dec 2021 12:59:08 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame D6FE 15 KB
6 KB 29ms
12ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:56:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 187
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 12:56:01 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame D6FE 0
0 16ms
16ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSwnxu8XM4meodscyXymjfPecoGzP1VhLvjcbasW1XpN-FAxclzUmg33xPadv8bqIgt29A5PxRyD0e0rlVZpH5Fgmjbvw
Requested by: Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame E9C2 624 B
733 B 42ms
20ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPXNsaQCENmL1rACGKKr77gBMAE&v=APEucNVdCyGYMYKrzwFywGR1LC_2IuLkri2YEvVDb29ghydd0mZv5Bho-zoOHpYN-pxP6QTjySyMKzVwO6sgArUmUU8ZzgWXHZNT8Vu2zLPlAACCr-naxAE-v8iiXaTktSfvwnJcZGHMLeI6ZmNPi_h5yX7_0i-Fy6Q-JBs9aYqwPKzOVlLSInE

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 10 Dec 2021 12:59:08 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 2B8C 24 KB
14 KB 75ms
54ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BVaUrxg-4snL_06ldmcQgujofAbLQfJaKDRwsAiFW1bmdARL9FN5KPl7RHTWxhUREGZ3nulO1Dbk9yOLZLU0FzSUlRfkw8P2Ap5zhO8v8S7jLmBwf4MJFagYNyXmBm6FRswqXTH1gVHXxedZlTwLz322ixbw&cry=1&dbm_d=AKAmf-ArqYv5UdhqT5tpDkThUc0dp5flO9cy3TVBeDO-2R0PGUeilJAfbmdKORfp6-W702sOi6wtwqvMU1sN7HlLYf3b8eGuw75TDwcQbu7M-bgiXyhg5Ije6SSDh4yv5hzZAayjK0kj6jWUcyrwU1r2ClAw_7JNMoI8s1rWA_vYE2aXaRNewMjHoWN4T8-QgZTKAldapFVtX3wrTkqOzQhtaO1nzoTflc1O7iHuXPWNDGO3egXRLve-NzTjugRcESGd6eni-kglx927HnI8U-mpRUmPu-5IbIHd-5LZ854tHDiKHU05TS_WDhuZX2A7BVPdNBXre23qUmc-UQYqGaK4NcTTCPZuyTolY91x1Chi64K5SFeO1E4k7IUJ0WX2SIQR2ndk6fb9B4PbbGGTtgasBAy-1WUdFSv4gmO5InhwbKgHskTaR2oc7Nhf7dsJyI-uYoctu1llvw_kN0_Z0XvlM_btUvXq-flShHE1WBftHYjSDa4bNJnXUrz5PC9TXCiyL6IzkN56baqFXtTCw57rwb1OkLrA2Lj_vLaGNC3QMj2fwHyu2FUz13A1D-7a7bs2BjBQLjpk4wieRSWXrdupu6KJ-drSR_nGCGJPStDxIp7TvnmTAvTbKQHHvxd95zifMqehUv5BgYR7RMELsdLhGCAm4-iAZ0KIr7O3sOQ5Rk9SwoUR2eNbxUwAEXuEh6G2PI_B4mCo5ZA85IsgNqqsfdKis6jxWwWqmGlHwRwq2gJZoX_Ys59EmfXjkJt048F71otaXYj2EakN67CzabVr6AkQs94YuM_CyjKPhRMR3Z6L6TsEkV36dBKS740Loa408hc4HQwXzUfqixNPxc1_0FJFitWZfodYBnheuAQNjcrFHye-7DpcpQ6XPuwh7hYMa6_wlRMOYwA02EnHC5FbJ673HzYoEqkbY8E3FYIWkpn1_-nSvqK8h6T8bkgYNkKpTjMj3vyG6qYZPJ9sgfbzQvZMit112IGEWaNxD7SdHdDL7nZSpOoucJ8DbYVLppM1b5lf8aOOZE2C6yaltPmtLpI9bN71JLj6n0n5BRMCIstfm1uAlw6pSFcGa-3SxrKzjJM440_ML6rfElp2kKthGefSqffORS0TGOb_Fmgo4UzaRQs0RahtjRvsJrmy6fzAMpREra2PuSJ3cMxHk5K5R5Hg4anuG9Mzher0Jfw4uvtX059SQmFL2U-somwfi6dVW8fk656BCwFHg1kDbu8XAs6uZ10hsFJPQXw1KUAFMJXYoqEBBz6XI_EsmQzMFUfvBQKclXfy-GuzOa28UiZdR5BLCAWNgQsqLnwjtUel7nnm6KU0fx296hpe5y0hCZClrrD2MWWyDuqfImGkvSfxr-fyyCH6QBlZuFJAQ46vasLgTnS2FDdTOIfb8UhIN1y6X8A06OFtNH1VQHluf34UXiFDvuvrN4q6tVtrtfCejIUwLjaVkmK4oaTSTXGzLE7S7oLlhtooAHyEbrKKMgurV1Qf8c0jjPSeWAtfpnvRW7DcSjKyJjkQR1mOhOjqHQiCOTiF0_BlahFIlpWii7_dtjIgPNjCVsksnWL-bXKN1Id4k2tQQgS_dtYDcQ6tMfPvq6zN2W380lkWGjSjyLta8-3TBSPfsWss3B7thMaNZYlUwFW8JCDuwH-g1rHKuIyXHqHrsK4Cgi4dO-FpO-YugxtkYcDZDV-psBazL2n-fbBUlhlzeqWntRHwS1hlm59gxo0NptsLHvNkEjspzNRgQZ1-7uEg8udPK-fyhziqPXAvbSyvLY7JWU1Bxb0XfTZRqdw-bmINX8Q6q3uynVmSlSnIHIpmynxhewt04J3cmlfdjpapF4zqJn8O5vBziDaJQpMnM5m3NdnpgM2We0or9lFz3o31y8ATITF3qn4lBLZrwyGwt6IJCQYSq688C7JU-MN1klbb2HcEjdz30-u0Jv5CVdA4T0tSZ0PwXM7adpUZBfgmuG7NFs_ilcij6wHT0Zj74ODYxAn0gaVd_Q8KIu7l35EZbISZtqfvmSGl18Gqlqbml3GZib2sEGaYvV_Sxo8uXCwCsu1WrLXfgYrgEmTHc_bZzgAZ030aqCJ1S4aJXLdfVIK7bwK5f9o6O0xoFgX_hgatLf__jQ04t-PWNaVhUxjllaGbqHYql0CkX5opGX6yw34nBwE1mR2C0eP5ngWhr9z4v-kwcnHlbTUlygn5yitiKLh6zDr59QnIFBSdI2qQAKNjAKVFqYLVT6KdNBOq4t8LKz3evuUw7bX8giLtjxqdjYaNSjd8udLgzjqZoicodBbyZSLvRmmXWy5Tnfiq0cpjVTJ1y5aY7NF6T8GGI2cic9bNcNqpGsQO5yvIzVFMIM1j-R0XSMPStEt87KMbYxv1RHNsfoTgf17ZbkkAaF33HeSXsAnzgkyWtQgMHSgtMv-7FezVhtXM-3_Jl9KIzbCNduphKdj8JRDQrQplgEg_NyKwf61unUHILoMuw3zKojKz8tnUTXfnGHmZF25dHRFftQKMDEkuJj2OqRd2FkKCUyaXePSR4clKSxWTVuxwTEKqfBvoCM_k2ns8XZVy0NovA9RNwk75TJvPKmKTIPXZZl54uDyTVqgB7gI0bE19ChkykLt3XfTGbVwTApLfO36CUQpASupmIJbARw8gtwxa0gLfcwgi_zpvJgd3QM-QKE10K5QpRfO-9Y0QX8g9Z5_4I2WzoKgqOzZ087TnZ4Mreew2mVHAVKj_n3w3AdM6jLRqCUkxhUZgWXFpjqRo5eBDKfrUMYdLQsIT5PJ265d9NWBW24e2tpObMxGsrznfU6iwOv6JHMxJ8zW_quIbzt-yC_pWnLvlBcJfWcRqfZFabtuGnr84JQWFLUe0myBTD-6wCWbpBhLwNGY9gHVG4F5cERVTXMRPWFzpFOTO91XhWupir_Cen8wTfrOWeoIShDfNjvyKcDSWIu-WhqdMiUSEtT3IVQ6I6YiEm7PBmYnINlsIGmdmdUzCtfSZzZp8AJ1sat5mjz_OK_iwe3FY-UKlkD57xh4e72xub1gCJxc_kATWRNQ-lt-piYdk1CqTHWO-rgeyDMfFamc_jnoQ6e7iebM-fAVa_G1VdfzfANn4TEbvliCq3cFp5oBQzEk5-02Z7osbwLd8MrTi3NPlsRFnYEjhNzO5niTL9uZN5pQkuPpSYAYocdeQ98RP-h52JjXxfyP5ZKYTTt_xq1OfQqpSQlj8A743hcv8MjJx5Yvf67MAWN5m79trfPQvoOPdCTwAWffy_x6pthOIrKney8pw8E5eEM_51L0PE9Bs0KiXEFdILRztfRWSvA8e_ubEt7FJYL2g_Px4Xyw4ifEmovAG5c_dFMTi3LQCup3RkCK7nmcv1gFTd539deYAm-jnrXkyuanQ2HfOwUvv4crHqLn4PhSPrLiqQvuqSW6WaA6qa2Ir3v2LjB_hGHy1aTOWDzP7UpPlF9vCxzSufqXYO6hkcQ1rYXZrza-N5Xo4Nof_qG2T54FEs46LypRQy5jPGT3sO6_9vftqEMDLBNHGj_ycWsMrVdENG8IyZPdgOFf1CyxUdD42R7G5n15jUJbp6l_Z5YwcntFK8wULupCsxVkX&cid=CAASFeRoNiYypwuC2wVlUfwVSbDPC9MnJA&rfl=1%2Chttps%253A%252F%252Fwww.elfinancierocr.com%252F%240

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fef7a80726fa79715ef24eff402de690e066df6d447beab18be23b3d32d698a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14406
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2B8C 42 B
107 B 76ms
40ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BUSGlE1kWH2TNGo5ZCJ5LwabnTyUpPkY0oAKyAIUwNCZau2LqL-52CuDnQ1UfGzGgBzH3xu_z8wv3OiRwXzbZTnF_gmtCmg_bfs-BOFozM0wINNbQ

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 2B8C 9 KB
4 KB 21ms
8ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c45a7b49c14477cd160a83d4ee1fb8c311e12314e042d0647c68bec62f16fe29

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:14:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2663
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4486
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 19:29:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Fri, 10 Dec 2021 13:14:45 GMT

GET
H2 200 skeleton.js Show response
pixel.adsafeprotected.com/rjss/st/774473/57793669/ Frame 2B8C 46 KB
13 KB 121ms
52ms Script
application/javascript 52.50.67.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/rjss/st/774473/57793669/skeleton.js
Requested by: Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.67.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-67-198.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 46fe8157ed99bdb96fdeac9265ecd841db6515c06142b450f64f8eb02a060ed4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: gzip
x-server-name: app33.ie.303net.net
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 2B8C 2 KB
1 KB 22ms
9ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:57:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 90
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 12:57:38 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2B8C 119 KB
36 KB 44ms
33ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 10 Dec 2021 12:59:08 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 2B8C 15 KB
6 KB 24ms
11ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:56:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 187
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 12:56:01 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 2B8C 0
0 16ms
16ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTv_MrK2c0IN8n6p-rtZv-4f__OB1EhHZ4wYVAPp_MqRlA9tf_1RcViEAIr0lYnlC0VszwLEF1txq7Rf3ue_d7QBGBrOg
Requested by: Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 9617 624 B
340 B 44ms
26ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COed9gIQ96fYjQIY0umUuwEwAQ&v=APEucNVSe_Kyie5PUUtJq1GcTGEX8kNWr733wxMoeAiiK3wMNP7VRB6kGnaP8Ok66NliOmSJ4EFbs5Iee7Nhq3Fz1nFhcng9JBURcYC43Q3BkHsxAXCep7AUw2KMDl1euBlF25vlmvpk7sRpqsPT54Qyu9doqDeU12Agbv5thRXh_4tOGRZj2GI

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 10 Dec 2021 12:59:08 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C4D6 72 KB
30 KB 75ms
58ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CfyJHVk9mBG6mYhhIvfjzEAUXhbLfIdOwa6zoSIKBEc1fueTFZlYBRojdbgmZV3NTT45PAIijOXBVC_0YygHcvZqIMiN88xGwfRoH5VGiIPMSwu6ORcoo0diUst9X9KzOFTZnxj9gQjdJW6b3VEkqs3qxdKQ&dbm_d=AKAmf-Ci1nzr5vLvUGP2kKKDXAhNcuJkxE_SQGglb6g9GvtbjvSBodVQec1FVCnwe0DGDeZ9gASgc-2JrnjbTvbC61cO1GrsmU1JAzzpsz9TBLgt2Ro4ryi1Rg7G4VlQXTqKPMpiJh7xEs8RkVagNM7kfGV9F3cc-K4yg2vh1busrFK5b_f_7l1vOhPe76XUIA5EjKudCtwAM9IfTbP9nRSLR4LHnprqUCJaWg1jz0Sq0PYemINFXn09Mpec6TSwdKd-6KsySgca_ey2hQ7KF1-KUN9KVcFZJ4RHqf-bVZwUjz2jvH_GXOjzxXyRWQ8Uuxo1jv_uZouYDQG_Yo192lLXaa0kPTk809EmrKTVFp0YzHfchsgf2lD-Np1vWpfWOPTymUm0fEU8m69aRLRH5dvc-stVwbbfM266DDb6A4jdnxjIvjEV3xzHZhAsg_UuimOFnmXLRzR1Uyf9KUix_N46T5nMWpQgyGRwQY0l6v6vrbdlav1m3uPs1355NfXQCKPhoxVH_Dkp6LKVKy92iFR9j469jk0HMuIrvKqHlMUD_CpJ7xKGNgigkGz6QB4AfVLijB29T4P6sP4-xyPG0_D7aCLG6W2tkso62cZTbh2sfSgXcrRlPmlwkCNmaqPMO5QaeOWOM4eQq76G6yNTlItvT2HkC3Qk_kOGE5X8qDgCcIPI_k9Ic4GoNx22eSRon9rBDTblXx93EN1fGynf1FOYotIh188qeECLp1D0AKwbvuvGtJUi-k4gCFL0ovDHm9U302NLbwKZhUOWQ1h11pHzg_WqXAROCgLxvoygEmPKPFmDEAge7ppSl-2G305Vidtw7eBFveVb56K5pc8ibxYAXgWYihsQGCsoE-0vBWYKqfVQrvW5BkHtNiBdDQKox-kaxCPGrxYlfaERkGoB43HhOwfSoU52yn9VKtKac92rxGVzjRUA5KWpD8vpPykjvKb9BVrv6VgJHaIaiHT9egBdus5BjVmPgsq0vMUrUHccDqnIz_IKCBPoUhlZxFBlxnFJL0KBrH63oWbp9HicFG-7bbu9ID29uCaiw6CH-4xYfrqC3Bnv6N10vF3ZLpISuvonuRAmhumYk5DBA545oz-n2d3vCcCGN4bSP5V3MHNqw2c1XKYVIzYqKX6zL9NyxGCGDXHr1Io7xzuOVlffm0Z9TbGii8MVVE6g9eSFhtOCPZW8YCbFiOSnwdM-8cOOO4FelRw56Gymse15zxr3r1qBC0gsioLepfSr4eSZZlvOKStskc7PAJwBMpEav-xaj-b82W-h7vm0iqDbXtffdkP6rn7YSMOyfLlVyNIish6UAd0vjKxlX-5UycajKzxQ3bFC3QooEMIzpwLsnh3S-evGbpowf_sdRcpwfyWrKuVCcv2lpf69H0glQMo1aRng794KYNipu_euWGUj6A_1ihn4PQKZT4lc3Zl6sbCZ0TeL29uZHLlVhEG3nMllJ8ISAdkCCW3VM-NjEn1vOM0VXWWrZVOpK7LHBnRyKXEtqrNFv3u4DgKz_vpIQShvYWLyUljv9TOzipRUFVfCW6VnIfFhiwfToT_usD2w2wHXA9ewobXqdvgC0WW_oiJ58Mv7CJSnQIH1rgm7Crm4KoT4ytB-ogNdMDuqW4MbLY_n7zk77TrsKKQTIHu04sp1k6kxolLwWM7ooKZJbPBcOZPXWdnSMCq__CQTielYOGgu-Wpyww_cloo-5A7XZBEokMEvCCAJ8mAXrZ1TJm0l29lAD4aJgpZKZNkGr2Ju8sXAwgCSom3UNduzyaLRp3AzA4iMUGfMB-DhVrRECVwlv2sXVI3gkZ9wtV1Ax_uGXaBVShLeO5dZoQBa4CrqSp9pUJNrqg44Su9mDOYeKPnfSODWm2yabQB1XzFivQZqMKeox3ATIqDjDkTwb0osS13YTmi3YqiDq99G1K6M-_Sucy1iRdq19XPsy0G43xnYLHJForNUvm24aM0CDv-_meBFnze6gkFHWkpvTFvvMeVC8KhqK9Yykj9Zp7AiuljbvdwZldHSliSfRWLWOGtT7oY5eo6MSBcj650wQQJ_Nl8WmFs8_SxLbak3frLw7G7lQ6FDlMGLyFEYjvdnoKuTnPt-5CZXG0fbuYB6hHxOWOStqY0X7GE8OqD0ksWKn7tLkzV-UDnWBYCL54IODnFSt0Qq1k2DUeMkQaf50JGRd0k4zxvoHXuRR8JHtBe9J3aGvjJRL-q6sh2p-lXLoaQUKvR5EcEd7Wc2PclhcCjSnbr-Wbd7xsO69jB3NMmwhnVmjLFJcMDyHCdaMmJHRB29QsUNqndHXWaLgen1X6dCyJCHuN71JTv90vqPikq2V2jwzPKcAxZ3qI3DnE-IAZCdQMHdThnaAKV5v_KWiLAiaOAmMpyYTQEHNGAUKAvrce5QLMDLpbtHVZZbBO20PO78IBpKdy7WHH-no176xHCvrRbVk0Nf03ApnmGIaQvbLhTWtM5cBkAzYA493QENMrAPWlLilwFZ6DjwRB6FxR3iV5ZjnAI0w0sjA4fGuW45j69UsEP9Vvc9O08sxEdd8Thv00FjdW0i4mJ7XH0IWMjtn2i_9ftXY1N3UTD8kquEWMBhqwXTWqXabIrE-_85wSh5KsE9EZlS3VyB3zNkNCTQ2Ys79Fb1hEyKM2TTyI5Ha4A_jouXgVD0XXoYbe8nPzhe-ThyDCbNqZfOGyGxvv3zko9WCC19hPu6IHYrkiawE-U-6npJjtKCC9KotcViBpNjHwumfnN8Nw5aArrTrlUXHyOXR2aRHakVzIh-PhMguQe9_zFhbxQzXno5uR9qimMXDl--YeEc9OJeBzoUsEaghBsZc3tvvOK7prwrwpU3RzlQvVaRtoNf3SP2YvOfUOHqoiFjPAxdBbQsDofu8YCArEC2vX0E7mF0o3au-grmbkr5RmxPZjdBu7DiVWmXfzj-NIMFtoEH96AS4wAQyJ-zrbSIh8R0FakHuz0qPIJucfqt4PyH5Gb4_crBWwWeS34plg4tNrQlBuaP6Nr2uiZWgjITPBosaf6QuYgiwxzUnoHSs5W07AzFTkuTkDfFi_3fzna6bINFER66l3xE9Zv1RLSSJMm_uDsBiTGVZMisGH8B94bXwhVhQ17A5qZAqRZdmu5i2y3T2ZMKIqUjd-V9hhl8WFvTmV-xRJcRjnX-o96UMnwqM8ijEihbaNh3hYgpRgBuVqZm5mKZzbgpKDoheXYG-PCgeThp_TUAzvdGgnwpeafQVDykSykehQBMavy8esismUjsymuE7JHzz5tRq-pyrfrfjkWIW8decABBgj-ccYEJSPXmu-ULyZjEKk9xZXUFJLuSb9xvv27c_vtMQHBKtnV-cp7iUVbkOTWOLsIBU_BwADOZERhx8r59dPOHvclt2PL7vRRQ4JZNc2_0xWOEPTrc8RXwkg6WYJHk2HYqrYGAPjNVWUcaU2QQ_23PU93JlA5so01JsMgpiTIlO_fDix4_UQHOTtemrUVIPebWlnaShm1NbNNtOvaZjC_ZVm8PB82Y00QDQ49GMUJ2FKg0N4F784pJ_8VzlY_YJQ&cid=CAASFeRo51tnOQmkNxroOs1tjacpSSCmhA&rfl=1%2Chttps%253A%252F%252Fwww.elfinancierocr.com%252F%240

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

834bd669878a10284620d3544a72bf93ba7f7bb449991f46c9b10762f5b7c040

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30443
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C4D6 42 B
107 B 70ms
39ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DGNt-1MuCC2921WIi3Qv8wulmI8o5MWcLfWkbcvvwfPfHbLYRDE9JTeobxpAiX5E4D4LIqp0kiMldVuJAa09ULkm2ARgQn0OE1etz2DyjNb6t3NXs

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame C4D6 2 KB
1 KB 18ms
9ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:57:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 90
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 12:57:38 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C4D6 119 KB
36 KB 51ms
45ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 10 Dec 2021 12:59:08 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame C4D6 15 KB
6 KB 16ms
8ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:56:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 187
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 12:56:01 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame C4D6 0
0 16ms
16ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSpWjPrfuLfVLc3vmRQE0LFTso72MqjCftBX9aeToKPXeYF0nKmRzy15Z11YUIeZdfSfzSkJh7UjzGfpUEIOfifHBjDNQ
Requested by: Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 3D65 624 B
340 B 39ms
26ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYkOCEGzAB&v=APEucNVtU9v6LgI-BwB411ROfFCgQ2YvZTcQtx5lzeoPfcfFj7WpzXc4VPGRM_wNS_yxcQy4mhWBLt56q2kyU-atE6ovWXciOQ-mIhKrDD-n2KpidNpfd3tnfbethfFUSp7mh2DxnGMzUMVBN13wlZ-3V5xxGJ08BeGdibVAg-5GXqkCFbJ5j-k

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 10 Dec 2021 12:59:08 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame ACFC 72 KB
30 KB 73ms
60ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BBGiBz2THIVg6dzK7h9r7kEiWFAO03Q8MeSQyZyZ_LKE0p61ITLyJlKFag0K6YsfwVcPMNW8SgxAnTMNCKtrZMCgRAnYN9szgV4HuQKSLzJ2vkmUYGC7Euhc5nDa2ZVxXieCKh-bYbW1SuuU2Hffc2nkQoPA&dbm_d=AKAmf-CLCfmH_u0JgsTGmQilj42R_hz4EUBs-UHSbuBvJQ_9s5afrWVJQXrJK_GeUCRgJdC-z9CO_jSfZ2Ju55zzsnhiEQlsGFZ43hc8mqD-suUuMhi97vw9XuMHsJj6K2lBb-8-AmjovFeDXVUzYxhGYe6TmDO5Qj09ZtkpbC1tObbljsx_lVgV7lzAwcPvFGwKb0EPO4f8mXHrJk1vfJ_-bNbf9sLpkyFtT-kKSKOme1p9Fc2mF2acTpA3ETklG9FlEs5EWI8X2oEWzR-5PPX-H2aeouVASVavM4TRiLIVETjwjaGcd6rGX4G1r-1xo34m0WzvJMvgBFmbN1ktb6tY4sPdsikjK7CYrSbtTfoz7Jxe0GzRxBSqfzPq6FlQAo3ecyZRXZfL-LO6rjgQ0_9rN2ZVSE8-O4epIRw2D3cAFzNulgYVXE_vTgUDNGbtXsacVxHRhJhBnw3X3nY9cvTEC9YxpWLWbatwG1imt_rKGcVg0f9JBGYbuKtMPvjsMSLW_6vTVWpQkOpS8R9fnc4KxK5y7V8ZQtgzahfmd4WIm07Jl73_G9SbWVx1t8QZUY0qS7khuwrQHfiJLoDM8tpmZQI5_908WOZpj9diSiIDETFBlwHKV6XeIxscp1UsNtKsZOUc7H6cui-m48nNcmFNpeZlVfzV5VBT7MKOGVPD2wa7go87ZCgJivFkOEmyB_D72XTLDyuqPQoQu8GKrVdLHVaWJogIClDdxf4Xq2QmB2xXr7bqFWYrNLM1aHwUd6XY3mDoAaZ9gCVG5g-M71Xn3f-Sqe99uXb8691wwYyq_eb0MsD2s2M_l8HqgYf7p6FxOiERquWVzNGviba-jRDv5YTNWzPdJa5vKRXruaCEShx7VDhBWJ0wxmOzywcxJpfuvY7e-iCybAhS6XATZ5ifUds3x_DLcTd8miNM7VAc493q1yLtrls4nxotvlTa3i0G1RuPnf3xg2XRNGkSzMCVP2DB-2i-dgKTBb0j_G_GMa8EyS2-aI1WS3KkhnNF16ROq01KB4dXG0idvR_jAhBuE_p1i_mxe5l8dhuwNbSSpg2blIH1SzO_ldqvIwJwdmqrA9iVE-zjS6ewsrzko1ruFRszLSMLe_jjbkJhmaqsQjLgX5yQQJZ11CyrcTD2HSl9Wds1BEVEwcCgAOiXXa31Xh6u-UhSoPEQS_lcvER7j8MVHMLutj1RCW9B06fUIAmuKMDfCJ3rKsDoOXxCXOCRTQDESGYJgfDks0-hU9mnl5YfaD0zsu7EhvLdjgvI9qyap_h-VpnENbCou3IkQSdeSor9nDd3xQjp4HOEndtcDhm9s9UADddpwfTfFdY3i6cVeu2eiGp_eEtapQROmQf_7VrEZ6O3CLqp8Tz8XIeZgZGLhaadZWc1_N4748KPPDYSUAE-0hyUeSAdJVAx6N2bQSBKhZFMiOqPvh9NKqaE8MQ4vzcogw1VBg60rRXDKpgqaluViD7lcTBECWzLN_NItF7ZCbWPAX6blsb3s0V5SWd6G4IjZAG_0wqtoS0R6AiVH0TU5MvoNZSVTR7c7x8WR3Uj13Qv5QLaTaP4rs8qQ015Rf2---PZMTYFhxdWn46YShq1sQafhavQeMIp9e7nCY0PzELaQrE5yiqw1YpQwTJYQfxy81pxMpSNHnvseHTZFHbIujjdi0P_48R1AAbIOymDgHpeV5pQ5Vyr-vu2zNbFzd4polCLV403SEPuRLQS7Fzhh0Sl5dD2V9sYVxIXnUz3Q9bbKjayyWOnV2aaWqSDHIkN1L-otqsWjtZfyL4plULLdZk65M098uacWEChYNOemfIacdjegFj9HE7iBkNVzHtGjCP1yR6m7Z0CLzFXQIdZLQf9Ub2copVh7qgViHDdOU12PmJiG1ThaL3TccxkxrYl7v-BfSis3rvqWDQYJ9G3mafMegFqC3YkQ12_JsPNA0bzXiH-GsbPMNjn9qoHHuMcr6htIAxK0cK20VjL8KeGGxfF4cuDzaRX5Ou7uLiNYbdptp4d9Gc6KjYMHjGY0fdHX8fu06bjXFxvgx9OPDNJ3tEZdbgKDiuZEWcUqZSzJllD-DVkIX098TQQyeHfEerOrzz0cHdn6-SDe02JF_h6r_Q9qvwA_8pPmTR9sEV-99cJ4DQRawSFD6gXUO39nPAMFLryK608G9a9rE-QIMm7icQ8ZS7DrV5PuxlT3plq70g7q0_A4oSMnKzdRTgpgbnDixmEl3dy7cx7IDI21nQiYqMKLep4_u2qoqMiqiD6JUsVEyXsoElvYZKmYXb4wolUEdwgImWtdpYqNcRZJDjHQCVG6RdGfGG1Ano2-0nAk8LCZmtkGEOm4dqfW6SKyvYGFTk7Ah8P0hvQVPUY-1cjMge3WijnU0UzhkDaj1pG3TyXoT8VKmGiWu-FE1_ykXqH7oOkhokeTsAkcZFTkT22j-UK8ko59QsbzWVCs4Qf6A7m_ja-Qu6KPWfNC4-ID0VYWIejtTZ1v7D6IXkIyVDJKnNwCS76TzfA-nRisCM395c3VmrDDr9xJrJgyAVPl_VwUw7eQNlhjKM9spcjrG7jxPiNkxejboCVX1l2zu7Mq7EtQXBMne2ahUxz43_rJzNWR5XF-YyQo7vU-cuo92-6jZe0hhUyRxGoAroIg_fS9xWwbr6wvjdgBK2tXPBy5gEfghhIuxyBls8OPPI6t1WrLke-7TcTjgXOO0U7XfNhfORy-RsHSvBcqmXOiPZfFU_Vjyui7WlfEums2sugWCATZTtOOJd0B98gaRzOvnJs478Xt_3HbZHWVXwlA7mK2wO5k8djHK8qEXik4KA0Xpn5RejrtHU91uD_-PItv5DEJo7UdE3vRI1RaAq-6niunYR4AXxfz8dHyKXONgPldNDEDkQied0wC5SOWSAbM5mHsCg2qlpMr7GIR1gd3AbsvS47KvHLXmw4u8D0plOO-UQQrVREJ4hZz3R8N7s6AraOeW_FcveNVjJCuZOYmNQvbIn8DewTuU1u_7IporDCkvJc2WA6p5kjmzCwe7-hrJw6uJftGMfXFx74hH9XL0MAH_jURd9zkBXPsGDCqi00yWTDNGLlNTIb29RWLKcFmS-AMRaP-mIuaOTg2G8HUncdKbxYxXOK2Oc_FCVvKbJ3g-qfz_DF0F12qtqXDGSKaJ5vXk-Z-OYgDZkv5uIMdABblENQyT_kolKPIl1To8TS1xXcMKHmzudIrHbVILwXRpfkbP6BeAlvBk-36zDiZxne6rz7EogN6p4JAehGptmQMnVErKM-Sb3WgAXmsmg-cprB9ZMlcZmTH82-4U2QzR12oDpncxwQZq7BiW4oI7hOtTatDVOIxtt8eAffBrupQDA-mwvdI7YbsLfDMVUeQMhqr8yAR77UfmaSkryyEy8FYFkjB2ynZ-Gv0Fv2c91clGfZOwipmiYrz7Prn4G1Gnp5Tio78tW3QZE7DmQhfSntcR53HGAe_Qk1YNtsXTOvTfNs65RkVoLpbP-sSsZz0lWlKLiqdtQFuf2jH4QLFLxmazHPVDwbH1MBDw-15_b3ZF2vfRV_nA&cid=CAASFeRo5u7EoWictJJv924LJMj4JuEndw&rfl=1%2Chttps%253A%252F%252Fwww.elfinancierocr.com%252F%240

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47e47242df4a701b6ffd3e2b936ef5cbee3b4f2d7584dc2de3a116f4c180bd96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30535
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame ACFC 42 B
107 B 66ms
40ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A5iwpKyiA0D-msbFwoosrrWPKAuqLMlLbTnJl2y5RdUREBn3y7ZRV6hwWtb8I4rwTRNZOFP8ftI3442SRBNcMtkleVHxY70iGJFrtY_xdJLHbSPFQ

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame ACFC 2 KB
1 KB 23ms
18ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:57:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 90
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 12:57:38 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame ACFC 119 KB
36 KB 53ms
50ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 10 Dec 2021 12:59:08 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame ACFC 15 KB
6 KB 17ms
12ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:56:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 187
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 12:56:01 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame ACFC 0
0 21ms
21ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ08x3uoFcMTMDmxyge1M_hYk4Q7xKIZPMeNZ_QohhkBn2PyCHmn2Ks3Fw6hghFboSwhp-Z4ivSHhcV0zPB77erNQkOGQ
Requested by: Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
15 KB 9ms
9ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.elfinancierocr.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 13:39:48 GMT
x-content-type-options: nosniff
age: 602360
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 03 Dec 2022 13:39:48 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
15 KB 9ms
9ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.elfinancierocr.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 17:56:19 GMT
x-content-type-options: nosniff
age: 154969
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 08 Dec 2022 17:56:19 GMT

GET
H3 200 KFOkCnqEu92Fr1Mu51xIIzI.woff2
fonts.gstatic.com/s/roboto/v29/ 17 KB
17 KB 12ms
12ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOkCnqEu92Fr1Mu51xIIzI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

46375ee9192c1e0f6eabe4d32b2a48b996b93037f7b4beb970df5b87359548fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.elfinancierocr.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 13:21:56 GMT
x-content-type-options: nosniff
age: 603432
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17304
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 03 Dec 2022 13:21:56 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6973 624 B
340 B 24ms
19ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COed9gIQ96fYjQIYn-KUuwEwAQ&v=APEucNV75vw3LwGlqAZ73lEgzDMBIUz2e7XzQvEgNGLg4BGMaE3FL94hNXapS1IY-RfZt9AQD_gmLVDQXxz9x8sHGONTrs8xpeC2YdJexfG5KaZwsh9iXjmTf-8sBBrW38OH1afKCDdMD8H6W3yOPUj7ZteqIlFnjWX7VQYnbs1B1yEdLOIG7_s

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 10 Dec 2021 12:59:08 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9DE7 72 KB
30 KB 66ms
61ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A3KvB7usvmSFX5s6MSP4SEZ3gttyk4EmDSGR2SU2GczT55V0C-7gQayGcIhBaYVjtOusUqhmUfrUlXQUh3UZRB3CVGW3E3eB330NJKtZYnUxUF_A4GJwTYaZI8KdD5JVZHQOgIkSVbB0-j9fqoLvXnUIJ_Eg&dbm_d=AKAmf-BQBOmL0ZXcv5RnGMwUv1lB--h60TuVlmBxdPtlVTcGWVgVmSOAURdY2E95Y_o8-tltRkKGmTZPOYVX89TESxBkj6JimoK5pEkmzlr4Pjj4pgPD5AFUmLEn8PcUi2f75194Vs94Lva9-W9038snnpGvOm0opu8QNRHV9QGq5syR6fgTLAwFPWuAfBDCZOETDcjsiflUmFc5-UU_CA7PmLBtmz4cP2dAJqqqTcGSP-TN19arQMfRDcnGQPWLlZWamuQeOMKnhK8_cHNqHxq_tVvV2bj0iiF2hpSckbEESk3sQJq4lgq3g_93vF5-GwfFk9kT6DOax0XQilsW7Ha0CVEwmi3A1OFRmJeYpYst4SxvuC-0-AQzSGNA2xynTPUS0TqGrgYhVtpJSXNqGjhYAbdvoV84ffC7PFoMj4u7qIejH9ZZeV_MOGQTNpfIVYg795gBW5MapMqXvUS5tPO5b-MdH6xKG_Lxk5ac0XSGlszqVseCx7pdzBE98adb94Dv3Fi7hU6iceJl1YRvNi4UL4yP3rlp0cW577jPlh5UIcn3kJ1wLSuJmT_S1x7LErHJZRyuzPhPx1CFihyA70hTRtsIdm-wdpqv6TSJrM6kQGZZwqOTSfhNT99mNtKgCWLt4mCXqxranrQ0av64ISvbkrhdTikCwaURlJZeO5Vg_QINdi2tFkLUUMb1WR7tSRzOFJm12JjMkwPHDCQCNvTk2VcFxCRKwbj7VTwrEQ-qGfq9sk0VZ4mViBBTB5Qo185q9lSBT8OrSGovL1GzyBTKDwIFBc5ombDx3IZj4G1e4WMXWFMdL14_j6UqbVpFvDHb7XbEVmq_T50Wi9X6k44mf_NMtAOniCOtUFLZ5B4kdSmJhvj13gq2YgrvRdx2iGe6H27B5QRKNwIKNsxDqmhey5cRo-UHrCNPeD8IVwYgQw1JR-G44_10SdeNbEvcHAymUmGtkBokfvo45KmBA7xSjx0cnC90a2kpUM3MeA22XJ6KlXz_ldPD5Ifk-kgnB9t1yWF5-X4fDVqUd20bkF-bsCoHJsLmJ-10-jp0GTx6vRWKrWvXmzKYTYqNSbeV7bHEJLgyLxYxxecKDRnqKEaLiu0rSZqyaKY1QXUC2w6EPFt7ZQGP-XU1_CJXyL8dwKLpyBzT--WdG3jzr-xDnbfCu-6jb-a_QjzaupT9-iEPBrRF2U2IsZnxoJpJpmZFvFoEGiOKW6IuHF5_qY9iQ81Z0i-TEoPTCxkg3t8VsinPbR-l7y1KOSCef9ZxXwcqKdQBy1oLhjzoEHots2yEriu5cyfiIuI9LkXcg22XjFxU5-39Awx0twmRJ5gZ9Mqm4As04IfQwd79r2zdBTNxtbA7j2Nshn6PR9vtWDo_GpiY9a-dEdOYVLFSeAXclmNDm7Oo3XxZYWevTWab5YE_bvl2A9EUDKKznmvLbYXgvnxIGwBqbdHt95MNQiswR-9u3cpEpp64hvZwYNJZc6FoZTOzhsndPbBt7Kcpxd8STjmkOjShOIwFgIlK7QG3zd1_p7OGA4AHSh8H-QBZybathNuUaA-5iekYdPRA2T7OCNY2LpmsU6v6YqVs82EgwmBfoSFNcV0y4dneVHagqFk9huw4DDkkyyflAzWIghbtpZ_xSH35ncDWApb05I3sxsv-0bUzyrOq3EX5bHL4bryWftfIiat9Nk0XYsubEndgAEFhYxjIC4Vkh4FZpNgESQKXLjFOFdnQmyT-qyKCTyV7aqkE3PzAOAxij5s3EvrBQemqkxOXxOo_Dr7wko6Zmg2DRhF9RsrAaiDwZcAZL9dyN6jOVcRIM7jZfJsXIzBMHEaIGcFgb7QRSemZH29jcsyj8blBpIdCDOGkdOE4X17jApohkEmF4WX6o0WGZB0f0XED5cdOYbIPJ2qbysOvIsneOLgOWs9BlvJQtFPKG3AfjJy6RKF--m3U6-H2KJ0eH2kYsoPySGt7iS_POBvxOsteDXhNI6CAlH8dZdGZWBGiDbTbQD8PPSrU-oKZng_U1EKMRvc2HrckvJwu37KRj-CE5_p3u68sSPHe0e-X7ajAaOR_uRuxEcAchBpPYScnl0eC-3a4J1BKtcSyODUnPefrg25_cPU4WDPxuePFLbCl3CQvOe4dEPEpz_EPLIjw_b2o35zbV3NV00t5BOxsKyPZDJQ1XFPELCJkHRNnGA6Rh96IwFB1K7u_8fwNjGn31VcZY0pWAh4F5nO1A_LRcfHGjMyBs-91vcBFECSGWepP_kvofXuV_qLTKDHpkdrfnO6tQNHlfF2aTrp8B1iIgEyp2siQCB99NxGJpsWU8ypxqgDsV9GJfMkO-PsC-ceiMhJ6N_o_vN8-r09iwCDL-yDtLoIi5ThXovLOfJhwOcNSRx7PqOZn08FuKAYGgQrWQ-3a9Rd4DeZWoo-enNpKbgD2ZZ2g5buLDBMUytk1EdHhy3D9uMV3Ak--b4_KvZMLr6oAAYNmSnfO2MWsIlK4oeAYRZW81U6eNkzIY6KkqyPiQDhgzHjQYxSLIqoTVHIUBpV3CE7UF2bMIcBwxQ6IPt2XAJEjkbgHmaOVPp9_viUXmErr1PJKjpf1zMl-w29fVJdlDcdRkaQbriQJOJGyifkoMFqrQDo-mz4jIS99be_GhzOFDj-HtQB5hh8HmzHUPe2e8kNjV3sj6JTy1jJ7-9I2n1KG7gkOqd03g4tzgj0FXjtTbdWrb4dTav9dOBvNu6yiSOp1vRSEZcQ8VpQrf-MREUOBAjzXx3MIFuoA8oc2a0Wgiyq0GsIe6Chk_FlcZNCr0nHsbTgVXnuykbuSzxZH16pZREpFyX-TH8GiY8yYGWTTCoCay11PqSpnB2kqw7H01DoMp4_oY1wUy1xoID1aeW3sIifVlGzXeZW5zgdm1O-rkiwdFUPD-9OCLZtHNhAjkEx-Dk8-QttKbmv2GxDkav6tj18U2FD5rQmQXDDQ-ZBHhQ4UDYU6h1g4LJJA2ChjrFsJ883_fipO9MeWFktiRnb9zVA9xawyHfJNISLdYPfP7oHqAkXEe__3tL3NArRFZGloYKR30cNXMC5gWFmSKaZdVQw45kR_lbc6M3wjrXQKuYO_VIo9WkqlshdZZHLamUfQQ6zaHGniTG2EfyIdGC3F3B2r7CUDLLjmq0HdORyeMnW0KuojXCjTiMyRY0MGXtjHb_POeX4fybhngUCuYbV9hR5XfcX9exjgG9swUJ1bmMTqF943OotANlrFroZz5EGwj0wcD3mX6YeoJl_JH3V38MOdS0BcvDCglWnnJU0k81pn0Nv9KYGNv886XTBd5EfmouIEAy_hycJnhCLz7K3EjHTXnuCbyQKMoJKAQgwkKOvziaoVzvfwtK5BIgQZfx-m1iAFJmu2XhcEcMG7NPGVYd2ldTe2xAWtptZMyeGoRoLLVcUKSPeYpSuHbZ8wxjIEo6LW1yhxDnfeQOc56tmuIlI-EwQrEyr3xutwOX4JOkZiYAkO5tTAi7CYoyZXqYR_I-Xt_iXNgPKe6loHhPo2A-5ok2ToIQLf1TaeKoT-GRVX-SEA7A&cid=CAASFeRosmkiRei_gCgkm_rkLlaa_Kp_BQ&rfl=1%2Chttps%253A%252F%252Fwww.elfinancierocr.com%252F%240

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

66bcda3ac5133b7420544087e0b3d4b6471c5e764454e2806ebd0a0fc38b6ad1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30331
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9DE7 42 B
107 B 45ms
40ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A-tZldZK_RGYkPx-RUMDcTwyybR0q4H8cG-5VO6cm_OXE0RvJQ3z2-fkwRSBhytw1tou2N-ibr7I8emXNHVVG1ub-abt72I_PYGL_96ymU0NylSIo

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 9DE7 2 KB
1 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:57:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 90
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 12:57:38 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9DE7 119 KB
36 KB 30ms
28ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 10 Dec 2021 12:59:08 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 9DE7 15 KB
6 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:56:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 187
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 12:56:01 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 9DE7 0
0 17ms
15ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQRxKxu4QJmUbLffmAV9v8lFZL8kplHi1I3prpAVPd1G0XNTjJrW_KnJWyl3HAXLvFCiqtsvPJ9o_lPdiOTJQwT2MzTdw
Requested by: Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 6767 0
18 B 21ms
9ms Document
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://www.elfinancierocr.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/

Response headers

content-type: text/plain
access-control-allow-origin: https://www.elfinancierocr.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
date: Fri, 10 Dec 2021 12:59:08 GMT

GET
H2 200 custom.json Show response
rdc.m32.media/adops/custom_files/elfinancierocr.com/ 2 KB
1 KB 129ms
114ms XHR
application/json 35.227.246.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rdc.m32.media/adops/custom_files/elfinancierocr.com/custom.json
Requested by: Host: rdc.m32.media
URL: https://rdc.m32.media/madops.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.246.163 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 163.246.227.35.bc.googleusercontent.com
Software: nginx/1.10.3 /
Resource Hash: f565c9a286df6b7af45ff5eafe8ca34b428d9d7caf31d1afea5d4c6bf8c5170e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: gzip
last-modified: Fri, 10 Dec 2021 10:35:41 GMT
server: nginx/1.10.3
etag: W/"61b32d7d-989"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=900
alt-svc: clear
via: 1.1 google
expires: Fri, 10 Dec 2021 13:14:08 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame D6FE 106 KB
38 KB 42ms
7ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
Origin: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 20:15:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60241
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 20:15:07 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame D6FE 8 KB
3 KB 43ms
20ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Cp1I2UUgGYtGIZhn6lnwH1WNjDnbRcb6zu3hZyWdJmCb0x6eHDHEBv1EkloIFcZhYRZUhN_gPb3ILHPAdAebfMQdDVa35pGSIlm6EJJXp6Z2D1Cws2LdklugPo-5zCO7s2Tgxb5jmk54EWsXJI_OYQLrLQqw&dbm_d=AKAmf-A7RnCswrRmX8w_P-crAB_JccNUjzkC6Sbp60XD5K7OTnus40QvZ4QBXMMysAFRcDFatt4w8fBDU5JpOrMsYnIH8jdS3bcygJESPyT-qBHnMB4jcVzAWjlzDF13TpZi0eboEheR7tXQKNUXuH5fyqEH0ztN5R857-atUdblZ-tytKa64LdsYHT93fDmf4SyDuq3DtdqohFXl7CnQ__Iwt13JTFFTYPBg8VtX3n60s8UG2XG7fAEgyPZQ6Fsmm_ky3Bf3MOJPc0c5meX15wd969Qs5kw-d3ULaw7fnga5s_qXZNGD1bl0k30Fj3GNTkV3Qr9UGTqBqhkPU90KwaSAJRSKWfmx3R_95yG7H6zQ9R3V8lv4uyNDqpvK2jzJq14oapkGU6iZ33SgDCl8CK2xDuXsJPiKachfLrQ4eLGG2pOa5n3bkct84-RXQHze31xUi15slQGvH5l6S49uenQrgsjyvTKbrKdzAKhmj0Mmh1-E2G0PB1RvgTD-gl2eIWtLXDsfNzXmMwADoNAWj9XCG0qy9Q1S7Slbrr84woSFe_34jZDqAvy7jaXwDwQXD0_IOvYq2H2iQNa-LdxFSo3Ef7PWsWxDni9zhVMPZQVB6mpMPBbyfRjMs3lxZpnhzfdtOMKRFEQssYp0FuJMHugTIq_Aa096OGwDBunGJyvsyKLfdUupR2xEKCMCL6NJigJIhR7t5ZOpjcL71WeypFlPMOkvGPf45turMXrELE6psSG--VixRigZeEmvYrU3w-kGGk9GvjNAIs-sMFdxwIOxzsYz-Ft7I26pCOxVcAdvF-5UcEmclbJiuzKp4tugnBxURT7HU-PH6t_va9WNfgCg2TPHZPM3Mi0LCXtoqAP_56gK4NnnHj2GWD3DEKe3SubHPhrHNS3z9vzB8JIru5hmEAMGnimUHh-CRaj1AIdAJrZy9D0dTZQ6MCtcBmOa1_7IepuY7JYyZgfMYlfeDnMJutuMnTTasJGuEtrpIJxy8pJzQJAy91zjOx90UK8DHgnEYxEajKZrrRrbUxTm7rrzAFTflMWl1Cp30WczaKGshqh7F67cvSaWpG9ZkfIcV88yVzFn7P1zOzVg65STLLpBEx8-y69mR-2cV5XsgHVW1gsHJwEi6NbRIKw--iICN9dtwXFSWwUdXCYlVwhZYQsrtRM3UzUp7ZeCWKTvd9oJvFAgSyiZLdULKarDeCZqYGL7GpzDBq46LM3_BdXvyRgYd4f8LAXR4ZxhO5cAIdIu-NAGCzhDo_nw0Jh7WQGCwrAN6GSiA3Q9lobnSnjC8Rd_A7JpFsgPIqQQhsBG6jow7BZq3P7WXnnHCHDx9vswJUBId5z_ldkifEzTfIHbyqO9CJHvgb7uhgENtAWMu8kNUwguCiMgxLnMbASei_BMGwdMG25fkI9gHcDfiKYk8NDu_Pk9MZCLzhRRSRyKBwqr4dKeU650dCIHSL4xNGW65sfS6rLbybBDXNWA_1lMCdtMxXIistKr2YylkEkCiLRcOWPm7S6R52KzImRrCktA-FcbiIixO5THv2hji17kGU6kEwfdw7Tr6kk0E4JopbwzSSU0-ulzRhJ4YfkNv7YmFW-Yhb0Ny2ldHQLU2_zPaXYb7QSoJbr3g4Uo2B6E3UHw78rgTm7c0OPwew8LOIAl7KSTxZsSBYMX_jqpgEuPb8_UGIY5bGyWLYi-PFVWOtAfdZSrrAsmTF0OZ3kQTB7ZXa7TO6uks4VSbXT9490u5A6u4zcQgHcOPq1_8Ibb3BQlpwmRVd-YVypps1jf94ZdJ7fCe5f6pVGDSRwE89DYHDxs71rogVCnJcq138eUJyvaFYXEaxOTvAlnpAFfnx8q9-CPxS_hGle9wsSDEtqHWtpPVmelzPdHjluo4cBMh9IcYlpNSaOM9MZ8r1jPWgy9aFZMx9BxzvKiq9E_cByb2HWX6T4394AjjO52FlNx_v1ShkUsXlOgcsZfyEce4x3r-gKdUxGqX56-ydkl7qpB2xsJirZKTOjpa55tcNsTZI0Cmsdpf07BeeXZA_iZL-YEv-D2MAg282_NH1s0qfmyPzrEMSuKfOzI3JFUyUeYSPY028Uw-JeTmb0_E0C4Yctw2SlHCnL0ymQWidQbd1b6DyjAwaAAs5571l2NPObYvAJy_G-iqyh27EVwsK7YMd6KF-IZH-nVwXyotrYycZ5ipyM6j53Fh6iQkBPkphv5yrPwbryWh_z0M5brHHVS2YzM0oXxraBPLbXI2Q0PVJ7JDtUM62PFwiQ9ORQfUtKVIKuJuFHQMM4Kyluo9jWSxzw5QNyMv_X4NhR36zuiSZxZP3HHP2GWYxl-Uc_ymStexCKHrfur5F6rrSXp1K9iHdfTFq0YnGaovzkjGidfczPsK6PsyXfibCTUg8FmCb-oYWAZVz3qGbQinMrvwYoQMvjVODYkPa71qtjwCBrSzCDivEXp75iIAqfYyjJ24F1bTAxzk_ukqydLoMDqc6vvaOokLayPMRHHPWDFIIfKn2v2SNVrnP4Uc7WHq47dFmYQNRtajj2xzlHcpx30oM1hEWCvOy3Mlwx7HegVOJkNpfMNBNFy7riCYzmmjiLwSi59t6CQz-kXSRCW--jzPzzSeeRc8uzark6Yr09aHvNG7h3iw0A5uJb4lT_gXLhMVQJ5LnDQdsMgr11S1h-9QXxze2qK2oivxypoCcW8IMy1TbYy3GLM5WXeD9eNvqmn5xJA1Ib4GsufnqeekdMYZJr-xFTzeBJO832c11r6__HsiUCljPQ70BUkfR4IbTQErAaSR2lPz38gVIMrb7EbtqCYxU_UHdui3CxXCNBELvBRcqnwjjTSowOtblRa4hf6yPkb2vGbIxWXtg3RB7EL-ErIJSXs-qX_WU3P4N1S5Uf-WRzVxU_IiH-FsaGGGsb3mnDOW6XcK_KrqF3f4gtl46MgwqkFwozwRn29S4fBBWod8BCyHUgN7pVE0AOUyXtMbCIi6hPhTByI98u7tfhxzFEjc9aRVhfvigsayS5f77_qnL6X5BsIHIiiPwKqeeNhVC1rPqML2w9WUaTIqXcATwT5VfGQZ9d0viMvvLh5JxXDIN86NAz3Xc1KXLJNQAUgnCA2xpnrIBybEH157P1jxc-rAV0TWVznnxXISstim7by8sQ-1s_BIPlQJuED6bfhB9j7oyfSFJMILTXzpsUz_mnPLkCP01BgmwYeO9PccsP3J9FbJU1FBbtNY3yRDuC882lkwhND565UAEk_mGxcfraWLhwxIbQ6kM0HH3qbHdTKa-xJXHpXOjhX4HPekz9ze46smVisAtt9RU7aIU3fT_mL_6ualjb1a54Zx_qm4DyoPmkzuglpLKwTHgmzySTH3mL8ciXvSTqoKitdrhnz1ECCz9DfrY8wt3D31CB2-S9WsrzCexDYS4Uvuv-P5ILY5e46K0S6xOSr6xAJICuozfDSbx3czKo0JNU5w0pmfuCRv5RtFGz21f8k4lqCap164BXXeFCmBk-QCw3p-gin7epOpQ_Hul6W-2V64pOk0lgOY4jBMfFHVXy2pdGWA&cid=CAASFeRoyAf9LNezqu4mRLkRpXWbM7_yxw&rfl=1%2Chttps%253A%252F%252Fwww.elfinancierocr.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:52:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 388
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3140
x-xss-protection: 0
server: cafe
etag: 17163059639670574047
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 12:52:40 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame D6FE 24 KB
9 KB 36ms
16ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:56:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 188
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9516
x-xss-protection: 0
server: cafe
etag: 14328493792227503680
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 12:56:00 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 2B8C 24 KB
9 KB 32ms
14ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BVaUrxg-4snL_06ldmcQgujofAbLQfJaKDRwsAiFW1bmdARL9FN5KPl7RHTWxhUREGZ3nulO1Dbk9yOLZLU0FzSUlRfkw8P2Ap5zhO8v8S7jLmBwf4MJFagYNyXmBm6FRswqXTH1gVHXxedZlTwLz322ixbw&cry=1&dbm_d=AKAmf-ArqYv5UdhqT5tpDkThUc0dp5flO9cy3TVBeDO-2R0PGUeilJAfbmdKORfp6-W702sOi6wtwqvMU1sN7HlLYf3b8eGuw75TDwcQbu7M-bgiXyhg5Ije6SSDh4yv5hzZAayjK0kj6jWUcyrwU1r2ClAw_7JNMoI8s1rWA_vYE2aXaRNewMjHoWN4T8-QgZTKAldapFVtX3wrTkqOzQhtaO1nzoTflc1O7iHuXPWNDGO3egXRLve-NzTjugRcESGd6eni-kglx927HnI8U-mpRUmPu-5IbIHd-5LZ854tHDiKHU05TS_WDhuZX2A7BVPdNBXre23qUmc-UQYqGaK4NcTTCPZuyTolY91x1Chi64K5SFeO1E4k7IUJ0WX2SIQR2ndk6fb9B4PbbGGTtgasBAy-1WUdFSv4gmO5InhwbKgHskTaR2oc7Nhf7dsJyI-uYoctu1llvw_kN0_Z0XvlM_btUvXq-flShHE1WBftHYjSDa4bNJnXUrz5PC9TXCiyL6IzkN56baqFXtTCw57rwb1OkLrA2Lj_vLaGNC3QMj2fwHyu2FUz13A1D-7a7bs2BjBQLjpk4wieRSWXrdupu6KJ-drSR_nGCGJPStDxIp7TvnmTAvTbKQHHvxd95zifMqehUv5BgYR7RMELsdLhGCAm4-iAZ0KIr7O3sOQ5Rk9SwoUR2eNbxUwAEXuEh6G2PI_B4mCo5ZA85IsgNqqsfdKis6jxWwWqmGlHwRwq2gJZoX_Ys59EmfXjkJt048F71otaXYj2EakN67CzabVr6AkQs94YuM_CyjKPhRMR3Z6L6TsEkV36dBKS740Loa408hc4HQwXzUfqixNPxc1_0FJFitWZfodYBnheuAQNjcrFHye-7DpcpQ6XPuwh7hYMa6_wlRMOYwA02EnHC5FbJ673HzYoEqkbY8E3FYIWkpn1_-nSvqK8h6T8bkgYNkKpTjMj3vyG6qYZPJ9sgfbzQvZMit112IGEWaNxD7SdHdDL7nZSpOoucJ8DbYVLppM1b5lf8aOOZE2C6yaltPmtLpI9bN71JLj6n0n5BRMCIstfm1uAlw6pSFcGa-3SxrKzjJM440_ML6rfElp2kKthGefSqffORS0TGOb_Fmgo4UzaRQs0RahtjRvsJrmy6fzAMpREra2PuSJ3cMxHk5K5R5Hg4anuG9Mzher0Jfw4uvtX059SQmFL2U-somwfi6dVW8fk656BCwFHg1kDbu8XAs6uZ10hsFJPQXw1KUAFMJXYoqEBBz6XI_EsmQzMFUfvBQKclXfy-GuzOa28UiZdR5BLCAWNgQsqLnwjtUel7nnm6KU0fx296hpe5y0hCZClrrD2MWWyDuqfImGkvSfxr-fyyCH6QBlZuFJAQ46vasLgTnS2FDdTOIfb8UhIN1y6X8A06OFtNH1VQHluf34UXiFDvuvrN4q6tVtrtfCejIUwLjaVkmK4oaTSTXGzLE7S7oLlhtooAHyEbrKKMgurV1Qf8c0jjPSeWAtfpnvRW7DcSjKyJjkQR1mOhOjqHQiCOTiF0_BlahFIlpWii7_dtjIgPNjCVsksnWL-bXKN1Id4k2tQQgS_dtYDcQ6tMfPvq6zN2W380lkWGjSjyLta8-3TBSPfsWss3B7thMaNZYlUwFW8JCDuwH-g1rHKuIyXHqHrsK4Cgi4dO-FpO-YugxtkYcDZDV-psBazL2n-fbBUlhlzeqWntRHwS1hlm59gxo0NptsLHvNkEjspzNRgQZ1-7uEg8udPK-fyhziqPXAvbSyvLY7JWU1Bxb0XfTZRqdw-bmINX8Q6q3uynVmSlSnIHIpmynxhewt04J3cmlfdjpapF4zqJn8O5vBziDaJQpMnM5m3NdnpgM2We0or9lFz3o31y8ATITF3qn4lBLZrwyGwt6IJCQYSq688C7JU-MN1klbb2HcEjdz30-u0Jv5CVdA4T0tSZ0PwXM7adpUZBfgmuG7NFs_ilcij6wHT0Zj74ODYxAn0gaVd_Q8KIu7l35EZbISZtqfvmSGl18Gqlqbml3GZib2sEGaYvV_Sxo8uXCwCsu1WrLXfgYrgEmTHc_bZzgAZ030aqCJ1S4aJXLdfVIK7bwK5f9o6O0xoFgX_hgatLf__jQ04t-PWNaVhUxjllaGbqHYql0CkX5opGX6yw34nBwE1mR2C0eP5ngWhr9z4v-kwcnHlbTUlygn5yitiKLh6zDr59QnIFBSdI2qQAKNjAKVFqYLVT6KdNBOq4t8LKz3evuUw7bX8giLtjxqdjYaNSjd8udLgzjqZoicodBbyZSLvRmmXWy5Tnfiq0cpjVTJ1y5aY7NF6T8GGI2cic9bNcNqpGsQO5yvIzVFMIM1j-R0XSMPStEt87KMbYxv1RHNsfoTgf17ZbkkAaF33HeSXsAnzgkyWtQgMHSgtMv-7FezVhtXM-3_Jl9KIzbCNduphKdj8JRDQrQplgEg_NyKwf61unUHILoMuw3zKojKz8tnUTXfnGHmZF25dHRFftQKMDEkuJj2OqRd2FkKCUyaXePSR4clKSxWTVuxwTEKqfBvoCM_k2ns8XZVy0NovA9RNwk75TJvPKmKTIPXZZl54uDyTVqgB7gI0bE19ChkykLt3XfTGbVwTApLfO36CUQpASupmIJbARw8gtwxa0gLfcwgi_zpvJgd3QM-QKE10K5QpRfO-9Y0QX8g9Z5_4I2WzoKgqOzZ087TnZ4Mreew2mVHAVKj_n3w3AdM6jLRqCUkxhUZgWXFpjqRo5eBDKfrUMYdLQsIT5PJ265d9NWBW24e2tpObMxGsrznfU6iwOv6JHMxJ8zW_quIbzt-yC_pWnLvlBcJfWcRqfZFabtuGnr84JQWFLUe0myBTD-6wCWbpBhLwNGY9gHVG4F5cERVTXMRPWFzpFOTO91XhWupir_Cen8wTfrOWeoIShDfNjvyKcDSWIu-WhqdMiUSEtT3IVQ6I6YiEm7PBmYnINlsIGmdmdUzCtfSZzZp8AJ1sat5mjz_OK_iwe3FY-UKlkD57xh4e72xub1gCJxc_kATWRNQ-lt-piYdk1CqTHWO-rgeyDMfFamc_jnoQ6e7iebM-fAVa_G1VdfzfANn4TEbvliCq3cFp5oBQzEk5-02Z7osbwLd8MrTi3NPlsRFnYEjhNzO5niTL9uZN5pQkuPpSYAYocdeQ98RP-h52JjXxfyP5ZKYTTt_xq1OfQqpSQlj8A743hcv8MjJx5Yvf67MAWN5m79trfPQvoOPdCTwAWffy_x6pthOIrKney8pw8E5eEM_51L0PE9Bs0KiXEFdILRztfRWSvA8e_ubEt7FJYL2g_Px4Xyw4ifEmovAG5c_dFMTi3LQCup3RkCK7nmcv1gFTd539deYAm-jnrXkyuanQ2HfOwUvv4crHqLn4PhSPrLiqQvuqSW6WaA6qa2Ir3v2LjB_hGHy1aTOWDzP7UpPlF9vCxzSufqXYO6hkcQ1rYXZrza-N5Xo4Nof_qG2T54FEs46LypRQy5jPGT3sO6_9vftqEMDLBNHGj_ycWsMrVdENG8IyZPdgOFf1CyxUdD42R7G5n15jUJbp6l_Z5YwcntFK8wULupCsxVkX&cid=CAASFeRoNiYypwuC2wVlUfwVSbDPC9MnJA&rfl=1%2Chttps%253A%252F%252Fwww.elfinancierocr.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:56:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 188
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9516
x-xss-protection: 0
server: cafe
etag: 14328493792227503680
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 12:56:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 2B8C 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 18:05:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 68005
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Dec 2022 18:05:43 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame ACFC 106 KB
37 KB 41ms
15ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
Origin: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 20:15:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60241
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 20:15:07 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame ACFC 8 KB
3 KB 35ms
20ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BBGiBz2THIVg6dzK7h9r7kEiWFAO03Q8MeSQyZyZ_LKE0p61ITLyJlKFag0K6YsfwVcPMNW8SgxAnTMNCKtrZMCgRAnYN9szgV4HuQKSLzJ2vkmUYGC7Euhc5nDa2ZVxXieCKh-bYbW1SuuU2Hffc2nkQoPA&dbm_d=AKAmf-CLCfmH_u0JgsTGmQilj42R_hz4EUBs-UHSbuBvJQ_9s5afrWVJQXrJK_GeUCRgJdC-z9CO_jSfZ2Ju55zzsnhiEQlsGFZ43hc8mqD-suUuMhi97vw9XuMHsJj6K2lBb-8-AmjovFeDXVUzYxhGYe6TmDO5Qj09ZtkpbC1tObbljsx_lVgV7lzAwcPvFGwKb0EPO4f8mXHrJk1vfJ_-bNbf9sLpkyFtT-kKSKOme1p9Fc2mF2acTpA3ETklG9FlEs5EWI8X2oEWzR-5PPX-H2aeouVASVavM4TRiLIVETjwjaGcd6rGX4G1r-1xo34m0WzvJMvgBFmbN1ktb6tY4sPdsikjK7CYrSbtTfoz7Jxe0GzRxBSqfzPq6FlQAo3ecyZRXZfL-LO6rjgQ0_9rN2ZVSE8-O4epIRw2D3cAFzNulgYVXE_vTgUDNGbtXsacVxHRhJhBnw3X3nY9cvTEC9YxpWLWbatwG1imt_rKGcVg0f9JBGYbuKtMPvjsMSLW_6vTVWpQkOpS8R9fnc4KxK5y7V8ZQtgzahfmd4WIm07Jl73_G9SbWVx1t8QZUY0qS7khuwrQHfiJLoDM8tpmZQI5_908WOZpj9diSiIDETFBlwHKV6XeIxscp1UsNtKsZOUc7H6cui-m48nNcmFNpeZlVfzV5VBT7MKOGVPD2wa7go87ZCgJivFkOEmyB_D72XTLDyuqPQoQu8GKrVdLHVaWJogIClDdxf4Xq2QmB2xXr7bqFWYrNLM1aHwUd6XY3mDoAaZ9gCVG5g-M71Xn3f-Sqe99uXb8691wwYyq_eb0MsD2s2M_l8HqgYf7p6FxOiERquWVzNGviba-jRDv5YTNWzPdJa5vKRXruaCEShx7VDhBWJ0wxmOzywcxJpfuvY7e-iCybAhS6XATZ5ifUds3x_DLcTd8miNM7VAc493q1yLtrls4nxotvlTa3i0G1RuPnf3xg2XRNGkSzMCVP2DB-2i-dgKTBb0j_G_GMa8EyS2-aI1WS3KkhnNF16ROq01KB4dXG0idvR_jAhBuE_p1i_mxe5l8dhuwNbSSpg2blIH1SzO_ldqvIwJwdmqrA9iVE-zjS6ewsrzko1ruFRszLSMLe_jjbkJhmaqsQjLgX5yQQJZ11CyrcTD2HSl9Wds1BEVEwcCgAOiXXa31Xh6u-UhSoPEQS_lcvER7j8MVHMLutj1RCW9B06fUIAmuKMDfCJ3rKsDoOXxCXOCRTQDESGYJgfDks0-hU9mnl5YfaD0zsu7EhvLdjgvI9qyap_h-VpnENbCou3IkQSdeSor9nDd3xQjp4HOEndtcDhm9s9UADddpwfTfFdY3i6cVeu2eiGp_eEtapQROmQf_7VrEZ6O3CLqp8Tz8XIeZgZGLhaadZWc1_N4748KPPDYSUAE-0hyUeSAdJVAx6N2bQSBKhZFMiOqPvh9NKqaE8MQ4vzcogw1VBg60rRXDKpgqaluViD7lcTBECWzLN_NItF7ZCbWPAX6blsb3s0V5SWd6G4IjZAG_0wqtoS0R6AiVH0TU5MvoNZSVTR7c7x8WR3Uj13Qv5QLaTaP4rs8qQ015Rf2---PZMTYFhxdWn46YShq1sQafhavQeMIp9e7nCY0PzELaQrE5yiqw1YpQwTJYQfxy81pxMpSNHnvseHTZFHbIujjdi0P_48R1AAbIOymDgHpeV5pQ5Vyr-vu2zNbFzd4polCLV403SEPuRLQS7Fzhh0Sl5dD2V9sYVxIXnUz3Q9bbKjayyWOnV2aaWqSDHIkN1L-otqsWjtZfyL4plULLdZk65M098uacWEChYNOemfIacdjegFj9HE7iBkNVzHtGjCP1yR6m7Z0CLzFXQIdZLQf9Ub2copVh7qgViHDdOU12PmJiG1ThaL3TccxkxrYl7v-BfSis3rvqWDQYJ9G3mafMegFqC3YkQ12_JsPNA0bzXiH-GsbPMNjn9qoHHuMcr6htIAxK0cK20VjL8KeGGxfF4cuDzaRX5Ou7uLiNYbdptp4d9Gc6KjYMHjGY0fdHX8fu06bjXFxvgx9OPDNJ3tEZdbgKDiuZEWcUqZSzJllD-DVkIX098TQQyeHfEerOrzz0cHdn6-SDe02JF_h6r_Q9qvwA_8pPmTR9sEV-99cJ4DQRawSFD6gXUO39nPAMFLryK608G9a9rE-QIMm7icQ8ZS7DrV5PuxlT3plq70g7q0_A4oSMnKzdRTgpgbnDixmEl3dy7cx7IDI21nQiYqMKLep4_u2qoqMiqiD6JUsVEyXsoElvYZKmYXb4wolUEdwgImWtdpYqNcRZJDjHQCVG6RdGfGG1Ano2-0nAk8LCZmtkGEOm4dqfW6SKyvYGFTk7Ah8P0hvQVPUY-1cjMge3WijnU0UzhkDaj1pG3TyXoT8VKmGiWu-FE1_ykXqH7oOkhokeTsAkcZFTkT22j-UK8ko59QsbzWVCs4Qf6A7m_ja-Qu6KPWfNC4-ID0VYWIejtTZ1v7D6IXkIyVDJKnNwCS76TzfA-nRisCM395c3VmrDDr9xJrJgyAVPl_VwUw7eQNlhjKM9spcjrG7jxPiNkxejboCVX1l2zu7Mq7EtQXBMne2ahUxz43_rJzNWR5XF-YyQo7vU-cuo92-6jZe0hhUyRxGoAroIg_fS9xWwbr6wvjdgBK2tXPBy5gEfghhIuxyBls8OPPI6t1WrLke-7TcTjgXOO0U7XfNhfORy-RsHSvBcqmXOiPZfFU_Vjyui7WlfEums2sugWCATZTtOOJd0B98gaRzOvnJs478Xt_3HbZHWVXwlA7mK2wO5k8djHK8qEXik4KA0Xpn5RejrtHU91uD_-PItv5DEJo7UdE3vRI1RaAq-6niunYR4AXxfz8dHyKXONgPldNDEDkQied0wC5SOWSAbM5mHsCg2qlpMr7GIR1gd3AbsvS47KvHLXmw4u8D0plOO-UQQrVREJ4hZz3R8N7s6AraOeW_FcveNVjJCuZOYmNQvbIn8DewTuU1u_7IporDCkvJc2WA6p5kjmzCwe7-hrJw6uJftGMfXFx74hH9XL0MAH_jURd9zkBXPsGDCqi00yWTDNGLlNTIb29RWLKcFmS-AMRaP-mIuaOTg2G8HUncdKbxYxXOK2Oc_FCVvKbJ3g-qfz_DF0F12qtqXDGSKaJ5vXk-Z-OYgDZkv5uIMdABblENQyT_kolKPIl1To8TS1xXcMKHmzudIrHbVILwXRpfkbP6BeAlvBk-36zDiZxne6rz7EogN6p4JAehGptmQMnVErKM-Sb3WgAXmsmg-cprB9ZMlcZmTH82-4U2QzR12oDpncxwQZq7BiW4oI7hOtTatDVOIxtt8eAffBrupQDA-mwvdI7YbsLfDMVUeQMhqr8yAR77UfmaSkryyEy8FYFkjB2ynZ-Gv0Fv2c91clGfZOwipmiYrz7Prn4G1Gnp5Tio78tW3QZE7DmQhfSntcR53HGAe_Qk1YNtsXTOvTfNs65RkVoLpbP-sSsZz0lWlKLiqdtQFuf2jH4QLFLxmazHPVDwbH1MBDw-15_b3ZF2vfRV_nA&cid=CAASFeRo5u7EoWictJJv924LJMj4JuEndw&rfl=1%2Chttps%253A%252F%252Fwww.elfinancierocr.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:52:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 388
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3140
x-xss-protection: 0
server: cafe
etag: 17163059639670574047
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 12:52:40 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame ACFC 24 KB
9 KB 30ms
19ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:56:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 188
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9516
x-xss-protection: 0
server: cafe
etag: 14328493792227503680
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 12:56:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame E9C2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1

43 B
1014 B

55ms
29ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPXNsaQCENmL1rACGKKr77gBMAE&v=APEucNVdCyGYMYKrzwFywGR1LC_2IuLkri2YEvVDb29ghydd0mZv5Bho-zoOHpYN-pxP6QTjySyMKzVwO6sgArUmUU8ZzgWXHZNT8Vu2zLPlAACCr-naxAE-v8iiXaTktSfvwnJcZGHMLeI6ZmNPi_h5yX7_0i-Fy6Q-JBs9aYqwPKzOVlLSInE
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:08 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 10 Dec 2021 12:59:08 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:08 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame E9C2
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbNPHNH.SmvfDC18WVlgTwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1&google_hm=2

43 B
1014 B

52ms
52ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPXNsaQCENmL1rACGKKr77gBMAE&v=APEucNVdCyGYMYKrzwFywGR1LC_2IuLkri2YEvVDb29ghydd0mZv5Bho-zoOHpYN-pxP6QTjySyMKzVwO6sgArUmUU8ZzgWXHZNT8Vu2zLPlAACCr-naxAE-v8iiXaTktSfvwnJcZGHMLeI6ZmNPi_h5yX7_0i-Fy6Q-JBs9aYqwPKzOVlLSInE
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:09 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 10 Dec 2021 12:59:09 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:09 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame E9C2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEO5fxdPFHPMYZcWwgrmmpOM&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO5fxdPFHPMYZcWwgrmmpOM%26google_cver%3D1

43 B
1 KB

92ms
14ms

Image
image/gif

185.33.223.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO5fxdPFHPMYZcWwgrmmpOM%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPXNsaQCENmL1rACGKKr77gBMAE&v=APEucNVdCyGYMYKrzwFywGR1LC_2IuLkri2YEvVDb29ghydd0mZv5Bho-zoOHpYN-pxP6QTjySyMKzVwO6sgArUmUU8ZzgWXHZNT8Vu2zLPlAACCr-naxAE-v8iiXaTktSfvwnJcZGHMLeI6ZmNPi_h5yX7_0i-Fy6Q-JBs9aYqwPKzOVlLSInE

Protocol

HTTP/1.1

Server

185.33.223.38 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:09 GMT
X-Proxy-Origin: 185.232.23.184; 185.232.23.184; 400.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 96acddbb-9ffa-450e-9d8b-c3120d30381a
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:09 GMT
X-Proxy-Origin: 185.232.23.184; 185.232.23.184; 400.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: bb3794f0-e0fb-41f1-8e96-7a78133aea87
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO5fxdPFHPMYZcWwgrmmpOM%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E9C2
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzg5NDQzNDc5NTU5MDk3NjI4Nw%3D%3D

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzg5NDQzNDc5NTU5MDk3NjI4Nw%3D%3D

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:09 GMT
X-Proxy-Origin: 185.232.23.184; 185.232.23.184; 400.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 650ad76e-bc71-426d-b8ed-98f619a8ba67
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzg5NDQzNDc5NTU5MDk3NjI4Nw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame AD0A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1

43 B
1014 B

55ms
29ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COed9gIQ96fYjQIY0umUuwEwAQ&v=APEucNXpq_xcmM85pWsr3u5j1lLDmNvD4VxbKgXhxzxMB8BMCmQzFiVQaxfJWU9--QFpeD62d_zpivVYn5_ST6fjjgGx35MmPJi8mDW7HMcRQHogEo96P_3bnHLXPJ6sqQmVdCyH3LqRlY0SIMqxIRCLqjTI2txTsEbjW0EXcUGpcA_4ne_Lt7g
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:08 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 10 Dec 2021 12:59:08 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:08 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame AD0A
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbNPHNH.SmvfDC18WVlgTwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1&google_hm=2

43 B
1014 B

38ms
38ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COed9gIQ96fYjQIY0umUuwEwAQ&v=APEucNXpq_xcmM85pWsr3u5j1lLDmNvD4VxbKgXhxzxMB8BMCmQzFiVQaxfJWU9--QFpeD62d_zpivVYn5_ST6fjjgGx35MmPJi8mDW7HMcRQHogEo96P_3bnHLXPJ6sqQmVdCyH3LqRlY0SIMqxIRCLqjTI2txTsEbjW0EXcUGpcA_4ne_Lt7g
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:09 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 10 Dec 2021 12:59:09 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:09 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame AD0A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEO5fxdPFHPMYZcWwgrmmpOM&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO5fxdPFHPMYZcWwgrmmpOM%26google_cver%3D1

43 B
1 KB

151ms
70ms

Image
image/gif

185.33.223.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO5fxdPFHPMYZcWwgrmmpOM%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COed9gIQ96fYjQIY0umUuwEwAQ&v=APEucNXpq_xcmM85pWsr3u5j1lLDmNvD4VxbKgXhxzxMB8BMCmQzFiVQaxfJWU9--QFpeD62d_zpivVYn5_ST6fjjgGx35MmPJi8mDW7HMcRQHogEo96P_3bnHLXPJ6sqQmVdCyH3LqRlY0SIMqxIRCLqjTI2txTsEbjW0EXcUGpcA_4ne_Lt7g

Protocol

HTTP/1.1

Server

185.33.223.38 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:09 GMT
X-Proxy-Origin: 185.232.23.184; 185.232.23.184; 400.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 070ba9f6-827d-4d12-b9d6-5f8c88397155
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:09 GMT
X-Proxy-Origin: 185.232.23.184; 185.232.23.184; 400.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: af5e10e7-ab2c-49fd-8f0d-a0ae7e935104
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO5fxdPFHPMYZcWwgrmmpOM%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AD0A
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjIwMTE0Njg2NDUxNjMyNzI4OQ%3D%3D

170 B
188 B

16ms
16ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjIwMTE0Njg2NDUxNjMyNzI4OQ%3D%3D

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:09 GMT
X-Proxy-Origin: 185.232.23.184; 185.232.23.184; 400.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: a1b96da5-9fb2-4116-9e3a-7c45fffd1dfa
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjIwMTE0Njg2NDUxNjMyNzI4OQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame C4D6 106 KB
37 KB 33ms
16ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
Origin: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 20:15:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60241
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 20:15:07 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame C4D6 8 KB
3 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CfyJHVk9mBG6mYhhIvfjzEAUXhbLfIdOwa6zoSIKBEc1fueTFZlYBRojdbgmZV3NTT45PAIijOXBVC_0YygHcvZqIMiN88xGwfRoH5VGiIPMSwu6ORcoo0diUst9X9KzOFTZnxj9gQjdJW6b3VEkqs3qxdKQ&dbm_d=AKAmf-Ci1nzr5vLvUGP2kKKDXAhNcuJkxE_SQGglb6g9GvtbjvSBodVQec1FVCnwe0DGDeZ9gASgc-2JrnjbTvbC61cO1GrsmU1JAzzpsz9TBLgt2Ro4ryi1Rg7G4VlQXTqKPMpiJh7xEs8RkVagNM7kfGV9F3cc-K4yg2vh1busrFK5b_f_7l1vOhPe76XUIA5EjKudCtwAM9IfTbP9nRSLR4LHnprqUCJaWg1jz0Sq0PYemINFXn09Mpec6TSwdKd-6KsySgca_ey2hQ7KF1-KUN9KVcFZJ4RHqf-bVZwUjz2jvH_GXOjzxXyRWQ8Uuxo1jv_uZouYDQG_Yo192lLXaa0kPTk809EmrKTVFp0YzHfchsgf2lD-Np1vWpfWOPTymUm0fEU8m69aRLRH5dvc-stVwbbfM266DDb6A4jdnxjIvjEV3xzHZhAsg_UuimOFnmXLRzR1Uyf9KUix_N46T5nMWpQgyGRwQY0l6v6vrbdlav1m3uPs1355NfXQCKPhoxVH_Dkp6LKVKy92iFR9j469jk0HMuIrvKqHlMUD_CpJ7xKGNgigkGz6QB4AfVLijB29T4P6sP4-xyPG0_D7aCLG6W2tkso62cZTbh2sfSgXcrRlPmlwkCNmaqPMO5QaeOWOM4eQq76G6yNTlItvT2HkC3Qk_kOGE5X8qDgCcIPI_k9Ic4GoNx22eSRon9rBDTblXx93EN1fGynf1FOYotIh188qeECLp1D0AKwbvuvGtJUi-k4gCFL0ovDHm9U302NLbwKZhUOWQ1h11pHzg_WqXAROCgLxvoygEmPKPFmDEAge7ppSl-2G305Vidtw7eBFveVb56K5pc8ibxYAXgWYihsQGCsoE-0vBWYKqfVQrvW5BkHtNiBdDQKox-kaxCPGrxYlfaERkGoB43HhOwfSoU52yn9VKtKac92rxGVzjRUA5KWpD8vpPykjvKb9BVrv6VgJHaIaiHT9egBdus5BjVmPgsq0vMUrUHccDqnIz_IKCBPoUhlZxFBlxnFJL0KBrH63oWbp9HicFG-7bbu9ID29uCaiw6CH-4xYfrqC3Bnv6N10vF3ZLpISuvonuRAmhumYk5DBA545oz-n2d3vCcCGN4bSP5V3MHNqw2c1XKYVIzYqKX6zL9NyxGCGDXHr1Io7xzuOVlffm0Z9TbGii8MVVE6g9eSFhtOCPZW8YCbFiOSnwdM-8cOOO4FelRw56Gymse15zxr3r1qBC0gsioLepfSr4eSZZlvOKStskc7PAJwBMpEav-xaj-b82W-h7vm0iqDbXtffdkP6rn7YSMOyfLlVyNIish6UAd0vjKxlX-5UycajKzxQ3bFC3QooEMIzpwLsnh3S-evGbpowf_sdRcpwfyWrKuVCcv2lpf69H0glQMo1aRng794KYNipu_euWGUj6A_1ihn4PQKZT4lc3Zl6sbCZ0TeL29uZHLlVhEG3nMllJ8ISAdkCCW3VM-NjEn1vOM0VXWWrZVOpK7LHBnRyKXEtqrNFv3u4DgKz_vpIQShvYWLyUljv9TOzipRUFVfCW6VnIfFhiwfToT_usD2w2wHXA9ewobXqdvgC0WW_oiJ58Mv7CJSnQIH1rgm7Crm4KoT4ytB-ogNdMDuqW4MbLY_n7zk77TrsKKQTIHu04sp1k6kxolLwWM7ooKZJbPBcOZPXWdnSMCq__CQTielYOGgu-Wpyww_cloo-5A7XZBEokMEvCCAJ8mAXrZ1TJm0l29lAD4aJgpZKZNkGr2Ju8sXAwgCSom3UNduzyaLRp3AzA4iMUGfMB-DhVrRECVwlv2sXVI3gkZ9wtV1Ax_uGXaBVShLeO5dZoQBa4CrqSp9pUJNrqg44Su9mDOYeKPnfSODWm2yabQB1XzFivQZqMKeox3ATIqDjDkTwb0osS13YTmi3YqiDq99G1K6M-_Sucy1iRdq19XPsy0G43xnYLHJForNUvm24aM0CDv-_meBFnze6gkFHWkpvTFvvMeVC8KhqK9Yykj9Zp7AiuljbvdwZldHSliSfRWLWOGtT7oY5eo6MSBcj650wQQJ_Nl8WmFs8_SxLbak3frLw7G7lQ6FDlMGLyFEYjvdnoKuTnPt-5CZXG0fbuYB6hHxOWOStqY0X7GE8OqD0ksWKn7tLkzV-UDnWBYCL54IODnFSt0Qq1k2DUeMkQaf50JGRd0k4zxvoHXuRR8JHtBe9J3aGvjJRL-q6sh2p-lXLoaQUKvR5EcEd7Wc2PclhcCjSnbr-Wbd7xsO69jB3NMmwhnVmjLFJcMDyHCdaMmJHRB29QsUNqndHXWaLgen1X6dCyJCHuN71JTv90vqPikq2V2jwzPKcAxZ3qI3DnE-IAZCdQMHdThnaAKV5v_KWiLAiaOAmMpyYTQEHNGAUKAvrce5QLMDLpbtHVZZbBO20PO78IBpKdy7WHH-no176xHCvrRbVk0Nf03ApnmGIaQvbLhTWtM5cBkAzYA493QENMrAPWlLilwFZ6DjwRB6FxR3iV5ZjnAI0w0sjA4fGuW45j69UsEP9Vvc9O08sxEdd8Thv00FjdW0i4mJ7XH0IWMjtn2i_9ftXY1N3UTD8kquEWMBhqwXTWqXabIrE-_85wSh5KsE9EZlS3VyB3zNkNCTQ2Ys79Fb1hEyKM2TTyI5Ha4A_jouXgVD0XXoYbe8nPzhe-ThyDCbNqZfOGyGxvv3zko9WCC19hPu6IHYrkiawE-U-6npJjtKCC9KotcViBpNjHwumfnN8Nw5aArrTrlUXHyOXR2aRHakVzIh-PhMguQe9_zFhbxQzXno5uR9qimMXDl--YeEc9OJeBzoUsEaghBsZc3tvvOK7prwrwpU3RzlQvVaRtoNf3SP2YvOfUOHqoiFjPAxdBbQsDofu8YCArEC2vX0E7mF0o3au-grmbkr5RmxPZjdBu7DiVWmXfzj-NIMFtoEH96AS4wAQyJ-zrbSIh8R0FakHuz0qPIJucfqt4PyH5Gb4_crBWwWeS34plg4tNrQlBuaP6Nr2uiZWgjITPBosaf6QuYgiwxzUnoHSs5W07AzFTkuTkDfFi_3fzna6bINFER66l3xE9Zv1RLSSJMm_uDsBiTGVZMisGH8B94bXwhVhQ17A5qZAqRZdmu5i2y3T2ZMKIqUjd-V9hhl8WFvTmV-xRJcRjnX-o96UMnwqM8ijEihbaNh3hYgpRgBuVqZm5mKZzbgpKDoheXYG-PCgeThp_TUAzvdGgnwpeafQVDykSykehQBMavy8esismUjsymuE7JHzz5tRq-pyrfrfjkWIW8decABBgj-ccYEJSPXmu-ULyZjEKk9xZXUFJLuSb9xvv27c_vtMQHBKtnV-cp7iUVbkOTWOLsIBU_BwADOZERhx8r59dPOHvclt2PL7vRRQ4JZNc2_0xWOEPTrc8RXwkg6WYJHk2HYqrYGAPjNVWUcaU2QQ_23PU93JlA5so01JsMgpiTIlO_fDix4_UQHOTtemrUVIPebWlnaShm1NbNNtOvaZjC_ZVm8PB82Y00QDQ49GMUJ2FKg0N4F784pJ_8VzlY_YJQ&cid=CAASFeRo51tnOQmkNxroOs1tjacpSSCmhA&rfl=1%2Chttps%253A%252F%252Fwww.elfinancierocr.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:52:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 388
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3140
x-xss-protection: 0
server: cafe
etag: 17163059639670574047
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 12:52:40 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame C4D6 24 KB
9 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:56:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 188
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9516
x-xss-protection: 0
server: cafe
etag: 14328493792227503680
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 12:56:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 9617
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1

43 B
1014 B

62ms
32ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COed9gIQ96fYjQIY0umUuwEwAQ&v=APEucNVSe_Kyie5PUUtJq1GcTGEX8kNWr733wxMoeAiiK3wMNP7VRB6kGnaP8Ok66NliOmSJ4EFbs5Iee7Nhq3Fz1nFhcng9JBURcYC43Q3BkHsxAXCep7AUw2KMDl1euBlF25vlmvpk7sRpqsPT54Qyu9doqDeU12Agbv5thRXh_4tOGRZj2GI
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:08 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 10 Dec 2021 12:59:08 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:08 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 9617
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbNPHNH.SmvfDC18WVlgTwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1&google_hm=2

43 B
1014 B

31ms
30ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COed9gIQ96fYjQIY0umUuwEwAQ&v=APEucNVSe_Kyie5PUUtJq1GcTGEX8kNWr733wxMoeAiiK3wMNP7VRB6kGnaP8Ok66NliOmSJ4EFbs5Iee7Nhq3Fz1nFhcng9JBURcYC43Q3BkHsxAXCep7AUw2KMDl1euBlF25vlmvpk7sRpqsPT54Qyu9doqDeU12Agbv5thRXh_4tOGRZj2GI
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:09 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 10 Dec 2021 12:59:09 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:09 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 9617
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEO5fxdPFHPMYZcWwgrmmpOM&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO5fxdPFHPMYZcWwgrmmpOM%26google_cver%3D1

43 B
1 KB

80ms
19ms

Image
image/gif

185.33.223.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO5fxdPFHPMYZcWwgrmmpOM%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COed9gIQ96fYjQIY0umUuwEwAQ&v=APEucNVSe_Kyie5PUUtJq1GcTGEX8kNWr733wxMoeAiiK3wMNP7VRB6kGnaP8Ok66NliOmSJ4EFbs5Iee7Nhq3Fz1nFhcng9JBURcYC43Q3BkHsxAXCep7AUw2KMDl1euBlF25vlmvpk7sRpqsPT54Qyu9doqDeU12Agbv5thRXh_4tOGRZj2GI

Protocol

HTTP/1.1

Server

185.33.223.38 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:09 GMT
X-Proxy-Origin: 185.232.23.184; 185.232.23.184; 400.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 13183c6e-65e3-4b61-8e09-17f4a9203386
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:09 GMT
X-Proxy-Origin: 185.232.23.184; 185.232.23.184; 400.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: d67ec8ba-e981-4e16-9d71-76563dbf823a
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO5fxdPFHPMYZcWwgrmmpOM%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9617
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzg5NDQzNDc5NTU5MDk3NjI4Nw%3D%3D

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzg5NDQzNDc5NTU5MDk3NjI4Nw%3D%3D

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:09 GMT
X-Proxy-Origin: 185.232.23.184; 185.232.23.184; 400.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: f6076658-1749-41e3-a534-b01ac0902201
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzg5NDQzNDc5NTU5MDk3NjI4Nw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 9DE7 106 KB
37 KB 15ms
7ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
Origin: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 20:15:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60241
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 20:15:07 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame 9DE7 8 KB
3 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A3KvB7usvmSFX5s6MSP4SEZ3gttyk4EmDSGR2SU2GczT55V0C-7gQayGcIhBaYVjtOusUqhmUfrUlXQUh3UZRB3CVGW3E3eB330NJKtZYnUxUF_A4GJwTYaZI8KdD5JVZHQOgIkSVbB0-j9fqoLvXnUIJ_Eg&dbm_d=AKAmf-BQBOmL0ZXcv5RnGMwUv1lB--h60TuVlmBxdPtlVTcGWVgVmSOAURdY2E95Y_o8-tltRkKGmTZPOYVX89TESxBkj6JimoK5pEkmzlr4Pjj4pgPD5AFUmLEn8PcUi2f75194Vs94Lva9-W9038snnpGvOm0opu8QNRHV9QGq5syR6fgTLAwFPWuAfBDCZOETDcjsiflUmFc5-UU_CA7PmLBtmz4cP2dAJqqqTcGSP-TN19arQMfRDcnGQPWLlZWamuQeOMKnhK8_cHNqHxq_tVvV2bj0iiF2hpSckbEESk3sQJq4lgq3g_93vF5-GwfFk9kT6DOax0XQilsW7Ha0CVEwmi3A1OFRmJeYpYst4SxvuC-0-AQzSGNA2xynTPUS0TqGrgYhVtpJSXNqGjhYAbdvoV84ffC7PFoMj4u7qIejH9ZZeV_MOGQTNpfIVYg795gBW5MapMqXvUS5tPO5b-MdH6xKG_Lxk5ac0XSGlszqVseCx7pdzBE98adb94Dv3Fi7hU6iceJl1YRvNi4UL4yP3rlp0cW577jPlh5UIcn3kJ1wLSuJmT_S1x7LErHJZRyuzPhPx1CFihyA70hTRtsIdm-wdpqv6TSJrM6kQGZZwqOTSfhNT99mNtKgCWLt4mCXqxranrQ0av64ISvbkrhdTikCwaURlJZeO5Vg_QINdi2tFkLUUMb1WR7tSRzOFJm12JjMkwPHDCQCNvTk2VcFxCRKwbj7VTwrEQ-qGfq9sk0VZ4mViBBTB5Qo185q9lSBT8OrSGovL1GzyBTKDwIFBc5ombDx3IZj4G1e4WMXWFMdL14_j6UqbVpFvDHb7XbEVmq_T50Wi9X6k44mf_NMtAOniCOtUFLZ5B4kdSmJhvj13gq2YgrvRdx2iGe6H27B5QRKNwIKNsxDqmhey5cRo-UHrCNPeD8IVwYgQw1JR-G44_10SdeNbEvcHAymUmGtkBokfvo45KmBA7xSjx0cnC90a2kpUM3MeA22XJ6KlXz_ldPD5Ifk-kgnB9t1yWF5-X4fDVqUd20bkF-bsCoHJsLmJ-10-jp0GTx6vRWKrWvXmzKYTYqNSbeV7bHEJLgyLxYxxecKDRnqKEaLiu0rSZqyaKY1QXUC2w6EPFt7ZQGP-XU1_CJXyL8dwKLpyBzT--WdG3jzr-xDnbfCu-6jb-a_QjzaupT9-iEPBrRF2U2IsZnxoJpJpmZFvFoEGiOKW6IuHF5_qY9iQ81Z0i-TEoPTCxkg3t8VsinPbR-l7y1KOSCef9ZxXwcqKdQBy1oLhjzoEHots2yEriu5cyfiIuI9LkXcg22XjFxU5-39Awx0twmRJ5gZ9Mqm4As04IfQwd79r2zdBTNxtbA7j2Nshn6PR9vtWDo_GpiY9a-dEdOYVLFSeAXclmNDm7Oo3XxZYWevTWab5YE_bvl2A9EUDKKznmvLbYXgvnxIGwBqbdHt95MNQiswR-9u3cpEpp64hvZwYNJZc6FoZTOzhsndPbBt7Kcpxd8STjmkOjShOIwFgIlK7QG3zd1_p7OGA4AHSh8H-QBZybathNuUaA-5iekYdPRA2T7OCNY2LpmsU6v6YqVs82EgwmBfoSFNcV0y4dneVHagqFk9huw4DDkkyyflAzWIghbtpZ_xSH35ncDWApb05I3sxsv-0bUzyrOq3EX5bHL4bryWftfIiat9Nk0XYsubEndgAEFhYxjIC4Vkh4FZpNgESQKXLjFOFdnQmyT-qyKCTyV7aqkE3PzAOAxij5s3EvrBQemqkxOXxOo_Dr7wko6Zmg2DRhF9RsrAaiDwZcAZL9dyN6jOVcRIM7jZfJsXIzBMHEaIGcFgb7QRSemZH29jcsyj8blBpIdCDOGkdOE4X17jApohkEmF4WX6o0WGZB0f0XED5cdOYbIPJ2qbysOvIsneOLgOWs9BlvJQtFPKG3AfjJy6RKF--m3U6-H2KJ0eH2kYsoPySGt7iS_POBvxOsteDXhNI6CAlH8dZdGZWBGiDbTbQD8PPSrU-oKZng_U1EKMRvc2HrckvJwu37KRj-CE5_p3u68sSPHe0e-X7ajAaOR_uRuxEcAchBpPYScnl0eC-3a4J1BKtcSyODUnPefrg25_cPU4WDPxuePFLbCl3CQvOe4dEPEpz_EPLIjw_b2o35zbV3NV00t5BOxsKyPZDJQ1XFPELCJkHRNnGA6Rh96IwFB1K7u_8fwNjGn31VcZY0pWAh4F5nO1A_LRcfHGjMyBs-91vcBFECSGWepP_kvofXuV_qLTKDHpkdrfnO6tQNHlfF2aTrp8B1iIgEyp2siQCB99NxGJpsWU8ypxqgDsV9GJfMkO-PsC-ceiMhJ6N_o_vN8-r09iwCDL-yDtLoIi5ThXovLOfJhwOcNSRx7PqOZn08FuKAYGgQrWQ-3a9Rd4DeZWoo-enNpKbgD2ZZ2g5buLDBMUytk1EdHhy3D9uMV3Ak--b4_KvZMLr6oAAYNmSnfO2MWsIlK4oeAYRZW81U6eNkzIY6KkqyPiQDhgzHjQYxSLIqoTVHIUBpV3CE7UF2bMIcBwxQ6IPt2XAJEjkbgHmaOVPp9_viUXmErr1PJKjpf1zMl-w29fVJdlDcdRkaQbriQJOJGyifkoMFqrQDo-mz4jIS99be_GhzOFDj-HtQB5hh8HmzHUPe2e8kNjV3sj6JTy1jJ7-9I2n1KG7gkOqd03g4tzgj0FXjtTbdWrb4dTav9dOBvNu6yiSOp1vRSEZcQ8VpQrf-MREUOBAjzXx3MIFuoA8oc2a0Wgiyq0GsIe6Chk_FlcZNCr0nHsbTgVXnuykbuSzxZH16pZREpFyX-TH8GiY8yYGWTTCoCay11PqSpnB2kqw7H01DoMp4_oY1wUy1xoID1aeW3sIifVlGzXeZW5zgdm1O-rkiwdFUPD-9OCLZtHNhAjkEx-Dk8-QttKbmv2GxDkav6tj18U2FD5rQmQXDDQ-ZBHhQ4UDYU6h1g4LJJA2ChjrFsJ883_fipO9MeWFktiRnb9zVA9xawyHfJNISLdYPfP7oHqAkXEe__3tL3NArRFZGloYKR30cNXMC5gWFmSKaZdVQw45kR_lbc6M3wjrXQKuYO_VIo9WkqlshdZZHLamUfQQ6zaHGniTG2EfyIdGC3F3B2r7CUDLLjmq0HdORyeMnW0KuojXCjTiMyRY0MGXtjHb_POeX4fybhngUCuYbV9hR5XfcX9exjgG9swUJ1bmMTqF943OotANlrFroZz5EGwj0wcD3mX6YeoJl_JH3V38MOdS0BcvDCglWnnJU0k81pn0Nv9KYGNv886XTBd5EfmouIEAy_hycJnhCLz7K3EjHTXnuCbyQKMoJKAQgwkKOvziaoVzvfwtK5BIgQZfx-m1iAFJmu2XhcEcMG7NPGVYd2ldTe2xAWtptZMyeGoRoLLVcUKSPeYpSuHbZ8wxjIEo6LW1yhxDnfeQOc56tmuIlI-EwQrEyr3xutwOX4JOkZiYAkO5tTAi7CYoyZXqYR_I-Xt_iXNgPKe6loHhPo2A-5ok2ToIQLf1TaeKoT-GRVX-SEA7A&cid=CAASFeRosmkiRei_gCgkm_rkLlaa_Kp_BQ&rfl=1%2Chttps%253A%252F%252Fwww.elfinancierocr.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:52:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 388
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3140
x-xss-protection: 0
server: cafe
etag: 17163059639670574047
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 12:52:40 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 9DE7 24 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:56:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 188
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9516
x-xss-protection: 0
server: cafe
etag: 14328493792227503680
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 12:56:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 3D65
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1

43 B
1014 B

48ms
32ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYkOCEGzAB&v=APEucNVtU9v6LgI-BwB411ROfFCgQ2YvZTcQtx5lzeoPfcfFj7WpzXc4VPGRM_wNS_yxcQy4mhWBLt56q2kyU-atE6ovWXciOQ-mIhKrDD-n2KpidNpfd3tnfbethfFUSp7mh2DxnGMzUMVBN13wlZ-3V5xxGJ08BeGdibVAg-5GXqkCFbJ5j-k
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:08 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 10 Dec 2021 12:59:08 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:08 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 3D65
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbNPHNH.SmvfDC18WVlgSwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1&google_hm=2

43 B
1014 B

39ms
39ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYkOCEGzAB&v=APEucNVtU9v6LgI-BwB411ROfFCgQ2YvZTcQtx5lzeoPfcfFj7WpzXc4VPGRM_wNS_yxcQy4mhWBLt56q2kyU-atE6ovWXciOQ-mIhKrDD-n2KpidNpfd3tnfbethfFUSp7mh2DxnGMzUMVBN13wlZ-3V5xxGJ08BeGdibVAg-5GXqkCFbJ5j-k
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:09 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 10 Dec 2021 12:59:09 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:09 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 3D65
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEO5fxdPFHPMYZcWwgrmmpOM&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO5fxdPFHPMYZcWwgrmmpOM%26google_cver%3D1

43 B
1 KB

133ms
99ms

Image
image/gif

185.33.223.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO5fxdPFHPMYZcWwgrmmpOM%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYkOCEGzAB&v=APEucNVtU9v6LgI-BwB411ROfFCgQ2YvZTcQtx5lzeoPfcfFj7WpzXc4VPGRM_wNS_yxcQy4mhWBLt56q2kyU-atE6ovWXciOQ-mIhKrDD-n2KpidNpfd3tnfbethfFUSp7mh2DxnGMzUMVBN13wlZ-3V5xxGJ08BeGdibVAg-5GXqkCFbJ5j-k

Protocol

HTTP/1.1

Server

185.33.223.38 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:09 GMT
X-Proxy-Origin: 185.232.23.184; 185.232.23.184; 400.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: b1166938-146a-40d1-adce-9dc9e26badce
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:09 GMT
X-Proxy-Origin: 185.232.23.184; 185.232.23.184; 400.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: ee73e4f1-5c47-4ac7-b3cc-9076d9cc80c8
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO5fxdPFHPMYZcWwgrmmpOM%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3D65
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzI5Nzc5NTkzMDQ4OTY1NTUyOQ%3D%3D

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzI5Nzc5NTkzMDQ4OTY1NTUyOQ%3D%3D

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:09 GMT
X-Proxy-Origin: 185.232.23.184; 185.232.23.184; 400.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 16fe29f1-dd0b-4bf4-8528-bc6eb6a65f15
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzI5Nzc5NTkzMDQ4OTY1NTUyOQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6973
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1

43 B
1014 B

92ms
58ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COed9gIQ96fYjQIYn-KUuwEwAQ&v=APEucNV75vw3LwGlqAZ73lEgzDMBIUz2e7XzQvEgNGLg4BGMaE3FL94hNXapS1IY-RfZt9AQD_gmLVDQXxz9x8sHGONTrs8xpeC2YdJexfG5KaZwsh9iXjmTf-8sBBrW38OH1afKCDdMD8H6W3yOPUj7ZteqIlFnjWX7VQYnbs1B1yEdLOIG7_s
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:08 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 10 Dec 2021 12:59:08 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:08 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6973
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbNPHNH.SmvfDC18WVlgSwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1&google_hm=2

43 B
1014 B

38ms
38ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COed9gIQ96fYjQIYn-KUuwEwAQ&v=APEucNV75vw3LwGlqAZ73lEgzDMBIUz2e7XzQvEgNGLg4BGMaE3FL94hNXapS1IY-RfZt9AQD_gmLVDQXxz9x8sHGONTrs8xpeC2YdJexfG5KaZwsh9iXjmTf-8sBBrW38OH1afKCDdMD8H6W3yOPUj7ZteqIlFnjWX7VQYnbs1B1yEdLOIG7_s
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:09 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 10 Dec 2021 12:59:09 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:09 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBKlMaWTtMFDK4fciQlvW4Q&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 6973
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEO5fxdPFHPMYZcWwgrmmpOM&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO5fxdPFHPMYZcWwgrmmpOM%26google_cver%3D1

43 B
1 KB

165ms
76ms

Image
image/gif

185.33.223.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO5fxdPFHPMYZcWwgrmmpOM%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COed9gIQ96fYjQIYn-KUuwEwAQ&v=APEucNV75vw3LwGlqAZ73lEgzDMBIUz2e7XzQvEgNGLg4BGMaE3FL94hNXapS1IY-RfZt9AQD_gmLVDQXxz9x8sHGONTrs8xpeC2YdJexfG5KaZwsh9iXjmTf-8sBBrW38OH1afKCDdMD8H6W3yOPUj7ZteqIlFnjWX7VQYnbs1B1yEdLOIG7_s

Protocol

HTTP/1.1

Server

185.33.223.38 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

400.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:09 GMT
X-Proxy-Origin: 185.232.23.184; 185.232.23.184; 400.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 727098df-10c8-4311-a695-2c50aad0d483
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:09 GMT
X-Proxy-Origin: 185.232.23.184; 185.232.23.184; 400.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 64d26a53-5215-4f22-993a-53bb40a06ad6
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEO5fxdPFHPMYZcWwgrmmpOM%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 6973
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzI5Nzc5NTkzMDQ4OTY1NTUyOQ%3D%3D

170 B
188 B

18ms
17ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzI5Nzc5NTkzMDQ4OTY1NTUyOQ%3D%3D

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:09 GMT
X-Proxy-Origin: 185.232.23.184; 185.232.23.184; 400.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 40a0e4df-3b04-497f-8c2b-71c395e8ddab
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzI5Nzc5NTkzMDQ4OTY1NTUyOQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET cs
cs.lkqd.net/ Frame 6AC0 0
0

GET

cs
cs.lkqd.net/ Frame 6AC0
Redirect Chain

https://ad.turn.com/r/cs?pid=65
https://cs.lkqd.net/cs?partnerId=94&partnerUserId=8721002282992361908

0
0

GET cs
cs.lkqd.net/ Frame 7F49 0
0

GET

cs
cs.lkqd.net/ Frame 7F49
Redirect Chain

https://ad.turn.com/r/cs?pid=65
https://cs.lkqd.net/cs?partnerId=94&partnerUserId=9081290253182001588

0
0

POST
H2 200 t Show response
t.lkqd.net/ Frame 1A3B 0
169 B 284ms
93ms XHR
text/plain 146.20.128.192
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/formats.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.192 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://www.elfinancierocr.com
date: Fri, 10 Dec 2021 12:59:09 GMT
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain; charset=UTF-8

OPTIONS
H2 200 t
t.lkqd.net/ Frame 0
0 289ms
95ms Preflight
text/plain 146.20.128.192
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.192 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Fri, 10 Dec 2021 12:59:09 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
access-control-allow-credentials: true
access-control-expose-headers: Content-Type, Content-Disposition
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS, POST
cache-control: max-age=300
access-control-max-age: 300
access-control-allow-origin: https://www.elfinancierocr.com

GET
H2 200 vpaid.js Show response
ad.lkqd.net/vpaid/ Frame 249C 230 KB
61 KB 20ms
20ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/formats.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: 36ae762191d24727fbba21272ea14872bb7824188961282001d50e67f7b1881c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: gzip
last-modified: Tue, 02 Nov 2021 21:06:56 GMT
etag: "cca1f428155a1f13b17a4684f2c8ef1c"
x-hw: 1639141148.cds071.lo4.hn,1639141148.cds059.lo4.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1209600
accept-ranges: bytes
content-length: 62015

OPTIONS
H2 200 t
t.lkqd.net/ Frame 0
0 280ms
94ms Preflight
text/plain 146.20.128.192
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.192 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Fri, 10 Dec 2021 12:59:09 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
access-control-allow-credentials: true
access-control-expose-headers: Content-Type, Content-Disposition
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS, POST
cache-control: max-age=300
access-control-max-age: 300
access-control-allow-origin: https://www.elfinancierocr.com

POST t
t.lkqd.net/ Frame 3958 0
0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/355119113619368022/ Frame EA17 12 KB
3 KB 30ms
14ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/355119113619368022/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e839720e33c1841bde2bbf7566d6c800500057ef99e2fd380473500a14cc70e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 3447
date: Mon, 06 Dec 2021 15:22:12 GMT
expires: Tue, 06 Dec 2022 15:22:12 GMT
last-modified: Mon, 29 Nov 2021 14:53:09 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
age: 337016
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame D6FE 0
61 B 89ms
54ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstnewV2l7bDL3p9Kf3AojAcs7m-TySGekqEsSwvxBNvR88zu8gv3c3lnQR-LLsJInnOHab0l6T-PjoBPH_NgpuFcHHFxxrKfIe-kGK9k-15VTqePA4C4A5ekakUcTQopWrv4PoYOnfElhZc1atH4uRHbtujCxEBYyb2FTEXBWj_GkEPsadYMXZI5QfYKthNXM5Wn6l-rfF5DH2dE8VFuSk3SAIwRACA2nMw2A9GjABCUUtK6TvgULkGUEEd6Bs4LqsfdwSWCbR03EvWMAI_fbeCdMEj-F2XO7V6NSpNxERxhlIPqBOOw7faPPRJi05HGU89wjdLr58XISbRJlt09Fu1i--vr7f1WmvPl61pAyOV5YMYClBvJvN4cO0at9SqXnxtCUoOu3HfOZ8OH9nFORcY7NAyrR-IYgFkTMDPytV0X0CuRtlY6W_ozBydZaYKBDwwaQsFTfOn5wa-wTrojlTQkxDbi2O02Cz9Y58PIH-QndMuXTJXCVKwlgTrNiuNr-GZkD-2CqcP_kGtIBptMO0r7PgDd12KpNpydrXfYmuGQLJR_d8kZr3vubNGe1nt7hbTv0Z5KAjNTCjfw2d0HxLlz_kareC0jJDBn-voYbKmLKso42xy208BmuXegTH_EjAtfVIjvOz1JBzwWeuySwFr7iIzo0Cik9_EoztTscaE2-0LXM298lXMxbc3YT4RjkWcQTwNzZ-aUlVnEPpcOZf-vfc1iPGTWrotUkgszRDFYq8eY7sPWXABxktp7CcvjUfnyEdU201SviuOI6ON1OsGB2U5afArdrPmO-ziHr2x3zpfha4ODp9e8lqsWGXKpWa-_n6vGpMBQjPUz4P0suNam7E5S1fs2wKPe2Mvyp7xAUVyWNn_gx_TZ4u_eqUHzrFd-kCxNobCQiC49J2yGxjj8DMb2HKh6eNCREYTbsL8ALRxVLX--iS1f9cY7D2yspl_f5BHt1rT4oPu4E5CFj_s6Kn90Rn7QX1xLvXshdKKdx7Mk__b-ZjrOMyHrMg4wgMvOh1w2gvSjkQwvBQAHs5w2YJIVOcnQBPg2vozcyJLDUFET2fjQhQUOkP-pU3C81HcxoLcNHHN2CppTCWYoXNGKac0azqUcUE3reAtQQmHJkzK4vqQbHkR0N9SvDlUiml6XdayQ-oHqQB3iNTCBbl_EeSIai4UDRgxDiA3cy0Rx71-_enf5TloIsfAhQ&sai=AMfl-YQoOZe8I8P2fSxGQG7itevSt5JFpfS__UBgwPCaIfQEE4gB6SQzWspPCyYYXXopdWSLMdBWEhM-gDTjbOj0fV8oG-9SqOaWcDuQIMGFm4vDzUIV7D8GW7hFlyJer8JQEMSsmXPGUlF8uomLGcyuXTlyegft1D0VAgEA0ns&sig=Cg0ArKJSzE0HEiDISrjNEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=153&cbvp=1&cstd=149&cisv=r20211207.05583&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Fri, 10 Dec 2021 12:59:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 sfht0if3y.js Show response
cdn.krxd.net/controltag/ Frame ACFC 11 KB
4 KB 64ms
16ms Script
text/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/controltag/sfht0if3y.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 40a1b3366662d4c052b65b0e7842e3e7f78c4514afb3b4a387f550108ecdab03

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_config_service_ash_prod
date: Fri, 10 Dec 2021 12:59:08 GMT
via: 1.1 varnish, 1.1 varnish
age: 82
x-cache: MISS, HIT, HIT
x-app-cache: HIT
x-age: 0
content-encoding: gzip
content-length: 3744
x-served-by: config-service-a002-ash-prod.krxd.net, cache-bwi5150-BWI, cache-cdg20780-CDG
x-response-time: 1
x-do-esi: esi
x-timer: S1639141149.926988,VS0,VE1
etag: "6b7f7c5dd851aeb3a658ac72e276f359fcdeb737"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=1200
accept-ranges: bytes
x-cache-hits: 0, 1, 1

GET
H3 200 index.html Show response
s0.2mdn.net/4528516/1018994438718716/ Frame 639E 7 KB
3 KB 23ms
14ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/4528516/1018994438718716/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a316d433a95dc78be12ef9b52d1418f61a84476596636e63b684dfaac344c3da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 2669
date: Thu, 09 Dec 2021 23:01:12 GMT
expires: Fri, 10 Dec 2021 23:01:12 GMT
last-modified: Mon, 01 Nov 2021 14:50:27 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 50276
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame ACFC 0
61 B 79ms
51ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstpMwo15d_gV5IY6o6ZZunosGuwHpTDMlb_D4xjsdp_n76hxDZZ-cH8n7SYDieRo5CYi6P30gItNqfpW0rZbCKI30TAP3d85G2dSsaCYgAWIJda-44OuIGsVCdr0nDYzIjVa-GcDHjlh91XKA_ofdNkfCGZOd5RD897TP28aTm6hodwRkgp7HWx13peYg3fo9FByuzm92Wz7UyQLR2BizIl0w0oyYSJ-KTTFhX7N9y3YhJQKUJfin5HbvC7fMSiq542e0iu8l6rGwa76f7eZS5yxXNMomkLOOzo4iVmu0srol1MLDMYIlPsiF-ysLI9W-5QOo9i_4tBlOfnDyQSx6jasolbAZQ4CWwdT_qF8CZR8QfNWj0iwJ6WO_Mr3pcdE5yA_MZ1-R7NZ2DVXQU6uq2B37jYtB2tVD-eShapeJ_O86iFOgc63bpowQrgbzhNyCSkG_LIv5c8MfftFcWpmRl_7D5E2YooQNI9RnCxDBoTmalxoq_gpVVYktVdVVdaJOGw6Qf0WG6Fx5wvJ0SzTTUCr3MczRSUWY-K1vSllnavgz41fRsbSQi7sI0rSWCvmzVoSziTzB_UHQ-hSljFqZGugYPcz7oXQnolmtiHDRfESFlEQeBBJ_hLdfrehM9fucXvAiD8o_Rlqxp9gGaX82f9cerkseOgHSoQNl2cxGGzwC2Tehypky_caE-PdJwc5Ers96BgjS1dI-66tRY_RwqYkXZHccEK-OjaouktSG8WBXkuUWZsjzMX4FNyeGmPFJ07rvRynjRl_eqUrSdb6zR1CXga9qw1c_05q0iEssvd1s79WgTvkQtYSc-3CS9Bk42q6OUaMxvWhdCbyGj-ZWDfmH-rCER_2P6k7A5XkHGmAfKo_7cPrINxNxtFjf3HuOVbb1T4NfiGNwRZgAPAIHY7hpMgOLhUeH7eXtW6OYVK90rprkBe46axjFO8id--5_nZ2lvM6KQEyCnqR5PtQYHF-lFe0u6DdkThgaQqM9hZCcR2txxsS5Rj59lGJ0o6Wyd9KnIlGuvML1JauMQd5e52s9uBxo8mL7Br8PN5pQg77RORfXIc859J_LhYhBI-mbjINd_XT08RtG975bNmWo_4oLO6gtZD-_xzbgGU5Dlit776XHwK4RB13wZoPhus2uwWd05AcDlknFiI9CsnCL-GXoxd5_an4Cq-GPued3sFfhXdjZqiGVFKRn3hCWssLwIRde30Hgz7hpeNZKU&sai=AMfl-YQSm5O8g0MOyuWJDJOWAQosEEqUrJH9kWzjWjxEZ-Pggm6l8wQ5JtYcBWir_saop0bbdKhPQBUajca10XCKVk0QNExAvWIrDEsyPvayxFlciYB8ra_nbXNmwGJ8MSCx6GyCTSYN4GRsX4vwGSvnVpZcr8exYYkJp_pEr0w&sig=Cg0ArKJSzMMqM83fHA0gEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=152&cbvp=1&cstd=150&cisv=r20211207.14363&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Fri, 10 Dec 2021 12:59:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/7528030847950618035/ Frame 2330 11 KB
3 KB 17ms
14ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7528030847950618035/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bcc36d4cfff125d2b0f003618bc567324b4e2b04bc46dec0c9c98b94ed721e24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 3425
date: Mon, 06 Dec 2021 15:22:02 GMT
expires: Tue, 06 Dec 2022 15:22:02 GMT
last-modified: Mon, 29 Nov 2021 14:52:51 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
age: 337026
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9DE7 0
571 B 74ms
50ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstn8r9jbBXBMqOfSs8RzWEpXbDtREWpEhXCrUovVP8uIj3vhvVDT6gRXvWFmcSu07cm6i80N-V8MDIF843l6GnR4UaepgvsOJWjHkmQiapcld67OoiXJ0-CxdaJxxh4ZyK15Jv77Modzsdha2wCxrEY8Ya1X_fjEZZaDTbZKavqwiXFG1N1O7nu0StNklMVNAwDSloi72zp8xNeG7C-Q5J4_--WcihY-qJtF4H1U1F6xivXcy-bchdkdktVTVZyqJsbe050rKL-x4Ne1llQzfypNPdlRshfPp44o_KmbkonxRI3bNrWJz3ojkLAmYv3t_OKx1EQk_qGzL-te3E_BK64GMQwgR5wGSKIhoC-lFUxVt4SYl-WFZkTtHer2ahHAMzBOQnVLm3T5ir-FYJIANfWZfxdQYufs2shVdWq9teWA1CWtKMATRmd6Sm0rKJfajT2razPKAQ9zkquErvsBhvp0XJc2jAZr00miefNKX9k4AwAq_HXX-UBJvfaPTveNkQRevfP35BQOj5HHebcx20XjsgQ4MDMYZ1e4xHXF6OmSnQJEqZxGkTzHKektPfs118kfhEIl3fO0t7J-hM7ybzJYRytO0OAyjzOBaUVJH5rXaGea2uk0xMQjycC--ojzYaBt-y6CBVM4uIHgP5t4mp6cboDOuzr9AGBt28Xdsi7f4yWOFqfZ7yh-b62SyexySNq3nzCRXLPzCW2FDO5HhyNOUZHVIcDkclTbbUDmYy2Xnlf-8Di8jViO4PjJy_rIl7SSABdNSPk-su9V6_Y35lkgb75jOi57zOdTT8pIOMepzISDA4J2Ygja_aVVMCozddgYeMBmzBRSu7a79Xb47hNA-8vnfrWLG0THytMyWtxepETI8mV1vkVnJGgU7AaQKbZmH88tonF_uf-bFszVFkZka7rjIKq_pRhYp0dvqBRK2wmEr5Zl0cO17ctFJaXLH0fILK90ywPV7BJUmoYHsQoPYghIEjLD4IVUVpdEOK6bWMWc_FDiLQ8K5CX6pkSwgLLJ24rOgKE_1wGwtrvoTF2MYInnhHXZpX56vC94Q37TZkjpOf81HC63Z6lLwU4817s_52qpIUM1y6MQnmn0gG99wMlbnz7cZSQ4Kgxvj4_LxSRSWh_i9f5Kwi0LHcAECvpK0UIaN6Xc9Q1lD2J8V7gfOeZwuxUy0YglWSJAwzommnkInUGJFpf&sai=AMfl-YQq7rWxfS3Q2o8seZ_sO3hGHiVuh3wCiYpQs84xbt6VZdRG7e6oUKbVgM-x1Xd_HZyEdUfQC8TbaQH5rAxeTVjqF_kUVu_x4arCLMSsKW3cSAHeZh1isktKkbUjOyTSEWlB-Hd8dldBdRQWfcnZTeEgOil7Hv6tglx9iR4&sig=Cg0ArKJSzDfQWsHqVhrrEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=109&cbvp=1&cstd=108&cisv=r20211207.74711&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Fri, 10 Dec 2021 12:59:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 impl_v81.js Show response
www.googletagservices.com/dcm/ Frame 2B8C 41 KB
17 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v81.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f3be6ad457ba5d4425f4d105688e9cf5a32595ff156bd290c8ccbe0e6ca3a68a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 09:06:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 100369
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17189
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 19:28:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 09 Dec 2022 09:06:19 GMT

GET
H2 200 / Show response
geoloc.m32.media/json/ 242 B
423 B 129ms
98ms XHR
application/json 35.227.201.248
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://geoloc.m32.media/json/

Requested by

Host: rdc.m32.media
URL: https://rdc.m32.media/madops.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.201.248 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

248.201.227.35.bc.googleusercontent.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

d003d50642152c4c118d90d660f246ab30405e7ade16349f7332863fa38dcf0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:08 GMT
content-encoding: gzip
x-database-date: Fri, 10 Dec 2021 02:00:14 GMT
server: nginx/1.18.0 (Ubuntu)
vary: Origin
content-type: application/json
access-control-allow-origin: https://www.elfinancierocr.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubdomains;
alt-svc: clear
via: 1.1 google

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/12403946963978149558/ Frame 1A47 11 KB
3 KB 12ms
7ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12403946963978149558/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dc01323987c050dd4e410f0cc5c845502df1eaa1198f40ba5ffe1a36fa5ae52e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 3332
date: Wed, 08 Dec 2021 02:34:29 GMT
expires: Thu, 08 Dec 2022 02:34:29 GMT
last-modified: Tue, 16 Nov 2021 13:16:10 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 210279
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame C4D6 0
61 B 58ms
54ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsueNychyGvFP-opzxkrfELzSgblNFzEHfali_G3JiLq2angEWYCPZ7Ikl33CKiKDd3n1gZfi7m8MrVggR0bgf3c2D-cFPAEppyYe3rCKyrhM-slcbu2MVRPaIJXPJqKlg0ptvfjmCa4oISMWw6_h1EA2TJ1WSdz5ZRAWa2bnqi4LOc8IxfQ3B5ClBdgzP6JJRcaAazIVaUrUJmljw9meg1CsA10k03fqKQEoo6zJiQlliaWg_6d-KSnD0-6JtLdjLSIMH0KSTM4xx9ypm_okOwiiVxGPmcLuLXYNR9RxH2YHz6jmr_J1MtNcXBLkMrIZ_lVmNByFjU6csIZIET-qXtbzcbS7EAEEL_W0znweHf7-hPlrW2gnKdu0ooPtvL7HcgOeQ4Zd5y8fW-klM1E9mvKhihVOZvs9P2h6B2r6bUd_CYePU6w4XJtmlEL3PutbKFS4TPt-7mSpj1y1XlDG2Nof62iwVgWybkC4Z93UYOXVssz-X9893kLw6oFiKcaEz3h7jr5_UMDVQGWj-yDtIr2zW9oZbJ5z50k0wF5mHTYrcGMl0U5UAb8c19IwQDlB_Tu_FGMH6QCcxW1Ih0BSDYGC_bDW-ZcGpHnTb6p4T0ftJKmSfqbqANDD_mcOVZsdh7kOkrXhoeMzqxE_6ZKDH-3YAkOvjz46Iaa0LuRX6WpY_Zu3YypMUkAoCkmhMcRdczYtc096EfNtawosgLK6R_XVP3j_D6Rvqrfnf-II8oVyj3o60g8h-mWCMqSXr5gQJLjE3fqsR97L3T5dvtzTKL8x9KiCDFTrNV2UBlWGvqmopEX24JqSe5-1W_5ozKL_A_4jN-NZp_OBsEXNXRiBUmYMuXZyFP2TzPq4SXzr0gXJxpjgJy0NjuShzVKsh4azO5OfW4eGm47spc9B8ZZsIyI3OxTs8_Pj-4UY9fhdz2pws51Ijlbb217YjW4DsGO62Ko6w20HLGJe47NQoRFCBNnO6Mrbt_EtaZcWuSEJTSDenrofWzbc_7IeZEmu6XjnDEBPo1GawPyrv8tJLg8fA48uqdFlYt4thckFxHC68UD2m02xmMlNhQY0PM-8H2ECB89kAXRH0TNVI93QEwCHa7FzLpMIQXa9NeXExDglM1xOihxha5ks4HnzLQ1jjjosvDiA8MMs7ChJDqqYi-GKowBbxy-p0f_FUmYrN6gaRLEAsjkIn7NdCxo43CO-w&sai=AMfl-YRYeYZy-H6GhgCLCjF0YixHNja88wCgXLTdPC-TotYzzDxzF5gjsdCjnd4LrAEXoK-9C0icO_6N35mQVLa5cRwL9ytvDGUHTvmoQRoi4AFNT99n0LVlraSV-a8NDBtkeY6wiuILTwQzkLUkzETlSNe4lBfIPN-jOmakDF0&sig=Cg0ArKJSzCdxev7h1ShkEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=133&cbvp=1&cstd=131&cisv=r20211207.41604&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Fri, 10 Dec 2021 12:59:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 1815 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Thu, 09 Dec 2021 18:05:45 GMT
expires: Fri, 09 Dec 2022 18:05:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 68003
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame ACFC 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 18:05:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 68005
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Dec 2022 18:05:43 GMT

GET
DATA 200
OK truncated
/ Frame ACFC 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 55150fca5ea96377511a6d85138febb35d8f6694e696bfd5baf839f2b2715919

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame D6FE 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 18:05:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 68005
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Dec 2022 18:05:43 GMT

GET
DATA 200
OK truncated
/ Frame D6FE 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5c4d82ad8b212d6ec91c1c0418ae05d21516476b430ad33bc38f7b8284028cdd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame C4D6 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 18:05:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 68005
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Dec 2022 18:05:43 GMT

GET
DATA 200
OK truncated
/ Frame C4D6 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cf0d76723545b9c97ceaafdf280acb5b674eefcf786afc0f8939c9b328c73a04

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9DE7 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 18:05:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 68005
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Dec 2022 18:05:43 GMT

GET
DATA 200
OK truncated
/ Frame 9DE7 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ca2433c0db1c0520973b0c1353c2a5280f528c08fcb6b65586e7cf3e2b834834

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 usync.html Show response
ad.lkqd.net/cookie-sync/ Frame CE7E 5 KB
2 KB 22ms
21ms Document
text/html 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.lkqd.net/cookie-sync/usync.html
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: b6ff02c733394664dbb2178c88a0d8ab1292602aaad412e44ee83c3ab7943faf

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Fri, 10 Dec 2021 12:59:09 GMT
content-encoding: gzip
content-length: 1909
content-type: text/html
last-modified: Tue, 26 Oct 2021 15:08:45 GMT
accept-ranges: bytes
etag: "10c6626c1705141142b0302e29b3bd0e"
cache-control: public, max-age=1209600
x-hw: 1639141149.cds071.lo4.hn,1639141149.cds074.lo4.c
access-control-allow-origin: *

POST
H2 200 ad Show response
v.lkqd.net/ Frame 249C 223 KB
11 KB 166ms
165ms XHR
application/json 146.20.128.68
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://v.lkqd.net/ad?pid=430&sid=1010002&formats=true&output=json2&support=html5&execution=outstream&placement=slider&playinit=auto&volume=0&width=400&height=225&gdpr=0&gdprcs=&pageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&dnt=0&c1=&c2=0&c3=1.0%2C1!vidoomy.com%2C53160%2C1%2C&c5=&c6=53160&rnd=67523446&m=&rtv=1&thost=www.elfinancierocr.com
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.68 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: c634ffefd7b827041dc43732dccbfa649de8e403ce7da26cdc5f84a366fc6d23

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 10 Dec 2021 12:59:09 GMT
content-encoding: gzip
server: nginx
content-type: application/json
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 10612

OPTIONS
H2 200 ad
v.lkqd.net/ Frame 0
0 282ms
93ms Preflight 146.20.128.68
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://v.lkqd.net/ad?pid=430&sid=1010002&formats=true&output=json2&support=html5&execution=outstream&placement=slider&playinit=auto&volume=0&width=400&height=225&gdpr=0&gdprcs=&pageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&dnt=0&c1=&c2=0&c3=1.0%2C1!vidoomy.com%2C53160%2C1%2C&c5=&c6=53160&rnd=67523446&m=&rtv=1&thost=www.elfinancierocr.com
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.68 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Fri, 10 Dec 2021 12:59:09 GMT
content-length: 0
access-control-allow-origin: https://www.elfinancierocr.com
access-control-max-age: 300
cache-control: max-age=300
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Content-Type
access-control-expose-headers: Content-Type, Content-Disposition
access-control-allow-credentials: true

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 65cb5cd5882c666a22bf188d80f04fe01f56fbb3428e29d74aa24e3d9b1c783b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 B26292404.316897482;dc_ver=81.236;dc_eid=40004001;sz=300x250;u_sd=1;kw=15083772455;dc_adk=943508953;ord=3ze1yh;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-tO3G0-zY... Show response
ad.doubleclick.net/ddm/adj/N238002.3886603PMPRECISIONDE/ Frame 2B8C 61 KB
26 KB 100ms
61ms Script
text/javascript 142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N238002.3886603PMPRECISIONDE/B26292404.316897482;dc_ver=81.236;dc_eid=40004001;sz=300x250;u_sd=1;kw=15083772455;dc_adk=943508953;ord=3ze1yh;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-tO3G0-zYbn9L9uAjuwP7dKp0ArYlvHYZr2T4eDNDvAuEAEgn6rCZ2CV4pCCoAegAaP_z88ByAEJqQKlwlt7P_SyPqgDAaoEggJP0DOC-CNMUSDfD39Hxl7oBE50qyLTGwXSopiCp4Zi-Z-H8g6rS4USrUZKjvRLU2mlhUgDk4Lem7zjKupE81aM-pG1YJhALr8PfmQdL5d4hdd4_q_QCcq91773zPN-UxTgkjngIn59M6y_5Ze3N349Hkp38GbOd3lM7XUzQ0XaBpuABAizQa4CDk1nchmjnvZteiqBQqEbGjx_QMhLu4z84Shpm8a_oP7PsvYYhJjaw9NF7jLYyK0TlAh0FnxFnq8AQQeevfVngcr9un2Qo7fiXqBLGlI86y9bQehNwqs4jotx0KNWhwWbSg6NCl_SQvzuBSpvP7yqvImKUsjOfe_Xs8PABP-Ww-LdA-AEA5AGAaAGTYAHxYCwsAKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE-Wmww3IE7y21d4D0BMA2BMKiBQB2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRoNiYypwuC2wVlUfwVSbDPC9MnJA%26sig%3DAOD64_2nM4X-0aGktKiRvTKZ-YmHLwJ11w%26client%3Dca-pub-3335706850330798%26dbm_c%3DAKAmf-AKp6H67U0hkIsQpVXxq3x-Byn6ob4Hhul2bTXZtuDwXrQF5QYsvx0JV2kWLMEnHD7Oe6bITxFEg1sSyqKajvGitGXMu0t3SMikrurmUslvqXhWv99BZ-ddlmFtn6Ll42up1EGrWGYyY0g8A0GtJgFMHC7HLg%26cry%3D1%26dbm_d%3DAKAmf-AT7Bvau0Grz3OCDmnr45JW1Q-oKSJXqXMHpFKYqOthl5sHHHTmnaoMlbFcUF0keXbfboGOq60n3fHIPVTfcn7bKS4cg5YJA8ZG7-GofVmomW9r0Vn3teyrc-TSwnU1f8LKKJ2tFxnvaWIiTmQ7vNtt_GjBkTwKxW_bhhTSr6Is4EYgL0bHkjRD5bBQ5xGpJcUE6ud8uM2kU8R5sEQCSnJLQFuxUYSEW2FxLScSaqYN2xE5rbStBes9tKl2PYMc9JsQV3NPmdoOE0_GqcGK9KmOEhs92v0HobPS3ahGNWUiqA5y0B3BqtVJKw5g9kgJ3C5vMtnsXjXuLPTE4Ik3D8tzlR6qL5E0P9Hhx97vkCuNAPE07-c0MFnMQ-bRwQ8CsLnkqlB2588Hen1W3CAosbYoKZ7CVWv5dMuCl9Q68HBrN-2F42L4LmmOwTzYYQghoWRsY6HYhs1PL2LXrGmk8k88EMjiPlXBpZ930PFcKZkpn1cgF3Zuzj5PM9tQYKHAaoOhLGzGXgJGjh1-2cxPWj9WfrIggck0QLAZCMtZz2fcU8l1M9xVJxKA2PssWyQKdrumwUch019zKuCJhsk0rdgy5nLiPhXw6jNcVM3JSxfiKziGz47ghDqA5ucB0-XK-BR9ZADouDBBnm3gReCPz5a87pi6OYry0RGZnht9A20FLPh9BhBVPi5rEzbGva7Q5bfKQA3cFg7AwJUfHrfBJgYulJPspA_lvZJjFUuemu7EDjjroXJeqnc7FPq5Uy855CE02lDn%26adurl%3D;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=1,https%3A%2F%2Fwww.elfinancierocr.com%2F$0;xdt=1;crlt='6.91i'le-;sttr=177;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v81.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

cafe /

Resource Hash

9688c90c765a81b523a7dcac6be60dad0b20f1d698bbefd16138ab5ba3dfb6b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:09 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25604
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 img-bg.jpg
s0.2mdn.net/sadbundle/7528030847950618035/assets/ Frame 2330 19 KB
19 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7528030847950618035/assets/img-bg.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7528030847950618035/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

64f2e67a1e120bcd4735ed1203d3e012b843ef3aa37516662280a57b4e7bac94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7528030847950618035/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 06 Dec 2021 15:22:02 GMT
x-content-type-options: nosniff
age: 337027
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19223
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 14:52:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Dec 2022 15:22:02 GMT

GET
H3 200 img-motif-0.png
s0.2mdn.net/sadbundle/7528030847950618035/assets/ Frame 2330 23 KB
23 KB 9ms
9ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7528030847950618035/assets/img-motif-0.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7528030847950618035/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

391bb74881cb39f753bb171957f1d1bab83f49abd233b6c19e8d32683699665d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7528030847950618035/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 06 Dec 2021 15:22:02 GMT
x-content-type-options: nosniff
age: 337027
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23129
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 14:52:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Dec 2022 15:22:02 GMT

GET
H3 200 img-motif-1.png
s0.2mdn.net/sadbundle/7528030847950618035/assets/ Frame 2330 23 KB
23 KB 13ms
10ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7528030847950618035/assets/img-motif-1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7528030847950618035/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a9e2549999b81964cea93f79ff9b7069a2c3f49dd3f24477fe415e05d3e43b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7528030847950618035/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 06 Dec 2021 15:22:02 GMT
x-content-type-options: nosniff
age: 337027
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23565
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 14:52:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Dec 2022 15:22:02 GMT

GET
H3 200 img-motif-2.png
s0.2mdn.net/sadbundle/7528030847950618035/assets/ Frame 2330 18 KB
18 KB 12ms
9ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7528030847950618035/assets/img-motif-2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7528030847950618035/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b0d1f3c7a5fb9363bec16bdf1d418fdb70c0027b9fc00b6707aa975089684a61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7528030847950618035/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 07 Dec 2021 16:09:43 GMT
x-content-type-options: nosniff
age: 247766
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17976
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 14:52:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 07 Dec 2022 16:09:43 GMT

GET
H3 200 tf-0.png
s0.2mdn.net/sadbundle/7528030847950618035/assets/ Frame 2330 3 KB
3 KB 15ms
11ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7528030847950618035/assets/tf-0.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7528030847950618035/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bcb49570bba9c9cd92102f4e343adeee801b7c47db022f779ee47ee5a55c821c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7528030847950618035/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 06 Dec 2021 15:22:02 GMT
x-content-type-options: nosniff
age: 337027
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2769
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 14:52:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Dec 2022 15:22:02 GMT

GET
H3 200 tf-1.png
s0.2mdn.net/sadbundle/7528030847950618035/assets/ Frame 2330 4 KB
4 KB 16ms
12ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7528030847950618035/assets/tf-1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7528030847950618035/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f36f6f1bb408949a0ee9afeecc9543b68964e2b693ee75b99e97a6ee42240a0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7528030847950618035/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 06 Dec 2021 15:22:02 GMT
x-content-type-options: nosniff
age: 337027
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4363
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 14:52:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Dec 2022 15:22:02 GMT

GET
H3 200 tf-2.png
s0.2mdn.net/sadbundle/7528030847950618035/assets/ Frame 2330 4 KB
4 KB 16ms
12ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7528030847950618035/assets/tf-2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7528030847950618035/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

19a322a6ce7f67fbeafc4643d7a82d74329ad1bfc65ce20b09bd13a8fb4ce93a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7528030847950618035/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 06 Dec 2021 15:22:02 GMT
x-content-type-options: nosniff
age: 337027
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4041
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 14:52:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Dec 2022 15:22:02 GMT

GET
H3 200 img-stoerer-0.png
s0.2mdn.net/sadbundle/7528030847950618035/assets/ Frame 2330 5 KB
5 KB 15ms
11ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7528030847950618035/assets/img-stoerer-0.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7528030847950618035/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bb07bfdbb9c8e4f74d67bf241759d4a3b6972513b5818da576106c8e870e62d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7528030847950618035/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 06 Dec 2021 15:22:02 GMT
x-content-type-options: nosniff
age: 337027
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5325
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 14:52:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Dec 2022 15:22:02 GMT

GET
H3 200 img-logo.png
s0.2mdn.net/sadbundle/7528030847950618035/assets/ Frame 2330 7 KB
7 KB 19ms
16ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7528030847950618035/assets/img-logo.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7528030847950618035/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b1e18b8bf2e860ed51dc54b018aed97602eb99d06a13752d4382f6a501cfba23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7528030847950618035/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 06 Dec 2021 15:22:02 GMT
x-content-type-options: nosniff
age: 337027
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6836
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 14:52:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Dec 2022 15:22:02 GMT

GET
H3 200 gfx_white.png
s0.2mdn.net/sadbundle/7528030847950618035/assets/ Frame 2330 95 B
122 B 18ms
15ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7528030847950618035/assets/gfx_white.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7528030847950618035/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a0fb2b43c3b4273b37b381dde95ff67fafffc136f9a4a36c48188c30989df47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7528030847950618035/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 06 Dec 2021 15:22:02 GMT
x-content-type-options: nosniff
age: 337027
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 14:52:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Dec 2022 15:22:02 GMT

GET
H3 200 tweenmax_2.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 2330 113 KB
38 KB 35ms
33ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7528030847950618035/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7528030847950618035/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38915
x-xss-protection: 0
last-modified: Tue, 19 Jun 2018 18:02:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 12:59:09 GMT

GET
H3 200 TKUT_v1.1.1.min.js Show response
s0.2mdn.net/sadbundle/7528030847950618035/assets/ Frame 2330 2 KB
1 KB 11ms
8ms Script
application/x-javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7528030847950618035/assets/TKUT_v1.1.1.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7528030847950618035/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bdb02d532d7bfd45b67a7b2cdec2f9022e4b53fcbc99e8dca2a4d8dbfafacd72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7528030847950618035/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 06 Dec 2021 15:22:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 337027
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1027
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 14:52:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Dec 2022 15:22:02 GMT

GET
H3 200 img-bg.jpg
s0.2mdn.net/sadbundle/355119113619368022/assets/ Frame EA17 9 KB
9 KB 14ms
13ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/355119113619368022/assets/img-bg.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/355119113619368022/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

13c1ab8db979abe38ed33d2f1becb5d085f3281286097f5ccf7ef8ee287072ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/355119113619368022/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 06 Dec 2021 15:22:17 GMT
x-content-type-options: nosniff
age: 337012
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9355
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 14:53:09 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Dec 2022 15:22:17 GMT

GET
H3 200 img-motif-0.png
s0.2mdn.net/sadbundle/355119113619368022/assets/ Frame EA17 9 KB
9 KB 13ms
12ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/355119113619368022/assets/img-motif-0.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/355119113619368022/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf6fbc51028fcf2ce45a24cb5c61a395578d29c94b824f91d557c0f9d0c98f20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/355119113619368022/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 06 Dec 2021 15:22:17 GMT
x-content-type-options: nosniff
age: 337012
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8977
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 14:53:09 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Dec 2022 15:22:17 GMT

GET
H3 200 img-motif-1.png
s0.2mdn.net/sadbundle/355119113619368022/assets/ Frame EA17 10 KB
11 KB 20ms
17ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/355119113619368022/assets/img-motif-1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/355119113619368022/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

797734b81543fd3b4ac20d2293d1470e297cfce588ae67cc2113b501a2dc3d55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/355119113619368022/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 06 Dec 2021 15:22:17 GMT
x-content-type-options: nosniff
age: 337012
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10748
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 14:53:09 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Dec 2022 15:22:17 GMT

GET
H3 200 img-motif-2.png
s0.2mdn.net/sadbundle/355119113619368022/assets/ Frame EA17 15 KB
15 KB 20ms
17ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/355119113619368022/assets/img-motif-2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/355119113619368022/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d6f9e14926444bdb66fb6812c46a00f47482a1f7d85ab97ff435d6cc38c69bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/355119113619368022/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 06 Dec 2021 15:22:17 GMT
x-content-type-options: nosniff
age: 337012
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15824
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 14:53:09 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Dec 2022 15:22:17 GMT

GET
H3 200 tf-0.png
s0.2mdn.net/sadbundle/355119113619368022/assets/ Frame EA17 8 KB
8 KB 21ms
18ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/355119113619368022/assets/tf-0.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/355119113619368022/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7f232b426b18f8f4806ae1586ad4582c9eb1d72dc015f1357e562193ada3b070

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/355119113619368022/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 06 Dec 2021 15:22:17 GMT
x-content-type-options: nosniff
age: 337012
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7910
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 14:53:09 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Dec 2022 15:22:17 GMT

GET
H3 200 tf-1.png
s0.2mdn.net/sadbundle/355119113619368022/assets/ Frame EA17 10 KB
10 KB 20ms
17ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/355119113619368022/assets/tf-1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/355119113619368022/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

105830fb09c42dc3c68fe66c0e3103dfc3721d180525999bc5d01326dff2814e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/355119113619368022/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 06 Dec 2021 15:22:17 GMT
x-content-type-options: nosniff
age: 337012
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10709
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 14:53:09 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Dec 2022 15:22:17 GMT

GET
H3 200 tf-2.png
s0.2mdn.net/sadbundle/355119113619368022/assets/ Frame EA17 3 KB
3 KB 22ms
19ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/355119113619368022/assets/tf-2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/355119113619368022/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d5f33e4272e764851d54af7e81ed73a8898097a0ba054df3406571a9b739a96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/355119113619368022/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 06 Dec 2021 15:22:17 GMT
x-content-type-options: nosniff
age: 337012
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2708
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 14:53:09 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Dec 2022 15:22:17 GMT

GET
H3 200 img-stoerer-0.png
s0.2mdn.net/sadbundle/355119113619368022/assets/ Frame EA17 4 KB
4 KB 22ms
19ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/355119113619368022/assets/img-stoerer-0.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/355119113619368022/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe68999ebdc2cf1ca0dd4f1da397eaaf4a692da3901af417c83a4c34b3339dda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/355119113619368022/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 06 Dec 2021 15:22:17 GMT
x-content-type-options: nosniff
age: 337012
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4061
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 14:53:09 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Dec 2022 15:22:17 GMT

GET
H3 200 img-logo.png
s0.2mdn.net/sadbundle/355119113619368022/assets/ Frame EA17 4 KB
4 KB 24ms
21ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/355119113619368022/assets/img-logo.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/355119113619368022/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81732ef8a3370a547b35a2c25cfa71e1bda0c8c2dfb27f0a57f43e78c72e4261

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/355119113619368022/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 07 Dec 2021 16:50:10 GMT
x-content-type-options: nosniff
age: 245339
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3745
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 14:53:09 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 07 Dec 2022 16:50:10 GMT

GET
H3 200 gfx_white.png
s0.2mdn.net/sadbundle/355119113619368022/assets/ Frame EA17 2 KB
2 KB 24ms
20ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/355119113619368022/assets/gfx_white.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/355119113619368022/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a3ed4eeb6ff0371ee043785da9c48b790cd734172ffe02155621376ff9284cd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/355119113619368022/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 06 Dec 2021 15:22:17 GMT
x-content-type-options: nosniff
age: 337012
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1928
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 14:53:09 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Dec 2022 15:22:17 GMT

GET
H3 200 tweenmax_2.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame EA17 113 KB
38 KB 34ms
31ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/355119113619368022/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/355119113619368022/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38915
x-xss-protection: 0
last-modified: Tue, 19 Jun 2018 18:02:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 12:59:09 GMT

GET
H3 200 TKUT_v1.1.1.min.js Show response
s0.2mdn.net/sadbundle/355119113619368022/assets/ Frame EA17 2 KB
1 KB 20ms
17ms Script
application/x-javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/355119113619368022/assets/TKUT_v1.1.1.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/355119113619368022/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bdb02d532d7bfd45b67a7b2cdec2f9022e4b53fcbc99e8dca2a4d8dbfafacd72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/355119113619368022/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 06 Dec 2021 15:22:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 337012
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1027
x-xss-protection: 0
last-modified: Mon, 29 Nov 2021 14:53:09 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Dec 2022 15:22:17 GMT

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame 639E 236 KB
63 KB 143ms
31ms Script
text/javascript 2a02:26f0:6c00::210:ba1a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/4528516/1018994438718716/index.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:09 GMT
content-encoding: gzip
server: Apache
cache-control: max-age=900
vary: Accept-Encoding
content-type: text/javascript
x-n: S
accept-ranges: bytes
expires: Fri, 10 Dec 2021 13:14:09 GMT

GET
H3 200 javascript.js Show response
s0.2mdn.net/4528516/1018994438718716/ Frame 639E 34 KB
8 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/4528516/1018994438718716/javascript.js?1635423452372

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/4528516/1018994438718716/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

209ffe2c4a3eb94ba983fadc62d46e9696c58c4b1aeef1aae8228f46e7f27b7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/4528516/1018994438718716/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 23:01:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50276
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8371
x-xss-protection: 0
last-modified: Mon, 01 Nov 2021 14:50:27 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 23:01:13 GMT

GET
H3 200 img-bg.jpg
s0.2mdn.net/sadbundle/12403946963978149558/assets/ Frame 1A47 9 KB
9 KB 16ms
16ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12403946963978149558/assets/img-bg.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12403946963978149558/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

13c1ab8db979abe38ed33d2f1becb5d085f3281286097f5ccf7ef8ee287072ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12403946963978149558/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 15:48:10 GMT
x-content-type-options: nosniff
age: 76259
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9355
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 13:16:10 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 09 Dec 2022 15:48:10 GMT

GET
H3 200 img-motif-0.png
s0.2mdn.net/sadbundle/12403946963978149558/assets/ Frame 1A47 6 KB
6 KB 16ms
16ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12403946963978149558/assets/img-motif-0.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12403946963978149558/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6da9d256b7a0d5b69e9fddb56491463fecc0ae806c15a58f703cc00475c65c44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12403946963978149558/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 15:48:10 GMT
x-content-type-options: nosniff
age: 76259
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6216
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 13:16:10 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 09 Dec 2022 15:48:10 GMT

GET
H3 200 img-motif-1.png
s0.2mdn.net/sadbundle/12403946963978149558/assets/ Frame 1A47 15 KB
15 KB 25ms
23ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12403946963978149558/assets/img-motif-1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12403946963978149558/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

131fc94431963db2aafd9df8e135a76ff12eb7a9c1701196a48c7c08aa1145e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12403946963978149558/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 15:48:10 GMT
x-content-type-options: nosniff
age: 76259
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15624
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 13:16:10 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 09 Dec 2022 15:48:10 GMT

GET
H3 200 img-motif-2.png
s0.2mdn.net/sadbundle/12403946963978149558/assets/ Frame 1A47 12 KB
12 KB 25ms
22ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12403946963978149558/assets/img-motif-2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12403946963978149558/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

257ee5eb94e65ae5ecc318ff256cf717b723e69844381ba1d217e56e385f5aa7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12403946963978149558/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 15:48:10 GMT
x-content-type-options: nosniff
age: 76259
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12191
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 13:16:10 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 09 Dec 2022 15:48:10 GMT

GET
H3 200 tf-0.png
s0.2mdn.net/sadbundle/12403946963978149558/assets/ Frame 1A47 3 KB
3 KB 28ms
25ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12403946963978149558/assets/tf-0.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12403946963978149558/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

800b5e93616451d2bf1d5d1c21c827d92af53762800cbe2fc774ede2a48ea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12403946963978149558/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 15:48:10 GMT
x-content-type-options: nosniff
age: 76259
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2672
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 13:16:10 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 09 Dec 2022 15:48:10 GMT

GET
H3 200 tf-1.png
s0.2mdn.net/sadbundle/12403946963978149558/assets/ Frame 1A47 3 KB
3 KB 27ms
25ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12403946963978149558/assets/tf-1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12403946963978149558/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

480cc82812c36e795d6ad86fb4627351331396178e063c8ac711366c0cc40df0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12403946963978149558/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 15:48:10 GMT
x-content-type-options: nosniff
age: 76259
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3422
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 13:16:10 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 09 Dec 2022 15:48:10 GMT

GET
H3 200 tf-2.png
s0.2mdn.net/sadbundle/12403946963978149558/assets/ Frame 1A47 3 KB
3 KB 27ms
24ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12403946963978149558/assets/tf-2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12403946963978149558/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d5f33e4272e764851d54af7e81ed73a8898097a0ba054df3406571a9b739a96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12403946963978149558/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 15:48:10 GMT
x-content-type-options: nosniff
age: 76259
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2708
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 13:16:10 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 09 Dec 2022 15:48:10 GMT

GET
H3 200 img-stoerer-0.png
s0.2mdn.net/sadbundle/12403946963978149558/assets/ Frame 1A47 4 KB
4 KB 26ms
23ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12403946963978149558/assets/img-stoerer-0.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12403946963978149558/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe68999ebdc2cf1ca0dd4f1da397eaaf4a692da3901af417c83a4c34b3339dda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12403946963978149558/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 15:48:10 GMT
x-content-type-options: nosniff
age: 76259
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4061
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 13:16:10 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 09 Dec 2022 15:48:10 GMT

GET
H3 200 img-logo.png
s0.2mdn.net/sadbundle/12403946963978149558/assets/ Frame 1A47 4 KB
4 KB 24ms
21ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12403946963978149558/assets/img-logo.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12403946963978149558/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81732ef8a3370a547b35a2c25cfa71e1bda0c8c2dfb27f0a57f43e78c72e4261

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12403946963978149558/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 15:48:10 GMT
x-content-type-options: nosniff
age: 76259
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3745
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 13:16:10 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 09 Dec 2022 15:48:10 GMT

GET
H3 200 gfx_white.png
s0.2mdn.net/sadbundle/12403946963978149558/assets/ Frame 1A47 2 KB
2 KB 26ms
23ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12403946963978149558/assets/gfx_white.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12403946963978149558/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a3ed4eeb6ff0371ee043785da9c48b790cd734172ffe02155621376ff9284cd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12403946963978149558/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 15:48:10 GMT
x-content-type-options: nosniff
age: 76259
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1928
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 13:16:10 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 09 Dec 2022 15:48:10 GMT

GET
H3 200 tweenmax_2.0.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 1A47 113 KB
38 KB 32ms
30ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.0.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12403946963978149558/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12403946963978149558/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38915
x-xss-protection: 0
last-modified: Tue, 19 Jun 2018 18:02:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 12:59:09 GMT

GET
H3 200 TKUT_v1.1.1.min.js Show response
s0.2mdn.net/sadbundle/12403946963978149558/assets/ Frame 1A47 2 KB
1 KB 22ms
19ms Script
application/x-javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12403946963978149558/assets/TKUT_v1.1.1.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12403946963978149558/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bdb02d532d7bfd45b67a7b2cdec2f9022e4b53fcbc99e8dca2a4d8dbfafacd72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12403946963978149558/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 15:48:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76259
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1027
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 13:16:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 09 Dec 2022 15:48:10 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame B25F 22 KB
8 KB 9ms
8ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Thu, 09 Dec 2021 18:05:45 GMT
expires: Fri, 09 Dec 2022 18:05:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 68004
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 controltag.js.a1705c5ac5f06cf0c202ff70908fc042 Show response
cdn.krxd.net/ctjs/ Frame ACFC 259 KB
83 KB 17ms
15ms Script
application/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/controltag/sfht0if3y.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 58d6350da5588a52d6baa4efc27a3362b4ee69dba3504fc762f934d7bb5d0bc4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_Controltag_S3
date: Fri, 10 Dec 2021 12:59:09 GMT
content-encoding: gzip
age: 1943880
x-amz-server-side-encryption: AES256
x-cache: HIT
x-cache-hits: 4731102
content-length: 84509
x-served-by: cache-cdg20780-CDG
last-modified: Mon, 02 Aug 2021 12:06:17 GMT
x-timer: S1639141149.102822,VS0,VE0
etag: "a1705c5ac5f06cf0c202ff70908fc042"
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=315360000
accept-ranges: bytes
expires: Thu, 31 Jul 2031 12:06:16 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D3BD 22 KB
8 KB 9ms
8ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Thu, 09 Dec 2021 18:05:45 GMT
expires: Fri, 09 Dec 2022 18:05:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 68004
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 9788 22 KB
8 KB 10ms
8ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Thu, 09 Dec 2021 18:05:45 GMT
expires: Fri, 09 Dec 2022 18:05:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 68004
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 249B 22 KB
8 KB 10ms
8ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Thu, 09 Dec 2021 18:05:45 GMT
expires: Fri, 09 Dec 2022 18:05:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 68004
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET cs
cs.lkqd.net/ Frame CE7E 0
0

GET

cs
cs.lkqd.net/ Frame CE7E
Redirect Chain

https://ad.turn.com/r/cs?pid=65
https://cs.lkqd.net/cs?partnerId=94&partnerUserId=9081290253182001588

0
0

GET
H3 200 A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Show response
pagead2.googlesyndication.com/bg/ Frame 1815 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 08:08:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 103830
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13610
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 09 Dec 2022 08:08:39 GMT

GET
H2 204 ad_impression.gif
beacon.krxd.net/ Frame ACFC 0
338 B 107ms
33ms Image
text/plain 52.30.186.249
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/ad_impression.gif?campaignid=11313517&advertiserid=4528516&placementid=150618917&adid=321276317&creativeid=160603169&siteid=1729994&url=https%3A%2F%2Fbeacon.krxd.net%2Fad_impression.gif&_kpid=af5fc09f-edef-481c-bfa7-696005c6deb3&confid=sfht0if3y
Requested by: Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.186.249 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-186-249.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:09 GMT
cache-control: private, no-cache, no-store
x-request-time: D=38 t=1639141149
x-served-by: beacon-n020-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9DE7 0
23 B 59ms
44ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstn8r9jbBXBMqOfSs8RzWEpXbDtREWpEhXCrUovVP8uIj3vhvVDT6gRXvWFmcSu07cm6i80N-V8MDIF843l6GnR4UaepgvsOJWjHkmQiapcld67OoiXJ0-CxdaJxxh4ZyK15Jv77Modzsdha2wCxrEY8Ya1X_fjEZZaDTbZKavqwiXFG1N1O7nu0StNklMVNAwDSloi72zp8xNeG7C-Q5J4_--WcihY-qJtF4H1U1F6xivXcy-bchdkdktVTVZyqJsbe050rKL-x4Ne1llQzfypNPdlRshfPp44o_KmbkonxRI3bNrWJz3ojkLAmYv3t_OKx1EQk_qGzL-te3E_BK64GMQwgR5wGSKIhoC-lFUxVt4SYl-WFZkTtHer2ahHAMzBOQnVLm3T5ir-FYJIANfWZfxdQYufs2shVdWq9teWA1CWtKMATRmd6Sm0rKJfajT2razPKAQ9zkquErvsBhvp0XJc2jAZr00miefNKX9k4AwAq_HXX-UBJvfaPTveNkQRevfP35BQOj5HHebcx20XjsgQ4MDMYZ1e4xHXF6OmSnQJEqZxGkTzHKektPfs118kfhEIl3fO0t7J-hM7ybzJYRytO0OAyjzOBaUVJH5rXaGea2uk0xMQjycC--ojzYaBt-y6CBVM4uIHgP5t4mp6cboDOuzr9AGBt28Xdsi7f4yWOFqfZ7yh-b62SyexySNq3nzCRXLPzCW2FDO5HhyNOUZHVIcDkclTbbUDmYy2Xnlf-8Di8jViO4PjJy_rIl7SSABdNSPk-su9V6_Y35lkgb75jOi57zOdTT8pIOMepzISDA4J2Ygja_aVVMCozddgYeMBmzBRSu7a79Xb47hNA-8vnfrWLG0THytMyWtxepETI8mV1vkVnJGgU7AaQKbZmH88tonF_uf-bFszVFkZka7rjIKq_pRhYp0dvqBRK2wmEr5Zl0cO17ctFJaXLH0fILK90ywPV7BJUmoYHsQoPYghIEjLD4IVUVpdEOK6bWMWc_FDiLQ8K5CX6pkSwgLLJ24rOgKE_1wGwtrvoTF2MYInnhHXZpX56vC94Q37TZkjpOf81HC63Z6lLwU4817s_52qpIUM1y6MQnmn0gG99wMlbnz7cZSQ4Kgxvj4_LxSRSWh_i9f5Kwi0LHcAECvpK0UIaN6Xc9Q1lD2J8V7gfOeZwuxUy0YglWSJAwzommnkInUGJFpf&sai=AMfl-YQq7rWxfS3Q2o8seZ_sO3hGHiVuh3wCiYpQs84xbt6VZdRG7e6oUKbVgM-x1Xd_HZyEdUfQC8TbaQH5rAxeTVjqF_kUVu_x4arCLMSsKW3cSAHeZh1isktKkbUjOyTSEWlB-Hd8dldBdRQWfcnZTeEgOil7Hv6tglx9iR4&sig=Cg0ArKJSzDfQWsHqVhrrEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=445&vt=11&dtpt=336&dett=3&cstd=108&cisv=r20211207.74711&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Fri, 10 Dec 2021 12:59:09 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame D6FE 0
23 B 52ms
44ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstnewV2l7bDL3p9Kf3AojAcs7m-TySGekqEsSwvxBNvR88zu8gv3c3lnQR-LLsJInnOHab0l6T-PjoBPH_NgpuFcHHFxxrKfIe-kGK9k-15VTqePA4C4A5ekakUcTQopWrv4PoYOnfElhZc1atH4uRHbtujCxEBYyb2FTEXBWj_GkEPsadYMXZI5QfYKthNXM5Wn6l-rfF5DH2dE8VFuSk3SAIwRACA2nMw2A9GjABCUUtK6TvgULkGUEEd6Bs4LqsfdwSWCbR03EvWMAI_fbeCdMEj-F2XO7V6NSpNxERxhlIPqBOOw7faPPRJi05HGU89wjdLr58XISbRJlt09Fu1i--vr7f1WmvPl61pAyOV5YMYClBvJvN4cO0at9SqXnxtCUoOu3HfOZ8OH9nFORcY7NAyrR-IYgFkTMDPytV0X0CuRtlY6W_ozBydZaYKBDwwaQsFTfOn5wa-wTrojlTQkxDbi2O02Cz9Y58PIH-QndMuXTJXCVKwlgTrNiuNr-GZkD-2CqcP_kGtIBptMO0r7PgDd12KpNpydrXfYmuGQLJR_d8kZr3vubNGe1nt7hbTv0Z5KAjNTCjfw2d0HxLlz_kareC0jJDBn-voYbKmLKso42xy208BmuXegTH_EjAtfVIjvOz1JBzwWeuySwFr7iIzo0Cik9_EoztTscaE2-0LXM298lXMxbc3YT4RjkWcQTwNzZ-aUlVnEPpcOZf-vfc1iPGTWrotUkgszRDFYq8eY7sPWXABxktp7CcvjUfnyEdU201SviuOI6ON1OsGB2U5afArdrPmO-ziHr2x3zpfha4ODp9e8lqsWGXKpWa-_n6vGpMBQjPUz4P0suNam7E5S1fs2wKPe2Mvyp7xAUVyWNn_gx_TZ4u_eqUHzrFd-kCxNobCQiC49J2yGxjj8DMb2HKh6eNCREYTbsL8ALRxVLX--iS1f9cY7D2yspl_f5BHt1rT4oPu4E5CFj_s6Kn90Rn7QX1xLvXshdKKdx7Mk__b-ZjrOMyHrMg4wgMvOh1w2gvSjkQwvBQAHs5w2YJIVOcnQBPg2vozcyJLDUFET2fjQhQUOkP-pU3C81HcxoLcNHHN2CppTCWYoXNGKac0azqUcUE3reAtQQmHJkzK4vqQbHkR0N9SvDlUiml6XdayQ-oHqQB3iNTCBbl_EeSIai4UDRgxDiA3cy0Rx71-_enf5TloIsfAhQ&sai=AMfl-YQoOZe8I8P2fSxGQG7itevSt5JFpfS__UBgwPCaIfQEE4gB6SQzWspPCyYYXXopdWSLMdBWEhM-gDTjbOj0fV8oG-9SqOaWcDuQIMGFm4vDzUIV7D8GW7hFlyJer8JQEMSsmXPGUlF8uomLGcyuXTlyegft1D0VAgEA0ns&sig=Cg0ArKJSzE0HEiDISrjNEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=509&vt=11&dtpt=356&dett=3&cstd=149&cisv=r20211207.05583&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Fri, 10 Dec 2021 12:59:09 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame C4D6 0
23 B 45ms
43ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsueNychyGvFP-opzxkrfELzSgblNFzEHfali_G3JiLq2angEWYCPZ7Ikl33CKiKDd3n1gZfi7m8MrVggR0bgf3c2D-cFPAEppyYe3rCKyrhM-slcbu2MVRPaIJXPJqKlg0ptvfjmCa4oISMWw6_h1EA2TJ1WSdz5ZRAWa2bnqi4LOc8IxfQ3B5ClBdgzP6JJRcaAazIVaUrUJmljw9meg1CsA10k03fqKQEoo6zJiQlliaWg_6d-KSnD0-6JtLdjLSIMH0KSTM4xx9ypm_okOwiiVxGPmcLuLXYNR9RxH2YHz6jmr_J1MtNcXBLkMrIZ_lVmNByFjU6csIZIET-qXtbzcbS7EAEEL_W0znweHf7-hPlrW2gnKdu0ooPtvL7HcgOeQ4Zd5y8fW-klM1E9mvKhihVOZvs9P2h6B2r6bUd_CYePU6w4XJtmlEL3PutbKFS4TPt-7mSpj1y1XlDG2Nof62iwVgWybkC4Z93UYOXVssz-X9893kLw6oFiKcaEz3h7jr5_UMDVQGWj-yDtIr2zW9oZbJ5z50k0wF5mHTYrcGMl0U5UAb8c19IwQDlB_Tu_FGMH6QCcxW1Ih0BSDYGC_bDW-ZcGpHnTb6p4T0ftJKmSfqbqANDD_mcOVZsdh7kOkrXhoeMzqxE_6ZKDH-3YAkOvjz46Iaa0LuRX6WpY_Zu3YypMUkAoCkmhMcRdczYtc096EfNtawosgLK6R_XVP3j_D6Rvqrfnf-II8oVyj3o60g8h-mWCMqSXr5gQJLjE3fqsR97L3T5dvtzTKL8x9KiCDFTrNV2UBlWGvqmopEX24JqSe5-1W_5ozKL_A_4jN-NZp_OBsEXNXRiBUmYMuXZyFP2TzPq4SXzr0gXJxpjgJy0NjuShzVKsh4azO5OfW4eGm47spc9B8ZZsIyI3OxTs8_Pj-4UY9fhdz2pws51Ijlbb217YjW4DsGO62Ko6w20HLGJe47NQoRFCBNnO6Mrbt_EtaZcWuSEJTSDenrofWzbc_7IeZEmu6XjnDEBPo1GawPyrv8tJLg8fA48uqdFlYt4thckFxHC68UD2m02xmMlNhQY0PM-8H2ECB89kAXRH0TNVI93QEwCHa7FzLpMIQXa9NeXExDglM1xOihxha5ks4HnzLQ1jjjosvDiA8MMs7ChJDqqYi-GKowBbxy-p0f_FUmYrN6gaRLEAsjkIn7NdCxo43CO-w&sai=AMfl-YRYeYZy-H6GhgCLCjF0YixHNja88wCgXLTdPC-TotYzzDxzF5gjsdCjnd4LrAEXoK-9C0icO_6N35mQVLa5cRwL9ytvDGUHTvmoQRoi4AFNT99n0LVlraSV-a8NDBtkeY6wiuILTwQzkLUkzETlSNe4lBfIPN-jOmakDF0&sig=Cg0ArKJSzCdxev7h1ShkEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=468&vt=11&dtpt=335&dett=3&cstd=131&cisv=r20211207.41604&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Fri, 10 Dec 2021 12:59:09 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 2B8C 169 KB
59 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
Origin: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 15:45:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76401
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60173
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 15:45:48 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame 2B8C 8 KB
3 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N238002.3886603PMPRECISIONDE/B26292404.316897482;dc_ver=81.236;dc_eid=40004001;sz=300x250;u_sd=1;kw=15083772455;dc_adk=943508953;ord=3ze1yh;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-tO3G0-zYbn9L9uAjuwP7dKp0ArYlvHYZr2T4eDNDvAuEAEgn6rCZ2CV4pCCoAegAaP_z88ByAEJqQKlwlt7P_SyPqgDAaoEggJP0DOC-CNMUSDfD39Hxl7oBE50qyLTGwXSopiCp4Zi-Z-H8g6rS4USrUZKjvRLU2mlhUgDk4Lem7zjKupE81aM-pG1YJhALr8PfmQdL5d4hdd4_q_QCcq91773zPN-UxTgkjngIn59M6y_5Ze3N349Hkp38GbOd3lM7XUzQ0XaBpuABAizQa4CDk1nchmjnvZteiqBQqEbGjx_QMhLu4z84Shpm8a_oP7PsvYYhJjaw9NF7jLYyK0TlAh0FnxFnq8AQQeevfVngcr9un2Qo7fiXqBLGlI86y9bQehNwqs4jotx0KNWhwWbSg6NCl_SQvzuBSpvP7yqvImKUsjOfe_Xs8PABP-Ww-LdA-AEA5AGAaAGTYAHxYCwsAKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE-Wmww3IE7y21d4D0BMA2BMKiBQB2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRoNiYypwuC2wVlUfwVSbDPC9MnJA%26sig%3DAOD64_2nM4X-0aGktKiRvTKZ-YmHLwJ11w%26client%3Dca-pub-3335706850330798%26dbm_c%3DAKAmf-AKp6H67U0hkIsQpVXxq3x-Byn6ob4Hhul2bTXZtuDwXrQF5QYsvx0JV2kWLMEnHD7Oe6bITxFEg1sSyqKajvGitGXMu0t3SMikrurmUslvqXhWv99BZ-ddlmFtn6Ll42up1EGrWGYyY0g8A0GtJgFMHC7HLg%26cry%3D1%26dbm_d%3DAKAmf-AT7Bvau0Grz3OCDmnr45JW1Q-oKSJXqXMHpFKYqOthl5sHHHTmnaoMlbFcUF0keXbfboGOq60n3fHIPVTfcn7bKS4cg5YJA8ZG7-GofVmomW9r0Vn3teyrc-TSwnU1f8LKKJ2tFxnvaWIiTmQ7vNtt_GjBkTwKxW_bhhTSr6Is4EYgL0bHkjRD5bBQ5xGpJcUE6ud8uM2kU8R5sEQCSnJLQFuxUYSEW2FxLScSaqYN2xE5rbStBes9tKl2PYMc9JsQV3NPmdoOE0_GqcGK9KmOEhs92v0HobPS3ahGNWUiqA5y0B3BqtVJKw5g9kgJ3C5vMtnsXjXuLPTE4Ik3D8tzlR6qL5E0P9Hhx97vkCuNAPE07-c0MFnMQ-bRwQ8CsLnkqlB2588Hen1W3CAosbYoKZ7CVWv5dMuCl9Q68HBrN-2F42L4LmmOwTzYYQghoWRsY6HYhs1PL2LXrGmk8k88EMjiPlXBpZ930PFcKZkpn1cgF3Zuzj5PM9tQYKHAaoOhLGzGXgJGjh1-2cxPWj9WfrIggck0QLAZCMtZz2fcU8l1M9xVJxKA2PssWyQKdrumwUch019zKuCJhsk0rdgy5nLiPhXw6jNcVM3JSxfiKziGz47ghDqA5ucB0-XK-BR9ZADouDBBnm3gReCPz5a87pi6OYry0RGZnht9A20FLPh9BhBVPi5rEzbGva7Q5bfKQA3cFg7AwJUfHrfBJgYulJPspA_lvZJjFUuemu7EDjjroXJeqnc7FPq5Uy855CE02lDn%26adurl%3D;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%2Cnull%2Cnull%2C%22%22%5D;dc_rfl=1,https%3A%2F%2Fwww.elfinancierocr.com%2F$0;xdt=1;crlt='6.91i'le-;sttr=177;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:52:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 389
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3140
x-xss-protection: 0
server: cafe
etag: 17163059639670574047
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 12:52:40 GMT

GET
H2 200 main.gr.19.8.270.js Show response
static.adsafeprotected.com/ Frame 2B8C 187 KB
60 KB 57ms
13ms Script
application/javascript 2600:9000:224a:a200:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.270.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/rjss/st/774473/57793669/skeleton.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:224a:a200:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 255d7536bc23ccf8c9daaffa1e8985fad893b4a6e879989d4a743cef3a14a234

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Mon, 22 Nov 2021 21:41:19 GMT
content-encoding: gzip
age: 1523871
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Mon, 22 Nov 2021 21:26:13 GMT
server: AmazonS3
etag: W/"97555862abc91b6f26be3ae590ed242e"
vary: Accept-Encoding
x-amz-version-id: SdE4MbHi75sePjhKKdXAKekDupsz0WTg
via: 1.1 5b9a6276a0cfe21df57da85d975de2dd.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: DUS51-P1
content-type: application/javascript
x-amz-cf-id: IdsD3bDeEfe48csSmlud2fLGT_hym9FYMwhSX7OxkhxY_ZQZy7Mmtg==

GET
DATA 200
OK truncated
/ Frame 2B8C 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9b6cc098ce01ad3b405db9e0a955589eae5b479cf1f4c16ca797a428db3bb659

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 t Show response
t.lkqd.net/ Frame AE50 0
169 B 93ms
92ms XHR
text/plain 146.20.128.192
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.192 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://www.elfinancierocr.com
date: Fri, 10 Dec 2021 12:59:09 GMT
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain; charset=UTF-8

OPTIONS
H2 200 t
t.lkqd.net/ Frame 0
0 94ms
94ms Preflight
text/plain 146.20.128.192
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.192 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Fri, 10 Dec 2021 12:59:09 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
access-control-allow-credentials: true
access-control-expose-headers: Content-Type, Content-Disposition
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS, POST
cache-control: max-age=300
access-control-max-age: 300
access-control-allow-origin: https://www.elfinancierocr.com

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8603 22 KB
8 KB 8ms
8ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Thu, 09 Dec 2021 18:05:45 GMT
expires: Fri, 09 Dec 2022 18:05:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 68004
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 af5fc09f-edef-481c-bfa7-696005c6deb3 Show response
consumer.krxd.net/consent/get/ Frame ACFC 236 B
426 B 70ms
35ms Script
text/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://consumer.krxd.net/consent/get/af5fc09f-edef-481c-bfa7-696005c6deb3?idt=device&dt=kxcookie&callback=Krux.ns.congstar.kxjsonp_consent_get_0
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 1c16d201a9100daacb04cf145129a08cb61e6c06afe4c81f9d63eb7090718c12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:09 GMT
via: 1.1 varnish
age: 0
x-served-by: consumer-a005-dub-prod.krxd.net, cache-hhn4071-HHN
vary: Accept-Encoding
x-cache: MISS, MISS
content-type: text/javascript; charset=UTF-8
content-encoding: gzip
cache-control: max-age=1800
x-age: 0
accept-ranges: bytes
x-timer: S1639141149.312648,VS0,VE25
content-length: 187
x-cache-hits: 0, 0

GET
H3 200 hintergrund.png
s0.2mdn.net/4528516/1018994438718716/ Frame 639E 19 KB
19 KB 7ms
7ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528516/1018994438718716/hintergrund.png?1635423452363

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3dddbcd995fc5c464a5d7c442c8f4608d9a7e7ae61de44ea416fbe979524bbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/4528516/1018994438718716/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 23:01:13 GMT
x-content-type-options: nosniff
age: 50276
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19683
x-xss-protection: 0
last-modified: Mon, 01 Nov 2021 14:50:27 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 23:01:13 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame ACFC 0
23 B 48ms
48ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstpMwo15d_gV5IY6o6ZZunosGuwHpTDMlb_D4xjsdp_n76hxDZZ-cH8n7SYDieRo5CYi6P30gItNqfpW0rZbCKI30TAP3d85G2dSsaCYgAWIJda-44OuIGsVCdr0nDYzIjVa-GcDHjlh91XKA_ofdNkfCGZOd5RD897TP28aTm6hodwRkgp7HWx13peYg3fo9FByuzm92Wz7UyQLR2BizIl0w0oyYSJ-KTTFhX7N9y3YhJQKUJfin5HbvC7fMSiq542e0iu8l6rGwa76f7eZS5yxXNMomkLOOzo4iVmu0srol1MLDMYIlPsiF-ysLI9W-5QOo9i_4tBlOfnDyQSx6jasolbAZQ4CWwdT_qF8CZR8QfNWj0iwJ6WO_Mr3pcdE5yA_MZ1-R7NZ2DVXQU6uq2B37jYtB2tVD-eShapeJ_O86iFOgc63bpowQrgbzhNyCSkG_LIv5c8MfftFcWpmRl_7D5E2YooQNI9RnCxDBoTmalxoq_gpVVYktVdVVdaJOGw6Qf0WG6Fx5wvJ0SzTTUCr3MczRSUWY-K1vSllnavgz41fRsbSQi7sI0rSWCvmzVoSziTzB_UHQ-hSljFqZGugYPcz7oXQnolmtiHDRfESFlEQeBBJ_hLdfrehM9fucXvAiD8o_Rlqxp9gGaX82f9cerkseOgHSoQNl2cxGGzwC2Tehypky_caE-PdJwc5Ers96BgjS1dI-66tRY_RwqYkXZHccEK-OjaouktSG8WBXkuUWZsjzMX4FNyeGmPFJ07rvRynjRl_eqUrSdb6zR1CXga9qw1c_05q0iEssvd1s79WgTvkQtYSc-3CS9Bk42q6OUaMxvWhdCbyGj-ZWDfmH-rCER_2P6k7A5XkHGmAfKo_7cPrINxNxtFjf3HuOVbb1T4NfiGNwRZgAPAIHY7hpMgOLhUeH7eXtW6OYVK90rprkBe46axjFO8id--5_nZ2lvM6KQEyCnqR5PtQYHF-lFe0u6DdkThgaQqM9hZCcR2txxsS5Rj59lGJ0o6Wyd9KnIlGuvML1JauMQd5e52s9uBxo8mL7Br8PN5pQg77RORfXIc859J_LhYhBI-mbjINd_XT08RtG975bNmWo_4oLO6gtZD-_xzbgGU5Dlit776XHwK4RB13wZoPhus2uwWd05AcDlknFiI9CsnCL-GXoxd5_an4Cq-GPued3sFfhXdjZqiGVFKRn3hCWssLwIRde30Hgz7hpeNZKU&sai=AMfl-YQSm5O8g0MOyuWJDJOWAQosEEqUrJH9kWzjWjxEZ-Pggm6l8wQ5JtYcBWir_saop0bbdKhPQBUajca10XCKVk0QNExAvWIrDEsyPvayxFlciYB8ra_nbXNmwGJ8MSCx6GyCTSYN4GRsX4vwGSvnVpZcr8exYYkJp_pEr0w&sig=Cg0ArKJSzMMqM83fHA0gEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=585&vt=11&dtpt=433&dett=3&cstd=150&cisv=r20211207.14363&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Fri, 10 Dec 2021 12:59:09 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Show response
pagead2.googlesyndication.com/bg/ Frame B25F 35 KB
13 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 08:08:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 103830
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13610
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 09 Dec 2022 08:08:39 GMT

GET
H3 200 A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Show response
pagead2.googlesyndication.com/bg/ Frame D3BD 35 KB
13 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 08:08:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 103830
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13610
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 09 Dec 2022 08:08:39 GMT

GET
H3 200 A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Show response
pagead2.googlesyndication.com/bg/ Frame 9788 35 KB
13 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 08:08:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 103830
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13610
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 09 Dec 2022 08:08:39 GMT

GET
H3 200 A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Show response
pagead2.googlesyndication.com/bg/ Frame 249B 35 KB
13 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 08:08:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 103830
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13610
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 09 Dec 2022 08:08:39 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/12595753840344563712/ Frame D342 10 KB
3 KB 16ms
15ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12595753840344563712/index.html?e=69&leftOffset=0&topOffset=0&c=w17kDGcjpn&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7f8e7e796b2d6bfc1b3d455c1c3a6219b15d3570aeeb1e30f49b376be8e5efcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 3081
date: Fri, 10 Dec 2021 12:59:09 GMT
expires: Sat, 10 Dec 2022 12:59:09 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 18 Nov 2021 11:17:53 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2B8C 0
23 B 43ms
42ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssj1ysJLB3dX2sbFB3VAl40F2TS97OGGXrz-32pr44zivhs115IuMwgW_t9NQJgVCu5hV6iacSQRzvOTmhT9ZfctvWxoEJ24v68ZnZaMkO8aDvfFvo0LfMjkLps5Rir8mzfB7773yryc83SNgK1DgWEeo2ZdzbY1Y3f&sig=Cg0ArKJSzFWOFYz0-_jsEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=123&cbvp=1&cstd=117&cisv=r20211207.79061&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Fri, 10 Dec 2021 12:59:09 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 stoerer.png
s0.2mdn.net/4528516/1018994438718716/ Frame 639E 4 KB
4 KB 8ms
8ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528516/1018994438718716/stoerer.png?1635423452363

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

09b8ff1678987ed790d4f097d38ee6b8d02f6ca83955a5b8d251fff927cd25d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/4528516/1018994438718716/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 23:01:13 GMT
x-content-type-options: nosniff
age: 50276
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4533
x-xss-protection: 0
last-modified: Mon, 01 Nov 2021 14:50:27 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 23:01:13 GMT

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame 2B8C
Redirect Chain

https://pixel.adsafeprotected.com/rfw/st/774473/57793669/skeleton.js?adsafe_url=https%3A%2F%2Fwww.elfinancierocr.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F1b1091daf731fcce98966461792b9f20.safef...
https://static.adsafeprotected.com/skeleton.js

17 B
466 B

10ms
10ms

Script
application/javascript

2600:9000:224a:a200:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js
Requested by: Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Server: 2600:9000:224a:a200:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 07 Jul 2021 08:35:57 GMT
via: 1.1 5b9a6276a0cfe21df57da85d975de2dd.cloudfront.net (CloudFront)
age: 13494193
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
cache-control: max-age=315360000
x-amz-cf-pop: DUS51-P1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: TO3G3nXvqxNVtmY9lyNfHS3pGzKl_KYz5wJUbdpEAFtyzCTv_IvnFg==

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:09 GMT
x-server-name: app02.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame A2DF 80 KB
21 KB 11ms
11ms Script
application/javascript 2600:9000:224a:a200:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:224a:a200:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 08:08:31 GMT
content-encoding: gzip
age: 6065439
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 5b9a6276a0cfe21df57da85d975de2dd.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: DUS51-P1
content-type: application/javascript
x-amz-cf-id: x03JhBMLlM9gRH36_-0i-MGlAYA1MNdbaGr-32DzSdWm1BIfX0dNjA==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2B8C 43 B
216 B 542ms
167ms Image
image/gif 52.27.219.1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=774473&asId=5d70f9be-ca18-0982-eeae-a1fc951df554&tv=%7Bc:woKqZD,pingTime:-3,time:307,type:v,clog:%5B%7Bpiv:-1,vs:n,r:,w:300,h:250,t:198%7D,%7Bpiv:100,vs:i,t:306%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:308,o:0,n:306,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:198,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B124~1%5D,as:%5B124~300.250%5D%7D%7D,%7Bsl:i,t:306,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B2~100%5D,as:%5B2~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sRc9dtw+11%7C12%7C131%7C14%7C151%7C152%7C161%7C17%7C181%7C182%7C183%7C191%7C192%7C193%7C1a1%7C1a2%7C1a3%7C1b*.774473-57793669%7C1b1%7C1b21%7C1b3%7C1b4%7C1c1%7C1c2%7C1c3%7C1d%7C1e1%7C1e2,idMap:1b*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by: Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.27.219.1 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:10 GMT
x-server-name: dt14.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2B8C 43 B
215 B 540ms
168ms Image
image/gif 52.27.219.1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=774473&asId=5d70f9be-ca18-0982-eeae-a1fc951df554&tv=%7Bc:woKqZF,pingTime:-6,time:309,type:i,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:309,o:0,n:306,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:198,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B124~1%5D,as:%5B124~300.250%5D%7D%7D,%7Bsl:i,t:306,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B3~100%5D,as:%5B3~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sRc9dtw+11%7C12%7C131%7C14%7C151%7C152%7C161%7C17%7C181%7C182%7C183%7C191%7C192%7C193%7C1a1%7C1a2%7C1a3%7C1b*.774473-57793669%7C1b1%7C1b21%7C1b3%7C1b4%7C1c1%7C1c2%7C1c3%7C1d%7C1e1%7C1e2,idMap:1b*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&tpiLookup=ao:www.elfinancierocr.com*&br=c
Requested by: Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.27.219.1 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:10 GMT
x-server-name: dt15.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 verlauf.png
s0.2mdn.net/4528516/1018994438718716/ Frame 639E 29 KB
29 KB 8ms
7ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528516/1018994438718716/verlauf.png?1635423452363

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae0c04f97ad979437002c8d7a3952846e58cb52ddebc83a6f3b3ae86caeedcce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/4528516/1018994438718716/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 23:01:13 GMT
x-content-type-options: nosniff
age: 50276
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29754
x-xss-protection: 0
last-modified: Mon, 01 Nov 2021 14:50:27 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 23:01:13 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2B8C 43 B
215 B 483ms
168ms Image
image/gif 52.27.219.1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=774473&asId=5d70f9be-ca18-0982-eeae-a1fc951df554&tv=%7Bc:woKr0C,pingTime:-2,time:368,type:a,im:%7Bsf:0,pom:1,prf:%7BbdA:211,bdZ:334,beA:903,beZ:904,mfA:1082,cmA:1083,inA:1083,inZ:1087,prA:1087,prZ:1095,si:1102,poA:1103,poZ:1118,cmZ:1118,mfZ:1118,loA:1212,loZ:1214,ltA:1271,ltZ:1271%7D%7D,sca:%7Bdfp:%7Bdf:3,sz:300.250,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:-1,vs:n,r:,w:300,h:250,t:198%7D,%7Bpiv:100,vs:i,t:306%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:369,o:0,n:306,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:198,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B124~1%5D,as:%5B124~300.250%5D%7D%7D,%7Bsl:i,t:306,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B63~100%5D,as:%5B63~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sRc9dtw+11%7C12%7C131%7C14%7C151%7C152%7C161%7C17%7C181%7C182%7C183%7C191%7C192%7C193%7C1a1%7C1a2%7C1a3%7C1b*.774473-57793669%7C1b1%7C1b21%7C1b3%7C1b4%7C1c1%7C1c2%7C1c3%7C1d%7C1e1%7C1e2,idMap:1b*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:1,renddet:DIV.qs.sn,sinceFw:167,readyFired:true%7D&br=c
Requested by: Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.27.219.1 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:10 GMT
x-server-name: dt16.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 style.css
s0.2mdn.net/sadbundle/12595753840344563712/ Frame D342 7 KB
2 KB 9ms
9ms Stylesheet
text/css 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12595753840344563712/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12595753840344563712/index.html?e=69&leftOffset=0&topOffset=0&c=w17kDGcjpn&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

992d4d6b7fc5fa7f331c55ea8081376e031d2785411a6584010f48e94c5f4ae8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12595753840344563712/index.html?e=69&leftOffset=0&topOffset=0&c=w17kDGcjpn&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 14:54:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 597864
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1662
x-xss-protection: 0
last-modified: Thu, 18 Nov 2021 11:17:53 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 03 Dec 2022 14:54:45 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame D342 118 KB
40 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12595753840344563712/index.html?e=69&leftOffset=0&topOffset=0&c=w17kDGcjpn&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12595753840344563712/index.html?e=69&leftOffset=0&topOffset=0&c=w17kDGcjpn&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 15:50:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 76112
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 15:50:37 GMT

GET
H3 200 CustomEase.min.js Show response
s0.2mdn.net/creatives/assets/4314432/ Frame D342 7 KB
4 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4314432/CustomEase.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12595753840344563712/index.html?e=69&leftOffset=0&topOffset=0&c=w17kDGcjpn&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e828e6ad4d3fd31aff91f5e557efbbd3eb175eecd76de5fd226ceb94406151e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12595753840344563712/index.html?e=69&leftOffset=0&topOffset=0&c=w17kDGcjpn&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:48:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 654
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3639
x-xss-protection: 0
last-modified: Wed, 29 Sep 2021 07:50:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 13:03:15 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame D342 60 KB
24 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12595753840344563712/index.html?e=69&leftOffset=0&topOffset=0&c=w17kDGcjpn&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12595753840344563712/index.html?e=69&leftOffset=0&topOffset=0&c=w17kDGcjpn&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 12:59:09 GMT

GET
H3 200 EON_BrixSansWeb-Black.woff
s0.2mdn.net/creatives/assets/4313292/ Frame D342 55 KB
55 KB 12ms
11ms Font
font/woff 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4313292/EON_BrixSansWeb-Black.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12595753840344563712/index.html?e=69&leftOffset=0&topOffset=0&c=w17kDGcjpn&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f507503841f44ee6ba0104d59b7ce4a80162d2cb809314d6c15fcdf089b0e4d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/12595753840344563712/index.html?e=69&leftOffset=0&topOffset=0&c=w17kDGcjpn&t=1&renderingType=2
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:47:45 GMT
x-content-type-options: nosniff
age: 684
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55954
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 15:18:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 13:02:45 GMT

GET
H3 200 EON_BrixSansWeb-Black.woff2
s0.2mdn.net/creatives/assets/4313292/ Frame D342 43 KB
43 KB 11ms
9ms Font
font/woff2 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4313292/EON_BrixSansWeb-Black.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12595753840344563712/index.html?e=69&leftOffset=0&topOffset=0&c=w17kDGcjpn&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f4d5008015a20efea096181df1f1964538b745ea638a4197514d05b6c2341a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/12595753840344563712/index.html?e=69&leftOffset=0&topOffset=0&c=w17kDGcjpn&t=1&renderingType=2
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:47:47 GMT
x-content-type-options: nosniff
age: 682
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43744
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 15:18:28 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 13:02:47 GMT

GET
H3 200 EON_BrixSansWeb-Bold.woff
s0.2mdn.net/creatives/assets/4313292/ Frame D342 58 KB
58 KB 13ms
12ms Font
font/woff 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4313292/EON_BrixSansWeb-Bold.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12595753840344563712/index.html?e=69&leftOffset=0&topOffset=0&c=w17kDGcjpn&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

941a3724badcabfe2080512c8f398df7626d38270e8f76c253666356955f3dc0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/12595753840344563712/index.html?e=69&leftOffset=0&topOffset=0&c=w17kDGcjpn&t=1&renderingType=2
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:57:06 GMT
x-content-type-options: nosniff
age: 123
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58905
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 15:19:56 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 13:12:06 GMT

GET
H3 200 EON_BrixSansWeb-Bold.woff2
s0.2mdn.net/creatives/assets/4313292/ Frame D342 45 KB
45 KB 14ms
13ms Font
font/woff2 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4313292/EON_BrixSansWeb-Bold.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12595753840344563712/index.html?e=69&leftOffset=0&topOffset=0&c=w17kDGcjpn&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae9a0f95ede822b1959d214ca0189f6b6390c3196696d4e54ea9141bc200cea8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/12595753840344563712/index.html?e=69&leftOffset=0&topOffset=0&c=w17kDGcjpn&t=1&renderingType=2
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:47:47 GMT
x-content-type-options: nosniff
age: 682
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45704
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 15:22:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 13:02:47 GMT

GET
H3 200 EON_BrixSansWeb-Regular.woff
s0.2mdn.net/creatives/assets/4313292/ Frame D342 58 KB
58 KB 17ms
17ms Font
font/woff 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4313292/EON_BrixSansWeb-Regular.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12595753840344563712/index.html?e=69&leftOffset=0&topOffset=0&c=w17kDGcjpn&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c324008782d78640ecf39d78c8e7c12f7bc1fca88fdf78eb778a51916ab4219

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/12595753840344563712/index.html?e=69&leftOffset=0&topOffset=0&c=w17kDGcjpn&t=1&renderingType=2
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:53:07 GMT
x-content-type-options: nosniff
age: 362
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58883
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 15:22:29 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 13:08:07 GMT

GET
H3 200 EON_BrixSansWeb-Regular.woff2
s0.2mdn.net/creatives/assets/4313292/ Frame D342 45 KB
45 KB 15ms
15ms Font
font/woff2 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4313292/EON_BrixSansWeb-Regular.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12595753840344563712/index.html?e=69&leftOffset=0&topOffset=0&c=w17kDGcjpn&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d0c47ebaa25efb04b800f2c5a886a2b14e7d812858b49a2f9e9a24cbdf42f4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/12595753840344563712/index.html?e=69&leftOffset=0&topOffset=0&c=w17kDGcjpn&t=1&renderingType=2
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:47:47 GMT
x-content-type-options: nosniff
age: 682
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45764
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 15:22:33 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 13:02:47 GMT

GET
H3 200 main.js Show response
s0.2mdn.net/sadbundle/12595753840344563712/ Frame D342 8 KB
2 KB 18ms
18ms Script
application/x-javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12595753840344563712/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12595753840344563712/index.html?e=69&leftOffset=0&topOffset=0&c=w17kDGcjpn&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66c77d8ff2941db7db72681bd8d20a098471a512bfaf2df207bac6b764fb1e42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12595753840344563712/index.html?e=69&leftOffset=0&topOffset=0&c=w17kDGcjpn&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 14:54:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 597865
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1976
x-xss-protection: 0
last-modified: Thu, 18 Nov 2021 11:17:53 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 03 Dec 2022 14:54:44 GMT

GET
H3 200 A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Show response
pagead2.googlesyndication.com/bg/ Frame 8603 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 08:08:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 103830
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13610
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 09 Dec 2022 08:08:39 GMT

GET
H3 200 visual.png
s0.2mdn.net/4528516/1018994438718716/ Frame 639E 23 KB
24 KB 10ms
9ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528516/1018994438718716/visual.png?1635423452363

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4de10bb7ed622654b08c43570d01d619e368da8e2218c88374f184ff2f66f09a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/4528516/1018994438718716/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 23:01:13 GMT
x-content-type-options: nosniff
age: 50276
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24046
x-xss-protection: 0
last-modified: Mon, 01 Nov 2021 14:50:27 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 23:01:13 GMT

GET
H2 200 optout_check Show response
beacon.krxd.net/ Frame ACFC 81 B
240 B 31ms
30ms Script
text/javascript 52.30.186.249
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon.krxd.net/optout_check?callback=Krux.ns.congstar.kxjsonp_optOutCheck
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.186.249 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-186-249.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 9d972200042ba6b67223a81d25a5e06824c04a87d87455a3e42924d011710ada

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:09 GMT
cache-control: private, max-age=0, s-max-age=0
x-request-time: D=60 t=1639141149
x-served-by: beacon-n014-dub-prod.krxd.net
content-type: text/javascript

GET
H/1.1 200
OK swfIndex.php Show response
ads.stickyadstv.com/www/delivery/ 67 B
727 B 143ms
142ms XHR
application/xml 2.21.142.210
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.stickyadstv.com/www/delivery/swfIndex.php?reqType=AdsSetup&protocolVersion=2.0&zoneId=7439281&_fw_us_privacy=0&_fw_gdpr=0&_fw_gdpr_consent=&schain=1.0%2C1%21vidoomy.com%2C53160%2C1%2C8819778234384590286714254473%2C%2C
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.142.210 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-142-210.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 291437ea71e62b1c35d4ec5d3c5ad02cfa930343b41b1472fba70243089c8bbe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:09 GMT
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.elfinancierocr.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 67
x-sticky-vk: 1639141149682027-409
Expires: Fri, 10 Dec 2021 12:59:09 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ 65 B
654 B 156ms
108ms XHR
text/xml 37.157.6.253
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?mid=970530&t=2&url=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02

Requested by

Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.253 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

s1.adform.net

Software

nginx /

Resource Hash

94e4cb19c22e935d07b372642b91d6ef04fa8a8c61aed1bc5b17a5e79cdb6a54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:09 GMT
content-encoding: gzip
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 173
pragma: no-cache
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: text/xml; charset=utf-8
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 tag Show response
4cywq-eqnre.ads.tremorhub.com/ad/ 119 B
470 B 477ms
277ms XHR
text/xml 2600:1f18:612b:4216:9401:1738:df44:473b

General

Check archive.org

Show headers Download Go to

Full URL: https://4cywq-eqnre.ads.tremorhub.com/ad/tag?adCode=4cywq-7ivfu&playerWidth=400&playerHeight=225&srcPageUrl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&schain=1.0%2C1%21vidoomy.com%2C53160%2C1%2C43845902867142544731944087532%2C%2C
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4216:9401:1738:df44:473b -, , ASN (),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 5616a6e1823b43919f7d1a33817cccfa1d9f30c9f10f2deb00d9c3671f91d5f0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:10 GMT
content-encoding: gzip
server: Apache-Coyote/1.1
vary: accept-encoding
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-tremorvideo-status: NO_AD
content-type: text/xml;charset=UTF-8

GET
H2 200 tag Show response
4cywq-eqnre.ads.tremorhub.com/ad/ 119 B
471 B 426ms
227ms XHR
text/xml 2600:1f18:612b:4216:9401:1738:df44:473b

General

Check archive.org

Show headers Download Go to

Full URL: https://4cywq-eqnre.ads.tremorhub.com/ad/tag?adCode=4cywq-7ivfu&playerWidth=400&playerHeight=225&srcPageUrl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&schain=1.0%2C1%21vidoomy.com%2C53160%2C1%2C4384590286714254473809154665%2C%2C
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4216:9401:1738:df44:473b -, , ASN (),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 5616a6e1823b43919f7d1a33817cccfa1d9f30c9f10f2deb00d9c3671f91d5f0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:10 GMT
content-encoding: gzip
server: Apache-Coyote/1.1
vary: accept-encoding
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-tremorvideo-status: NO_AD
content-type: text/xml;charset=UTF-8

GET
H2 200 av Show response
vidoomy-d.openx.net/v/1.0/ 48 B
351 B 43ms
23ms XHR
text/xml 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://vidoomy-d.openx.net/v/1.0/av?auid=540805079&url=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&cb=1772410282&vwd=400&vht=225&schain=1.0%2C1%21vidoomy.com%2C53160%2C1%2C43845902867142544731872728749,,
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.221.0 /
Resource Hash: a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:09 GMT
content-encoding: gzip
server: OXGW/16.221.0
vary: Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: text/xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 204 rtb Show response
a.vidoomy.com/api/rtbserver/ 0
146 B 27ms
27ms XHR
text/plain 3.122.218.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://a.vidoomy.com/api/rtbserver/rtb?id=872102031&w=400&h=225&skip=1&req_type=1&req_type=1&ip=&ua=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F96.0.4664.93%20Safari%2F537.36&l=EN&dt=2&c=DE&pid=53160&sid=&sname=&d=elfinancierocr.com&sp=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&coppa=&gdpr=0&gdprcs=&vpaid=1
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.122.218.60 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-218-60.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin: https://www.elfinancierocr.com
date: Fri, 10 Dec 2021 12:59:09 GMT
access-control-allow-credentials: true
vary: Origin
access-control-expose-headers: X-Vd-C

GET
H/1.1 200
OK swfIndex.php Show response
ads.stickyadstv.com/www/delivery/ 67 B
727 B 154ms
140ms XHR
application/xml 2.21.142.210
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.stickyadstv.com/www/delivery/swfIndex.php?reqType=AdsSetup&protocolVersion=2.0&zoneId=7439281&_fw_us_privacy=0&_fw_gdpr=0&_fw_gdpr_consent=&schain=1.0%2C1%21vidoomy.com%2C53160%2C1%2C43845902867142544731522908062%2C%2C
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.142.210 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-142-210.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 291437ea71e62b1c35d4ec5d3c5ad02cfa930343b41b1472fba70243089c8bbe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:09 GMT
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.elfinancierocr.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 67
x-sticky-vk: 1639141149687066-542
Expires: Fri, 10 Dec 2021 12:59:09 GMT

GET
H/1.1 200
OK swfIndex.php Show response
ads.stickyadstv.com/www/delivery/ 67 B
727 B 136ms
122ms XHR
application/xml 2.21.142.210
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.stickyadstv.com/www/delivery/swfIndex.php?reqType=AdsSetup&protocolVersion=2.0&zoneId=7439281&_fw_us_privacy=0&_fw_gdpr=0&_fw_gdpr_consent=&schain=1.0%2C1%21vidoomy.com%2C53160%2C1%2C43845902867142544731835223621%2C%2C
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.142.210 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-142-210.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 291437ea71e62b1c35d4ec5d3c5ad02cfa930343b41b1472fba70243089c8bbe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:09 GMT
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.elfinancierocr.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 67
x-sticky-vk: 1639141149813035-575
Expires: Fri, 10 Dec 2021 12:59:09 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ 65 B
533 B 162ms
117ms XHR
text/xml 37.157.6.253
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?mid=970530&url=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&t=2

Requested by

Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.253 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

s1.adform.net

Software

nginx /

Resource Hash

94e4cb19c22e935d07b372642b91d6ef04fa8a8c61aed1bc5b17a5e79cdb6a54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:09 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://www.elfinancierocr.com
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/xml
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

GET
H/1.1 200
OK 88k_nHSg_6XSp1263gyM+rBJnqbGxDqsAEHMK88FGSM= Show response
ads.adaptv.advertising.com/a/h/ 249 B
552 B 477ms
425ms XHR
text/xml 3.66.59.71

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.adaptv.advertising.com/a/h/88k_nHSg_6XSp1263gyM+rBJnqbGxDqsAEHMK88FGSM=?cb=1529255550&gdpr=0&gdpr_consent=&pet=preroll&pageUrl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&eov=eov&pi.width=400&pi.height=225&pi.viewable=1&scpid=53160&hp=1

Requested by

Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.66.59.71 -, , ASN (),

Reverse DNS

Software

adaptv/1.0 /

Resource Hash

6c138576e7381d3ab0aa7b511adc3a7cbb7fe3a3d33768bad05577f5dfc60cad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
server: adaptv/1.0
content-type: text/xml
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 192
expires: 0

GET
H2 200 vadtag.html Show response
vpaid.pubmatic.com/ads/video/ 1 KB
1 KB 114ms
67ms XHR
application/xml 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.pubmatic.com/ads/video/vadtag.html?adtype=13&pubId=156498&siteId=399115&adId=1801592&vadFmt=2&vapi=2&vminl=1&vmaxl=181&vh=225&vw=400&placement=1&vtype=1&vpos=1&vplay=2&vskip=0&vcom=0&vfmt=1+3+5+6+7+9+11&sec=1&gdpr=0&gdpr_consent=&kadpageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&schain=1.0%2C1%21vidoomy.com%2C53160%2C1%2C43845902867142544732016742498%2C%2C
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 382e46f577661380685e53a0f8dff4a39a56ce09ed4c94955a9e17ba07596211

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:09 GMT
content-encoding: gzip
server: Apache/2.2.15 (CentOS)
etag: "461ced-23ca-5c92d699e808f"
vary: Origin, Accept-Encoding
content-type: application/xml
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 785
expires: Fri, 10 Dec 2021 12:59:09 GMT

GET
H/1.1 200
OK 7585793 Show response
ads.stickyadstv.com/vast/vpaid-adapter/ 1 KB
2 KB 35ms
20ms XHR
application/xml 2.21.142.210
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.stickyadstv.com/vast/vpaid-adapter/7585793?supportsJavascript=true&supportsFlash=true&_fw_us_privacy=0&schain=1.0%2C1%21vidoomy.com%2C53160%2C1%2C4384590286714254473556843578%2C%2C
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.142.210 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-142-210.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 7ef7a784dec92d7ea6685e86565868bc4e87c80b88de4fec57ef2bdd4c36a737

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:09 GMT
Server: nginx
Content-Type: application/xml;charset=ISO-8859-1
Access-Control-Allow-Origin: https://www.elfinancierocr.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1190
x-sticky-vk: 1639141149698024-545
Expires: Fri, 10 Dec 2021 12:59:09 GMT

GET
H/1.1 200
OK 7585793 Show response
ads.stickyadstv.com/vast/vpaid-adapter/ 1 KB
2 KB 37ms
22ms XHR
application/xml 2.21.142.210
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.stickyadstv.com/vast/vpaid-adapter/7585793?schain=1.0%2C1%21vidoomy.com%2C53160%2C1%2C10735223934384590286714254473,,
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.142.210 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-142-210.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 35e58166ab31a9c00180c0c051caa126e88e4de4d6c20fdaf60e735e81c8414e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:09 GMT
Server: nginx
Content-Type: application/xml;charset=ISO-8859-1
Access-Control-Allow-Origin: https://www.elfinancierocr.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1158
x-sticky-vk: 1639141149579098-584
Expires: Fri, 10 Dec 2021 12:59:09 GMT

GET
H2 200 vadtag.html Show response
vpaid.pubmatic.com/ads/video/ 1 KB
1 KB 114ms
68ms XHR
application/xml 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.pubmatic.com/ads/video/vadtag.html?adtype=13&pubId=156498&siteId=399115&adId=1801592&vadFmt=2&vapi=2&vminl=1&vmaxl=181&vh=225&vw=400&placement=1&vtype=1&vpos=1&vplay=2&vskip=0&vcom=0&vfmt=1+3+5+6+7+9+11&sec=1&gdpr=0&gdpr_consent=&kadpageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&schain=1.0%2C1%21vidoomy.com%2C53160%2C1%2C43845902867142544731281656468%2C%2C
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 5fd9593d89e7c51d5dba6afdc4377698387a56de9e8b0b8060118baf2051bc2e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:09 GMT
content-encoding: gzip
server: Apache/2.2.15 (CentOS)
etag: "461ced-23ca-5c92d699e808f"
vary: Origin, Accept-Encoding
content-type: application/xml
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 785
expires: Fri, 10 Dec 2021 12:59:09 GMT

GET
H2 200 vadtag.html Show response
vpaid.pubmatic.com/ads/video/ 1 KB
1 KB 114ms
68ms XHR
application/xml 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.pubmatic.com/ads/video/vadtag.html?adtype=13&pubId=156498&siteId=399115&adId=1801592&vadFmt=2&vapi=2&vminl=1&vmaxl=181&vh=225&vw=400&placement=1&vtype=1&vpos=1&vplay=2&vskip=0&vcom=0&vfmt=1+3+5+6+7+9+11&sec=1&gdpr=0&gdpr_consent=&kadpageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&schain=1.0%2C1%21vidoomy.com%2C53160%2C1%2C43845902867142544731219854954%2C%2C
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 6f86a6b6e809db093d8feb1a76de34f224e5efd634665228c090320173a6ce5b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:09 GMT
content-encoding: gzip
server: Apache/2.2.15 (CentOS)
etag: "461ced-23ca-5c92d699e808f"
vary: Origin, Accept-Encoding
content-type: application/xml
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 784
expires: Fri, 10 Dec 2021 12:59:09 GMT

GET
H2 200 vadtag.html Show response
vpaid.pubmatic.com/ads/video/ 1 KB
1 KB 113ms
68ms XHR
application/xml 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.pubmatic.com/ads/video/vadtag.html?adtype=13&pubId=156498&siteId=399115&adId=1801592&vadFmt=2&vapi=2&vminl=1&vmaxl=181&vh=225&vw=400&placement=1&vtype=1&vpos=1&vplay=2&vskip=0&vcom=0&vfmt=1+3+5+6+7+9+11&sec=1&gdpr=0&gdpr_consent=&kadpageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&schain=1.0%2C1%21vidoomy.com%2C53160%2C1%2C17417298144384590286714254473%2C%2C
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2c0fcb77890aa8eae3ff9077573b6db373c826cbcaa879c6d2b71b20d1837340

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:09 GMT
content-encoding: gzip
server: Apache/2.2.15 (CentOS)
etag: "461ced-23ca-5c92d699e808f"
vary: Origin, Accept-Encoding
content-type: application/xml
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 785
expires: Fri, 10 Dec 2021 12:59:09 GMT

GET
H/1.1 200
OK 7585793 Show response
ads.stickyadstv.com/vast/vpaid-adapter/ 1 KB
2 KB 31ms
17ms XHR
application/xml 2.21.142.210
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.stickyadstv.com/vast/vpaid-adapter/7585793?schain=1.0%2C1%21vidoomy.com%2C53160%2C1%2C18012407034384590286714254473,,
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.142.210 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-142-210.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a23d243351ae64782f71e844d28f2a6d461eaa350c975621276d73a59efe4e50

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:09 GMT
Server: nginx
Content-Type: application/xml;charset=ISO-8859-1
Access-Control-Allow-Origin: https://www.elfinancierocr.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1158
x-sticky-vk: 1639141149659094-512
Expires: Fri, 10 Dec 2021 12:59:09 GMT

GET
H/1.1 200
OK 7585793 Show response
ads.stickyadstv.com/vast/vpaid-adapter/ 1 KB
2 KB 54ms
22ms XHR
application/xml 2.21.142.210
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.stickyadstv.com/vast/vpaid-adapter/7585793?supportsJavascript=true&supportsFlash=true&_fw_us_privacy=0&schain=1.0%2C1%21vidoomy.com%2C53160%2C1%2C4384590286714254473664740476%2C%2C
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.142.210 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-142-210.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: cd5f30ad28bfcfa0fa9f534c62f0a2b4229089af2c3215f3abdfd5b767e6b5bf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:09 GMT
Server: nginx
Content-Type: application/xml;charset=ISO-8859-1
Access-Control-Allow-Origin: https://www.elfinancierocr.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1190
x-sticky-vk: 1639141149577092-562
Expires: Fri, 10 Dec 2021 12:59:09 GMT

GET
H/1.1 200
OK 7585793 Show response
ads.stickyadstv.com/vast/vpaid-adapter/ 1 KB
2 KB 113ms
80ms XHR
application/xml 2.21.142.210
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.stickyadstv.com/vast/vpaid-adapter/7585793?schain=1.0%2C1%21vidoomy.com%2C53160%2C1%2C21304832664384590286714254473,,
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.142.210 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-142-210.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 27ece974910d6cddedf3e1e0756dbceff40bcf76b3bf7f388f9d88594caba302

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:09 GMT
Server: nginx
Content-Type: application/xml;charset=ISO-8859-1
Access-Control-Allow-Origin: https://www.elfinancierocr.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1158
x-sticky-vk: 1639141149652001-369
Expires: Fri, 10 Dec 2021 12:59:09 GMT

GET
H/1.1 200
OK LyoDzRX0cOv8KcvlY2oOQnb1IeL0zelHZZQf70KjSEs= Show response
ads.adaptv.advertising.com/a/h/ 249 B
552 B 475ms
427ms XHR
text/xml 3.66.59.71

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.adaptv.advertising.com/a/h/LyoDzRX0cOv8KcvlY2oOQnb1IeL0zelHZZQf70KjSEs=?cb=2094449251&gdpr=0&gdpr_consent=&pet=preroll&pageUrl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&eov=eov&pi.width=400&pi.height=225&pi.viewable=1&scpid=53160&hp=1

Requested by

Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.66.59.71 -, , ASN (),

Reverse DNS

Software

adaptv/1.0 /

Resource Hash

6c138576e7381d3ab0aa7b511adc3a7cbb7fe3a3d33768bad05577f5dfc60cad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
server: adaptv/1.0
content-type: text/xml
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 192
expires: 0

GET
H3 200 visual2.png
s0.2mdn.net/4528516/1018994438718716/ Frame 639E 19 KB
19 KB 58ms
57ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528516/1018994438718716/visual2.png?1635423452363

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc5fca409590dca039e15024e5cd10e7d1688abe1d9031bf378e670f1c5c9279

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/4528516/1018994438718716/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 23:11:22 GMT
x-content-type-options: nosniff
age: 49667
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19052
x-xss-protection: 0
last-modified: Mon, 01 Nov 2021 14:50:27 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 23:11:22 GMT

GET
DATA 200
OK truncated
/ Frame D342 232 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3541a291c616524557d75d04f5bf296fca63f3ee5ca5df78e045e48eaba9dcc4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame D342 232 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 887a71da48b4df1b36827f3437af336dc249878d36e97634328534860a0c0ac1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 icon-i.png
s0.2mdn.net/creatives/assets/4313155/ Frame D342 1 KB
1 KB 7ms
7ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4313155/icon-i.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12595753840344563712/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d31a55ac6a80651bdcc96fcf6ad9feadb814068fd6e9a7ea601d9535ab181f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12595753840344563712/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:48:15 GMT
x-content-type-options: nosniff
age: 654
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1061
x-xss-protection: 0
last-modified: Tue, 28 Sep 2021 16:03:13 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 13:03:15 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2B8C 0
23 B 43ms
42ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssj1ysJLB3dX2sbFB3VAl40F2TS97OGGXrz-32pr44zivhs115IuMwgW_t9NQJgVCu5hV6iacSQRzvOTmhT9ZfctvWxoEJ24v68ZnZaMkO8aDvfFvo0LfMjkLps5Rir8mzfB7773yryc83SNgK1DgWEeo2ZdzbY1Y3f&sig=Cg0ArKJSzFWOFYz0-_jsEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=645&vt=11&dtpt=522&dett=3&cstd=117&cisv=r20211207.79061&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Fri, 10 Dec 2021 12:59:09 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame D342 6 KB
4 KB 36ms
19ms XHR
application/json 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7999d358f732531dc591d53492b479324a18b7880c9076b736b080f54d74a9f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 10 Dec 2021 12:59:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4488
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame D342 17 KB
6 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
expires: Fri, 10 Dec 2021 12:59:10 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2B8C 43 B
215 B 169ms
167ms Image
image/gif 52.27.219.1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=774473&asId=5d70f9be-ca18-0982-eeae-a1fc951df554&tv=%7Bc:woKr7q,pingTime:-10,time:790,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Ni4wLjQ2NjQuOTMgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1639141150024%7C%7C7837a6fca28137023e1de0ea03e25ee0%7C%7Ca2fdad25d911a8a4b39828759d282361%7C%7C3a57df71c6595ec8518f8d19a75c2aea%7C%7C1c898cc669435073b94f47d210872610%7C%7Cbc36a76334a88e4efd64d35fb171c813%7C%7Cf6d3b09bf8a6eaccc7970586d2ebfb98%7C%7C5ad310e5874381e376f9ccac1f168475%7C%7C1629390669,im:%7Bimprf:%7Bttecl:1137,ecd:11,tsecr:119%7D%7D%7D
Requested by: Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.27.219.1 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:10 GMT
x-server-name: dt16.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame ACFC 42 B
64 B 42ms
42ms Fetch
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstM1WytM3tIORV8WcTOQyE-Fqw6GLoGockFfA0I0PTnf8ZpR6X4IxTpdgEhV3wU5BM1d0f0hxMzHeaQcsjNpLvZBgVlPcKCMUE4l1YwVhZkvpRNxkmG1A&sai=AMfl-YRUVDv4PNQA2kQLafraIJcgKYDM7IKm6Z2hfPKAeQX8654tSSnKQ-RFQwzc48c2zmJdIjGa_eE8gFuft1YuEgv8rb5nTJZQLC_6-aKvKMW3X6qrDL_2n0-3y_I-Rs-G&sig=Cg0ArKJSzHoa_NqadDriEAE&cid=CAASFeRo5u7EoWictJJv924LJMj4JuEndw&id=lidar2&mcvt=1047&p=94,436,184,1164&mtos=1047,1047,1047,1047,1047&tos=1047,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=840744514&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1639141148317&rpt=600&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1815 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bn8d_HE-zYbP-I_Gg7_UProGd2A4AAAAAOAHgBAI&bg=!UFOlUxfNAAZKWFskSlg7ACkAdvg8Wm6LZsllrOMUwzdRdTP7nlYAN0CI0xqxUv-NqYOi7yOkJAlU0AIAAAIzUgAAAItoAQcKADi3PTnYyBYdIsLSrY8OOTDk0wzgbM5tcVVKWkZrggiBOnRmkrY6zwcjd7mCDTRZD9fBZc7Z7MM60ZkDFTbOo55nUJFJ8A9QIWKMfSrDY2WOyCbQTcKHkZUPkYpS5aKElUHiji2Qxtq0DlEoVoHiyzntYvpr6W3h1xNO_sYD-rUehZAPuw5ZRJ9Lar7vXn6h9H1IvHFt-K-I6GRWpSAsqlv9wPZC027YMTDv31jTMfEpYPqDl_zMx0tByzuYenNiNhdrsFqJOb0dvQOXwlP2s62JghhWHhF5jbgTLi2MprIiGEFBYy-8BZv9xgfyoJDgaD54XMACf4FIZjhx3Gb9FD-pVkkiHEKAfaAKknAaism0WMdXsT_YOYmc2UPJDpbMtSriz-zom0xzFFW2giqbYPoXKwNv4bYfM70NnX8SIins6NuBIj3uyln85esMWtup7JJa_KENgat8cnKHtbRLFTndIitQDo4RLZTJpDY-ACxP2YVHp9Y_iIy2TDjuppOcDQAVlpvmZE7yqF2f83RFgWwJur9ks0dUoS0zV5-JcqlYIl072lrFB0wRfSOnqi2J5vWBjEKxsOnc1pSOj9GJP8BUpwv6meSTk1s09BgmYK6il0Uj16NZq-Ft38Y8bvo4DFS4ABfGmysgu4Qo6nTvTDXlO8k7_aAibZ8TZy8GCxKXl4vRx3-TI9RPQTePQBGpncwuXGJkiPRVJHWXLu-qLzsOE1geFu_FEGbJpgRhwzS4q9crkzUjri06w6F9FgX1_dFT1X6HZfigeB8vWeU9SB0J2VTGiLWclkkRywJcNcxG0Dy_6-NFp6hU4Lvir9MXzpobWGsHIxuXpEMLyw2lGkqZ_MwSFxQysyVTGqQEZW1-SBbMxb1pE9MDhmvUUjeXj1GcwlyBt6fm87zAwQFGuyK_ugRT9okl2OGR-qWRE37qjyVlVRS4Gnw6vwPv7MbljTIt42jQvr3xMvnCfCuxYQbwUniU4EraefDDNEyaWel3FfMbfHh9rXRq9p2gRBoMCtePwa_CwHfFeN9Wfix3qxlLiCPqeLrXzM1l15ViHzaeXvzHVnwqik67UjyllwCa8-WBfnDkbL8_C5yCxlxVALD5RNlqHMS9iExP9zDjyVaF2Q

Requested by

Host: 1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
URL: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Show response
pagead2.googlesyndication.com/bg/ Frame F69C 35 KB
13 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 08:08:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 103831
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13610
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 09 Dec 2022 08:08:39 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D3BD 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B82QXHE-zYcyxI-Kg7_UPjP2E8AwAAAAAOAHgBAI&bg=!oKOlo-fNAAZKWFskSlg7ACkAdvg8WkawGtVYatscGM5Q7t2KUF1GgdAfp0HcbxaF_Lat7ZzAOasM7AIAAAGYUgAAAEtoAQcKACr9Ji0TTfBtA6sSTECXbjb-9obnLTQybGKYIjvlBxJSg_zLUBTNC_02UHWZAxorXVYGu8_qwiDrhBafM5kacPp7bPebXELNBegh1R0FmjjPNnoX7s5v3AHmh6qfhLDaZ055-BxASh7qX36G1Dz6fqvCVicdlkUHMYB0hdTRUIZO8TqQxhRlHiPt5TgBVMMNVxir6WWF1sgPl5ILp2atR6chLnDOqnWo3Ec2gA1BHojy2W8NEG8lgZdi-LieRgusyY0MYo2Dd-TaOKKEn_C03FHP9SPEAPebeRAGYcHJHZalt5OWIB73Hm1wQ_hR-uaL4BBBGNf6Xn72WxU8dG51UsBBus3EWHgTcLv-ba8LQzkCpN857CLadrhmua6Sk2_kQWDugwCbIkalnUZ8yZStl9tTHrnGZ0w8_0NpR9hvnHi5VkdOKOfhfEG2VAZkh5LwMeYnaOmSkoUbvnWd9KxL4nWw_O9pdDDUDvaGprw3mN3zpZuu1jbpfvJlZ37bYrCOQxc5hiyHpXQo_cejNwEcLEw41wtDPmru7-sc3HEvIDza7E2fwei8P1DmXYGS6yD0hCungEJlP87IfwlCwbCkCH-_6zIDNgi99IP3qhjq4IXOV1WKSpSBf0cQoQ7wt6Lww-fgBFrP3jzC5FFc5Is_7VkqxU51orgwdYySxOSjDekP1EHldX3ULUAl5JLmXNupiSefQbypLERNmL_CZNFnRKqSps6GHy82jZPPZlVaiojaSXZP63QdGbxwB9dx6czDWG0JucXSmKoj3L3v8InikPJxzxWaRPhbiAf8xeEJvz3u9mglkD4nz2H1ML4nFEH5Rk6PExiSxART7gmbkis5a25Ud0nesINw9aIHKXwdPgTSxal65QzBAHbgUbpyMURZjiqSUGenDvQQe1XBn7wd19ammumnIt0tOakXWmX-yHv4GCNMHBaJe1J7vvxPBp8PNH9a545SVYWu5PrpJlEa0x1MgEcDXzxTC3fsWPu0Arqb-STx-Pv5to9LY-OsBp1lAckbBCNjIdnXobWCwVwYwW58wksh4Q5rKJTcPzQ7WsaupWtuqgxe0wO2gP78easSN_2t5uiX9FwYXya7cPpdG3dzruIncOt9rA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9788 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BQI8wHE-zYeSxI7nW7_UPrOmg-AwAAAAAOAHgBAI&bg=!kZKlktbNAAZKWFskSlg7ACkAdvg8Wvsj5xFmC7E6EVwwX8P-hynqZ04GMXPsTdc2O-JC-CGrOHLWMgIAAAHUUgAAADBoAQcKADUAFgonTut17xGrvA1ZeVoUzRQh6DP-un1XPVud31adUvRFmUqiTMl10JFhLcFM4pHUzZla_ZkDHV71UiY9DvoDi7jqVULEe03XkZbZ6n-FA9YPpaWE_RFXWlHc47et4s8wTd9KF4BSDIR6rk2njO-4N_n1qyiVIsteCwlpgHeu79_R7T-kZjwduQWnE4sGoWdQVJgphz3WcEOKSfK1ufL6Z_ybEOYsPouZa-9mR4k9yN9qA30kUgBGv90vl2F9QIzd03HMTFRCLlhdj_21v_TjEd67zYd0Fkr_KtIUsQgEiY12gQ_kfbKsevOuG4pSahCbU2_PZIm3gU_8Urg4U9D46-HQRq14rPhqKfmtJ6EIHBXP4AhDL0fV2x7qLVIdrp-ML_Jj16c0WhbRT_ypOeZAoeMR5WZrUtrbTzHFoXZWwTfYreZ9dU3xo0W5D_Im9F49SqNs3SG6X2AbMoq6Vo6Iag8R4JesBdCMgAHs7rEs4zDUbse8oU64hwaa0ZjtlTdNc4REC6_meSc5j_6SbI3KgpybvmyxX5tdVh9c237gs2cA14NCjTwZexMifQp38n8hyGwVGr1vHD1zPE_4Fb_NXvw1EjKTcEopC7MpSrobRlCVFzADr9QEKUxIaami_RcYTtVXvlX1K62YfQYPmrs-ctB6T1bp7C-MHJxSOO9DGbqIokBZ2IAlalKkhHGN5wx8XleDalDP5uKC7wFNpOODoGUXWeRnnuBb2saTOakvSB2qkc8gJCHdypFRg7Pjd1iD3Y1sKtURf3RdG4Xjj1BdEPqmRJ63hq0YRQt0cWfP2oYQU3hzdgDdd9hwMH0ArvbulXXk9z_k__X0Iz91Q8evJnnZhQPh1D1DP79w7oMBUYCTnFFfUZO3ixlcqGR5bUKP1Sic7Fy0gS0E19D7Exd79fLtnoxZ5SPe83G1kMOsdEsn5zRIVJudEooImcqddHp0IB6JQlpK5BceHxU5KcCn_tYYG1dmEOVl0XPQ4cABw9fqmIzr6z0Ytfc7v3gdAx3uv6pcMz0oRrLf8T1_XFKyECnkcLV5WkDZlAX_NGb259HrKTzsZ4QWcGHaMOBFDn19fyziuscUpQiWnfuPNs1KLzwaPJuO1MW494O7JVzjfdXw89Co

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 CongstarFont.woff2
s0.2mdn.net/ads/richmedia/studio/45844501/ Frame 639E 102 KB
102 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/45844501/CongstarFont.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c310a100b2bb38cd97a6ed696abe3dd3556b707607d207a13b838cd89f73e78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/4528516/1018994438718716/index.html
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:47:21 GMT
x-content-type-options: nosniff
age: 709
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 104232
x-xss-protection: 0
last-modified: Thu, 06 Oct 2016 14:32:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 13:02:21 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 249B 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B5iqQHE-zYfSoJKGLlQfy3ovIDAAAAAA4AeAEAg&bg=!Y2ClYCTNAAZKWFskSlg7ACkAdvg8WqDCw6QRldqDeIIdQwwfatUjL795HsvDaC2uSb9vbelD68H-kwIAAAHQUgAAADFoAQeZAxNFsnKLkQeQpGSX9LzLH113Bql59AM6n0CmtB1ShXuutq6LcWkt_iwsp-K3C7WCFu9jur41G3rUN38Fqv7vlWZm8GGhFYjRKJimNSL7eci-IHcL_XMQYqvGgk1oMWrORo5Wia2x8xKpJUmbprKT3j-ZQSX8_knV6fbNcCI-XEYsYn2yr6zApaWbq8GqEWHvga2yXi1pS5XjhmkTNFCnvzn8AViRcRTNzvCW-LcnKMZZkqLDp6z9KvRTJv0PRcTQRUhBr2iUbuKhgh98M72S3S4BeGHRwzNxv_MALzMi8bW6lBYWIkogowATwgn8m__zwZxY1_z47QK7yC3sD-Rl0r991LkvgAQySHy_pdlUXtlxbwjhPQDmawaix-K9OxaWiZvHRmaozj77q-b9hTBfNZZ-aMDHSXFbMe_i3R16siLbNHwBX8A8K4jURprObTQNnddHTQIelz_nqKVpwPrQKDkvpR9CoDuFqdTHd-UUh5HYm4vlXyIa7fjKzG8lT0Jva-sU11pYsrabbFzFawi0XeFMg4_0Omb6wRZ-rVHM_gvcLNb8vki7899KoyKCgW1nBLjdklrqCdamLaAihWdhPoE6A4BAhNWDnJiAd1UQN4wuJinWBBb4zLzdJ5Yg-izxq9Du3kHIb6jm3CpKzsjuO1i6J1VnfaB1y3h9yTUEch_bi2M6zXDZcUwu5Iz59KKOOKNr4SnTYO5CQ94Z5-W0PXpJYUk9-6KkdaojzG-gWq-LhoiHR8p3H6-h_PKOTbcMp3p75nIA0-ytIEinApfP1ny1qc4721Xi0iWXv-sWLBEvgLCDtd2_wxhB06j8hMzn8q2fCBOiYcDCc3RWmtrD8weWz78SKCNksa1LJVHWtrq1Dub3d6PIEFNULEO0P2zpB9pGo2ne2AIQM2ar7p4ZDfRyhlb9v5wf60XxaUAC048rbAcyPaoVDJIzAT4Y_iasyxG2yXIGGNWEqDXFX37p7DjqXKbEJZqyL2AbRRy2opOeZ-t-BrbUTXL-wPNXTlYS7ldK17ELlNwrF80FL6UTWNRaimPv

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B25F 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=ByVsVHE-zYc2PJODC7_UPqeid4AEAAAAAOAHgBAI&bg=!zs2lzYnNAAZKWFskSlg7ACkAdvg8Wugkw7MwkuGAKLODIZcOX8qiRDbt6CEovCvsapjWt8FFy-zOLwIAAAIZUgAAADJoAQeZAwzOgJUY_eGW7tYRU9kRxV96RDftY94ZiMVpQyBaaqhNHrIdgBoS6g5SOWZciOkEYJ21Hg6TUl6u2jeici7fw6gv1Dej-iDQhVgNHz0kjOXn_eFP_b8grWNUCEy6ueH_makrl1Gr-hhzloelQVdDxrvPyw9PYP5M7D9pqv9QIgdoy8PQoNHFgcQehamMsXOzlf96N6g3myPHZlQr-haCRYSqmHV8yXSK6HJP787I1F-Aa9-t3ZtiSqd-9uR1yhYN5fmTRKpiyRBh0QgzQm95Ubgwm6-T_xNbS9BE6uqd4er0IxdkaWfqaZQWmu0daqFI6nhnlokHdPsTnnf1AFNu5_qVGDNyQVn4bJ1Kq9HBqVrpTi0v_CO8Wsf94hUOjGQrTCcpVbJ5Zzd39MEkDqY27runGSCJbL78JZSGqVlyd1IHJFZKxvo9k7uhBuSLZLqKGzIhftCGYxyO4NkCmdCG4PIoli2k5Y_sAHXQji3S3avyjA4JruPtViPlNHsMdRN7_mB1FBFn1Xj-R4TdU0iWvsiLtosgYz73MjdqtsCtfZ5-j8jjjEyceCbyfL9NmBh-O-tCnh8ZTyGe7zGcvo7mhQM0v_SKM_w96oNdmZaZQACBx-2s0bCDPZjR3yzv64HpXJIFo8CX9EW14ZhxGEL5m5m3lRlEbPrKsb1ad4kn2O9zSK8cCWKYF7Dkz_hyT2lZ4I18AF0vGOSp3108JovuFTSxfG0EOXqUMmJqfrwC7_W5G2cZ8tqt1E_kZ-yI6DU2atxaxDgDRDmoNOW-FjsG1DhhoahuTQcBhUASeLZyoBeKQVNz2H26FKEu8k9uLnfSbKgxMdcVm9JnPiUEJ5YthisGaQwQ1UOT5Fgo8m0WqxkJAtL84s1OhPorhl4AZYPoa0-3Z51BhSOQEBHzXENHGMz0Dg8Utuc9OmgvXOaHUS_j-ULzSz4OlFudH22Ll4Evr6HJI939Th4rteQtH_JB9YFywqdQin8RqlABAXnCUf0PqWBKaSz-GjcqMX0m7rgNS-MmnQdhKv4C2oQAlvU

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 t Show response
t.lkqd.net/ Frame AE50 0
169 B 150ms
150ms XHR
text/plain 146.20.128.192
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.192 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://www.elfinancierocr.com
date: Fri, 10 Dec 2021 12:59:10 GMT
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain; charset=UTF-8

GET
H2 200 vpaid_25214542.js Show response
vpaid.springserve.com/production/ Frame 91BD 495 KB
87 KB 165ms
9ms Script
application/javascript 2600:9000:236e:8600:15:6f6c:b180:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_25214542.js
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:236e:8600:15:6f6c:b180:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6b065f38eaed75574515532e2d687fd23450a662a972d044626b848d6e9d1045

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 19 Nov 2021 18:31:49 GMT
content-encoding: br
last-modified: Fri, 19 Nov 2021 18:30:16 GMT
server: AmazonS3
age: 1794442
etag: W/"185feb14359001049d144410afbeaaa4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 11a78ce92a548aac13fb6ee545aff014.cloudfront.net (CloudFront)
cache-control: max-age=2678400
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: npc-_GoNXVXrU0vww4jeSTEVJtDmst0ERW87-zN2Dr25P7xXNrruvQ==

GET
DATA 200
OK truncated
/ 35 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 90252ef0aa9e3d36c861bbeaa1bd57b7f855333edf2957ab9473838a52e2dd7f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/gif

POST
H2 200 t Show response
t.lkqd.net/ Frame AE50 0
169 B 101ms
101ms XHR
text/plain 146.20.128.192
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.192 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://www.elfinancierocr.com
date: Fri, 10 Dec 2021 12:59:10 GMT
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain; charset=UTF-8

GET
H3 200 sparen3-schlecht-300x250-push1.jpg_1637231250575_sparen3-schlecht-300x250-push1.jpg
s0.2mdn.net/dynamic/2/10898736/s0.2mdn.net/creatives/assets/4294625/ Frame D342 22 KB
22 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10898736/s0.2mdn.net/creatives/assets/4294625/sparen3-schlecht-300x250-push1.jpg_1637231250575_sparen3-schlecht-300x250-push1.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c5dd267252cc46037a392493638cde5f7c13ed4bd3b0b401eac351c65ae77eec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12595753840344563712/index.html?e=69&leftOffset=0&topOffset=0&c=w17kDGcjpn&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 15:19:21 GMT
x-content-type-options: nosniff
age: 596389
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22247
x-xss-protection: 0
last-modified: Thu, 18 Nov 2021 10:27:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 Dec 2022 15:19:21 GMT

GET
H3 200 sparen-300x250-push2.jpg_1637231250575_sparen-300x250-push2.jpg
s0.2mdn.net/dynamic/2/10898736/s0.2mdn.net/creatives/assets/4294625/ Frame D342 9 KB
9 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10898736/s0.2mdn.net/creatives/assets/4294625/sparen-300x250-push2.jpg_1637231250575_sparen-300x250-push2.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c50271fbe7088cce553c0dd7c52606c6b4f706188d979320adf6a685ff1d691

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12595753840344563712/index.html?e=69&leftOffset=0&topOffset=0&c=w17kDGcjpn&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 03:14:45 GMT
x-content-type-options: nosniff
age: 207865
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9302
x-xss-protection: 0
last-modified: Thu, 18 Nov 2021 10:27:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 08 Dec 2022 03:14:45 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2B8C 42 B
64 B 42ms
41ms Fetch
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvq_1pssqy_k-O0GNn1Dd1bIB7QJjtWP06DlHNFp_LREOzYLwhb6Nv2ZIN5TquanZn4IA_HLO2jLg0V5KU5mAUarVwjOL8dUEp8I-y56GL2O889MzKWmQ&sai=AMfl-YTDyjBN9cxsP4Zw_sN_TNR5U0Rey8Q83BRHYbAUY9Qw8Vb3wHV1ku881xJUpJBZB7EuSHC-DZcQtakofEyxe6pvyBdPtb-7ijXqkoFD7zXjvpxqCrh8I54jUYDyJ9xf&sig=Cg0ArKJSzIar64r_yLdlEAE&cid=CAASFeRoNiYypwuC2wVlUfwVSbDPC9MnJA&id=lidar2&mcvt=1002&p=436,1043,686,1343&mtos=892,1002,1002,1002,1002&tos=892,110,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2624869551&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1639141148331&rpt=917&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8603 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bw6mrHU-zYfX1BuzVx_APupCuiAQAAAAAOAHgBAI&bg=!cXKlcjbNAAZKWFskSlg7ACkAdvg8WqplSD0OX2Nx_vArA9GDGYYByVmsllsiM77qzEu4ANxwNqIJdQIAAAGtUgAAABhoAQcKAE5e_kIJhH2PmtKvOaqAVBFQLLvNfhNxCf5LxlLF1sIq6As6KnScIbaGK03ICEw-SRpO6GcU-hRXnm7O2zZ4wQElIbVAqeq2CXDdp5IdF8CZAwRMoO4DRCoVysZckaZar6XuWnLszz1q4eHliIsR-iMdXn8EUuV9shTuR44VHzxoWbBwy2hMSnsvpYAdUeGrQKXjsxafJKjiFPHjJcwUq_-onzCpqK51VLeTDDc0ggA7CIAYPArNtlmR-GYRodKDFEiSKO5hbzBl18D9tlUgNqaX35YvuRTzFuEKFSJ31YGcUZXoPX0ydY2Zb8-6ICfbGX9G87VJjXdJGDNRR8W_iGZlk5Ci9DWbCKVRKiSmqKQ8rQghPbV9w35GrqIzFoAVrAJvbJPxfiQJfMHFXzchDP1AR1wxXW8VV87nYe7ve4ansIQd4zbrZV4q8ZONpdJY5KwTGTAinHsjnF4miChy619OFVkULj1jX6tCl2NkCjYUwDQQA1OLrt6TFUI2ulxFnBTeYyFCC958n1ZfndgEYXW0cSdnQGgJzx6g7TFEDf3-IUF4RYMZWbICDzm6N0kBacLZ4rzBoOPlDfK3sPE6WwXpe4xCzpBG_x1bKQ9AtiBNcnNhYXYkP4d0y4mQmvOMlAyoakP6c4hd1qdMC1YVgQlnbSnA7W9aYbmfRX3cLTJT-MP9PzPST8WN4EAazKuyLO--YuCNYTrXe4dCUITW-ZvvjHmABohqRnm-_fVH5DZzr3yriUSfTScAh3KUGpBjMCoolI4sqoOBIcTT9IxE3NBxZI5HjS7iaJZSC4w4vZIhHHP5a5NaAaLmGjpEbc567Zmdi_BgtcpNArsJmV2H1fXYAGjOuROLqO9VEtth7v2b9pXDaeFAW1ikJ5tH5lzxE5LwUkOHwY1Ff8jaoqOFBlaeo40DlWshVO7Kgml_fOCZ6o1Oh1SIQCykUw7rx-eGRLPeO-6nszIeHU8Z-KpC3Bx-bKOFQ8rqf7vW2UmYoPxk-XeRnztX6XITmwnRd6YbhK0C4fxOKocavmq2Nr9Q5JhJDuwZZ7H1kla-z_bmgJgNE-7x8Z_CJpvgjxgv_gNfpCZPMkfCfhZnUfi027cE_-tkTrk5ooEf0eLmdlAmMQiUXlzBg4qv

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 t
t.lkqd.net/ Frame 0
0 91ms
90ms Preflight
text/plain 146.20.128.192
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.192 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Fri, 10 Dec 2021 12:59:10 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
access-control-allow-credentials: true
access-control-expose-headers: Content-Type, Content-Disposition
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS, POST
cache-control: max-age=300
access-control-max-age: 300
access-control-allow-origin: https://www.elfinancierocr.com

OPTIONS
H2 200 t
t.lkqd.net/ Frame 0
0 90ms
90ms Preflight
text/plain 146.20.128.192
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.192 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Fri, 10 Dec 2021 12:59:10 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
access-control-allow-credentials: true
access-control-expose-headers: Content-Type, Content-Disposition
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS, POST
cache-control: max-age=300
access-control-max-age: 300
access-control-allow-origin: https://www.elfinancierocr.com

GET
H2 200 vadtag.html Show response
vpaid.pubmatic.com/ads/video/ Frame 91BD 1 KB
1 KB 24ms
24ms XHR
application/xml 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.pubmatic.com/ads/video/vadtag.html?adtype=13&pubId=156498&siteId=399115&adId=1801592&vadFmt=2&vapi=2&vminl=1&vmaxl=181&vh=225&vw=400&placement=1&vtype=1&vpos=1&vplay=2&vskip=0&vcom=0&vfmt=1+3+5+6+7+9+11&sec=1&gdpr==&gdpr_consent=&kadpageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&schain=1.0,1!vidoomy.com,53160,1,1639141149379,,
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_25214542.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 91b7185d9849e09900b488c4b2ac8a0105ea91e9580978f52fb686076bb8775c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:10 GMT
content-encoding: gzip
server: Apache/2.2.15 (CentOS)
etag: "461ced-23ca-5c92d699e808f"
vary: Origin, Accept-Encoding
content-type: application/xml
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 764
expires: Fri, 10 Dec 2021 12:59:10 GMT

POST
H/1.1 204
No Content openrtb Show response
ads.adaptv.advertising.com/rtb/ Frame 91BD 0
223 B 221ms
221ms XHR
application/json 3.66.59.71

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=Vidoomy
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_25214542.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.66.59.71 -, , ASN (),
Reverse DNS
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.elfinancierocr.com
access-control-allow-credentials: true
server: adaptv/1.0
Connection: keep-alive
content-length: 0
content-type: application/json

POST prebid
ib.adnxs.com/ut/v3/ Frame 91BD 0
0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2B8C 42 B
64 B 40ms
40ms Fetch
image/gif 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuewWBVmhby9ZJ3UXV_CYfX40-BTOrlBJJn1VL0uTXn0B4Dn8plgOBSFFQYGrgCZuC0opfrxy9NGDDJXRim7ALh13Z1sfXj_PE&sig=Cg0ArKJSzOzzoy3GNiWWEAE&id=lidar2&mcvt=1032&p=0,0,250,300&mtos=1032,1032,1032,1032,1032&tos=1032,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=34&adk=943508953&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1639141148331&rpt=1066&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 PMAdMgr.js Show response
vpaid.pubmatic.com/ads/video/ Frame 9054 152 KB
36 KB 34ms
33ms Script
text/javascript 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.pubmatic.com/ads/video/PMAdMgr.js?adtype=13&pubId=156498&siteId=399115&adId=1801592&vadFmt=2&vapi=2&vminl=1&vmaxl=181&vh=225&vw=400&placement=1&vtype=1&vpos=1&vplay=2&vskip=0&vcom=0&vfmt=1+3+5+6+7+9+11&sec=1&gdpr==&gdpr_consent=&kadpageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&schain=1.0,1!vidoomy.com,53160,1,1639141149379,,
Requested by: Host: blank
URL: about:blank
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: f0f6a8b6c19b0c4d1cab075ab2f4f755cfef747424837668e65f431410f816e8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:10 GMT
content-encoding: gzip
last-modified: Tue, 10 Aug 2021 05:02:46 GMT
server: Apache/2.2.15 (CentOS)
etag: "1408294-25f9a-5c92d699d3c58"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=10800
accept-ranges: bytes
content-length: 36260

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame C164 38 KB
14 KB 33ms
25ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Requested by: Host: vpaid.pubmatic.com
URL: https://vpaid.pubmatic.com/ads/video/PMAdMgr.js?adtype=13&pubId=156498&siteId=399115&adId=1801592&vadFmt=2&vapi=2&vminl=1&vmaxl=181&vh=225&vw=400&placement=1&vtype=1&vpos=1&vplay=2&vskip=0&vcom=0&vfmt=1+3+5+6+7+9+11&sec=1&gdpr==&gdpr_consent=&kadpageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&schain=1.0,1!vidoomy.com,53160,1,1639141149379,,
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e2cdec10db9a0a224e9f5e49b6f004c5426564fb8d857ad3df480e9c916bafe6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

last-modified: Tue, 19 Oct 2021 10:00:01 GMT
etag: "1302647-96ae-5ceb1b98ba7c4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13882
content-type: text/html; charset=UTF-8
cache-control: public, max-age=22574
expires: Fri, 10 Dec 2021 19:15:24 GMT
date: Fri, 10 Dec 2021 12:59:10 GMT
vary: Accept-Encoding

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 9054 38 KB
14 KB 37ms
28ms Script
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Requested by: Host: vpaid.pubmatic.com
URL: https://vpaid.pubmatic.com/ads/video/PMAdMgr.js?adtype=13&pubId=156498&siteId=399115&adId=1801592&vadFmt=2&vapi=2&vminl=1&vmaxl=181&vh=225&vw=400&placement=1&vtype=1&vpos=1&vplay=2&vskip=0&vcom=0&vfmt=1+3+5+6+7+9+11&sec=1&gdpr==&gdpr_consent=&kadpageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&schain=1.0,1!vidoomy.com,53160,1,1639141149379,,
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e2cdec10db9a0a224e9f5e49b6f004c5426564fb8d857ad3df480e9c916bafe6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:10 GMT
content-encoding: gzip
last-modified: Tue, 19 Oct 2021 10:00:01 GMT
server: Apache/2.2.15 (CentOS)
etag: "1302647-96ae-5ceb1b98ba7c4"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: public, max-age=22574
accept-ranges: bytes
content-type: text/html; charset=UTF-8
content-length: 13882
expires: Fri, 10 Dec 2021 19:15:24 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2B8C 43 B
215 B 169ms
168ms Image
image/gif 52.27.219.1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=774473&asId=5d70f9be-ca18-0982-eeae-a1fc951df554&tv=%7Bc:woKrfL,pingTime:1,time:1307,type:p,clog:%5B%7Bpiv:-1,vs:n,r:,w:300,h:250,t:198%7D,%7Bpiv:100,vs:i,t:306%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:1307,o:0,n:306,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:198,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B124~1%5D,as:%5B124~300.250%5D%7D%7D,%7Bsl:i,t:306,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:227,fm:sRc9dtw+11%7C12%7C131%7C14%7C151%7C152%7C161%7C17%7C181%7C182%7C183%7C191%7C192%7C193%7C1a1%7C1a2%7C1a3%7C1b*.774473-57793669%7C1b1%7C1b21%7C1b3%7C1b4%7C1c1%7C1c2%7C1c3%7C1d%7C1e1%7C1e2,idMap:1b*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by: Host: www.elfinancierocr.com
URL: https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.27.219.1 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:10 GMT
x-server-name: dt10.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2B8C 43 B
215 B 174ms
173ms Image
image/gif 52.27.219.1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=774473&asId=5d70f9be-ca18-0982-eeae-a1fc951df554&tv=%7Bc:woKrfM,pingTime:1,time:1308,type:pf,clog:%5B%7Bpiv:-1,vs:n,r:,w:300,h:250,t:198%7D,%7Bpiv:100,vs:i,t:306%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:1308,o:0,n:306,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:198,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B124~1%5D,as:%5B124~300.250%5D%7D%7D,%7Bsl:i,t:306,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1002~100%5D,as:%5B1002~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:227,fm:sRc9dtw+11%7C12%7C131%7C14%7C151%7C152%7C161%7C17%7C181%7C182%7C183%7C191%7C192%7C193%7C1a1%7C1a2%7C1a3%7C1b*.774473-57793669%7C1b1%7C1b21%7C1b3%7C1b4%7C1c1%7C1c2%7C1c3%7C1d%7C1e1%7C1e2,idMap:1b*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by: Host: www.elfinancierocr.com
URL: https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.27.219.1 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:10 GMT
x-server-name: dt04.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 2B8C 43 B
215 B 173ms
172ms Image
image/gif 52.27.219.1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=774473&asId=5d70f9be-ca18-0982-eeae-a1fc951df554&tv=%7Bc:woKrfM,pingTime:1,time:1308,type:c,clog:%5B%7Bpiv:-1,vs:n,r:,w:300,h:250,t:198%7D,%7Bpiv:100,vs:i,t:306%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:1308,o:0,n:306,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:198,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B124~1%5D,as:%5B124~300.250%5D%7D%7D,%7Bsl:i,t:306,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1002~100%5D,as:%5B1002~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:227,fm:sRc9dtw+11%7C12%7C131%7C14%7C151%7C152%7C161%7C17%7C181%7C182%7C183%7C191%7C192%7C193%7C1a1%7C1a2%7C1a3%7C1b*.774473-57793669%7C1b1%7C1b21%7C1b3%7C1b4%7C1c1%7C1c2%7C1c3%7C1d%7C1e1%7C1e2,idMap:1b*,rmeas:1,rend:1,renddet:DIV.qs.sn,metricId:publ1,cmr:t%7D&br=c
Requested by: Host: www.elfinancierocr.com
URL: https://www.elfinancierocr.com/negocios/candid-co-hace-ajustes-en-su-planilla-local-a/WAGYHTRXTJAO3KK7GYO4VECBTM/story/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.27.219.1 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:10 GMT
x-server-name: dt06.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame C164 2 KB
3 KB 71ms
14ms Script
text/html 198.47.127.19

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=10780138&p=156498&s=399115&a=1801592&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.19 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 66ce576219c396435d15948ffba1033a7fd05897786266d132e681b262f24dea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:10 GMT
content-type: text/html; charset=UTF-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

match Show response
c1.adform.net/serving/cookie/ Frame 1CB1
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&cid=7BF74D6E-E11B-47B5-BA7B-E816043A1B17
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=7BF74D6E-E11B-47B5-BA7B-E816043A1B17

35 B
467 B

22ms
22ms

Document
image/gif

37.157.2.235

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=7BF74D6E-E11B-47B5-BA7B-E816043A1B17

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.235 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Fri, 10 Dec 2021 12:59:10 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

Redirect headers

server: nginx
date: Fri, 10 Dec 2021 12:59:10 GMT
content-length: 0
location: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=7BF74D6E-E11B-47B5-BA7B-E816043A1B17
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 004A
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=406533723891133348

42 B
209 B

21ms
20ms

Document
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=406533723891133348
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Fri, 10 Dec 2021 12:59:10 GMT
content-type: image/gif; charset=utf-8
content-length: 42
x-lat: lhrpug013:0:432
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=406533723891133348
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame 43EF 43 B
334 B 145ms
18ms Document
image/gif 178.250.0.163

General

Check archive.org

Show headers Download Go to

Full URL: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.163 -, , ASN (),
Reverse DNS
Software: Kestrel /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Fri, 10 Dec 2021 12:59:10 GMT
content-type: image/gif
server: Kestrel
cache-control: no-cache
pragma: no-cache
expires: Fri, 10 Dec 2021 00:00:00 GMT
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 607213

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame E14E
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=9
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7040057632803453069

42 B
521 B

66ms
17ms

Document
image/gif

185.64.189.110

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7040057632803453069
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Fri, 10 Dec 2021 12:59:09 GMT
content-type: image/gif; charset=utf-8
content-length: 42
x-lat: amspug013:0:406
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

Server: nginx
Date: Fri, 10 Dec 2021 12:59:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7040057632803453069

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame C164
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=e_dNbuEbR7W6e-gWBDobFw%3D%3D
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

14 KB
14 KB

20ms
19ms

Image
text/html

2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Protocol: H2
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:10 GMT
content-encoding: gzip
last-modified: Tue, 15 Jun 2021 06:08:03 GMT
server: Apache/2.2.15 (CentOS)
etag: "1300708-3945-5c4c7cc02bd56"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=103760
accept-ranges: bytes
content-type: text/html; charset=UTF-8
content-length: 5054
expires: Sat, 11 Dec 2021 17:48:30 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame C164
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=45b361b3-4f1e-4a00-a0c1-53a754363f79

0
260 B

66ms
14ms

Image
text/plain

198.47.127.20

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=45b361b3-4f1e-4a00-a0c1-53a754363f79
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Protocol: H2
Server: 198.47.127.20 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:10 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Fri, 10 Dec 2021 12:59:10 GMT
Server: MT3 4133 baa842e master zrh-pixel-x1 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=45b361b3-4f1e-4a00-a0c1-53a754363f79
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 10 Dec 2021 12:59:09 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame C164
Redirect Chain

https://pixel.onaudience.com/?partner=214&mapped=7BF74D6E-E11B-47B5-BA7B-E816043A1B17
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=f19bad584fed473c849c48df4e89193d
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1
https://pixel.onaudience.com/?partner=147&mapped=25e7b323-3e7f-44d2-a64e-7235b82148ae&icm
https://spl.zeotap.com/?zdid=1332&zcluid=2f73a5fa364e3c52
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=da80db61-7fcc-4e38-4c7e-b292a2504189&reqId=b585b1f2-a4eb-42a2-6cd8-a9a30652e83e&zclui...
https://mwzeom.zeotap.com/mw?google_gid=CAESEF3HaIC3aAW7HJQaYcJ7nd0&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=da80db61-7fcc-4e38-4c7e-b292a2504189&reqId=b585b1f2-a4eb-42a2-6cd8-a9a...

95 B
187 B

18ms
17ms

Image
image/png

2606:4700:10::6816:1857

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?google_gid=CAESEF3HaIC3aAW7HJQaYcJ7nd0&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=da80db61-7fcc-4e38-4c7e-b292a2504189&reqId=b585b1f2-a4eb-42a2-6cd8-a9a30652e83e&zcluid=2f73a5fa364e3c52&zdid=1332
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Protocol: H2
Server: 2606:4700:10::6816:1857 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:11 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 6bb6a621cd1b430f-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://mwzeom.zeotap.com/mw?google_gid=CAESEF3HaIC3aAW7HJQaYcJ7nd0&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=da80db61-7fcc-4e38-4c7e-b292a2504189&reqId=b585b1f2-a4eb-42a2-6cd8-a9a30652e83e&zcluid=2f73a5fa364e3c52&zdid=1332
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 469
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame C164
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=N0JGNzRENkUtRTExQi00N0I1LUJBN0ItRTgxNjA0M0ExQjE3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
110 B

98ms
18ms

Image
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Protocol: H2
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:10 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug015:0:441
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame C164
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEDLM4FfNP1RNUstEBB62Ci0&google_cver=1

42 B
591 B

98ms
17ms

Image
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEDLM4FfNP1RNUstEBB62Ci0&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Protocol: H2
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:10 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug005:0:483
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEDLM4FfNP1RNUstEBB62Ci0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame C164 43 B
616 B 82ms
23ms Image
image/gif 169.50.137.184

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

169.50.137.184 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:10 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: nginx
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Thu, 09 Dec 2021 12:59:10 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame C164
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:764161b3-4f1e-4a00-a379-2bd2afb4ddff&gdpr=0&gdpr_consent=

42 B
340 B

57ms
18ms

Image
image/gif

185.64.189.110

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:764161b3-4f1e-4a00-a379-2bd2afb4ddff&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Protocol: H2
Server: 185.64.189.110 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:09 GMT
cache-control: no-store, no-cache, private
x-lat: amspug017:0:447
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Fri, 10 Dec 2021 12:59:10 GMT
Server: MT3 4133 baa842e master zrh-pixel-x5 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:764161b3-4f1e-4a00-a379-2bd2afb4ddff&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 10 Dec 2021 12:59:09 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame C164
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=25e7b323-3e7f-44d2-a64e-7235b82148ae

42 B
293 B

17ms
15ms

Image
image/gif

185.64.189.110

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=25e7b323-3e7f-44d2-a64e-7235b82148ae
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Protocol: H2
Server: 185.64.189.110 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:09 GMT
cache-control: no-store, no-cache, private
x-lat: amspug017:0:278
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:10 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=25e7b323-3e7f-44d2-a64e-7235b82148ae
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 313

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame C164
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=6033156809273630072

42 B
388 B

18ms
17ms

Image
image/gif

185.64.189.110

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=6033156809273630072
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Protocol: H2
Server: 185.64.189.110 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:10 GMT
cache-control: no-store, no-cache, private
x-lat: amspug016:0:290
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 12:59:10 GMT
server: nginx
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=6033156809273630072
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame C164
Redirect Chain

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=7297795930489655529&gdpr=0&gdpr_consent=

42 B
211 B

20ms
19ms

Image
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=7297795930489655529&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Protocol: H2
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:10 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug024:0:493
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 12:59:10 GMT
X-Proxy-Origin: 185.232.23.184; 185.232.23.184; 400.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: d8f106fb-9b72-4915-8c26-1ac6f90f4e1f
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=7297795930489655529&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET AdServerServlet
vid.pubmatic.com/AdServer/ Frame 9054 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: mab.chartbeat.com
URL: https://mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/?host=elfinancierocr.com&domain=elfinancierocr.com&path=%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F

Domain: cs.lkqd.net
URL: https://cs.lkqd.net/cs?partnerId=55&redirect=https%3A%2F%2Fidsync.rlcdn.com%2F464986.gif%3Fpartner_uid%3D%24%24rawlkqduserid%24%24&r=if

Domain: cs.lkqd.net
URL: https://cs.lkqd.net/cs?partnerId=103&redirect=https%3A%2F%2Fevent.clientgear.com%2Fcookie%2Flkqd%3Fpartner%3Dlkqd%26cookieid%3D%24%24rawlkqduserid%24%24&r=if

Domain: cs.lkqd.net
URL: https://cs.lkqd.net/cs?partnerId=102&redirect=https%3A%2F%2Fcs.krushmedia.com%2Fcd607442bfdf172cfcec45014a5f4ece.gif%3Fpuid%3D%24%24rawlkqduserid%24%24%26redir%3Dhttps%253A%252F%252Fcs.lkqd.net%252Fcs%253FpartnerId%253D102%2526partnerUserId%253D%255BUID%255D&r=if

Domain: cs.lkqd.net
URL: https://cs.lkqd.net/cs?partnerId=99&redirect=https%3A%2F%2Fc.deployads.com%2Fcs%2FNXST%3Fb%3D%24%24rawlkqduserid%24%24&r=if

Domain: cs.lkqd.net
URL: https://cs.lkqd.net/cs?partnerId=94&partnerUserId=8721002282992361908

Domain: cs.lkqd.net
URL: https://cs.lkqd.net/cs?partnerId=55&redirect=https%3A%2F%2Fidsync.rlcdn.com%2F464986.gif%3Fpartner_uid%3D%24%24rawlkqduserid%24%24&r=if

Domain: cs.lkqd.net
URL: https://cs.lkqd.net/cs?partnerId=103&redirect=https%3A%2F%2Fevent.clientgear.com%2Fcookie%2Flkqd%3Fpartner%3Dlkqd%26cookieid%3D%24%24rawlkqduserid%24%24&r=if

Domain: cs.lkqd.net
URL: https://cs.lkqd.net/cs?partnerId=102&redirect=https%3A%2F%2Fcs.krushmedia.com%2Fcd607442bfdf172cfcec45014a5f4ece.gif%3Fpuid%3D%24%24rawlkqduserid%24%24%26redir%3Dhttps%253A%252F%252Fcs.lkqd.net%252Fcs%253FpartnerId%253D102%2526partnerUserId%253D%255BUID%255D&r=if

Domain: cs.lkqd.net
URL: https://cs.lkqd.net/cs?partnerId=99&redirect=https%3A%2F%2Fc.deployads.com%2Fcs%2FNXST%3Fb%3D%24%24rawlkqduserid%24%24&r=if

Domain: cs.lkqd.net
URL: https://cs.lkqd.net/cs?partnerId=94&partnerUserId=9081290253182001588

Domain: t.lkqd.net
URL: https://t.lkqd.net/t

Domain: cs.lkqd.net
URL: https://cs.lkqd.net/cs?partnerId=55&redirect=https%3A%2F%2Fidsync.rlcdn.com%2F464986.gif%3Fpartner_uid%3D%24%24rawlkqduserid%24%24&r=if

Domain: cs.lkqd.net
URL: https://cs.lkqd.net/cs?partnerId=103&redirect=https%3A%2F%2Fevent.clientgear.com%2Fcookie%2Flkqd%3Fpartner%3Dlkqd%26cookieid%3D%24%24rawlkqduserid%24%24&r=if

Domain: cs.lkqd.net
URL: https://cs.lkqd.net/cs?partnerId=102&redirect=https%3A%2F%2Fcs.krushmedia.com%2Fcd607442bfdf172cfcec45014a5f4ece.gif%3Fpuid%3D%24%24rawlkqduserid%24%24%26redir%3Dhttps%253A%252F%252Fcs.lkqd.net%252Fcs%253FpartnerId%253D102%2526partnerUserId%253D%255BUID%255D&r=if

Domain: cs.lkqd.net
URL: https://cs.lkqd.net/cs?partnerId=99&redirect=https%3A%2F%2Fc.deployads.com%2Fcs%2FNXST%3Fb%3D%24%24rawlkqduserid%24%24&r=if

Domain: cs.lkqd.net
URL: https://cs.lkqd.net/cs?partnerId=94&partnerUserId=9081290253182001588

Domain: ib.adnxs.com
URL: https://ib.adnxs.com/ut/v3/prebid

Domain: vid.pubmatic.com
URL: https://vid.pubmatic.com/AdServer/AdServerServlet?adtype=13&pubId=156498&siteId=399115&adId=1801592&vadFmt=2&vapi=2&vminl=1&vmaxl=181&vh=225&vw=400&placement=1&vtype=1&vpos=1&vplay=2&vskip=0&vcom=0&vfmt=1+3+5+7+9+1+1+6&gdpr=0&gdpr_consent=&kadpageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2Fcandid-co-hace-ajustes-en-su-planilla-local-a%2FWAGYHTRXTJAO3KK7GYO4VECBTM%2Fstory%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&schain=1.0,1!vidoomy.com,53160,1,1639141149379,,&us_privacy=&cb=1639141150520&SAVersion=2&inIframe=1&pageURL=https%253A%252F%252Fwww.elfinancierocr.com%252Fnegocios%252Fcandid-co-hace-ajustes-en-su-planilla-local-a%252FWAGYHTRXTJAO3KK7GYO4VECBTM%252Fstory%252F%253Futm_source%253DEmail%2526utm_medium%253Dnewsletter%2526utm_campaign%253DEdici%2525C3%2525B3n%252BVespertina%252B2021-12-09%252B19%25253A06%25253A10%2526utm_content%253D-2021-12-10-02&screenResolution=1600x1200&kdntuid=1&vwndh=0&vwndw=0&vwndurl=https%253A%252F%252Fwww.elfinancierocr.com%252Fnegocios%252Fcandid-co-hace-ajustes-en-su-planilla-local-a%252FWAGYHTRXTJAO3KK7GYO4VECBTM%252Fstory%252F%253Futm_source%253DEmail%2526utm_medium%253Dnewsletter%2526utm_campaign%253DEdici%2525C3%2525B3n%252BVespertina%252B2021-12-09%252B19%25253A06%25253A10%2526utm_content%253D-2021-12-10-02&vwndref=&vc=2&js=1&sec=1&kltstamp=2021-12-10%2012:59:11&ranreq=0.22999038630860436&timezone=0&depth=0

Verdicts & Comments Add Verdict or Comment

135 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

53 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.elfinancierocr.com/	1970-01-25 20:31:23	Name: akaas_AS_gruponacion_el_financiero_prod Value: 2147483647~rv=40~id=0d2eb4e0eb2791e6e69488ff51813b1e
.elfinancierocr.com/	1970-01-19 23:19:04	Name: AKA_A2 Value: A
.elfinancierocr.com/	1970-01-19 23:29:05	Name: RT Value: "z=1&dm=elfinancierocr.com&si=4axiyqjn8h2&ss=kx0ebfo2&sl=0&tt=0"
.elfinancierocr.com/	1970-01-20 08:04:37	Name: cX_P Value: kx0ebg0sih33i8n8
.elfinancierocr.com/	1969-12-31 23:59:59	Name: cX_S Value: kx0ebg0xt9v8viaw
.piano.io/	1970-01-19 23:19:02	Name: __cf_bm Value: p.dPM3GJit3G2zBF9QBOTTR.4V2n2T9VB0ZeKgql4R8-1639141147-0-AUiUvzPgPtDJbp+t02pdaiN4FBdhfUKzykKckLWTtXdNnWkJo4uzuDDf8QbenN/t+2nmV/1NpWvoNH6piX3r1c4=
.cxense.com/	1970-01-19 23:20:27	Name: cX_T Value: kx0ebg51cwi6y64j
.elfinancierocr.com/	1970-01-20 16:50:13	Name: __tbc Value: %7Bkpbx%7Dq13KH8fNZR_Q3TERWqVeAZynbq4T2OQMHGy9nWdNTTsxnqANapP4KZ2aqcHyS3oVFmt3yI4cK5b4EVUsRdgDYlFi2Baee1Xhp6Pvf9R9hJw
.elfinancierocr.com/	1970-01-20 00:02:13	Name: __pat Value: -21600000
.elfinancierocr.com/	1970-01-19 23:20:27	Name: __pvi Value: %7B%22id%22%3A%22v-2021-12-10-12-59-07-564-Vsj3mWYtvb5pce2y-fde252c3b9e4199d3c970619806313ed%22%2C%22domain%22%3A%22.elfinancierocr.com%22%2C%22time%22%3A1639141147773%7D
.elfinancierocr.com/	1970-01-20 16:50:13	Name: xbc Value: %7Bkpbx%7DC8RvqIzvFgzFdgSggDN6UOWe2ABKNLzEQBxUZUA2MApW_ZaLaPj87oiIKs2CZvMK9bymBH-8TA8s_v2EBbyQDBTUjWIn-dBZEcpFO8QGkFWpdTC_TQNFwab1nSdGTedII6wFTVTPFKsRnLSKa0lzIlaqyym-jd5oCWs6E1gVwJeNI4JxEXn_09dnKS2tz7LEJLVcLToOOIUeEgIRLPEcieaObEE69_UKni5wl5wIWR8Da54UiBDjZlJrbkeqAo-oOTreDh2Qw2NP3rMGD5805GdHZsPX-RzS66tZHc3So5ePUEs4orIjy3T0ztkL9MXD7HtpWkBytmE5FioLQ9vkFG3gNoLFYEuG1k6wFAjl6_V0JPQxVWVEPecVKKqOShFytGiXtQDOA6wW0_ZwlqqQkmOIxxoz0Xh2y6pSBTqTzj4fHqLg1mRynnTSoBwy7zQt
.elfinancierocr.com/	1970-01-20 01:28:37	Name: _gcl_au Value: 1.1.1225195354.1639141148
www.elfinancierocr.com/	1970-01-20 08:47:49	Name: _cb_ls Value: 1
www.elfinancierocr.com/	1970-01-20 08:47:49	Name: _cb Value: BE2u8BuwGn_CsYkKu
www.elfinancierocr.com/	1970-01-20 08:47:49	Name: _chartbeat2 Value: .1639141147921.1639141147921.1.B7RJn4BInGATdZ1gmDx4AWNDTroyw.1
www.elfinancierocr.com/	1970-01-19 23:19:02	Name: _cb_svref Value: null
.elfinancierocr.com/	1970-01-19 23:20:27	Name: _gid Value: GA1.2.1130417351.1639141148
.elfinancierocr.com/	1970-01-19 23:19:01	Name: _dc_gtm_UA-3958088-1 Value: 1
.cxense.com/	1970-01-20 08:04:37	Name: gckp Value: c1fc0tkp84p71ituaxuqsycg1
.google.com/	1970-01-20 03:42:32	Name: NID Value: 511=sysKCfeWTKqWuDBUOJwUjC-BfY4-wEBO6ZYapWiV5PUKRgmRq9L-hr8JhO_7tIWHBBb9G4WBq8Iiq2J8JnOP8axKijZzqn8igMYhjNHJVq71BAvhqIPWf3SL7h-RdLl8QdiR4HXxEII_UyqRCUlbW0Ax3hjn0__Qgl3dyaRFpUM
.elfinancierocr.com/	1970-01-20 16:50:13	Name: _ga_619EW470MQ Value: GS1.1.1639141147.1.0.1639141147.60
.tinypass.com/	1970-01-21 11:19:01	Name: LANG Value: es_MX
.elfinancierocr.com/	1970-01-20 08:04:37	Name: cX_G Value: cx%3Ahyxaexxkog6kfdmdtjiomj6m%3A1ft9lw6sv3imf
.elfinancierocr.com/	1970-01-20 01:28:37	Name: _fbp Value: fb.1.1639141148043.952986761
.facebook.com/	1970-01-20 01:28:37	Name: fr Value: 0YnHqa2B7XJvMIi4g..Bhs08c...1.0.Bhs08c.
.viafoura.co/	1970-01-20 00:02:13	Name: VfSess Value: gv14qqju9fg0fpmmq94finl8b5
.viafoura.co/	1969-12-31 23:59:59	Name: vfThirdpartyCookiesEnabled Value: true
.tinypass.com/	1970-01-19 23:20:27	Name: LANG_CHANGED Value: es_MX
.elfinancierocr.com/	1970-01-20 08:40:37	Name: __gads Value: ID=d6bc193addccb505-22a546bc03cd002b:T=1639141147:S=ALNI_MYSjavjsonXwR2e_k4NBV96go-YNw
.bidswitch.net/	1970-01-20 08:04:37	Name: tuuid Value: 600cb62b-fdf7-4696-9c73-e6da27cf414d
.bidswitch.net/	1970-01-20 08:04:37	Name: c Value: 1639141148
.bidswitch.net/	1970-01-20 08:04:37	Name: tuuid_lu Value: 1639141148
ads.stickyadstv.com/	1970-01-20 00:02:13	Name: UID Value: 9876789cf24a88562feb6595a7d1a6d
ads.stickyadstv.com/	1969-12-31 23:59:59	Name: sessionId Value: 45cae5ad2281644f7e73509e7e616cfb
.elfinancierocr.com/	1970-01-20 16:50:13	Name: _ga Value: GA1.2.1828842467.1639141148
.doubleclick.net/	1970-01-20 08:40:37	Name: IDE Value: AHWqTUmBEkJa7QOIXI9yHO_-xclu9sGYmrhx4xFMeLhgMKOOEkWg9nWLzuE1CfTeAxw
www.elfinancierocr.com/	1970-01-19 23:19:02	Name: _vfb Value: www%2Eelfinancierocr%2Ecom.00000000-0000-4000-8000-07550c3b83ae.1.10.1639141148....
www.elfinancierocr.com/	1970-01-19 23:19:01	Name: _vfz Value: www%2Eelfinancierocr%2Ecom.00000000-0000-4000-8000-07550c3b83ae.1639141148.1.medium=direct\|source=\|sharer_uuid=\|terms=
www.elfinancierocr.com/	1970-01-20 08:04:37	Name: _vfa Value: www%2Eelfinancierocr%2Ecom.00000000-0000-4000-8000-07550c3b83ae.db5ef5f2-24b7-499d-b10b-78c0581a70ad.1639141148.1639141148.1639141148.1
.yahoo.com/	1970-01-20 08:04:58	Name: A3 Value: d=AQABBBxPs2ECEL1xLWcFtoqJBJJ6lXR5wisFEgEBAQGgtGG9YQAAAAAA_SMAAA&S=AQAAAihKkVZg1rqKcs-kz-oMxkk
.viafoura.co/	1970-01-20 08:04:37	Name: vfDeviceId Value: 2f9ccebb-95aa-4ae6-959b-5cced8738e84
.vidoomy.com/	1970-01-20 08:04:37	Name: vidoomy-uids Value: eyJ1aWRzIjp7IkJTIjp7InVpZCI6IjYwMGNiNjJiLWZkZjctNDY5Ni05YzczLWU2ZGEyN2NmNDE0ZCIsImV4cGlyZXMiOjE2NDE3MzMxNDh9LCJDRU4iOnsidWlkIjoibm8tY29uc2VudCIsImV4cGlyZXMiOjE2NDE3MzMxNDh9fX0=
.casalemedia.com/	1970-01-20 01:28:37	Name: CMPS Value: 5206
.turn.com/	1970-01-20 03:38:13	Name: uid Value: 9081290253182001588
.casalemedia.com/	1970-01-20 08:04:37	Name: CMID Value: YbNPHNH.SmvfDC18WVlgTwAA
.casalemedia.com/	1970-01-20 01:28:37	Name: CMPRO Value: 1173
www.elfinancierocr.com/	1970-01-19 23:19:01	Name: m32_pubgeo Value: eyJpcCI6IjE4NS4yMzIuMjMuMTg0IiwiY291bnRyeV9jb2RlIjoiREUiLCJjb3VudHJ5X25hbWUiOiJEZXV0c2NobGFuZCIsInJlZ2lvbl9jb2RlIjoiSEUiLCJyZWdpb25fbmFtZSI6Ikhlc3NlbiIsImNpdHkiOiJGcmFua2Z1cnQgYW0gTWFpbiIsInRpbWVfem9uZSI6IkV1cm9wZS9CZXJsaW4iLCJsYXRpdHVkZSI6NTAuMTA0OSwibG9uZ2l0dWRlIjo4LjYyOTUsIm1ldHJvX2NvZGUiOjAsInBvc3RhbF9jb2RlIjoiNjAzMjYifQ==
.casalemedia.com/	1970-01-20 08:04:37	Name: CMRUM3 Value: 2d61b34f1d2760CAESEBKlMaWTtMFDK4fciQlvW4Q
.casalemedia.com/	1970-01-19 23:20:27	Name: CMST Value: YbNPHGGzTx0A
.adnxs.com/	1970-01-20 01:28:37	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GU$heKjc!]tbPl1M>e)ZlrFUfJ+tGXxpWFo-vyNAF(_Hj+lkKc7Y7HNp%C^NEvAF:(?[bpRzqF1`b^s1%yz%
.krxd.net/	1970-01-20 03:38:13	Name: _kuid_ Value: OiEqHdBL
.adnxs.com/	1970-01-20 01:28:37	Name: uuid2 Value: 7297795930489655529
ads.stickyadstv.com/	1969-12-31 23:59:59	Name: pxId Value: 7169

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1b1091daf731fcce98966461792b9f20.safeframe.googlesyndication.com
4cywq-eqnre.ads.tremorhub.com
a.vidoomy.com
ad.doubleclick.net
ad.lkqd.net
ads.adaptv.advertising.com
ads.pubmatic.com
ads.stickyadstv.com
ads.vidoomy.com
adservice.google.com
adservice.google.de
adx.adform.net
analytics.google.com
api.cxense.com
api.tinypass.com
api.viafoura.co
beacon.krxd.net
buy.tinypass.com
c.go-mpulse.net
c1.adform.net
c2.piano.io
cdn.cxense.com
cdn.krxd.net
cdn.onesignal.com
cdn.tinypass.com
cdn.viafoura.net
cm.g.doubleclick.net
code.createjs.com
comcluster.cxense.com
connect.facebook.net
consumer.krxd.net
cs.lkqd.net
d5p.de17a.com
dis.criteo.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fonts.googleapis.com
fonts.gstatic.com
geoloc.m32.media
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gtm.nacion.com
hybrid-gruponacion.arc-perso.aws.arc.pub
i.viafoura.co
ib.adnxs.com
id.cxense.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
links.elfinancierocr.com
mab.chartbeat.com
match.adsrvr.org
mwzeom.zeotap.com
news.google.com
onesignal.com
p1cluster.cxense.com
pagead2.googlesyndication.com
ping.chartbeat.net
pixel-sync.sitescout.com
pixel.adsafeprotected.com
pixel.onaudience.com
play.google.com
polyfill.io
pr-bh.ybp.yahoo.com
rdc.m32.media
s.go-mpulse.net
s0.2mdn.net
scdn.cxense.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
spl.zeotap.com
static.adsafeprotected.com
static.chartbeat.com
stats.g.doubleclick.net
stg.vidoomy.com
sync.crwdcntrl.net
sync.mathtag.com
t.lkqd.net
targeting.arc-perso.aws.arc.pub
tpc.googlesyndication.com
um.simpli.fi
v.lkqd.net
vid.pubmatic.com
vidoomy-d.openx.net
vpaid.pubmatic.com
vpaid.springserve.com
www.elfinancierocr.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
cs.lkqd.net
ib.adnxs.com
mab.chartbeat.com
t.lkqd.net
vid.pubmatic.com
141.94.170.77
142.250.184.226
142.250.185.66
142.250.186.162
142.250.186.166
146.20.128.192
146.20.128.68
147.75.85.120
151.101.194.133
151.139.128.11
169.50.137.184
178.250.0.163
178.63.12.147
178.63.12.208
18.193.230.138
185.29.132.241
185.33.223.38
185.64.189.110
185.64.190.80
198.47.127.19
198.47.127.20
2.18.233.180
2.18.234.21
2.21.142.210
2001:4860:4802:34::15
213.155.156.181
217.175.192.17
2600:1f18:44f0:4832:5e20:6d31:3296:b71b
2600:1f18:612b:4216:9401:1738:df44:473b
2600:9000:20eb:c400:8:2ae1:d740:93a1
2600:9000:223c:7a00:18:1fcd:34f:cdc1
2600:9000:224a:a200:8:48e:53c0:93a1
2600:9000:236e:8600:15:6f6c:b180:93a1
2606:4700:10::6816:1857
2606:4700::6810:f015
2606:4700::6811:b7b1
2606:4700::6811:bab1
2606:4700::6812:e234
2a00:1450:4001:801::2002
2a00:1450:4001:801::200e
2a00:1450:4001:809::2002
2a00:1450:4001:80e::2001
2a00:1450:4001:80f::2003
2a00:1450:4001:811::2006
2a00:1450:4001:811::200a
2a00:1450:4001:811::200e
2a00:1450:4001:812::2003
2a00:1450:4001:813::2002
2a00:1450:4001:828::2008
2a00:1450:4001:829::2003
2a00:1450:4001:82b::200e
2a00:1450:4001:82f::200e
2a00:1450:4001:830::2001
2a00:1450:4001:830::2002
2a00:1450:4001:830::2004
2a00:1450:400c:c0a::9b
2a02:26f0:6c00:2a7::268b
2a02:26f0:6c00:2b9::11a6
2a02:26f0:6c00::210:ba19
2a02:26f0:6c00::210:ba1a
2a02:26f0:fb:187::11a6
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:a00::282
2a05:d018:d29:3601:ed2c:619f:ea25:d0b6
3.122.218.60
3.129.250.65
3.66.59.71
35.227.201.248
35.227.246.163
35.244.159.8
37.157.2.235
37.157.6.253
52.20.40.56
52.208.103.128
52.223.40.198
52.27.219.1
52.30.186.249
52.50.67.198
52.7.16.67
52.7.239.78
66.155.71.149
85.114.159.118
99.83.189.147
0329847bed56508b9aa400220f158a203b77e4f12814837b4e52bf8b6091cca6
037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051
09b8ff1678987ed790d4f097d38ee6b8d02f6ca83955a5b8d251fff927cd25d7
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
105830fb09c42dc3c68fe66c0e3103dfc3721d180525999bc5d01326dff2814e
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1134d331d79b895a1512dab2fab634276b22871c93b838de0ed6b8bc58a63f31
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
128921b242c2b1953c2a1691cfd681f716ecbe620ec1a2424a644b9487c23760
131fc94431963db2aafd9df8e135a76ff12eb7a9c1701196a48c7c08aa1145e9
13c1ab8db979abe38ed33d2f1becb5d085f3281286097f5ccf7ef8ee287072ac
13cad5d2aa60f7e2ed1c5439addc8a741567b8289801208e1c55024b22e0d5b9
16eac1eb2aae66e8bab630958963fabc35cff3ca7935d724c0de9c5ab32299c4
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
19a322a6ce7f67fbeafc4643d7a82d74329ad1bfc65ce20b09bd13a8fb4ce93a
1c16d201a9100daacb04cf145129a08cb61e6c06afe4c81f9d63eb7090718c12
209ffe2c4a3eb94ba983fadc62d46e9696c58c4b1aeef1aae8228f46e7f27b7f
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285
255d7536bc23ccf8c9daaffa1e8985fad893b4a6e879989d4a743cef3a14a234
257ee5eb94e65ae5ecc318ff256cf717b723e69844381ba1d217e56e385f5aa7
27ece974910d6cddedf3e1e0756dbceff40bcf76b3bf7f388f9d88594caba302
28e6b21cf5119835c12020c47420b0477884457b1d052d3e5cc356078dac5a58
291437ea71e62b1c35d4ec5d3c5ad02cfa930343b41b1472fba70243089c8bbe
29a5aa71dd8a960c14c0d6d551a455e1904c0d9a274bd6f2e0cf8ea7b8208d70
2a858776bb6bd9226815d72d9d3458d1449c1e46a3ca53340988f22bd247759f
2ac04714ec58571a4ea3d2a6d6c5d6a191098032883a50dd642f9859891ae065
2bb07bfdbb9c8e4f74d67bf241759d4a3b6972513b5818da576106c8e870e62d
2c0fcb77890aa8eae3ff9077573b6db373c826cbcaa879c6d2b71b20d1837340
2d0c47ebaa25efb04b800f2c5a886a2b14e7d812858b49a2f9e9a24cbdf42f4a
2d3392ee6ac1a9b7a9d10b015b51fbafddedec77e5fda7905f60e15b8b588125
2d5ae5a515a688823dc98d032242c2ed6f490a74c4281bdd599567898f9fa675
2ea2b55446961172a279e5c8d258ac64885c1a54c1d9d62aba87ea25e5c2364b
2ec855206935e32d9ad48b5919e4c66b5f4366e04ab07fdade79bab9ff58033c
336bb30461d407ee72236de87aca4fe68d611e1bee0030326778c858a4685b1c
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
3541a291c616524557d75d04f5bf296fca63f3ee5ca5df78e045e48eaba9dcc4
35e58166ab31a9c00180c0c051caa126e88e4de4d6c20fdaf60e735e81c8414e
36ae762191d24727fbba21272ea14872bb7824188961282001d50e67f7b1881c
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
36f424145fc49aeb31e34362c9f4263af9ddebb7e3815d0c40c9d07aafc88d49
380ae99699404953783f154027e0fe151f67759ede82069429df8c1e53505fcd
382e46f577661380685e53a0f8dff4a39a56ce09ed4c94955a9e17ba07596211
38ebe8011cb84a37d8a85611c86d78bbd8d4a4fc598412b6d7882947591c9456
391bb74881cb39f753bb171957f1d1bab83f49abd233b6c19e8d32683699665d
3a0fb2b43c3b4273b37b381dde95ff67fafffc136f9a4a36c48188c30989df47
3c42d82cabb963570626e82fe5e3f8208244e27054180efa1b7b2032091c4a66
3c50271fbe7088cce553c0dd7c52606c6b4f706188d979320adf6a685ff1d691
3d54d65d1a3e03ee57b6b3bea623447a1d39393610bdd51bb389fe20c0b17f78
3d5f33e4272e764851d54af7e81ed73a8898097a0ba054df3406571a9b739a96
3dddbcd995fc5c464a5d7c442c8f4608d9a7e7ae61de44ea416fbe979524bbd2
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
40a1b3366662d4c052b65b0e7842e3e7f78c4514afb3b4a387f550108ecdab03
4167c604ee5a719f314eebb2329408b3ea76d3e72d09e113f155435e62444d1b
4253eeffa7e2615ed928c93b3a121f78f5204a9d309b0f337a99df4e075c7f0c
42e18cf3e34929b45ad8fc524c72c82898c2a9ebe89dd3eb9f8feed643fbc368
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45fa735c6df15f15a1293a9cb3125033408874bf284280e8bcac23f95ad8feac
46375ee9192c1e0f6eabe4d32b2a48b996b93037f7b4beb970df5b87359548fd
46f2f44f6ba778a2ef95106aef1dd669b5eb48bd5f18a4e5b818ebc62217c739
46fe8157ed99bdb96fdeac9265ecd841db6515c06142b450f64f8eb02a060ed4
478ad9a744a81ca0e6799fa27fc3b127eb67eb346cb61fe8cef59b795b2683bf
47e47242df4a701b6ffd3e2b936ef5cbee3b4f2d7584dc2de3a116f4c180bd96
480cc82812c36e795d6ad86fb4627351331396178e063c8ac711366c0cc40df0
4b1c84c10d3648666c1e54980de692c85354af649aeb0645cfd04efb04a17019
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c1f769e0989b07be35f71827cd019f5031d01c09689409aac92774f6afbe18e
4de10bb7ed622654b08c43570d01d619e368da8e2218c88374f184ff2f66f09a
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5021e624e752b001ce3e3846e8f158ed4aeb93a4c9a72fdb35a0c5b14a0eea84
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
51d9d410182884fc5cb7f1a20dfe1950ec9e6eb19cb3610179abb10c70985676
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
550e48ce8660782ce65aa5ab0119b93b0a35c5f76620e6b568a1cf36445e7f81
55150fca5ea96377511a6d85138febb35d8f6694e696bfd5baf839f2b2715919
55b4a8ebd4ce4144242d6bb9d0ebb65a01b2759e67243ed5badc3ac96c6fd396
5616a6e1823b43919f7d1a33817cccfa1d9f30c9f10f2deb00d9c3671f91d5f0
58d6350da5588a52d6baa4efc27a3362b4ee69dba3504fc762f934d7bb5d0bc4
592b2d7cbc5a7cad13de7f9a94f0e7d6112515896fb866303c71a2ad9d7a96c9
5c4d82ad8b212d6ec91c1c0418ae05d21516476b430ad33bc38f7b8284028cdd
5d6f9e14926444bdb66fb6812c46a00f47482a1f7d85ab97ff435d6cc38c69bd
5f4d5008015a20efea096181df1f1964538b745ea638a4197514d05b6c2341a9
5fd9593d89e7c51d5dba6afdc4377698387a56de9e8b0b8060118baf2051bc2e
61a2b2588acde0ccae626edbff25bbe32c1ff43cc0d89859c4ef48af507cd356
61a9a4924579af06533a09ad0072612a6bcc4e69e54349a53fdb2d081cc8d81d
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62afec092c21b138eeb1fc55859f60c19dd12ca3c02bdfeb336a820b016a547b
64754f168a3b1f3fe4366208ef01c05a57681dc8e0be47377c8917b5fa1d415f
64f2e67a1e120bcd4735ed1203d3e012b843ef3aa37516662280a57b4e7bac94
6584d1f57b0306c799c3edf1d36535d03402ce0f0df09cdd9234d67fd0c587eb
65cb5cd5882c666a22bf188d80f04fe01f56fbb3428e29d74aa24e3d9b1c783b
66bcda3ac5133b7420544087e0b3d4b6471c5e764454e2806ebd0a0fc38b6ad1
66c77d8ff2941db7db72681bd8d20a098471a512bfaf2df207bac6b764fb1e42
66ce576219c396435d15948ffba1033a7fd05897786266d132e681b262f24dea
678a2016a47c3c45eb0aebc30c3551b419bc74806c80b3f2d6c3bd600f66a461
68414970e5ebeed5b7e4c413985c9e66ff415c493afc4bf8e64ed24467a14344
6b065f38eaed75574515532e2d687fd23450a662a972d044626b848d6e9d1045
6c138576e7381d3ab0aa7b511adc3a7cbb7fe3a3d33768bad05577f5dfc60cad
6da9d256b7a0d5b69e9fddb56491463fecc0ae806c15a58f703cc00475c65c44
6f86a6b6e809db093d8feb1a76de34f224e5efd634665228c090320173a6ce5b
734421d9e2fa5fe78c7bbd157c8de6a60bd1e0752c8abfcd2ca27f4a477ff2e5
746ea217d97acf20cdc0b81fcbf171d21337861cb596446bfb9bba8582025507
78b341647e8bf718869378550c0c14b87bfe33967b4944d7dac6a2a1f3290d4c
79383342fc38d1b87771128c18bea1331baaac4e386203baa2d700066ac5c727
797734b81543fd3b4ac20d2293d1470e297cfce588ae67cc2113b501a2dc3d55
7999d358f732531dc591d53492b479324a18b7880c9076b736b080f54d74a9f9
79d73807994e13624800e85d65db3c1d5f0a691ae2774d00bb3c3ee2fec2ad80
7a9e2549999b81964cea93f79ff9b7069a2c3f49dd3f24477fe415e05d3e43b2
7c310a100b2bb38cd97a6ed696abe3dd3556b707607d207a13b838cd89f73e78
7c324008782d78640ecf39d78c8e7c12f7bc1fca88fdf78eb778a51916ab4219
7cfe458faed6fe5c3094bd51f1f10174604be983739ade9d828b0aad190043e5
7ef7a784dec92d7ea6685e86565868bc4e87c80b88de4fec57ef2bdd4c36a737
7f232b426b18f8f4806ae1586ad4582c9eb1d72dc015f1357e562193ada3b070
7f8e7e796b2d6bfc1b3d455c1c3a6219b15d3570aeeb1e30f49b376be8e5efcf
800b5e93616451d2bf1d5d1c21c827d92af53762800cbe2fc774ede2a48ea627
8140454fe8ed332221bb81b5cd7af6164efe46dcdbb8188c4715f869b38cba91
81732ef8a3370a547b35a2c25cfa71e1bda0c8c2dfb27f0a57f43e78c72e4261
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
834bd669878a10284620d3544a72bf93ba7f7bb449991f46c9b10762f5b7c040
847be9f4a35ef78beaa493c9092832231bdb790ba0da7d63c357d5ee9e17dd21
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
887a71da48b4df1b36827f3437af336dc249878d36e97634328534860a0c0ac1
89486f5a9a4df154072818eea872ea5d9193406e56152c4176900d9bb44bae13
8b03951013852c8273718fdfb5f1de5e91f45dd7857e372c57fdd2b99017c449
8cc7870a999894c7c44d7b5483fa2fca5a85103a978a2548d2f2af330e2bdb46
8d31a55ac6a80651bdcc96fcf6ad9feadb814068fd6e9a7ea601d9535ab181f8
90252ef0aa9e3d36c861bbeaa1bd57b7f855333edf2957ab9473838a52e2dd7f
91b7185d9849e09900b488c4b2ac8a0105ea91e9580978f52fb686076bb8775c
941a3724badcabfe2080512c8f398df7626d38270e8f76c253666356955f3dc0
94e4cb19c22e935d07b372642b91d6ef04fa8a8c61aed1bc5b17a5e79cdb6a54
9583896b055daf21c4eb2e4badf13da0f2a0415d52107f5cf32717fac3eac9fa
95a439c4e11ace2484e8d42c30ff56cf7db5ea7c6463df9ce2fdafa7f6ccbf54
9688c90c765a81b523a7dcac6be60dad0b20f1d698bbefd16138ab5ba3dfb6b6
992d4d6b7fc5fa7f331c55ea8081376e031d2785411a6584010f48e94c5f4ae8
9b6cc098ce01ad3b405db9e0a955589eae5b479cf1f4c16ca797a428db3bb659
9d972200042ba6b67223a81d25a5e06824c04a87d87455a3e42924d011710ada
9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee
a23d243351ae64782f71e844d28f2a6d461eaa350c975621276d73a59efe4e50
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a316d433a95dc78be12ef9b52d1418f61a84476596636e63b684dfaac344c3da
a355f2718a8d0b7444670aca6fd1dfdc126f9b8e9931a34a52cac9c343a68e3f
a3ed4eeb6ff0371ee043785da9c48b790cd734172ffe02155621376ff9284cd2
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a739cc97a54df824e12fc75392160360e56e55f623a445f99fa26108fa84e6fb
a7baa007c35a2be99bbefd42c149d7bf7d6b38268c7873193d497a08404fe112
ada22e6eba70375c2b46ed604b28c317d19c3208d9354f2d714b1e020d08d7fa
ae0c04f97ad979437002c8d7a3952846e58cb52ddebc83a6f3b3ae86caeedcce
ae9a0f95ede822b1959d214ca0189f6b6390c3196696d4e54ea9141bc200cea8
aea93cd57674c1df4ebbfe01b3de8f6b03ea7c793d520e4b504c73b22ea6cd64
aeaa6078a758995f23fbad8f680d98c2b63515a7c2e5acc30d318efdb4854bb8
b0d1f3c7a5fb9363bec16bdf1d418fdb70c0027b9fc00b6707aa975089684a61
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1e18b8bf2e860ed51dc54b018aed97602eb99d06a13752d4382f6a501cfba23
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
b3d173296f5ec2b5e243ae8ecc76bfd48251d38ac0caf7c5e235efc982a20ed0
b4b91a9918203e32376e5481e50936c0ba8cb75a018a45c6bd31702ed7ea7af9
b4ea12de9c5d47e950cbd83d2de38d60a763895ed48ae90b6033eea787556640
b4fc45ced0d3674403f2d2cf802cecb4d5790c54e0df805a49708fde4e2f1a98
b6ff02c733394664dbb2178c88a0d8ab1292602aaad412e44ee83c3ab7943faf
ba83c227cde7d4c34fb514ccd483305e8dfef365e6b2b70a126f2d73adaa1691
bcaa2b4bd57d9be206ec5b910480231906274cbb5db68a44bbf679ef15c83088
bcb49570bba9c9cd92102f4e343adeee801b7c47db022f779ee47ee5a55c821c
bcc36d4cfff125d2b0f003618bc567324b4e2b04bc46dec0c9c98b94ed721e24
bdb02d532d7bfd45b67a7b2cdec2f9022e4b53fcbc99e8dca2a4d8dbfafacd72
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
be36cf242d7b206d66842ab5b36af859b780372bba70cb5d72acda2626ffe52e
bf6fbc51028fcf2ce45a24cb5c61a395578d29c94b824f91d557c0f9d0c98f20
c45a7b49c14477cd160a83d4ee1fb8c311e12314e042d0647c68bec62f16fe29
c5dd267252cc46037a392493638cde5f7c13ed4bd3b0b401eac351c65ae77eec
c634ffefd7b827041dc43732dccbfa649de8e403ce7da26cdc5f84a366fc6d23
ca2433c0db1c0520973b0c1353c2a5280f528c08fcb6b65586e7cf3e2b834834
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cc5fca409590dca039e15024e5cd10e7d1688abe1d9031bf378e670f1c5c9279
cd0b53e2d3257253a3d5f7c993763c1cd69ae7dc701ea5cb6fb1334336b4334a
cd5f30ad28bfcfa0fa9f534c62f0a2b4229089af2c3215f3abdfd5b767e6b5bf
cf0d76723545b9c97ceaafdf280acb5b674eefcf786afc0f8939c9b328c73a04
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf6915c9dc74d8576271930c0acabac10cfd2be67da37e88b49f74cf49d21537
d003d50642152c4c118d90d660f246ab30405e7ade16349f7332863fa38dcf0f
d02b92776598568047e1ef87f4df4166933bc6cbb7c1151089d8fb2512b09dd0
d1cd94c79864996686b437f0141bde20c7184f6b4bca677aff607141b9b29c98
d1ddd87e48b65c981cff34b7dafeb66c912fe02ef7ff89703ecb875e65e080a7
d39ea4830518090c9da456ae315de53c781abc541e0dcfc44b0e96893d023b87
d69cd54a374f720234b5eb529d12718e9c587ade711ec97574ce5636b72c9e1c
da1986030b191b42a24d8f95f6246b1f42c4bfd1ec1dc53e2551a32f89b34848
dc01323987c050dd4e410f0cc5c845502df1eaa1198f40ba5ffe1a36fa5ae52e
dd1b5e04d54c4420fe3e8e6abe2875fc7f13a3cd6384b6c2afc1a35e302dd846
dd46847a9813d9c75ce9cfba3a988aabeef1d0bc1d7f9a1edd9be8c5234cccc8
e2c28f3e8b6a2e5170859e67cff3e8240e6b888d02005306ef3d2129f5cbd74c
e2cdec10db9a0a224e9f5e49b6f004c5426564fb8d857ad3df480e9c916bafe6
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
e828e6ad4d3fd31aff91f5e557efbbd3eb175eecd76de5fd226ceb94406151e2
e839720e33c1841bde2bbf7566d6c800500057ef99e2fd380473500a14cc70e7
e8a669e713405269b31197812a668430a2116a284753cb8a38a78c5559ea0f7d
ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef7da2ea9165f4486462c7f1dccddb7485e6a1922d220a1c393a8fa7214829fd
f0f6a8b6c19b0c4d1cab075ab2f4f755cfef747424837668e65f431410f816e8
f2b56a0633deb0afff95a7242062134c704d6782a10f2345be43fb3fe65a3ab2
f36f6f1bb408949a0ee9afeecc9543b68964e2b693ee75b99e97a6ee42240a0c
f3be6ad457ba5d4425f4d105688e9cf5a32595ff156bd290c8ccbe0e6ca3a68a
f3cd4dfe6f2850712e6284d9b7c39859d93c45a3aa9c60c3aa9f2fc6346a377b
f45530ee93fe1451632f4c4da09ff7b9dcbbe6a64f2ae824c058c78fababd34c
f507503841f44ee6ba0104d59b7ce4a80162d2cb809314d6c15fcdf089b0e4d8
f565c9a286df6b7af45ff5eafe8ca34b428d9d7caf31d1afea5d4c6bf8c5170e
f8376f9f128934b771ddbece3d1cd6692db14b65b5335f8b25afc6d749084827
fe68999ebdc2cf1ca0dd4f1da397eaaf4a692da3901af417c83a4c34b3339dda
fef7a80726fa79715ef24eff402de690e066df6d447beab18be23b3d32d698a9
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

www.elfinancierocr.com Open in urlscan Pro 2a02:26f0:6c00::210:ba19 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

406 Requests

88 %HTTPS

46 %IPv6

52 Domains

96 Subdomains

76 IPs

8 Countries

4838 kBTransfer

13531 kBSize

53 Cookies

22 Outgoing links

Page URL History

Redirected requests

406 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.elfinancierocr.com Open in urlscan Pro
2a02:26f0:6c00::210:ba19 Public Scan

Screenshot
Live screenshot

Full Image

406
Requests

88 %
HTTPS

46 %
IPv6

52
Domains

96
Subdomains

76
IPs

8
Countries

4838 kB
Transfer

13531 kB
Size

53
Cookies

406 HTTP transactions
9 data transactions