uberturco.com Open in urlscan Pro
2a02:4780:1:600:0:1e95:2297:8 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://uberturco.com.admin-us.cas.ms/
Effective URL:
https://uberturco.com/
Submission: On October 06 via api (October 6th 2022, 12:08:57 pm UTC) from US — Scanned from US

Summary HTTP 136 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 24 IPs in 1 countries across 20 domains to perform 136 HTTP transactions. The main IP is 2a02:4780:1:600:0:1e95:2297:8, located in United States and belongs to AS-HOSTINGER, CY. The main domain is uberturco.com.
TLS certificate: Issued by R3 on August 5th 2022. Valid for: 3 months.

This is the only time uberturco.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	20.190.7.239 20.190.7.239	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	2600:141b:13:... 2600:141b:13::17d7:825a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
22	2a02:4780:1:6... 2a02:4780:1:600:0:1e95:2297:8	47583 (AS-HOSTINGER) (AS-HOSTINGER)
12	2607:f8b0:400... 2607:f8b0:4006:823::2002	15169 (GOOGLE) (GOOGLE)
7	192.0.77.37 192.0.77.37	2635 (AUTOMATTIC) (AUTOMATTIC)
5	2607:f8b0:400... 2607:f8b0:4006:808::200a	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4006:81f::2008	15169 (GOOGLE) (GOOGLE)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
12	2607:f8b0:400... 2607:f8b0:4006:80a::2002	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4006:81f::2003	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4006:817::200e	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4006:816::2002	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:38::181	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4004:c06::9c	15169 (GOOGLE) (GOOGLE)
1 24	2607:f8b0:400... 2607:f8b0:4006:809::2001	15169 (GOOGLE) (GOOGLE)
5	2607:f8b0:400... 2607:f8b0:4006:808::2002	() ()
6	2607:f8b0:400... 2607:f8b0:4006:809::2003	() ()
4	2607:f8b0:400... 2607:f8b0:4006:80c::200e	() ()
4	2607:f8b0:400... 2607:f8b0:4006:822::2006	() ()
1	2607:f8b0:400... 2607:f8b0:4006:80d::2004	() ()
1	8.28.7.81 8.28.7.81	() ()
1	142.250.80.2 142.250.80.2	() ()
1	54.173.252.160 54.173.252.160	() ()
136	24

1 20.190.7.239 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

uberturco.com.admin-us.cas.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:141b:13::17d7:825a (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

mcasproxy.azureedge.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a02:4780:1:600:0:1e95:2297:8 (United States)

ASN47583 (AS-HOSTINGER, CY)

uberturco.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2607:f8b0:4006:823::2002 (Rockville, United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 192.0.77.37 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

c0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:808::200a (Rockville, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:81f::2008 (Rockville, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2607:f8b0:4006:80a::2002 (Rockville, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:81f::2003 (Rockville, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:817::200e (Rockville, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:816::2002 (Rockville, United States)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:38::181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c06::9c (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2607:f8b0:4006:809::2001 (Rockville, United States) 1 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:808::2002 (None, )

ASN- ()

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4006:809::2003 (None, )

ASN- ()

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:80c::200e (None, )

ASN- ()

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:822::2006 (None, )

ASN- ()

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80d::2004 (None, )

ASN- ()

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.28.7.81 (None, )

ASN- ()

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.80.2 (None, )

ASN- ()

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.173.252.160 (None, )

ASN- ()

realtime.clinch.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
36	googlesyndication.com 1 redirects pagead2.googlesyndication.com — Cisco Umbrella Rank: 131 tpc.googlesyndication.com — Cisco Umbrella Rank: 170	469 KB
22	uberturco.com uberturco.com	310 KB
19	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 68 stats.g.doubleclick.net — Cisco Umbrella Rank: 171 static.doubleclick.net cm.g.doubleclick.net Failed	484 KB
10	gstatic.com fonts.gstatic.com www.gstatic.com	155 KB
9	wp.com c0.wp.com — Cisco Umbrella Rank: 7898 stats.wp.com — Cisco Umbrella Rank: 3434 pixel.wp.com — Cisco Umbrella Rank: 2931	67 KB
8	google.com adservice.google.com — Cisco Umbrella Rank: 136 analytics.google.com — Cisco Umbrella Rank: 629 fundingchoicesmessages.google.com www.google.com	48 KB
5	googletagservices.com www.googletagservices.com	221 KB
5	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 118	4 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 94	20 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 129	180 KB
3	azureedge.net mcasproxy.azureedge.net — Cisco Umbrella Rank: 79854	44 KB
1	clinch.co realtime.clinch.co
1	pubmatic.com image6.pubmatic.com	166 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1003	699 B
1	cas.ms uberturco.com.admin-us.cas.ms	1 KB
0	gemius.pl Failed googlecm.hit.gemius.pl Failed
0	openx.net Failed rtb.openx.net Failed
0	addthis.com Failed e.dlx.addthis.com Failed
0	adnxs.com Failed ib.adnxs.com Failed
0	casalemedia.com Failed dsum-sec.casalemedia.com Failed ssum-sec.casalemedia.com Failed
136	20

	Domain	Requested by
24	tpc.googlesyndication.com	1 redirects googleads.g.doubleclick.net
22	uberturco.com	uberturco.com
12	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net uberturco.com.admin-us.cas.ms
12	pagead2.googlesyndication.com	uberturco.com pagead2.googlesyndication.com googleads.g.doubleclick.net uberturco.com.admin-us.cas.ms www.googletagservices.com
7	c0.wp.com	uberturco.com
6	www.gstatic.com	googleads.g.doubleclick.net
5	www.googletagservices.com	googleads.g.doubleclick.net
5	fonts.googleapis.com	uberturco.com googleads.g.doubleclick.net
4	static.doubleclick.net	googleads.g.doubleclick.net
4	fundingchoicesmessages.google.com	pagead2.googlesyndication.com
4	fonts.gstatic.com	fonts.googleapis.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	www.googletagmanager.com	uberturco.com www.googletagmanager.com
3	mcasproxy.azureedge.net	uberturco.com.admin-us.cas.ms mcasproxy.azureedge.net
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	adservice.google.com	pagead2.googlesyndication.com
1	realtime.clinch.co	googleads.g.doubleclick.net
1	image6.pubmatic.com	googleads.g.doubleclick.net
1	cm.g.doubleclick.net	googleads.g.doubleclick.net uberturco.com
1	www.google.com	googleads.g.doubleclick.net
1	analytics.google.com	www.googletagmanager.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	pixel.wp.com	uberturco.com
1	stats.wp.com	uberturco.com
1	uberturco.com.admin-us.cas.ms
0	googlecm.hit.gemius.pl Failed	googleads.g.doubleclick.net
0	ssum-sec.casalemedia.com Failed	uberturco.com
0	rtb.openx.net Failed	uberturco.com
0	e.dlx.addthis.com Failed	googleads.g.doubleclick.net
0	ib.adnxs.com Failed	googleads.g.doubleclick.net
0	dsum-sec.casalemedia.com Failed	googleads.g.doubleclick.net
136	31

This site contains links to these domains. Also see Links.

Domain
eftalive.gr
telkomuniversity.ac.id
www.johnjasonfallows.com
wordpress.org
themeansar.com

Subject Issuer	Validity	Valid
*.azureedge.net Microsoft Azure ECC TLS Issuing CA 01	`2022-07-27` - `2023-07-22`	a year	crt.sh
uberturco.com R3	`2022-08-05` - `2022-11-03`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2022-06-11` - `2023-07-12`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh
*.clinch.co Go Daddy Secure Certificate Authority - G2	`2022-03-16` - `2023-04-17`	a year	crt.sh

This page contains 19 frames:

Primary Page: https://uberturco.com/
Frame ID: B2DC09707983E67A23F284A1D593BB55
Requests: 54 HTTP requests in this frame

Frame: https://mcasproxy.azureedge.net/proxyweb/1.22.31/html/session-context-restore.html
Frame ID: 05B79B9BF4E09EA67CAE82540055956F
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221003/r20190131/zrt_lookup.html
Frame ID: 3D741A08B23BABC307E82A32F02EF0DE
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6820926494053328&output=html&adk=1812271804&adf=1573534164&lmt=1665058134&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fuberturco.com%2F%3F&ea=0&host=ca-host-pub-2644536267352236&pra=5&wgl=1&easpi=0&asntp=0&asntpv=0&asntpl=0&asntpm=0&asntpc=0&asna=5&asnd=5&asnp=5&asns=5&asmat=1&asptt=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665058133859&bpp=116&bdt=125&idt=457&shv=r20221003&mjsv=m202209290101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=46689774623&frm=20&pv=2&ga_vid=13632442.1665058134&ga_sid=1665058134&ga_hid=1484840707&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44774717%2C42531705%2C44774292%2C44773746&oid=2&pvsid=3253638542876489&tmod=1385536409&uas=0&nvt=1&ref=http%3A%2F%2Fuberturco.com.admin-us.cas.ms%2F&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=504
Frame ID: 7495A08BAA896CA7D20FE44F92265716
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6820926494053328&output=html&h=280&slotname=3271466646&adk=2754459079&adf=3025194257&pi=t.ma~as.3271466646&w=1200&fwrn=4&fwrnh=100&lmt=1665058134&rafmt=1&format=1200x280&url=https%3A%2F%2Fuberturco.com%2F%3F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665058133976&bpp=2&bdt=242&idt=403&shv=r20221003&mjsv=m202209290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=46689774623&frm=20&pv=1&ga_vid=13632442.1665058134&ga_sid=1665058134&ga_hid=1484840707&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44774717%2C42531705%2C44774292%2C44773746&oid=2&pvsid=3253638542876489&tmod=1385536409&uas=0&nvt=1&ref=http%3A%2F%2Fuberturco.com.admin-us.cas.ms%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=EAsOcOEc0F&p=https%3A//uberturco.com&dtd=427
Frame ID: F47A39302E74A63BB43FE46A61768B3C
Requests: 15 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/gnLtmcL-mn53pq-EJRMXOCFACjpZd0iqiIv80oTeKas.js
Frame ID: 5C53302A22FD9B02A26323A38B43ECF6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-6820926494053328&output=html&h=280&adk=3363353524&adf=3655539425&pi=t.aa~a.1933430533~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665058135&rafmt=1&to=qs&pwprc=8930795913&format=1200x280&url=https%3A%2F%2Fuberturco.com%2F%3F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665058135422&bpp=2&bdt=1688&idt=-M&shv=r20221003&mjsv=m202209290101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd02a2140e79f9283-22b16de189d70008%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_Mabi3PYAGGvXa880WDGxB6Ow4_zbg&gpic=UID%3D0000087b3ba0cced%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_MZPcNUPcX38xHMRZrtbYtaBWjPZQg&prev_fmts=0x0%2C1200x280&nras=2&correlator=46689774623&frm=20&pv=1&ga_vid=13632442.1665058134&ga_sid=1665058134&ga_hid=1484840707&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1356&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44774717%2C42531705%2C44774292%2C44773746&oid=2&psts=APxP-9DByzvzri-yfovjGURkzHcLrkzeMoVgRH0ur0NyH5BKjbvkHMqEc79QZo0cCS9MI3gd9Ngp-jW2aOog&pvsid=3253638542876489&tmod=1385536409&uas=0&nvt=1&ref=http%3A%2F%2Fuberturco.com.admin-us.cas.ms%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=bnpNIxEHiD&p=https%3A//uberturco.com&dtd=211
Frame ID: 0F112B0054557546A729C8FF2DAD2AC3
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-6820926494053328&output=html&h=280&adk=311334090&adf=2834981708&pi=t.aa~a.21044265~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1665058135&rafmt=1&to=qs&pwprc=8930795913&format=370x280&url=https%3A%2F%2Fuberturco.com%2F%3F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665058135422&bpp=1&bdt=1688&idt=2&shv=r20221003&mjsv=m202209290101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd02a2140e79f9283-22b16de189d70008%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_Mabi3PYAGGvXa880WDGxB6Ow4_zbg&gpic=UID%3D0000087b3ba0cced%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_MZPcNUPcX38xHMRZrtbYtaBWjPZQg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=3&correlator=46689774623&frm=20&pv=1&ga_vid=13632442.1665058134&ga_sid=1665058134&ga_hid=1484840707&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1015&ady=2819&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44774717%2C42531705%2C44774292%2C44773746&oid=2&psts=APxP-9DByzvzri-yfovjGURkzHcLrkzeMoVgRH0ur0NyH5BKjbvkHMqEc79QZo0cCS9MI3gd9Ngp-jW2aOog&pvsid=3253638542876489&tmod=1385536409&uas=0&nvt=1&ref=http%3A%2F%2Fuberturco.com.admin-us.cas.ms%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=cslhppJtRY&p=https%3A//uberturco.com&dtd=238
Frame ID: 31C67921D52AEB2D442DD382610C07C5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221003/r20110914/zrt_lookup.html?fsb=1
Frame ID: 0709EE589BDF5E7997C4886D9AA77826
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221003/r20110914/zrt_lookup.html?fsb=1
Frame ID: A71C69BCC0498D7B5FB1DAB125017A1C
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20221003/r20110914/client/load_preloaded_resource_fy2021.js
Frame ID: CD090D5AC48A627CE971EAB8A9FF4DE2
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/gnLtmcL-mn53pq-EJRMXOCFACjpZd0iqiIv80oTeKas.js
Frame ID: B199E5C6D340C5677D2F0EF0C0F50F9F
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 93EC28A3B9217DD05510216B32FC81C4
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ-c9gIQjNWC9gEYjLqAyQEwAQ&v=APEucNXw1AbP6TcogfMB_vk5fGo5jyltuL5m-d4SH6_ncEUAu9zBCEfHzUA-lvFr5LWDZVcFDjqeyq125fBE_OrHd3dLjCZ4ZA
Frame ID: 726D7FCDF095D968C0AD510AD40EBCB0
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CcljoNPviJ2RrwzfwExCeMxd57-UomNHBLyydRQ8KkauOlXU5wr6cvWqXRq-u0p9S0qrhs2EU4sd89ZZAJn3-lRjI_gRwb8tskpwEzxi3rfF0OQF0HFPvLWoYMlF5X9JBoStFZOq3aCgw_8YHiKN_o1urI8CEQ3TkaKwCUt8pdlG2NG8E&cry=1&dbm_d=AKAmf-DdTs4HLt30mgkMN9R1G8pRq97Oz88GAmDWXILJRtJB4Yq1XMd0WBY0omNvnriPvsatFK3DTAObYwWaGB-y5iMvBAHQhzn_dL2uE0UnytD04vmZw0lTsh2BccvWHKu9B2luhCChZER-D-RjwrBNjqdt0oo7vsSLM2r_R7cKuyuQgGt7c7njDt4HFiLJU6MdiaVJNVMASCjcXgXOJWOsIatqrK8MFrCWUZ9dPUjD17ZwIPCSNdUNnfBekjM_lVtNHPRsG7RLevvNj2GWo8Mww_1NLUN45jmjl4AeGOM5mhfN38lj_L11XItLscDg53k2cvndpuCGv0KY4JHru3znYGUmwAz4XI6dI64WpZZ65j5O1X3CSesig2lwPEJ5o0uqYpb-eV1yI-7FJdrPS7U7hopXHusjcPuV2Aal6xv2dzqRSiqpbnow7v5zcPlCqqlndstZiUl3UwlxcFVIfzIInd5EMJLaDDEh9PcQoWG1RDdYitBsLpP200rTF-h8J4Ds0KONulvq4rn-TfgcKxpkAxF3emrI1wfMYB3Svn7HVwe8lK5rXEjWOQlQ_6Dd2JuL9tW11aZ0vrTAOGW3bzFB_0ZJh5Y_qnAU3_xgDESsv43KQFcGAhjG2tAy6iunN6UNZUNgHmEPLIjqE9sKSKdop2fjWRLetxQb8r3ffm48KgHftuYiiXU6DS_-FKzCPnMHr9TjZ7xfzZDOVABfxmGKsZ3cFdo-HsY_0cIuYE0itDXYli_KLBrUgia2k3x8LNu3-f5xNpvGgXKrr2a1d6U4jsr1jwA0oEseza2edPGlRs7tZJgP38R5AjmLuiNSqHfhfc_XwSFxk7y_yMmB2_qBuMgIB1aqRn8-kw6OkkdouXaPv9tdwmdYC3LcRN6VQiHQSPFhimFDY4Z_FW6VehEAtcrL0n4Ow2tinydLRqKI_7jZL1lfqXPzq-YC0wE9vMwjovtqXYG4Krr9vZ9mk8JRNG1q9Hk_hHyjhYDOfgh4Uv1LAALTsPlcc6VqtuZCHEROsmfRxRGC6etZf51ICwZodD92hgl6PdhV5BI_jrWjzb7yL7eiAm9GBk3aek_pKRZKQJmf-gt8gE2sGDjSHbsTGd28XxSUjGqKODLEMWCOiHoDYr0jHjYZs4U-6z30z3HsMs-FDI4VwS6eBytpKZhhi6UjuOMZU3CqwwXqtb3b8gLc1IxMyoiewGZ5jv6DePwTbghadXHAIV7UoLSCuyvdvqHN1KMKFbTeNHLntIX08rBrjfrjXK5mvjCSfF77zTutHzXHULTDTB40KmrkD_bJ6LM54jTgalLsw1LWzg-VyL9SbSXxkdUL5QtUxbft-QXInG8889N3osbAjpyHX_VTftNGarOcFBA8_WmpUZuMvTvL2EMV6bLaAG2SU2W6_y6EwTSgAkz4ONgpWAnw-BJKdKYkfg-fShhlQNLLrpGce3jemBbzbpYa28KsPZwOz2ldhkDpXZgZDfyQF7jATwhLRsImhx94M_7Lfh44q_I8jwkX7_hiruI_CTowgfSfRG5MusfoLQhhQD3xu8nOOBURjSGthKtRMNYMMnRu0ttRoJ6-nOUkcOEgEcUEphM75grNDIcbP289iLkSKEgxbq1WNA0YFo7OTJlB5-zLkzmufpcXYxZOsFbyP56kFhlhWW9s6TXfqt7fRrNAJvibpTJumI6X5VaWBmVpFp_j5ZCiFeDDKg7y5VqEP1LccCqIi5NZXd0Fy8Iu2Jqe8gpF7QFDsOUHI2P6MPCwWW0hOr4VgEIen4I7WxZV1CIZ7jad9beL4nEQD0XaiQxXpZ2xGn3KqDcRfwOlgx7U-ts7kW1-e5WnQHkdC4v1xjcXko8AT6wCX18QFFWymXRX9mAzgyoO6BI5UZVsGZTfMvFd6uG581ai1ddE2MOqzX0JWuPQoemDqjKWgwElBFJntYl3kUHfK9Ldpb8DUmWmPIcd-4JKjcO8zTC-YsM0c_bKW9Up5KBsLH10xsa3VAIC6QbZn2HM7NmGKLHMh_Dti-fF6bI1-uDF9yFu0lBBO3tPMefUsCTTebYZbh5_JlBoj8xg1ZU-schSEHoXS5TwHq-K6vwIRtcOlKQePemmIv4ZKUihoALQVsTZgmSf44jZTLjBHDo4Oar_plUlCsOXIwPBPnSE1tsy8XK88NJHPC3hqe_t-uM2i81w-1o1F9M1RpPLGSDm3uusjZaHzzzIIwD40fmyHanuDHvARSCb0UXgOCwqDX9Ui4Bn4A6cDOaeY3hvPmwAfX24Uqvfgsxyy4__nEIyKVHvHuCv8hGJvepbolCz1B-qg3aez6gCsEVLx1DEd4bmVa4wOkL8CYxnMUudAOiXnX4AwMhQAr7VInmeoU3QXczONNoC9Zk7jisINHu9NkQ9R4gf6nsgGyYJpdOWIr2e3NInnuS3LwsBxWsyt7MdOFaG2bvABG1rESy1tGB2tfivanaSRqei5YcPYz_gAoqcfSaR9o0VgHDtU0xtM306zPntWXM6sCR4ifiVHv5of0elBdwZShQA_L3gjPWCZ7YsSgQ-zlmlUhkX3yCsQ0JWm8OuCVhh1l2lnyk6wrVdCsnF0TL2isu43MZa_juPLzbccxD3yrSku5bJ8ph_xrfRErxjnfes3pKF0rFMDWYhMcJn5cFOKsn6Myv61Rgxkn7gfk5q9LOUInI0P_Hb2zT5yDwGIzNonxPVlIpOH21cKApEi6Ta0UOpOBBn2ejTHvaVvx2_Yda6UmvzDUGW84urVn8HCckSHu8XIdejy0ur4OUE0N_07icy-YI5ryy3j9Kj12Ffuff8Fu7U_KlLvlZpcUa-Nz5PuwSWHXMab9afPMPtosaw8E0IXwNpxMqNVW4PpXu6Pj7ILaLChk6veYvemiTeCurvoc0-2H4Coo8VUX5juM0znjQDWVblHrakHryjkYidCOLMWyrfMkA_Zqfy6rqBpaJtCd3TLw9edBgyEBk__PqdstWExK2Trx-RmR1Ka0fxS6wHQPRwYLJu2fklcA-9ntJIYmtj6iavcyhcWK7z1EONnK202ffJvymwgOhhbHGl7mSbRvF9YB-EYR5L6S5XCxzHpvHzGfM2GhZhl02GTEe-URPC2g5PWOJ4qWwinN83eZeqaaQAx5OBor039PbOaRSyA2c0yN1UdS2pSZb__xvcS2gz--6jCZsMY4s6cdWcuy9BsulvWAGRJP5p1BmfP9yKQOJEvMZy9bNgUL23jKGoCeJmp6MDB5_x3WuiJxUgT_at32lB7pIKPEMb9mDby0FepgUvT156y-jxJufpNtm0tGEgXRoIx-R-H1dJj8sRo1cugHAUnsflpWUjCvVMo-9QRp5a1N5XdyHb2ECdpbB2ieYYA6oyeEd90_eZWfxvW4a8yEN8U0ymYHzuwh-zN1U15z9BkArmYztTjdPXypzkUrC_m4Q68se67xhUUOwDvripD2yRIAlmSsY2JQFMTRhIVGpG6QqGbozT6H5rcCjEm3X_ug&cid=CAASJeRoLkQhNQwtnkLXx7n-gO673sHzNpEOBTb3WefWkr0hXkrYwOw&rfl=2%2Chttps%253A%252F%252Fuberturco.com%252F%240
Frame ID: A9CB9346563CCE9650F7583C91050A2A
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/gnLtmcL-mn53pq-EJRMXOCFACjpZd0iqiIv80oTeKas.js
Frame ID: 7BDB115CF24CCA552F6F8FDCDF710F4F
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/gnLtmcL-mn53pq-EJRMXOCFACjpZd0iqiIv80oTeKas.js
Frame ID: 314C57B2BB767C690BB776CD5311CF23
Requests: 1 HTTP requests in this frame

Frame: https://realtime.clinch.co/video/player_v1/player?cid=yldcQE&caid=11217&format=_300ax250a&clkUrl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCRBPxV8U-Y9uMK8_CxtYPhu60uAank-Ltab_297LaD_AuEAEgwOugYGDJxqmLwKTYD6ABsLP9qQLIAQmoAwGqBJoCT9Aw3BDTfyA76UprVIvg3Qi7A6JAoW_9V3ZoeJzwiizM-ObommfYiMFawZdGrxh2Wr7I8NCRjbjdiR3Utp2GLTHxS93EEL5lO281MqmhkaoLFpwtuVpcs3c5MidALU1oa89Q4CFPjpGllqqqLwYBWzmNMjtsvy4xfkkTBvMteW98IiuMZXfckK0ipZbZcPTOn-E_ysx9nn5dxkkcujWvYfzU_CIjWo1XiT13D8Xyg2BFxClj2eZZP4EX_HvRS68yQ33XcvNki57MNSQXEgS77xRU0zk85ft0O-wzjnwu_IFKbzJR_O0pBL41UxHmYVRTqQ7V2bPJHZovFjvb8nv56mm7oWX1xxsWmci9oh9Z0hUTGODug15B493qwAToqJDR-wPgBAOQBgGgBk2AB7jMgtYBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIDwiAYRABGB8yAooCOgKAQIAKAZgLAcgLAYAMAbATr7XHENATANgTDdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJeRoLkQhNQwtnkLXx7n-gO673sHzNpEOBTb3WefWkr0hXkrYwOw%26sig%3DAOD64_0TZyKPPt7CardnMyvW9mKpubwoyQ%26client%3Dca-pub-6820926494053328%26dbm_c%3DAKAmf-CJWtl09TuTKJv256CKZp-QWryN34yPI4NZrFXOZo5dN90jkLrfHvhyY_4Bd-LsgTx4yQD45LBK-raIUfUlUvrQFiMN3dGk6GLeUByOgrifqA-c2FjsQ76ZH3F9-DXstBT9O63yPFOUgTfPaUY4zCauhvsWphmbsS7IGEIt87eQ9HqsEgU%26cry%3D1%26dbm_d%3DAKAmf-D08eTD8HrStM1Yb00SfmZnNKvakaNRreBCV_6n-oOdOYP5pbCYVdFS657X5Dr2OfN6ELFwV23U16HnqB1H6V3mBWEtEPvz0cmerNK8PCKT6QhUr1P2fnggFLbHGfRsEqlP-nutu6-flh3f0WSuyceVLAEcR-Prs9S0EleDHZFNHULXd_3-LEk8maPqlPaXkX3zi8MT-gdEivKV889X8h59q-KPsVkQg94MZRZA3nvWG1mIrA8SsnOIx63Gr00seuWNEg8BZV2FjHW-S7nE0K6lbbCs_GmDd1JDzVg5yqh2W2gXMs6Jd5O_s0UypOGLBrwkILL401gExqLh6GlgW9karhYeBDBwhES7L4tINwZqKlk6SXV9oodMo54XWz9LhrUj-QjR8I-8_yEUB9o6MsaFpIqFMo8gbbH2gN_hAx4PDqPmPMtdgx4q_sSQpn_wMjSnhV47Y_m0uFINdhexu7PwR5Hlkv6np-XA1eHY-0u0LtjCpwz8rn2iXT1BZHZ38Qpj2nO2rYFM-orCm7d298Ro5E5AbztUptYAgwQf5zyT1NyowWM%26adurl%3D&dsp=dv360&plcId=334385315&dsp_impression_id=ABAjH0g1LkdQhdvckBkkkWqnI3Q6&site_url=https://uberturco.com/&dsp_pub_id=1&site_id=1397145345838&dsp_insertion_order_id=28045553&dsp_caid=16968901175&dsp_crid=421534988&dsp_tracker_token=AD1EzRQAAABoCmAKDAgAFQAAAAAdAAAAABIMCAAVAAAAAB0AAAAAIhMIt8Szmz-oAozVgvYBsALx4a8NQAHSAioYACITCJuU1vXIy_oCFU-h0QQdBjcNZygBMAE4v_b3stoPQAJIAViZgSAQjLqAyQHiy6HO4vkjpQ3cPQ9TJYqJ&rnd=1665058135706139&gdpr=&gdpr_consent=&gdpr_pd=
Frame ID: 234ACFDD596B25A834376B71B90BF1B8
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: C6ED6CDF824377829487634D3FC8ED59
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Uber Turco News – Entertainment, Breaking News, Sports

Page URL History Show full URLs

http://uberturco.com.admin-us.cas.ms/ Page URL
https://uberturco.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
<link[^>]+s\d+\.wp\.com
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OWL Carousel (Widgets) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+owl\.carousel(?:\.min)?\.css
owl\.carousel.*\.js

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

136
Requests

91 %
HTTPS

74 %
IPv6

20
Domains

31
Subdomains

24
IPs

1
Countries

2003 kB
Transfer

4917 kB
Size

9
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://eftalive.gr/ektakto-aftoktonise-o-drastis-tou-makeleiou-stin-tailandi-itan-astynomikos/
Title: #ΕΚΤΑΚΤΟ | Αυτοκτόνησε ο δράστης του μακελειού στην Ταϊλάνδη. Ήταν αστυνομικός! – 7live News

Search URL Search Domain Scan URL

URL: https://telkomuniversity.ac.id/
Title: PTS Terbaik

Search URL Search Domain Scan URL

URL: http://www.johnjasonfallows.com/2022/08/28/the-map-shows-how-putin-would-engulf-his-own-country-in-radiation-if-his-forces-shelled-the-nuclear-power-plant-in-ukraine-august-28-2022-at-1141pm/
Title: The map shows how Putin would engulf his OWN COUNTRY in radiation if his forces shelled the nuclear power plant in Ukraine. - August 28, 2022 at 11:41PM - John Jason Fallows

Search URL Search Domain Scan URL

URL: https://wordpress.org/
Title: Proudly powered by WordPress

Search URL Search Domain Scan URL

URL: https://themeansar.com/
Title: Themeansar

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://uberturco.com.admin-us.cas.ms/ Page URL
https://uberturco.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 111

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDrsaa26wEQgAgYgAgyCCLDMGwWVTf1 HTTP 301
https://tpc.googlesyndication.com/simgad/10124421203004885384

Request Chain 123

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGMl8cDCVKLx93i7byAInFU&google_cver=1

Request Chain 124

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yz7FWDs.Mb2B7swFQF.0PgAA

Request Chain 125

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEIw9GXq7NASgZ0BQeJshq7A&google_cver=1

Request Chain 126

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D

Request Chain 132

https://rtb.openx.net/sync/dds?google_gid=CAESEAQFleHULB7UX5HHqIhN-JA&google_cver=1&google_push=AZmPxg-TTXuGasFCq0SFZt1nWVMrIy5S9S6kucZko4GwC_0yAA_8R5DyC07oI2cTsACe9-HiXZ19g62url7WY6IA9Mnj_e2j-DkL HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEAQFleHULB7UX5HHqIhN-JA&google_cver=1&google_push=AZmPxg-TTXuGasFCq0SFZt1nWVMrIy5S9S6kucZko4GwC_0yAA_8R5DyC07oI2cTsACe9-HiXZ19g62url7WY6IA9Mnj_e2j-DkL&ox_sc=1

Request Chain 134

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJ0ax1jNXzmnUJbOl2mkLXk&google_cver=1&google_push=AZmPxg-Hn6zPEslakrDYu0UIm6aMbnb5cwian940HktZ_vCymTU4nIJXU5SV_b3_Kxe2S8-N8jEycxnqhPo8XGcsIU1itsz4H5y2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDhYME1HVTctRi1HNFcx&google_push=AZmPxg-Hn6zPEslakrDYu0UIm6aMbnb5cwian940HktZ_vCymTU4nIJXU5SV_b3_Kxe2S8-N8jEycxnqhPo8XGcsIU1itsz4H5y2

Request Chain 135

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEI-2YUaFmox-scg3F-lmHr0&google_cver=1&google_push=AZmPxg9-iRDTCUv-tPA6k_M0LyhLGJtNL6C1F6C1XdEn_ep6l_0a9hgr01o6ZxzlMfkcgZtpBSOn00Z8AYGHszH7Y5zE9MhiWZAV HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEI-2YUaFmox-scg3F-lmHr0&google_push=AZmPxg9-iRDTCUv-tPA6k_M0LyhLGJtNL6C1F6C1XdEn_ep6l_0a9hgr01o6ZxzlMfkcgZtpBSOn00Z8AYGHszH7Y5zE9MhiWZAV&s=184023&C=1

Request Chain 136

https://cc.adingo.jp/adx/push/?google_gid=CAESEEXu0gPQa7T-M2SayB4Xiic&google_cver=1&google_push=AZmPxg_jpm_kex8KAsdXQng1jYMA4HkcayGdjOWzfIVkkIc6O3AdstmCUHi_-D39XE01wfTg9nWTxiluH_eVPmVRQEfT5N3wl325 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=fluct_eb&google_push=AZmPxg_jpm_kex8KAsdXQng1jYMA4HkcayGdjOWzfIVkkIc6O3AdstmCUHi_-D39XE01wfTg9nWTxiluH_eVPmVRQEfT5N3wl325&google_hm=6f0e4f448ac8eb8dc0f15225a1b54d68

136 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
uberturco.com.admin-us.cas.ms/ 1 KB
1 KB 221ms
80ms Document
text/html 20.190.7.239
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

http://uberturco.com.admin-us.cas.ms/

Protocol

HTTP/1.1

Server

20.190.7.239 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

openresty /

Resource Hash

5a80217519b9fa77b47f3467ffc52ae12c7cf3d44d31fabed8ce99ed0a531837

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Thu, 06 Oct 2022 12:08:51 GMT
Expires: Mon, 01-Jan-1990 00:00:00 GMT
Pragma: no-cache
Server: openresty
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
X-MCAS-Cache-Status: MISS
X-MCAS-Processing-Time: 2
X-MCAS-Request-Id: 062099db04be0904a2166d577a2b20b8
X-MCAS-Upstream-Time: n/a

GET
H2 200 session-context-store-helper.min.js Show response
mcasproxy.azureedge.net/proxyweb/1.22.31/js/ 5 KB
5 KB 30ms
9ms Script
application/javascript 2600:141b:13::17d7:825a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcasproxy.azureedge.net/proxyweb/1.22.31/js/session-context-store-helper.min.js
Requested by: Host: uberturco.com.admin-us.cas.ms
URL: http://uberturco.com.admin-us.cas.ms/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:13::17d7:825a New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: c4b31737c5fe64db34abea57a13239f3439ba864b7b3831b4872b58e0c6d5fd3

Request headers

accept-language: en-US,en;q=0.9
Referer: http://uberturco.com.admin-us.cas.ms/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Thu, 06 Oct 2022 12:08:51 GMT
last-modified: Mon, 19 Sep 2022 08:26:43 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5: Qh6Fmc0rxdbvbMqaLfAfTQ==
etag: 0x8DA9A18AF397917
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: a66eb392-101e-0018-69b6-d3e2be000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=30901116
x-ms-version: 2009-09-19
content-length: 4826

GET
H2 200 session-context-restore.html Show response
mcasproxy.azureedge.net/proxyweb/1.22.31/html/ Frame 05B7 209 B
659 B 20ms
19ms Document
text/html 2600:141b:13::17d7:825a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcasproxy.azureedge.net/proxyweb/1.22.31/html/session-context-restore.html
Requested by: Host: mcasproxy.azureedge.net
URL: https://mcasproxy.azureedge.net/proxyweb/1.22.31/js/session-context-store-helper.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:13::17d7:825a New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: a3c954e6d1422643abfe41e74b726918caa087460903ec4267bc4e5293132451

Request headers

Referer: http://uberturco.com.admin-us.cas.ms/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=30097148
content-length: 209
content-md5: xcQ/+x+i42xZPwR88wJc4A==
content-type: text/html
date: Thu, 06 Oct 2022 12:08:51 GMT
etag: 0x8DA9A18AC8121AD
last-modified: Mon, 19 Sep 2022 08:26:39 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 8d308350-901e-002b-2a66-ccbb93000000
x-ms-version: 2009-09-19

GET
H2 200 session-context-restore.min.js Show response
mcasproxy.azureedge.net/proxyweb/1.22.31/js/ Frame 05B7 38 KB
38 KB 12ms
12ms Script
application/javascript 2600:141b:13::17d7:825a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcasproxy.azureedge.net/proxyweb/1.22.31/js/session-context-restore.min.js
Requested by: Host: mcasproxy.azureedge.net
URL: https://mcasproxy.azureedge.net/proxyweb/1.22.31/html/session-context-restore.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:13::17d7:825a New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 68839f7ff6729a90f2e1b9df9468a7bfdedfe247002ff39d56ff94bc829e7a70

Request headers

accept-language: en-US,en;q=0.9
Referer: https://mcasproxy.azureedge.net/proxyweb/1.22.31/html/session-context-restore.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Thu, 06 Oct 2022 12:08:51 GMT
last-modified: Mon, 19 Sep 2022 08:26:43 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5: KzxKIFELRJDk/nXzWazXbg==
etag: 0x8DA9A18AF628189
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: baf5e40c-f01e-0056-5caf-d1275b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=30678196
x-ms-version: 2009-09-19
content-length: 38693

GET
H2 200 Primary Request / Show response
uberturco.com/ 104 KB
19 KB 2172ms
1997ms Document
text/html 2a02:4780:1:600:0:1e95:2297:8
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:600:0:1e95:2297:8 , United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed / PHP/7.4.30

Resource Hash

607855fd4b98abc3ebf49a5d5dcdf6a9cd450e1900827a9314ef91d9fad3a694

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Referer: http://uberturco.com.admin-us.cas.ms/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Thu, 06 Oct 2022 12:08:53 GMT
etag: "9773686-1665058133;br"
link: <https://uberturco.com/wp-json/>; rel="https://api.w.org/" <https://wp.me/dawFD>; rel=shortlink
platform: hostinger
server: LiteSpeed
vary: Accept-Encoding
x-litespeed-cache: miss
x-litespeed-cache-control: public,max-age=604800
x-litespeed-tag: 16b_HTTP.200,16b_home,16b_URL.6666cd76f96956469e7be39d750cc7d9,16b_F,16b_
x-powered-by: PHP/7.4.30

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 162 KB
54 KB 57ms
36ms Script
text/javascript 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6820926494053328

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d3977491b252688118a85970ed86f15c1b9be569fabff025bf90411e71bbb9cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://uberturco.com/
Origin: https://uberturco.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:53 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54655
x-xss-protection: 0
server: cafe
etag: 17187221557912948037
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 06 Oct 2022 12:08:53 GMT

GET
H2 200 wp-emoji-release.min.js Show response
uberturco.com/wp-includes/js/ 18 KB
5 KB 28ms
25ms Script
application/x-javascript 2a02:4780:1:600:0:1e95:2297:8
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://uberturco.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:600:0:1e95:2297:8 , United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:53 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 16 Jul 2022 16:40:27 GMT
server: LiteSpeed
etag: "48b9-62d2e9fb-93826b35f19c5b40;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 4572
expires: Thu, 13 Oct 2022 12:08:53 GMT

GET
H2 200 style.min.css
c0.wp.com/c/6.0.2/wp-includes/css/dist/block-library/ 87 KB
11 KB 72ms
4ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.0.2/wp-includes/css/dist/block-library/style.min.css

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-nc: HIT ewr 2
date: Thu, 06 Oct 2022 12:08:53 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Mon, 04 Jul 2022 12:10:37 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Fri, 06 Oct 2023 12:08:53 GMT

GET
H2 200 mediaelementplayer-legacy.min.css
c0.wp.com/c/6.0.2/wp-includes/js/mediaelement/ 11 KB
2 KB 72ms
4ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.0.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-nc: HIT ewr 2
date: Thu, 06 Oct 2022 12:08:53 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Fri, 06 Oct 2023 12:08:53 GMT

GET
H2 200 wp-mediaelement.min.css
c0.wp.com/c/6.0.2/wp-includes/js/mediaelement/ 4 KB
1 KB 72ms
5ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.0.2/wp-includes/js/mediaelement/wp-mediaelement.min.css

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-nc: HIT ewr 2
date: Thu, 06 Oct 2022 12:08:53 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Fri, 06 Oct 2023 12:08:53 GMT

GET
H2 200 css
fonts.googleapis.com/ 6 KB
1 KB 87ms
20ms Stylesheet
text/css 2607:f8b0:4006:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat%3A400%2C500%2C700%2C800%7CWork%2BSans%3A300%2C400%2C500%2C600%2C700%2C800%2C900%26display%3Dswap&subset=latin%2Clatin-ext

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::200a Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d951736694abf6e078c76c38dc0c83979714734d020a73d59d066f652c75e3b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 06 Oct 2022 12:08:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 06 Oct 2022 11:15:24 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 06 Oct 2022 12:08:53 GMT

GET
H2 200 bootstrap.css
uberturco.com/wp-content/themes/newsup/css/ 192 KB
22 KB 33ms
30ms Stylesheet
text/css 2a02:4780:1:600:0:1e95:2297:8
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://uberturco.com/wp-content/themes/newsup/css/bootstrap.css?ver=6.0.2

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:600:0:1e95:2297:8 , United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

af73c2f9713ad62fc9296f2a0e506f1870ea0dba0c6fd2ca1a191a663d0ac216

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:53 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 16 Jul 2022 23:09:11 GMT
server: LiteSpeed
etag: "301e7-62d34517-ab5b7e4a3bf49178;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 22560
expires: Thu, 13 Oct 2022 12:08:53 GMT

GET
H2 200 style.css
uberturco.com/wp-content/themes/news-jack/ 7 KB
2 KB 33ms
31ms Stylesheet
text/css 2a02:4780:1:600:0:1e95:2297:8
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://uberturco.com/wp-content/themes/news-jack/style.css?ver=6.0.2

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:600:0:1e95:2297:8 , United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

2e9144add59427a85ff94bdab0fd9eef8ddc298d5134cb7be2ccbe999c3419e1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:53 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 16 Jul 2022 23:09:10 GMT
server: LiteSpeed
etag: "1dc3-62d34516-3decebf87343edd3;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 2145
expires: Thu, 13 Oct 2022 12:08:53 GMT

GET
H2 200 all.min.css
uberturco.com/wp-content/themes/newsup/css/font-awesome/css/ 55 KB
12 KB 33ms
31ms Stylesheet
text/css 2a02:4780:1:600:0:1e95:2297:8
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://uberturco.com/wp-content/themes/newsup/css/font-awesome/css/all.min.css?ver=6.0.2

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:600:0:1e95:2297:8 , United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

a94a13d4e9df8dc2bc696a168930cd511f83498136bba3bb0b968d7556f0b807

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:53 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 16 Jul 2022 23:09:11 GMT
server: LiteSpeed
etag: "dcc5-62d34517-312f0dc45eaf36af;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 11751
expires: Thu, 13 Oct 2022 12:08:53 GMT

GET
H2 200 v4-shims.min.css
uberturco.com/wp-content/themes/newsup/css/font-awesome/css/ 26 KB
4 KB 33ms
32ms Stylesheet
text/css 2a02:4780:1:600:0:1e95:2297:8
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://uberturco.com/wp-content/themes/newsup/css/font-awesome/css/v4-shims.min.css?ver=6.0.2

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:600:0:1e95:2297:8 , United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

43c76c55901666edc020c33b12756390a7d723063c0bfe58899776b2db4d85da

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:53 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 16 Jul 2022 23:09:11 GMT
server: LiteSpeed
etag: "6802-62d34517-2f44153d59ef40f7;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 3930
expires: Thu, 13 Oct 2022 12:08:53 GMT

GET
H2 200 owl.carousel.css
uberturco.com/wp-content/themes/newsup/css/ 1 KB
530 B 51ms
50ms Stylesheet
text/css 2a02:4780:1:600:0:1e95:2297:8
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://uberturco.com/wp-content/themes/newsup/css/owl.carousel.css?ver=6.0.2

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:600:0:1e95:2297:8 , United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

df5468b99087b3c7924705faf0311b35435c99bf416c40b416d1ab61a3b25cc2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:53 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 16 Jul 2022 23:09:11 GMT
server: LiteSpeed
etag: "5c2-62d34517-b7384bc06b6b723;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 467
expires: Thu, 13 Oct 2022 12:08:53 GMT

GET
H2 200 jquery.smartmenus.bootstrap.css
uberturco.com/wp-content/themes/newsup/css/ 3 KB
969 B 51ms
50ms Stylesheet
text/css 2a02:4780:1:600:0:1e95:2297:8
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://uberturco.com/wp-content/themes/newsup/css/jquery.smartmenus.bootstrap.css?ver=6.0.2

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:600:0:1e95:2297:8 , United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

6773064afa4cda75c3c2f91ab0685e6ca3d55e4da53298f5585887dc7bf2c04e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:53 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 16 Jul 2022 23:09:11 GMT
server: LiteSpeed
etag: "caa-62d34517-def2af0909e86954;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 906
expires: Thu, 13 Oct 2022 12:08:53 GMT

GET
H2 200 style.css
uberturco.com/wp-content/themes/newsup/ 65 KB
12 KB 52ms
51ms Stylesheet
text/css 2a02:4780:1:600:0:1e95:2297:8
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://uberturco.com/wp-content/themes/newsup/style.css?ver=6.0.2

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:600:0:1e95:2297:8 , United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

bce51bff681d3836ac0709e974c41c31d9df7043248f502d9f8c5f3bf3fcb3b4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:53 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 16 Jul 2022 23:09:11 GMT
server: LiteSpeed
etag: "1044c-62d34517-8e8f330cf13cb965;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 11779
expires: Thu, 13 Oct 2022 12:08:53 GMT

GET
H2 200 style.css
uberturco.com/wp-content/themes/news-jack/ 7 KB
2 KB 52ms
51ms Stylesheet
text/css 2a02:4780:1:600:0:1e95:2297:8
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://uberturco.com/wp-content/themes/news-jack/style.css?ver=1.0

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:600:0:1e95:2297:8 , United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

2e9144add59427a85ff94bdab0fd9eef8ddc298d5134cb7be2ccbe999c3419e1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:53 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 16 Jul 2022 23:09:10 GMT
server: LiteSpeed
etag: "1dc3-62d34516-3decebf87343edd3;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 2145
expires: Thu, 13 Oct 2022 12:08:53 GMT

GET
H2 200 default.css
uberturco.com/wp-content/themes/news-jack/css/colors/ 27 KB
4 KB 51ms
51ms Stylesheet
text/css 2a02:4780:1:600:0:1e95:2297:8
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://uberturco.com/wp-content/themes/news-jack/css/colors/default.css?ver=6.0.2

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:600:0:1e95:2297:8 , United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

57cb32a64ad9ff2550cce43d785bcbd9f54c90ad8c0ac2171193666f2ed4f677

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:53 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 16 Jul 2022 23:09:10 GMT
server: LiteSpeed
etag: "6b3e-62d34516-96b9e6e200f09da;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 4330
expires: Thu, 13 Oct 2022 12:08:53 GMT

GET
H2 200 jetpack.css
c0.wp.com/p/jetpack/11.4/css/ 84 KB
15 KB 67ms
5ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/11.4/css/jetpack.css

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

7fa4abb686798756bc90d4d6d1e4da75137160ecf2bc7ff6c103263f9842c444

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-nc: HIT ewr 2
date: Thu, 06 Oct 2022 12:08:53 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Thu, 22 Sep 2022 17:43:06 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Fri, 06 Oct 2023 12:08:53 GMT

GET
H2 200 jquery.min.js Show response
c0.wp.com/c/6.0.2/wp-includes/js/jquery/ 87 KB
30 KB 67ms
5ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.0.2/wp-includes/js/jquery/jquery.min.js

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-nc: HIT ewr 2
date: Thu, 06 Oct 2022 12:08:53 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Wed, 10 Mar 2021 15:07:24 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Fri, 06 Oct 2023 12:08:53 GMT

GET
H2 200 jquery-migrate.min.js Show response
c0.wp.com/c/6.0.2/wp-includes/js/jquery/ 11 KB
4 KB 64ms
6ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.0.2/wp-includes/js/jquery/jquery-migrate.min.js

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-nc: HIT ewr 2
date: Thu, 06 Oct 2022 12:08:53 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Fri, 06 Oct 2023 12:08:53 GMT

GET
H2 200 navigation.js Show response
uberturco.com/wp-content/themes/newsup/js/ 2 KB
813 B 51ms
40ms Script
application/x-javascript 2a02:4780:1:600:0:1e95:2297:8
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://uberturco.com/wp-content/themes/newsup/js/navigation.js?ver=6.0.2

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:600:0:1e95:2297:8 , United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

e3cc09317edff7a910580347cc4e5911f3ca99b849ab61225add4a152f45050a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:53 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 16 Jul 2022 23:09:11 GMT
server: LiteSpeed
etag: "8e9-62d34517-d4d88de64dabbe3e;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 750
expires: Thu, 13 Oct 2022 12:08:53 GMT

GET
H2 200 bootstrap.js Show response
uberturco.com/wp-content/themes/newsup/js/ 132 KB
23 KB 51ms
40ms Script
application/x-javascript 2a02:4780:1:600:0:1e95:2297:8
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://uberturco.com/wp-content/themes/newsup/js/bootstrap.js?ver=6.0.2

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:600:0:1e95:2297:8 , United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

04078e2c2770c7fafd845205695de48286c4300a68b9e7651ee1cc342a8911fb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:53 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 16 Jul 2022 23:09:11 GMT
server: LiteSpeed
etag: "20f80-62d34517-c7b7f88feb477178;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 23455
expires: Thu, 13 Oct 2022 12:08:53 GMT

GET
H2 200 owl.carousel.min.js Show response
uberturco.com/wp-content/themes/newsup/js/ 23 KB
6 KB 51ms
41ms Script
application/x-javascript 2a02:4780:1:600:0:1e95:2297:8
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://uberturco.com/wp-content/themes/newsup/js/owl.carousel.min.js?ver=6.0.2

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:600:0:1e95:2297:8 , United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

e0e2bc4e1d3ee5024c4e1aa58a6cad9aa42fc63a8c89ce18013a1c8f2b94875c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:53 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 16 Jul 2022 23:09:11 GMT
server: LiteSpeed
etag: "5d52-62d34517-ec5ba0ec0ed8241c;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 6213
expires: Thu, 13 Oct 2022 12:08:53 GMT

GET
H2 200 jquery.smartmenus.js Show response
uberturco.com/wp-content/themes/newsup/js/ 44 KB
11 KB 51ms
41ms Script
application/x-javascript 2a02:4780:1:600:0:1e95:2297:8
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://uberturco.com/wp-content/themes/newsup/js/jquery.smartmenus.js?ver=6.0.2

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:600:0:1e95:2297:8 , United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

0c5fe43bcfb312486e00343211f37c791fabc22b197e91be480e00d36ad8778b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:53 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 16 Jul 2022 23:09:11 GMT
server: LiteSpeed
etag: "b16b-62d34517-2ee630333f7883e0;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 10995
expires: Thu, 13 Oct 2022 12:08:53 GMT

GET
H2 200 jquery.smartmenus.bootstrap.js Show response
uberturco.com/wp-content/themes/newsup/js/ 6 KB
2 KB 52ms
42ms Script
application/x-javascript 2a02:4780:1:600:0:1e95:2297:8
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://uberturco.com/wp-content/themes/newsup/js/jquery.smartmenus.bootstrap.js?ver=6.0.2

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:600:0:1e95:2297:8 , United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

82020205c5dc1f2b2dfede6f288ce43524b03f5b86427c0887f9e6e0cde7e1fa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:53 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 16 Jul 2022 23:09:11 GMT
server: LiteSpeed
etag: "16d4-62d34517-6fe93d06d6914a33;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 1823
expires: Thu, 13 Oct 2022 12:08:53 GMT

GET
H2 200 jquery.marquee.js Show response
uberturco.com/wp-content/themes/newsup/js/ 23 KB
4 KB 50ms
42ms Script
application/x-javascript 2a02:4780:1:600:0:1e95:2297:8
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://uberturco.com/wp-content/themes/newsup/js/jquery.marquee.js?ver=6.0.2

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:600:0:1e95:2297:8 , United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

fab2c550fa601b966dfa3859f91004065655f025199f6c2fd0e9dc1c5574f018

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:53 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 16 Jul 2022 23:09:11 GMT
server: LiteSpeed
etag: "5bc8-62d34517-16b52b12dd882842;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 4330
expires: Thu, 13 Oct 2022 12:08:53 GMT

GET
H2 200 main.js Show response
uberturco.com/wp-content/themes/newsup/js/ 602 B
269 B 49ms
42ms Script
application/x-javascript 2a02:4780:1:600:0:1e95:2297:8
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://uberturco.com/wp-content/themes/newsup/js/main.js?ver=6.0.2

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:600:0:1e95:2297:8 , United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

fa872ad20e9bb1922c2c41769033e224122845f61f81fcbce2f3bcfad3f068e8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:53 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 16 Jul 2022 23:09:11 GMT
server: LiteSpeed
etag: "25a-62d34517-bf38c44e48f40666;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 207
expires: Thu, 13 Oct 2022 12:08:53 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 109 KB
43 KB 129ms
35ms Script
application/javascript 2607:f8b0:4006:81f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-199967341-1

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2008 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3d6014e26f36575ae17bef576f09099fdaeda6e3ac7e2c840d27ecf7bfeb76bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:54 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 43445
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 06 Oct 2022 12:08:54 GMT

GET
H2 200 photon.min.js Show response
c0.wp.com/p/jetpack/11.4/_inc/build/photon/ 685 B
371 B 66ms
12ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/11.4/_inc/build/photon/photon.min.js

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

5cfd3418ebf7c95f8f7a9024ebfa383ff5a267a8568c9a2708c26733824bdf07

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-nc: HIT ewr 2
date: Thu, 06 Oct 2022 12:08:53 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Tue, 07 Dec 2021 16:56:47 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Fri, 06 Oct 2023 12:08:53 GMT

GET
H2 200 custom.js Show response
uberturco.com/wp-content/themes/newsup/js/ 3 KB
792 B 49ms
43ms Script
application/x-javascript 2a02:4780:1:600:0:1e95:2297:8
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://uberturco.com/wp-content/themes/newsup/js/custom.js?ver=6.0.2

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:600:0:1e95:2297:8 , United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

462a882d03d64ec1b6851fcdab262ba8ea1be6365d69f54e821467b97e2fcb52

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:53 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 16 Jul 2022 23:09:11 GMT
server: LiteSpeed
etag: "d31-62d34517-a43e2cf474f4aa85;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 729
expires: Thu, 13 Oct 2022 12:08:53 GMT

GET
H2 200 custom-time.js Show response
uberturco.com/wp-content/themes/newsup/js/ 239 B
299 B 50ms
43ms Script
application/x-javascript 2a02:4780:1:600:0:1e95:2297:8
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://uberturco.com/wp-content/themes/newsup/js/custom-time.js?ver=6.0.2

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:1:600:0:1e95:2297:8 , United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

72f68a10209f34b666a39ca68fd2f326168c0d75d235540cfa3add58350d7c42

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:53 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 16 Jul 2022 23:09:11 GMT
server: LiteSpeed
etag: "ef-62d34517-6fad1ca1caac2b06;;;"
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 239
expires: Thu, 13 Oct 2022 12:08:53 GMT

GET
H2 200 e-202240.js Show response
stats.wp.com/ 9 KB
3 KB 98ms
4ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202240.js
Requested by: Host: uberturco.com
URL: https://uberturco.com/?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-nc: HIT ewr
date: Thu, 06 Oct 2022 12:08:54 GMT
content-encoding: br
server: nginx
etag: W/"62f6b688-3508"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Mon, 25 Sep 2023 04:01:07 GMT

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209290101/ 349 KB
123 KB 68ms
55ms Script
text/javascript 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209290101/show_ads_impl_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6820926494053328

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1b54af7163c81179b8398b362829b825dd3d2054d9aa81830a44be72d5bbeb09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 125821
x-xss-protection: 0
server: cafe
etag: 16755625448680751213
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Oct 2022 12:08:53 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221003/r20190131/ Frame 3D74 10 KB
5 KB 30ms
5ms Document
text/html 2607:f8b0:4006:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221003/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6820926494053328

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2002 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://uberturco.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 22218
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4420
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 06 Oct 2022 05:58:36 GMT
etag: 9671129459699598864
expires: Thu, 20 Oct 2022 05:58:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v25/ 30 KB
31 KB 64ms
6ms Font
font/woff2 2607:f8b0:4006:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat%3A400%2C500%2C700%2C800%7CWork%2BSans%3A300%2C400%2C500%2C600%2C700%2C800%2C900%26display%3Dswap&subset=latin%2Clatin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2003 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://uberturco.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 30 Sep 2022 10:24:41 GMT
x-content-type-options: nosniff
age: 524653
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30928
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 30 Sep 2023 10:24:41 GMT

GET
H3 200 /
uberturco.com/ 104 KB
104 KB 101ms
68ms Image
text/html 2a02:4780:1:600:0:1e95:2297:8
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://uberturco.com/?

Requested by

Host: uberturco.com
URL: https://uberturco.com/?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a02:4780:1:600:0:1e95:2297:8 , United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed / PHP/7.4.30

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:54 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
server: LiteSpeed
x-powered-by: PHP/7.4.30
x-litespeed-cache: hit
vary: Accept-Encoding
etag: "9773686-1665058133;br"
content-type: text/html; charset=UTF-8
platform: hostinger
link: <https://uberturco.com/wp-json/>; rel="https://api.w.org/", <https://wp.me/dawFD>; rel=shortlink
content-length: 19366

GET
H3 200 fa-solid-900.woff2
uberturco.com/wp-content/themes/newsup/css/font-awesome/webfonts/ 74 KB
74 KB 73ms
43ms Font
font/woff2 2a02:4780:1:600:0:1e95:2297:8
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://uberturco.com/wp-content/themes/newsup/css/font-awesome/webfonts/fa-solid-900.woff2

Requested by

Host: uberturco.com
URL: https://uberturco.com/wp-content/themes/newsup/css/font-awesome/css/all.min.css?ver=6.0.2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a02:4780:1:600:0:1e95:2297:8 , United States, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

e348d772480f8c0e5fa546b3c531a38700ae16b5dad5defb5e67ade7f6d332e8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Referer: https://uberturco.com/wp-content/themes/newsup/css/font-awesome/css/all.min.css?ver=6.0.2
Origin: https://uberturco.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:54 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 16 Jul 2022 23:09:11 GMT
server: LiteSpeed
etag: "12680-62d34517-36cbb31143ada946;;;"
content-type: font/woff2
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 75392
expires: Thu, 13 Oct 2022 12:08:54 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
93 B 11ms
4ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A11.4&blog=194601237&post=0&tz=0&srv=uberturco.com&host=uberturco.com&ref=http%3A%2F%2Fuberturco.com.admin-us.cas.ms%2F&fcp=2436&rand=0.7792196206007151
Requested by: Host: uberturco.com
URL: https://uberturco.com/?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 06 Oct 2022 12:08:54 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 211 KB
74 KB 42ms
29ms Script
application/javascript 2607:f8b0:4006:81f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-PS26M516QF&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-199967341-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2008 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5bc8564e207031f15b374ba15cc29c6712b28826a3a18af29a20a5b88d67c5ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:54 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 75421
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 06 Oct 2022 12:08:54 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 25ms
5ms Script
text/javascript 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-199967341-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::200e Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 06 Oct 2022 10:34:58 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 5636
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Thu, 06 Oct 2022 12:34:58 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 171 KB
63 KB 39ms
34ms Script
application/javascript 2607:f8b0:4006:81f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Y24RMBGTWM&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-199967341-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2008 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

83d06e6ade07c44793408b52e3594aee6b95f456e785314992d5c2b42e9a157e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:54 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 64893
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 06 Oct 2022 12:08:54 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 393 B
699 B 44ms
24ms Script
text/javascript 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=uberturco.com&callback=_gfp_s_&client=ca-pub-6820926494053328&gpid_exp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209290101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bef802da4325c478f864972cdc4f32c162f1f6a1c0afb87271618f2ff3975148

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 254
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 53ms
31ms Script
application/javascript 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=uberturco.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209290101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7495 281 KB
68 KB 822ms
801ms Document
text/html 2607:f8b0:4006:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6820926494053328&output=html&adk=1812271804&adf=1573534164&lmt=1665058134&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fuberturco.com%2F%3F&ea=0&host=ca-host-pub-2644536267352236&pra=5&wgl=1&easpi=0&asntp=0&asntpv=0&asntpl=0&asntpm=0&asntpc=0&asna=5&asnd=5&asnp=5&asns=5&asmat=1&asptt=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665058133859&bpp=116&bdt=125&idt=457&shv=r20221003&mjsv=m202209290101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=46689774623&frm=20&pv=2&ga_vid=13632442.1665058134&ga_sid=1665058134&ga_hid=1484840707&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44774717%2C42531705%2C44774292%2C44773746&oid=2&pvsid=3253638542876489&tmod=1385536409&uas=0&nvt=1&ref=http%3A%2F%2Fuberturco.com.admin-us.cas.ms%2F&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=504

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209290101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80a::2002 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

66c492a71c3e62bba067cfab813663d8bf3595ee5ccae25b2ae40b0cb1ffae16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://uberturco.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 69774
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 06 Oct 2022 12:08:55 GMT
expires: Thu, 06 Oct 2022 12:08:55 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F47A 95 KB
32 KB 649ms
647ms Document
text/html 2607:f8b0:4006:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6820926494053328&output=html&h=280&slotname=3271466646&adk=2754459079&adf=3025194257&pi=t.ma~as.3271466646&w=1200&fwrn=4&fwrnh=100&lmt=1665058134&rafmt=1&format=1200x280&url=https%3A%2F%2Fuberturco.com%2F%3F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665058133976&bpp=2&bdt=242&idt=403&shv=r20221003&mjsv=m202209290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=46689774623&frm=20&pv=1&ga_vid=13632442.1665058134&ga_sid=1665058134&ga_hid=1484840707&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44774717%2C42531705%2C44774292%2C44773746&oid=2&pvsid=3253638542876489&tmod=1385536409&uas=0&nvt=1&ref=http%3A%2F%2Fuberturco.com.admin-us.cas.ms%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=EAsOcOEc0F&p=https%3A//uberturco.com&dtd=427

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209290101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80a::2002 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9725608bba669168ce648ce1cc5ceb5e9d49364ff6ff71880745e129530c08d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://uberturco.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 32311
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 06 Oct 2022 12:08:55 GMT
expires: Thu, 06 Oct 2022 12:08:55 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
analytics.google.com/g/ 0
345 B 44ms
18ms Ping
text/plain 2001:4860:4802:38::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-PS26M516QF&gtm=2oea50&_p=1484840707&_gaz=1&cid=13632442.1665058134&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1665058134&sct=1&seg=0&dl=https%3A%2F%2Fuberturco.com%2F&dr=http%3A%2F%2Fuberturco.com.admin-us.cas.ms%2F&dt=Uber%20Turco%20News%20%E2%80%93%20Entertainment%2C%20Breaking%20News%2C%20Sports&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PS26M516QF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:38::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 12:08:54 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://uberturco.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
345 B 46ms
20ms Ping
text/plain 2607:f8b0:4004:c06::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-PS26M516QF&cid=13632442.1665058134&gtm=2oea50&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PS26M516QF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c06::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 12:08:54 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://uberturco.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 36ms
24ms XHR
text/plain 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&aip=1&a=1484840707&t=pageview&_s=1&dl=https%3A%2F%2Fuberturco.com%2F&dr=http%3A%2F%2Fuberturco.com.admin-us.cas.ms%2F&ul=en-us&de=UTF-8&dt=Uber%20Turco%20News%20%E2%80%93%20Entertainment%2C%20Breaking%20News%2C%20Sports&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDACUABBAAAACAAI~&jid=1380699344&gjid=1645997067&cid=13632442.1665058134&tid=UA-199967341-1&_gid=829018324.1665058135&_r=1&gtm=2oua50&did=dZTNiMT&gdid=dZTNiMT&z=1482915740

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::200e Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://uberturco.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 12:08:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://uberturco.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 19ms
18ms Ping
text/plain 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-Y24RMBGTWM&gtm=2oea50&_p=1484840707&gdid=dZTNiMT&cid=13632442.1665058134&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1665058134&sct=1&seg=0&dl=https%3A%2F%2Fuberturco.com%2F&dr=http%3A%2F%2Fuberturco.com.admin-us.cas.ms%2F&dt=Uber%20Turco%20News%20%E2%80%93%20Entertainment%2C%20Breaking%20News%2C%20Sports&en=page_view&_fv=2&_ss=2&_c=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Y24RMBGTWM&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:817::200e Rockville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 12:08:54 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://uberturco.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
22 B 40ms
18ms XHR
text/plain 2607:f8b0:4004:c06::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-199967341-1&cid=13632442.1665058134&jid=1380699344&gjid=1645997067&_gid=829018324.1665058135&_u=YCDACUAABAAAACAAI~&z=355047499

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://uberturco.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 06 Oct 2022 12:08:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://uberturco.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame F47A 8 KB
895 B 55ms
25ms Stylesheet
text/css 2607:f8b0:4006:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6820926494053328&output=html&h=280&slotname=3271466646&adk=2754459079&adf=3025194257&pi=t.ma~as.3271466646&w=1200&fwrn=4&fwrnh=100&lmt=1665058134&rafmt=1&format=1200x280&url=https%3A%2F%2Fuberturco.com%2F%3F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665058133976&bpp=2&bdt=242&idt=403&shv=r20221003&mjsv=m202209290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=46689774623&frm=20&pv=1&ga_vid=13632442.1665058134&ga_sid=1665058134&ga_hid=1484840707&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44774717%2C42531705%2C44774292%2C44773746&oid=2&pvsid=3253638542876489&tmod=1385536409&uas=0&nvt=1&ref=http%3A%2F%2Fuberturco.com.admin-us.cas.ms%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=EAsOcOEc0F&p=https%3A//uberturco.com&dtd=427

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:808::200a Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 06 Oct 2022 12:08:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 06 Oct 2022 10:17:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 06 Oct 2022 12:08:55 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221003/r20110914/client/ Frame F47A 2 KB
982 B 52ms
12ms Script
text/javascript 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221003/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 44
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 20 Oct 2022 12:08:11 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221003/r20110914/ Frame F47A 23 KB
10 KB 43ms
4ms Script
text/javascript 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221003/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a2c6856e8437c3183ec517c59fc9724eb82cac59f685970113a7fb15ecd272c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:06:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 125
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9540
x-xss-protection: 0
server: cafe
etag: 6580860447119072478
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 20 Oct 2022 12:06:50 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221003/r20110914/client/ Frame F47A 3 KB
1 KB 32ms
8ms Script
text/javascript 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221003/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:00:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 484
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 20 Oct 2022 12:00:51 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221003/r20110914/client/ Frame F47A 17 KB
7 KB 45ms
6ms Script
text/javascript 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221003/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

65f4e452b96ef3e5e3a4631d99c63dd7239dcbcb88de679ac74ac30d3d4988cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:04:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 273
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7528
x-xss-protection: 0
server: cafe
etag: 13775775994264215463
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 20 Oct 2022 12:04:22 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F47A 142 KB
45 KB 272ms
36ms Script
text/javascript 2607:f8b0:4006:808::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2002 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

ba29faf5efe544ed157bbf56aafd0555a22103b36514708d7fcd196fc361c2f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45072
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1664970042070988"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 06 Oct 2022 12:08:55 GMT

GET
H2 200 ff28bd887d5918000d85a256eb9567a4.js Show response
www.gstatic.com/mysidia/ Frame F47A 32 KB
14 KB 229ms
6ms Script
text/javascript 2607:f8b0:4006:809::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ff28bd887d5918000d85a256eb9567a4.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

9a61fe6e2743a18f977ac18a2f805735e8dccf115b16dbbbd2e3864ae98d4c33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 23:18:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 564647
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13740
x-xss-protection: 0
last-modified: Tue, 27 Sep 2022 07:09:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 28 Dec 2022 23:18:08 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame F47A 0
0 37ms
35ms Fetch
text/html 2607:f8b0:4006:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cgd7ZVsU-Y43cGuPUxtYPgNme8A6149nobKPd38e3EPuy3LS3MBABIMDroGBgycapi8Ck2A-gAdqo2NUDyAEJqAMByAPLBKoE_gFP0Ojlmob92rbfthgniBfJYAx4NKZZzlIHtpSAtZhIUUBKF1KbdhNzMsnSQnMlWpFwXV-Oj8EbR0DcB65hl_YSOjBXOSxEWugm7E6SrbCzcGwhETmohHZ0GjM2e_OoKRbZShZCRIy8_Z7NapjcHRQW3U2ETEVaOr9ciuW_WH-f2pb6HJmaGEdHlO-Rkb0fueVdNm9Jt5VqmJvSnwJ_jygu71JPMGzj0Zec3eH8RJPy7pmNoYb0XDmHX98wSr5NSGORFlbgFBI7DOSabt-H7Mv4sVUGjnNOKkbR5UGyejlVpZKXfj_-voG8iI2ujYf51SmLjWADdhLG06-ihHTFQcAEnMK3nY4EkgUECAQYAZIFBAgFGASgBi6AB47XpyqoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBCLwifSCA8IgGEQARgfMgKKAjoCgECACgHICwHYEwqIFALQFQGAFwGyFxwKGggAEhRwdWItNjgyMDkyNjQ5NDA1MzMyOBgA&sigh=Y9csF_eslKg&uach_m=[UACH]&template_id=5000

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80a::2002 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6820926494053328&output=html&h=280&slotname=3271466646&adk=2754459079&adf=3025194257&pi=t.ma~as.3271466646&w=1200&fwrn=4&fwrnh=100&lmt=1665058134&rafmt=1&format=1200x280&url=https%3A%2F%2Fuberturco.com%2F%3F&host=ca-host-pub-2644536267352236&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665058133976&bpp=2&bdt=242&idt=403&shv=r20221003&mjsv=m202209290101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=46689774623&frm=20&pv=1&ga_vid=13632442.1665058134&ga_sid=1665058134&ga_hid=1484840707&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=0&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44774717%2C42531705%2C44774292%2C44773746&oid=2&pvsid=3253638542876489&tmod=1385536409&uas=0&nvt=1&ref=http%3A%2F%2Fuberturco.com.admin-us.cas.ms%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=EAsOcOEc0F&p=https%3A//uberturco.com&dtd=427
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 06 Oct 2022 12:08:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 06 Oct 2022 12:08:55 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/5748885876291151815/ Frame F47A 30 KB
31 KB 29ms
13ms Image
image/jpeg 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5748885876291151815/downsize_200k_v1?w=600&h=314

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fd0b39fb0b3feae2231c2771515443f4d29d697b87efd5bc9af287c5d08f9e75

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 15:47:30 GMT
x-content-type-options: nosniff
age: 73285
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31000
x-xss-protection: 0
last-modified: Mon, 13 Sep 2021 14:52:40 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 05 Oct 2023 15:47:30 GMT

GET
DATA 200
OK truncated
/ Frame F47A 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame F47A 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame F47A 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 29aad9399e1ce50de1d9ab1cdaaf1cbd29181d51f0d3f5f160688b1aed8f3cfd

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209290101/ 151 KB
54 KB 45ms
44ms Script
text/javascript 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209290101/reactive_library_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209290101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bb3025114879b456f2fa65145ecf69a4b856523b89f030834508fb499912ab9f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55030
x-xss-protection: 0
server: cafe
etag: 949600013224529642
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 06 Oct 2022 12:08:55 GMT

GET
H2 200 ca-pub-6820926494053328 Show response
fundingchoicesmessages.google.com/i/ 105 KB
37 KB 78ms
48ms Script
application/javascript 2607:f8b0:4006:80c::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-6820926494053328?ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209290101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::200e -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

1594b05ace0c56f2951763aa876ed2923cae78a9c38ea7afd504e3599d16dc5e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-1ykKzQ1ypk9zmUmNceQ2dg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:55 GMT
content-security-policy: script-src 'report-sample' 'nonce-1ykKzQ1ypk9zmUmNceQ2dg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin; report-to="ContributorServingWebSwitchboardHttp"
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
report-to: {"group":"ContributorServingWebSwitchboardHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorServingWebSwitchboardHttp/external"}]}
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame F47A 28 KB
28 KB 19ms
6ms Font
font/woff2 2607:f8b0:4006:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2003 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Fri, 30 Sep 2022 10:24:40 GMT
x-content-type-options: nosniff
age: 524655
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 30 Sep 2023 10:24:40 GMT

GET
H3 200 gnLtmcL-mn53pq-EJRMXOCFACjpZd0iqiIv80oTeKas.js Show response
pagead2.googlesyndication.com/bg/ Frame 5C53 36 KB
16 KB 7ms
6ms Script
text/javascript 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gnLtmcL-mn53pq-EJRMXOCFACjpZd0iqiIv80oTeKas.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8272ed99c2fe9a7e77a6af842513173821400a3a597748aa888bfcd284de29ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 05:36:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23535
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16010
x-xss-protection: 0
last-modified: Tue, 27 Sep 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 06 Oct 2023 05:36:40 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 41ms
26ms Script
application/javascript 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=uberturco.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209290101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0F11 106 KB
34 KB 572ms
571ms Document
text/html 2607:f8b0:4006:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-6820926494053328&output=html&h=280&adk=3363353524&adf=3655539425&pi=t.aa~a.1933430533~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665058135&rafmt=1&to=qs&pwprc=8930795913&format=1200x280&url=https%3A%2F%2Fuberturco.com%2F%3F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665058135422&bpp=2&bdt=1688&idt=-M&shv=r20221003&mjsv=m202209290101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd02a2140e79f9283-22b16de189d70008%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_Mabi3PYAGGvXa880WDGxB6Ow4_zbg&gpic=UID%3D0000087b3ba0cced%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_MZPcNUPcX38xHMRZrtbYtaBWjPZQg&prev_fmts=0x0%2C1200x280&nras=2&correlator=46689774623&frm=20&pv=1&ga_vid=13632442.1665058134&ga_sid=1665058134&ga_hid=1484840707&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1356&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44774717%2C42531705%2C44774292%2C44773746&oid=2&psts=APxP-9DByzvzri-yfovjGURkzHcLrkzeMoVgRH0ur0NyH5BKjbvkHMqEc79QZo0cCS9MI3gd9Ngp-jW2aOog&pvsid=3253638542876489&tmod=1385536409&uas=0&nvt=1&ref=http%3A%2F%2Fuberturco.com.admin-us.cas.ms%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=bnpNIxEHiD&p=https%3A//uberturco.com&dtd=211

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209290101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80a::2002 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

726533d9e258ed9aaf0c5a1ae161022fdba3664958538049bb8384ff70a5eb67

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://uberturco.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 34524
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 06 Oct 2022 12:08:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 31C6 24 KB
11 KB 665ms
664ms Document
text/html 2607:f8b0:4006:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-6820926494053328&output=html&h=280&adk=311334090&adf=2834981708&pi=t.aa~a.21044265~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1665058135&rafmt=1&to=qs&pwprc=8930795913&format=370x280&url=https%3A%2F%2Fuberturco.com%2F%3F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665058135422&bpp=1&bdt=1688&idt=2&shv=r20221003&mjsv=m202209290101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd02a2140e79f9283-22b16de189d70008%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_Mabi3PYAGGvXa880WDGxB6Ow4_zbg&gpic=UID%3D0000087b3ba0cced%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_MZPcNUPcX38xHMRZrtbYtaBWjPZQg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=3&correlator=46689774623&frm=20&pv=1&ga_vid=13632442.1665058134&ga_sid=1665058134&ga_hid=1484840707&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1015&ady=2819&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44774717%2C42531705%2C44774292%2C44773746&oid=2&psts=APxP-9DByzvzri-yfovjGURkzHcLrkzeMoVgRH0ur0NyH5BKjbvkHMqEc79QZo0cCS9MI3gd9Ngp-jW2aOog&pvsid=3253638542876489&tmod=1385536409&uas=0&nvt=1&ref=http%3A%2F%2Fuberturco.com.admin-us.cas.ms%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=cslhppJtRY&p=https%3A//uberturco.com&dtd=238

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209290101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80a::2002 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7dd3dc81e2b72a78363c6e44d0923954a04fdb5ddf945362c0c0b008bdeb7f4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://uberturco.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 11596
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 06 Oct 2022 12:08:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 AGSKWxWxPBe7PkJ78F0GowVSD4Rh1Vv2EpV5Y1tFV661ezYbnY_FMkMBu20fXcXxTSueJDo62C9pmlg8IVw6PyH1Szc= Show response
fundingchoicesmessages.google.com/f/ 6 KB
3 KB 77ms
64ms Script
application/javascript 2607:f8b0:4006:80c::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWxPBe7PkJ78F0GowVSD4Rh1Vv2EpV5Y1tFV661ezYbnY_FMkMBu20fXcXxTSueJDo62C9pmlg8IVw6PyH1Szc=?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjY1MDU4MTM1LDY4NjAwMDAwMF0sIkQ0QjAwMjZGLTg3MzktNEQwRi04QjEyLUExOTZDQjU0NDk1MCIsbnVsbCxudWxsLFtudWxsLFs3XSxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsdHJ1ZSx0cnVlXSwiaHR0cHM6Ly91YmVydHVyY28uY29tLyIsbnVsbCxbWzgsImE5VjI5T1ZPRlhJIl0sWzksImVuLVVTIl1dXQ

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.a9V29OVOFXI.es5.O/d=1/rs=AJlcJMzigbzEtLZ_1Dnwy8i2nJxXi90ZNA/m=kernel_loader,loader_js_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::200e -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

c384e03a11ca503f231b6b5bcfc02e5d8f2ead344719b7ac8dc6be9a8983870f

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-Yvsqw4lZGW_AKbcMJzJThA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:55 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-Yvsqw4lZGW_AKbcMJzJThA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221003/r20110914/ Frame 0709 10 KB
4 KB 6ms
5ms Document
text/html 2607:f8b0:4006:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221003/r20110914/zrt_lookup.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209290101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80a::2002 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://uberturco.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 22218
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4420
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 06 Oct 2022 05:58:37 GMT
etag: 9671129459699598864
expires: Thu, 20 Oct 2022 05:58:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221003/r20110914/ Frame A71C 10 KB
4 KB 5ms
4ms Document
text/html 2607:f8b0:4006:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221003/r20110914/zrt_lookup.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209290101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80a::2002 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://uberturco.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 22218
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4420
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 06 Oct 2022 05:58:37 GMT
etag: 9671129459699598864
expires: Thu, 20 Oct 2022 05:58:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css2
fonts.googleapis.com/ Frame 0709 4 KB
636 B 23ms
23ms Stylesheet
text/css 2607:f8b0:4006:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:808::200a Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 06 Oct 2022 12:08:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 06 Oct 2022 10:16:31 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 06 Oct 2022 12:08:55 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 0709 205 B
229 B 19ms
7ms Image
image/png 2607:f8b0:4006:809::2003

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 22:20:43 GMT
x-content-type-options: nosniff
age: 568092
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 29 Sep 2023 22:20:43 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 0709 604 B
628 B 20ms
9ms Image
image/png 2607:f8b0:4006:809::2003

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Sun, 02 Oct 2022 00:11:42 GMT
x-content-type-options: nosniff
age: 388633
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 02 Oct 2023 00:11:42 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221003/r20110914/elements/html/ Frame 0709 19 KB
8 KB 28ms
13ms Script
text/javascript 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221003/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6efff8ce63d77eba89e9cc15af6dbccc657068130e89225fc662a0c580cea9b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 09:00:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11316
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8224
x-xss-protection: 0
server: cafe
etag: 17584738254627026664
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 20 Oct 2022 09:00:19 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame A71C 8 KB
895 B 26ms
25ms Stylesheet
text/css 2607:f8b0:4006:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:808::200a Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 06 Oct 2022 12:08:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 06 Oct 2022 10:17:05 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 06 Oct 2022 12:08:55 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221003/r20110914/client/ Frame A71C 2 KB
902 B 17ms
13ms Script
text/javascript 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221003/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 44
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 20 Oct 2022 12:08:11 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame A71C 0
0 35ms
35ms Fetch
text/html 2607:f8b0:4006:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=ChsnYVsU-Y5_xGdqJoPMPyK-nmAS149nobKPd38e3EPuy3LS3MBABIMDroGBgycapi8Ck2A-gAdqo2NUDyAEJqAMByAPLBKoE-AFP0IhBIvd5jvxb1miyfgvRydnVnCxXTdBrcHozZqlSoiE-BjM5HRBrqu34U9vGDMvHjiMvReRl9Y-4wN_hLshAyTzd8MCkB0rD84tHUsQ7zhtto_r7a9S8MWCm6GJrQOR6zbUHLW9jjqDD33_kKHJsAjDiuBYPU3bfJbcoHMYmVElZqUNeksfbR0zI1tEy2_GqUfR9GwoWfEMUcovcv3JSzcizdMaktMsZNyCzihhA_13iCi3SSuPqYPRo7sUkPpljG6aQygTgWBpQRm4KUsLOQbVG8Qw87n67rO5qZod_bf-wxVpLfTTZiMxp_HujkHYiJ-mfwrPRhMAEnMK3nY4EkgUECAQYAZIFBAgFGASgBi6AB47XpyqoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBCbtibSCA8IgGEQARgfMgKKAjoCgECACgHICwHYEwqIFALQFQGAFwGyFxwKGggAEhRwdWItNjgyMDkyNjQ5NDA1MzMyOBgA&sigh=M-B7rHxSErk&uach_m=[UACH]&template_id=5000

Requested by

Host: uberturco.com.admin-us.cas.ms
URL: http://uberturco.com.admin-us.cas.ms/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80a::2002 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20221003/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 06 Oct 2022 12:08:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221003/r20110914/ Frame A71C 23 KB
9 KB 16ms
15ms Script
text/javascript 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221003/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a2c6856e8437c3183ec517c59fc9724eb82cac59f685970113a7fb15ecd272c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:06:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 125
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9540
x-xss-protection: 0
server: cafe
etag: 6580860447119072478
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 20 Oct 2022 12:06:50 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221003/r20110914/client/ Frame A71C 3 KB
1 KB 9ms
7ms Script
text/javascript 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221003/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 20 Oct 2022 12:08:01 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221003/r20110914/client/ Frame A71C 17 KB
7 KB 8ms
6ms Script
text/javascript 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221003/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

65f4e452b96ef3e5e3a4631d99c63dd7239dcbcb88de679ac74ac30d3d4988cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:04:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 273
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7528
x-xss-protection: 0
server: cafe
etag: 13775775994264215463
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 20 Oct 2022 12:04:22 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A71C 142 KB
44 KB 47ms
29ms Script
text/javascript 2607:f8b0:4006:808::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:808::2002 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

ba29faf5efe544ed157bbf56aafd0555a22103b36514708d7fcd196fc361c2f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45072
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1664970042070988"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 06 Oct 2022 12:08:55 GMT

GET
H3 200 270cb447f650f22be90b4349b85576c2.js Show response
www.gstatic.com/mysidia/ Frame A71C 32 KB
13 KB 10ms
9ms Script
text/javascript 2607:f8b0:4006:809::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/270cb447f650f22be90b4349b85576c2.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

7a0049831d92582305911a42f5ed743a1fbd56c69247dddca678d36c9d71b85e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 19:48:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58802
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13677
x-xss-protection: 0
last-modified: Tue, 27 Sep 2022 00:52:44 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 03 Jan 2023 19:48:53 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/5748885876291151815/ Frame A71C 16 KB
16 KB 13ms
9ms Image
image/jpeg 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5748885876291151815/downsize_200k_v1?w=400&h=209

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e542326541f6dc1d89bd4d88aae9716fb54729a40e34548726c30cef00c7d4a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 17:13:30 GMT
x-content-type-options: nosniff
age: 154525
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16507
x-xss-protection: 0
last-modified: Mon, 13 Sep 2021 14:52:40 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 04 Oct 2023 17:13:30 GMT

GET
DATA 200
OK truncated
/ Frame A71C 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame A71C 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H3 204 AGSKWxUfRWWZoIeFrtwrE5pId5uQ96B3biDQ1ysHhRQI-_6ZdIWxN5iCwkTKzlCBljW48Jwn72RqdZHmksfDBxVVX3BdW-HvoDbC_0Kt1u7-xE5Erf-u3P-2ZEKVflgHhizclz49ESLwog== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 44ms
31ms XHR
text/html 2607:f8b0:4006:80c::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUfRWWZoIeFrtwrE5pId5uQ96B3biDQ1ysHhRQI-_6ZdIWxN5iCwkTKzlCBljW48Jwn72RqdZHmksfDBxVVX3BdW-HvoDbC_0Kt1u7-xE5Erf-u3P-2ZEKVflgHhizclz49ESLwog==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::200e -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-mrmea7k2CoztrRVkOgKyvg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://uberturco.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 06 Oct 2022 12:08:55 GMT
content-security-policy: script-src 'report-sample' 'nonce-mrmea7k2CoztrRVkOgKyvg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin; report-to="ContributorLoggingHttp"
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://uberturco.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
report-to: {"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxV0Y1RWp8QNZzLG3FlDFftUrPGqePupNOk6HXnAfEqXLBBZx3uq6PU_F2PkuEjyb-PqM-QPOBE3r6PoTxA3ujjXnKZ04tpCYIkQkigrHe1BIfcDfsGW7VR5sMhJhOxUHZ8MPUFeZw== Show response
fundingchoicesmessages.google.com/f/ 17 KB
7 KB 81ms
80ms Script
application/javascript 2607:f8b0:4006:80c::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxV0Y1RWp8QNZzLG3FlDFftUrPGqePupNOk6HXnAfEqXLBBZx3uq6PU_F2PkuEjyb-PqM-QPOBE3r6PoTxA3ujjXnKZ04tpCYIkQkigrHe1BIfcDfsGW7VR5sMhJhOxUHZ8MPUFeZw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjY1MDU4MTM1LDk1NDAwMDAwMF0sIkQ0QjAwMjZGLTg3MzktNEQwRi04QjEyLUExOTZDQjU0NDk1MCIsbnVsbCxudWxsLFtudWxsLFs3LDEwXSxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMSwxXSwiaHR0cHM6Ly91YmVydHVyY28uY29tLyIsbnVsbCxbWzgsImE5VjI5T1ZPRlhJIl0sWzksImVuLVVTIl1dXQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::200e -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

951f37cab7d131b5c217fa575428d6808b2f5d2f3f04064717a661c3454b9770

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-3W1POZr1rHimC_8JnYrRpw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://uberturco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:56 GMT
content-security-policy: script-src 'report-sample' 'nonce-3W1POZr1rHimC_8JnYrRpw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin; report-to="ContributorGlobalRouterHttp"
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
report-to: {"group":"ContributorGlobalRouterHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorGlobalRouterHttp/external"}]}
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221003/r20110914/client/ Frame CD09 2 KB
902 B 4ms
4ms Script
text/javascript 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221003/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 44
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 20 Oct 2022 12:08:11 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221003/r20110914/ Frame CD09 23 KB
9 KB 4ms
4ms Script
text/javascript 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221003/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a2c6856e8437c3183ec517c59fc9724eb82cac59f685970113a7fb15ecd272c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:06:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 125
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9540
x-xss-protection: 0
server: cafe
etag: 6580860447119072478
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 20 Oct 2022 12:06:50 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221003/r20110914/client/ Frame CD09 3 KB
1 KB 5ms
4ms Script
text/javascript 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221003/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 20 Oct 2022 12:08:01 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221003/r20110914/client/ Frame CD09 17 KB
7 KB 6ms
5ms Script
text/javascript 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221003/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

65f4e452b96ef3e5e3a4631d99c63dd7239dcbcb88de679ac74ac30d3d4988cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:04:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 273
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7528
x-xss-protection: 0
server: cafe
etag: 13775775994264215463
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 20 Oct 2022 12:04:22 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CD09 142 KB
44 KB 31ms
30ms Script
text/javascript 2607:f8b0:4006:808::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:808::2002 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

ba29faf5efe544ed157bbf56aafd0555a22103b36514708d7fcd196fc361c2f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45072
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1664970042070988"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 06 Oct 2022 12:08:56 GMT

GET
H3 200 270cb447f650f22be90b4349b85576c2.js Show response
www.gstatic.com/mysidia/ Frame CD09 32 KB
13 KB 6ms
6ms Script
text/javascript 2607:f8b0:4006:809::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/270cb447f650f22be90b4349b85576c2.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221003/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

7a0049831d92582305911a42f5ed743a1fbd56c69247dddca678d36c9d71b85e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 19:48:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58802
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13677
x-xss-protection: 0
last-modified: Tue, 27 Sep 2022 00:52:44 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 03 Jan 2023 19:48:53 GMT

GET
DATA 200
OK truncated
/ Frame A71C 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 37f40dd8a27da3a75d4bc2e19d63e494b624ad2318f3f2075127be41cac3bbf9

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 gnLtmcL-mn53pq-EJRMXOCFACjpZd0iqiIv80oTeKas.js Show response
pagead2.googlesyndication.com/bg/ Frame B199 36 KB
16 KB 5ms
5ms Script
text/javascript 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gnLtmcL-mn53pq-EJRMXOCFACjpZd0iqiIv80oTeKas.js

Requested by

Host: uberturco.com.admin-us.cas.ms
URL: http://uberturco.com.admin-us.cas.ms/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8272ed99c2fe9a7e77a6af842513173821400a3a597748aa888bfcd284de29ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 05:36:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23536
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16010
x-xss-protection: 0
last-modified: Tue, 27 Sep 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 06 Oct 2023 05:36:40 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 0F11 3 KB
601 B 24ms
23ms Stylesheet
text/css 2607:f8b0:4006:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-6820926494053328&output=html&h=280&adk=3363353524&adf=3655539425&pi=t.aa~a.1933430533~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665058135&rafmt=1&to=qs&pwprc=8930795913&format=1200x280&url=https%3A%2F%2Fuberturco.com%2F%3F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665058135422&bpp=2&bdt=1688&idt=-M&shv=r20221003&mjsv=m202209290101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd02a2140e79f9283-22b16de189d70008%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_Mabi3PYAGGvXa880WDGxB6Ow4_zbg&gpic=UID%3D0000087b3ba0cced%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_MZPcNUPcX38xHMRZrtbYtaBWjPZQg&prev_fmts=0x0%2C1200x280&nras=2&correlator=46689774623&frm=20&pv=1&ga_vid=13632442.1665058134&ga_sid=1665058134&ga_hid=1484840707&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1356&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44774717%2C42531705%2C44774292%2C44773746&oid=2&psts=APxP-9DByzvzri-yfovjGURkzHcLrkzeMoVgRH0ur0NyH5BKjbvkHMqEc79QZo0cCS9MI3gd9Ngp-jW2aOog&pvsid=3253638542876489&tmod=1385536409&uas=0&nvt=1&ref=http%3A%2F%2Fuberturco.com.admin-us.cas.ms%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=bnpNIxEHiD&p=https%3A//uberturco.com&dtd=211

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:808::200a Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fb7989597f1a10a56bd83de6a26eefec44a0c704979fb5e06f02195bc9cebfce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 06 Oct 2022 12:08:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 06 Oct 2022 10:24:05 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 06 Oct 2022 12:08:56 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221003/r20110914/client/ Frame 0F11 2 KB
902 B 6ms
4ms Script
text/javascript 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221003/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 45
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 20 Oct 2022 12:08:11 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221003/r20110914/ Frame 0F11 23 KB
9 KB 6ms
5ms Script
text/javascript 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221003/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a2c6856e8437c3183ec517c59fc9724eb82cac59f685970113a7fb15ecd272c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:06:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 126
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9540
x-xss-protection: 0
server: cafe
etag: 6580860447119072478
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 20 Oct 2022 12:06:50 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221003/r20110914/client/ Frame 0F11 3 KB
1 KB 13ms
4ms Script
text/javascript 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221003/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 55
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 20 Oct 2022 12:08:01 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221003/r20110914/client/ Frame 0F11 17 KB
7 KB 11ms
10ms Script
text/javascript 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221003/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

65f4e452b96ef3e5e3a4631d99c63dd7239dcbcb88de679ac74ac30d3d4988cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:04:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 274
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7528
x-xss-protection: 0
server: cafe
etag: 13775775994264215463
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 20 Oct 2022 12:04:22 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0F11 142 KB
44 KB 50ms
49ms Script
text/javascript 2607:f8b0:4006:808::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:808::2002 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

ba29faf5efe544ed157bbf56aafd0555a22103b36514708d7fcd196fc361c2f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45072
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1664970042070988"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 06 Oct 2022 12:08:56 GMT

GET
H3 200 270cb447f650f22be90b4349b85576c2.js Show response
www.gstatic.com/mysidia/ Frame 0F11 32 KB
13 KB 14ms
6ms Script
text/javascript 2607:f8b0:4006:809::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/270cb447f650f22be90b4349b85576c2.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

7a0049831d92582305911a42f5ed743a1fbd56c69247dddca678d36c9d71b85e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 19:48:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58803
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13677
x-xss-protection: 0
last-modified: Tue, 27 Sep 2022 00:52:44 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 03 Jan 2023 19:48:53 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 0F11 0
0 37ms
32ms Fetch
text/html 2607:f8b0:4006:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CzJ9qV8U-Y4_gKaGmxtYPp56ugA3-ov6raZ7eyIqLDIrRo-2-ARABIMDroGBgycapi8Ck2A-gAbC6odcDyAEJqAMByAPLBKoE-QFP0NJ4TvaIF120QI1sg7zGUk_R0C7ZGukEL5nUSZaXTz9D5XINjyHl_-oJyquqi5gXw0io9oWJTOHMB7gs9MWquHsjgtCMxJpq-yJjLT6NOxNA_BLgDtQ5yphbdZ8jpb1O0FNI4ByTGZki-KUpuJnjRdxKKJdB0iNOn3i0V7xnJ9nD95jivtzc_f-saDGX2nwDlcf6zP24-pEvjrt1CrLKS1DQkB5ZBtjjpD4yzid4hT5EhHMxanJ5Hv8UNVjnkWG9uxeIJ37cIJ0577rykgEVZKxUHxkGAVFwNjHkMgdwNGb-x2cVpycrdki1LcMQQQLBWM2nXCNYNN3ABLOStIiVA5IFBAgEGAGSBQQIBRgEoAYugAetg652qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgHpr4b2AcA8gcEEJC1GNIIDwiAYRABGB8yAooCOgKAQIAKAcgLAdgTDIgUBNAVAYAXAbIXHAoaCAASFHB1Yi02ODIwOTI2NDk0MDUzMzI4GAA&sigh=QDlSnylJcs0&uach_m=[UACH]&template_id=494

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80a::2002 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-6820926494053328&output=html&h=280&adk=3363353524&adf=3655539425&pi=t.aa~a.1933430533~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665058135&rafmt=1&to=qs&pwprc=8930795913&format=1200x280&url=https%3A%2F%2Fuberturco.com%2F%3F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665058135422&bpp=2&bdt=1688&idt=-M&shv=r20221003&mjsv=m202209290101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd02a2140e79f9283-22b16de189d70008%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_Mabi3PYAGGvXa880WDGxB6Ow4_zbg&gpic=UID%3D0000087b3ba0cced%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_MZPcNUPcX38xHMRZrtbYtaBWjPZQg&prev_fmts=0x0%2C1200x280&nras=2&correlator=46689774623&frm=20&pv=1&ga_vid=13632442.1665058134&ga_sid=1665058134&ga_hid=1484840707&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1356&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44774717%2C42531705%2C44774292%2C44773746&oid=2&psts=APxP-9DByzvzri-yfovjGURkzHcLrkzeMoVgRH0ur0NyH5BKjbvkHMqEc79QZo0cCS9MI3gd9Ngp-jW2aOog&pvsid=3253638542876489&tmod=1385536409&uas=0&nvt=1&ref=http%3A%2F%2Fuberturco.com.admin-us.cas.ms%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=bnpNIxEHiD&p=https%3A//uberturco.com&dtd=211
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 06 Oct 2022 12:08:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 13667860608718014462_8313106066445870539.jpeg
static.doubleclick.net/dynamic/5/65138550/ Frame 0F11 74 KB
74 KB 39ms
17ms Image
image/jpeg 2607:f8b0:4006:822::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.doubleclick.net/dynamic/5/65138550/13667860608718014462_8313106066445870539.jpeg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

b8d47e9f10562c9469dd780b169fd2743275e7e07d156f0bc8c6951236761479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 23:32:28 GMT
x-content-type-options: nosniff
age: 45388
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 75502
x-xss-protection: 0
last-modified: Wed, 05 Oct 2022 09:57:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 05 Oct 2023 23:32:28 GMT

GET
H2 200 967328397335122159_4480357468277929854.jpeg
static.doubleclick.net/dynamic/5/65138550/ Frame 0F11 80 KB
80 KB 38ms
15ms Image
image/jpeg 2607:f8b0:4006:822::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.doubleclick.net/dynamic/5/65138550/967328397335122159_4480357468277929854.jpeg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

f2df1cc32153f68449a7f6edc1429d4593357f672f4f956004aa10d9310ccc28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 20:00:22 GMT
x-content-type-options: nosniff
age: 58114
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 81786
x-xss-protection: 0
last-modified: Wed, 05 Oct 2022 09:57:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 05 Oct 2023 20:00:22 GMT

GET
H2 200 6541357501010901629_3550587092728063158.jpeg
static.doubleclick.net/dynamic/5/65138550/ Frame 0F11 52 KB
53 KB 32ms
10ms Image
image/jpeg 2607:f8b0:4006:822::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.doubleclick.net/dynamic/5/65138550/6541357501010901629_3550587092728063158.jpeg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

299016802f0b1790fa60313e3ef5b3767999d98b88105ed6fd552645e80ffd7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 23:25:39 GMT
x-content-type-options: nosniff
age: 45797
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53704
x-xss-protection: 0
last-modified: Wed, 05 Oct 2022 10:35:37 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 05 Oct 2023 23:25:39 GMT

GET
H2 200 4848374378767435968_11971320659469696739.jpeg
static.doubleclick.net/dynamic/5/65138550/ Frame 0F11 101 KB
101 KB 35ms
13ms Image
image/jpeg 2607:f8b0:4006:822::2006

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.doubleclick.net/dynamic/5/65138550/4848374378767435968_11971320659469696739.jpeg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

eb90e7e62356f01c39599caf410f7a3da61beabc98f984fe1c73cd54b64566f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 21:30:30 GMT
x-content-type-options: nosniff
age: 52706
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 103651
x-xss-protection: 0
last-modified: Wed, 05 Oct 2022 09:51:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-programmable"
report-to: {"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 05 Oct 2023 21:30:30 GMT

GET
H3

200

10124421203004885384
tpc.googlesyndication.com/simgad/ Frame 0F11
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDrsaa26wEQgAgYgAgyCCLDMGwWVTf1
https://tpc.googlesyndication.com/simgad/10124421203004885384

8 KB
8 KB

6ms
6ms

Image
image/png

2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10124421203004885384

Requested by

Protocol

Server

2607:f8b0:4006:809::2001 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

484ec1c347c17d7d3b98d5058aa5d90bb5c7315f3a67f44611e902de4be50831

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 11:00:55 GMT
x-content-type-options: nosniff
age: 176881
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8502
x-xss-protection: 0
last-modified: Tue, 08 Oct 2019 11:54:50 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 04 Oct 2023 11:00:55 GMT

Redirect headers

date: Thu, 06 Oct 2022 05:24:19 GMT
x-content-type-options: nosniff
server: cafe
age: 24277
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/10124421203004885384
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sat, 05 Nov 2022 05:24:19 GMT

GET
H3 200 cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 93EC 1 KB
643 B 14ms
13ms Document
text/html 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 59836
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 19:31:40 GMT
etag: 48472445140208031
expires: Thu, 06 Oct 2022 19:31:40 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel
googleads.g.doubleclick.net/xbbe/ Frame 726D 624 B
299 B 35ms
29ms Document
text/html 2607:f8b0:4006:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ-c9gIQjNWC9gEYjLqAyQEwAQ&v=APEucNXw1AbP6TcogfMB_vk5fGo5jyltuL5m-d4SH6_ncEUAu9zBCEfHzUA-lvFr5LWDZVcFDjqeyq125fBE_OrHd3dLjCZ4ZA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-6820926494053328&output=html&h=280&adk=311334090&adf=2834981708&pi=t.aa~a.21044265~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1665058135&rafmt=1&to=qs&pwprc=8930795913&format=370x280&url=https%3A%2F%2Fuberturco.com%2F%3F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665058135422&bpp=1&bdt=1688&idt=2&shv=r20221003&mjsv=m202209290101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd02a2140e79f9283-22b16de189d70008%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_Mabi3PYAGGvXa880WDGxB6Ow4_zbg&gpic=UID%3D0000087b3ba0cced%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_MZPcNUPcX38xHMRZrtbYtaBWjPZQg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=3&correlator=46689774623&frm=20&pv=1&ga_vid=13632442.1665058134&ga_sid=1665058134&ga_hid=1484840707&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1015&ady=2819&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44774717%2C42531705%2C44774292%2C44773746&oid=2&psts=APxP-9DByzvzri-yfovjGURkzHcLrkzeMoVgRH0ur0NyH5BKjbvkHMqEc79QZo0cCS9MI3gd9Ngp-jW2aOog&pvsid=3253638542876489&tmod=1385536409&uas=0&nvt=1&ref=http%3A%2F%2Fuberturco.com.admin-us.cas.ms%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=cslhppJtRY&p=https%3A//uberturco.com&dtd=238

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80a::2002 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-6820926494053328&output=html&h=280&adk=311334090&adf=2834981708&pi=t.aa~a.21044265~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1665058135&rafmt=1&to=qs&pwprc=8930795913&format=370x280&url=https%3A%2F%2Fuberturco.com%2F%3F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665058135422&bpp=1&bdt=1688&idt=2&shv=r20221003&mjsv=m202209290101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd02a2140e79f9283-22b16de189d70008%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_Mabi3PYAGGvXa880WDGxB6Ow4_zbg&gpic=UID%3D0000087b3ba0cced%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_MZPcNUPcX38xHMRZrtbYtaBWjPZQg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=3&correlator=46689774623&frm=20&pv=1&ga_vid=13632442.1665058134&ga_sid=1665058134&ga_hid=1484840707&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1015&ady=2819&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44774717%2C42531705%2C44774292%2C44773746&oid=2&psts=APxP-9DByzvzri-yfovjGURkzHcLrkzeMoVgRH0ur0NyH5BKjbvkHMqEc79QZo0cCS9MI3gd9Ngp-jW2aOog&pvsid=3253638542876489&tmod=1385536409&uas=0&nvt=1&ref=http%3A%2F%2Fuberturco.com.admin-us.cas.ms%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=cslhppJtRY&p=https%3A//uberturco.com&dtd=238
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 06 Oct 2022 12:08:56 GMT
expires: Thu, 06 Oct 2022 12:08:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad
googleads.g.doubleclick.net/dbm/ Frame A9CB 28 KB
16 KB 48ms
47ms Script
text/javascript 2607:f8b0:4006:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CcljoNPviJ2RrwzfwExCeMxd57-UomNHBLyydRQ8KkauOlXU5wr6cvWqXRq-u0p9S0qrhs2EU4sd89ZZAJn3-lRjI_gRwb8tskpwEzxi3rfF0OQF0HFPvLWoYMlF5X9JBoStFZOq3aCgw_8YHiKN_o1urI8CEQ3TkaKwCUt8pdlG2NG8E&cry=1&dbm_d=AKAmf-DdTs4HLt30mgkMN9R1G8pRq97Oz88GAmDWXILJRtJB4Yq1XMd0WBY0omNvnriPvsatFK3DTAObYwWaGB-y5iMvBAHQhzn_dL2uE0UnytD04vmZw0lTsh2BccvWHKu9B2luhCChZER-D-RjwrBNjqdt0oo7vsSLM2r_R7cKuyuQgGt7c7njDt4HFiLJU6MdiaVJNVMASCjcXgXOJWOsIatqrK8MFrCWUZ9dPUjD17ZwIPCSNdUNnfBekjM_lVtNHPRsG7RLevvNj2GWo8Mww_1NLUN45jmjl4AeGOM5mhfN38lj_L11XItLscDg53k2cvndpuCGv0KY4JHru3znYGUmwAz4XI6dI64WpZZ65j5O1X3CSesig2lwPEJ5o0uqYpb-eV1yI-7FJdrPS7U7hopXHusjcPuV2Aal6xv2dzqRSiqpbnow7v5zcPlCqqlndstZiUl3UwlxcFVIfzIInd5EMJLaDDEh9PcQoWG1RDdYitBsLpP200rTF-h8J4Ds0KONulvq4rn-TfgcKxpkAxF3emrI1wfMYB3Svn7HVwe8lK5rXEjWOQlQ_6Dd2JuL9tW11aZ0vrTAOGW3bzFB_0ZJh5Y_qnAU3_xgDESsv43KQFcGAhjG2tAy6iunN6UNZUNgHmEPLIjqE9sKSKdop2fjWRLetxQb8r3ffm48KgHftuYiiXU6DS_-FKzCPnMHr9TjZ7xfzZDOVABfxmGKsZ3cFdo-HsY_0cIuYE0itDXYli_KLBrUgia2k3x8LNu3-f5xNpvGgXKrr2a1d6U4jsr1jwA0oEseza2edPGlRs7tZJgP38R5AjmLuiNSqHfhfc_XwSFxk7y_yMmB2_qBuMgIB1aqRn8-kw6OkkdouXaPv9tdwmdYC3LcRN6VQiHQSPFhimFDY4Z_FW6VehEAtcrL0n4Ow2tinydLRqKI_7jZL1lfqXPzq-YC0wE9vMwjovtqXYG4Krr9vZ9mk8JRNG1q9Hk_hHyjhYDOfgh4Uv1LAALTsPlcc6VqtuZCHEROsmfRxRGC6etZf51ICwZodD92hgl6PdhV5BI_jrWjzb7yL7eiAm9GBk3aek_pKRZKQJmf-gt8gE2sGDjSHbsTGd28XxSUjGqKODLEMWCOiHoDYr0jHjYZs4U-6z30z3HsMs-FDI4VwS6eBytpKZhhi6UjuOMZU3CqwwXqtb3b8gLc1IxMyoiewGZ5jv6DePwTbghadXHAIV7UoLSCuyvdvqHN1KMKFbTeNHLntIX08rBrjfrjXK5mvjCSfF77zTutHzXHULTDTB40KmrkD_bJ6LM54jTgalLsw1LWzg-VyL9SbSXxkdUL5QtUxbft-QXInG8889N3osbAjpyHX_VTftNGarOcFBA8_WmpUZuMvTvL2EMV6bLaAG2SU2W6_y6EwTSgAkz4ONgpWAnw-BJKdKYkfg-fShhlQNLLrpGce3jemBbzbpYa28KsPZwOz2ldhkDpXZgZDfyQF7jATwhLRsImhx94M_7Lfh44q_I8jwkX7_hiruI_CTowgfSfRG5MusfoLQhhQD3xu8nOOBURjSGthKtRMNYMMnRu0ttRoJ6-nOUkcOEgEcUEphM75grNDIcbP289iLkSKEgxbq1WNA0YFo7OTJlB5-zLkzmufpcXYxZOsFbyP56kFhlhWW9s6TXfqt7fRrNAJvibpTJumI6X5VaWBmVpFp_j5ZCiFeDDKg7y5VqEP1LccCqIi5NZXd0Fy8Iu2Jqe8gpF7QFDsOUHI2P6MPCwWW0hOr4VgEIen4I7WxZV1CIZ7jad9beL4nEQD0XaiQxXpZ2xGn3KqDcRfwOlgx7U-ts7kW1-e5WnQHkdC4v1xjcXko8AT6wCX18QFFWymXRX9mAzgyoO6BI5UZVsGZTfMvFd6uG581ai1ddE2MOqzX0JWuPQoemDqjKWgwElBFJntYl3kUHfK9Ldpb8DUmWmPIcd-4JKjcO8zTC-YsM0c_bKW9Up5KBsLH10xsa3VAIC6QbZn2HM7NmGKLHMh_Dti-fF6bI1-uDF9yFu0lBBO3tPMefUsCTTebYZbh5_JlBoj8xg1ZU-schSEHoXS5TwHq-K6vwIRtcOlKQePemmIv4ZKUihoALQVsTZgmSf44jZTLjBHDo4Oar_plUlCsOXIwPBPnSE1tsy8XK88NJHPC3hqe_t-uM2i81w-1o1F9M1RpPLGSDm3uusjZaHzzzIIwD40fmyHanuDHvARSCb0UXgOCwqDX9Ui4Bn4A6cDOaeY3hvPmwAfX24Uqvfgsxyy4__nEIyKVHvHuCv8hGJvepbolCz1B-qg3aez6gCsEVLx1DEd4bmVa4wOkL8CYxnMUudAOiXnX4AwMhQAr7VInmeoU3QXczONNoC9Zk7jisINHu9NkQ9R4gf6nsgGyYJpdOWIr2e3NInnuS3LwsBxWsyt7MdOFaG2bvABG1rESy1tGB2tfivanaSRqei5YcPYz_gAoqcfSaR9o0VgHDtU0xtM306zPntWXM6sCR4ifiVHv5of0elBdwZShQA_L3gjPWCZ7YsSgQ-zlmlUhkX3yCsQ0JWm8OuCVhh1l2lnyk6wrVdCsnF0TL2isu43MZa_juPLzbccxD3yrSku5bJ8ph_xrfRErxjnfes3pKF0rFMDWYhMcJn5cFOKsn6Myv61Rgxkn7gfk5q9LOUInI0P_Hb2zT5yDwGIzNonxPVlIpOH21cKApEi6Ta0UOpOBBn2ejTHvaVvx2_Yda6UmvzDUGW84urVn8HCckSHu8XIdejy0ur4OUE0N_07icy-YI5ryy3j9Kj12Ffuff8Fu7U_KlLvlZpcUa-Nz5PuwSWHXMab9afPMPtosaw8E0IXwNpxMqNVW4PpXu6Pj7ILaLChk6veYvemiTeCurvoc0-2H4Coo8VUX5juM0znjQDWVblHrakHryjkYidCOLMWyrfMkA_Zqfy6rqBpaJtCd3TLw9edBgyEBk__PqdstWExK2Trx-RmR1Ka0fxS6wHQPRwYLJu2fklcA-9ntJIYmtj6iavcyhcWK7z1EONnK202ffJvymwgOhhbHGl7mSbRvF9YB-EYR5L6S5XCxzHpvHzGfM2GhZhl02GTEe-URPC2g5PWOJ4qWwinN83eZeqaaQAx5OBor039PbOaRSyA2c0yN1UdS2pSZb__xvcS2gz--6jCZsMY4s6cdWcuy9BsulvWAGRJP5p1BmfP9yKQOJEvMZy9bNgUL23jKGoCeJmp6MDB5_x3WuiJxUgT_at32lB7pIKPEMb9mDby0FepgUvT156y-jxJufpNtm0tGEgXRoIx-R-H1dJj8sRo1cugHAUnsflpWUjCvVMo-9QRp5a1N5XdyHb2ECdpbB2ieYYA6oyeEd90_eZWfxvW4a8yEN8U0ymYHzuwh-zN1U15z9BkArmYztTjdPXypzkUrC_m4Q68se67xhUUOwDvripD2yRIAlmSsY2JQFMTRhIVGpG6QqGbozT6H5rcCjEm3X_ug&cid=CAASJeRoLkQhNQwtnkLXx7n-gO673sHzNpEOBTb3WefWkr0hXkrYwOw&rfl=2%2Chttps%253A%252F%252Fuberturco.com%252F%240

Requested by

Host: uberturco.com.admin-us.cas.ms
URL: http://uberturco.com.admin-us.cas.ms/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80a::2002 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-6820926494053328&output=html&h=280&adk=311334090&adf=2834981708&pi=t.aa~a.21044265~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1665058135&rafmt=1&to=qs&pwprc=8930795913&format=370x280&url=https%3A%2F%2Fuberturco.com%2F%3F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665058135422&bpp=1&bdt=1688&idt=2&shv=r20221003&mjsv=m202209290101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd02a2140e79f9283-22b16de189d70008%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_Mabi3PYAGGvXa880WDGxB6Ow4_zbg&gpic=UID%3D0000087b3ba0cced%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_MZPcNUPcX38xHMRZrtbYtaBWjPZQg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=3&correlator=46689774623&frm=20&pv=1&ga_vid=13632442.1665058134&ga_sid=1665058134&ga_hid=1484840707&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1015&ady=2819&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44774717%2C42531705%2C44774292%2C44773746&oid=2&psts=APxP-9DByzvzri-yfovjGURkzHcLrkzeMoVgRH0ur0NyH5BKjbvkHMqEc79QZo0cCS9MI3gd9Ngp-jW2aOog&pvsid=3253638542876489&tmod=1385536409&uas=0&nvt=1&ref=http%3A%2F%2Fuberturco.com.admin-us.cas.ms%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=cslhppJtRY&p=https%3A//uberturco.com&dtd=238
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 12:08:56 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16760
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221003/r20110914/client/ Frame A9CB 3 KB
1 KB 9ms
4ms Script
text/javascript 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221003/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-6820926494053328&output=html&h=280&adk=311334090&adf=2834981708&pi=t.aa~a.21044265~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1665058135&rafmt=1&to=qs&pwprc=8930795913&format=370x280&url=https%3A%2F%2Fuberturco.com%2F%3F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665058135422&bpp=1&bdt=1688&idt=2&shv=r20221003&mjsv=m202209290101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd02a2140e79f9283-22b16de189d70008%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_Mabi3PYAGGvXa880WDGxB6Ow4_zbg&gpic=UID%3D0000087b3ba0cced%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_MZPcNUPcX38xHMRZrtbYtaBWjPZQg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=3&correlator=46689774623&frm=20&pv=1&ga_vid=13632442.1665058134&ga_sid=1665058134&ga_hid=1484840707&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1015&ady=2819&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44774717%2C42531705%2C44774292%2C44773746&oid=2&psts=APxP-9DByzvzri-yfovjGURkzHcLrkzeMoVgRH0ur0NyH5BKjbvkHMqEc79QZo0cCS9MI3gd9Ngp-jW2aOog&pvsid=3253638542876489&tmod=1385536409&uas=0&nvt=1&ref=http%3A%2F%2Fuberturco.com.admin-us.cas.ms%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=cslhppJtRY&p=https%3A//uberturco.com&dtd=238

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 55
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 20 Oct 2022 12:08:01 GMT

GET
H3 200 qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221003/r20110914/client/ Frame A9CB 17 KB
7 KB 10ms
5ms Script
text/javascript 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221003/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-6820926494053328&output=html&h=280&adk=311334090&adf=2834981708&pi=t.aa~a.21044265~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1665058135&rafmt=1&to=qs&pwprc=8930795913&format=370x280&url=https%3A%2F%2Fuberturco.com%2F%3F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665058135422&bpp=1&bdt=1688&idt=2&shv=r20221003&mjsv=m202209290101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd02a2140e79f9283-22b16de189d70008%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_Mabi3PYAGGvXa880WDGxB6Ow4_zbg&gpic=UID%3D0000087b3ba0cced%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_MZPcNUPcX38xHMRZrtbYtaBWjPZQg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=3&correlator=46689774623&frm=20&pv=1&ga_vid=13632442.1665058134&ga_sid=1665058134&ga_hid=1484840707&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1015&ady=2819&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44774717%2C42531705%2C44774292%2C44773746&oid=2&psts=APxP-9DByzvzri-yfovjGURkzHcLrkzeMoVgRH0ur0NyH5BKjbvkHMqEc79QZo0cCS9MI3gd9Ngp-jW2aOog&pvsid=3253638542876489&tmod=1385536409&uas=0&nvt=1&ref=http%3A%2F%2Fuberturco.com.admin-us.cas.ms%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=cslhppJtRY&p=https%3A//uberturco.com&dtd=238

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:04:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 274
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7528
x-xss-protection: 0
server: cafe
etag: 13775775994264215463
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 20 Oct 2022 12:04:22 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame A9CB 0
0 74ms
9ms Image
text/html 2607:f8b0:4006:80d::2004

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSrHDnyr386IcI194Uy1EX1mRlIkqQHt_o_cJYQl8UJpkPXvqkP5x4Z0q94jwpQAmIWtOBdzm6EzTeaNsl7jNjYPDuQDQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-6820926494053328&output=html&h=280&adk=311334090&adf=2834981708&pi=t.aa~a.21044265~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1665058135&rafmt=1&to=qs&pwprc=8930795913&format=370x280&url=https%3A%2F%2Fuberturco.com%2F%3F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665058135422&bpp=1&bdt=1688&idt=2&shv=r20221003&mjsv=m202209290101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd02a2140e79f9283-22b16de189d70008%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_Mabi3PYAGGvXa880WDGxB6Ow4_zbg&gpic=UID%3D0000087b3ba0cced%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_MZPcNUPcX38xHMRZrtbYtaBWjPZQg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=3&correlator=46689774623&frm=20&pv=1&ga_vid=13632442.1665058134&ga_sid=1665058134&ga_hid=1484840707&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1015&ady=2819&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44774717%2C42531705%2C44774292%2C44773746&oid=2&psts=APxP-9DByzvzri-yfovjGURkzHcLrkzeMoVgRH0ur0NyH5BKjbvkHMqEc79QZo0cCS9MI3gd9Ngp-jW2aOog&pvsid=3253638542876489&tmod=1385536409&uas=0&nvt=1&ref=http%3A%2F%2Fuberturco.com.admin-us.cas.ms%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=cslhppJtRY&p=https%3A//uberturco.com&dtd=238
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:80d::2004 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame A9CB 142 KB
44 KB 65ms
62ms Script
text/javascript 2607:f8b0:4006:808::2002

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-6820926494053328&output=html&h=280&adk=311334090&adf=2834981708&pi=t.aa~a.21044265~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1665058135&rafmt=1&to=qs&pwprc=8930795913&format=370x280&url=https%3A%2F%2Fuberturco.com%2F%3F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665058135422&bpp=1&bdt=1688&idt=2&shv=r20221003&mjsv=m202209290101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd02a2140e79f9283-22b16de189d70008%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_Mabi3PYAGGvXa880WDGxB6Ow4_zbg&gpic=UID%3D0000087b3ba0cced%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_MZPcNUPcX38xHMRZrtbYtaBWjPZQg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=3&correlator=46689774623&frm=20&pv=1&ga_vid=13632442.1665058134&ga_sid=1665058134&ga_hid=1484840707&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1015&ady=2819&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44774717%2C42531705%2C44774292%2C44773746&oid=2&psts=APxP-9DByzvzri-yfovjGURkzHcLrkzeMoVgRH0ur0NyH5BKjbvkHMqEc79QZo0cCS9MI3gd9Ngp-jW2aOog&pvsid=3253638542876489&tmod=1385536409&uas=0&nvt=1&ref=http%3A%2F%2Fuberturco.com.admin-us.cas.ms%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=cslhppJtRY&p=https%3A//uberturco.com&dtd=238

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:808::2002 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45072
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1664970042070988"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 06 Oct 2022 12:08:56 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame A9CB 42 B
63 B 82ms
78ms Image
image/gif 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AdO573SqGXo2iTKYz4w8UbRF9uDA670_UNX6NVQq40CUsMpRaSKFOA_b6aWCn4HZdL0-iS7JSienyfD7TMPIBOFp8eBtHczw5pE9oxAsHfmZb1ba8

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-6820926494053328&output=html&h=280&adk=311334090&adf=2834981708&pi=t.aa~a.21044265~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1665058135&rafmt=1&to=qs&pwprc=8930795913&format=370x280&url=https%3A%2F%2Fuberturco.com%2F%3F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665058135422&bpp=1&bdt=1688&idt=2&shv=r20221003&mjsv=m202209290101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd02a2140e79f9283-22b16de189d70008%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_Mabi3PYAGGvXa880WDGxB6Ow4_zbg&gpic=UID%3D0000087b3ba0cced%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_MZPcNUPcX38xHMRZrtbYtaBWjPZQg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=3&correlator=46689774623&frm=20&pv=1&ga_vid=13632442.1665058134&ga_sid=1665058134&ga_hid=1484840707&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1015&ady=2819&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44774717%2C42531705%2C44774292%2C44773746&oid=2&psts=APxP-9DByzvzri-yfovjGURkzHcLrkzeMoVgRH0ur0NyH5BKjbvkHMqEc79QZo0cCS9MI3gd9Ngp-jW2aOog&pvsid=3253638542876489&tmod=1385536409&uas=0&nvt=1&ref=http%3A%2F%2Fuberturco.com.admin-us.cas.ms%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=cslhppJtRY&p=https%3A//uberturco.com&dtd=238

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 12:08:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 0F11 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1c862636750cd450d3f1e79955d05c4f7207a29e62e8ad002dd92a64e301f60a

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
fonts.gstatic.com/s/googlesansdisplay/v21/ Frame 0F11 20 KB
20 KB 29ms
7ms Font
font/woff2 2607:f8b0:4006:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2003 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Sun, 02 Oct 2022 16:38:24 GMT
x-content-type-options: nosniff
age: 329432
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20784
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:21:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 02 Oct 2023 16:38:24 GMT

GET
H3 200 ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etBD7TA.woff2
fonts.gstatic.com/s/googlesansdisplay/v21/ Frame 0F11 21 KB
21 KB 24ms
8ms Font
font/woff2 2607:f8b0:4006:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etBD7TA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2003 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 22:39:18 GMT
x-content-type-options: nosniff
age: 134978
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21428
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:32:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Oct 2023 22:39:18 GMT

GET

rum
dsum-sec.casalemedia.com/ Frame 726D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGMl8cDCVKLx93i7byAInFU&google_cver=1

0
0

GET

pixel
cm.g.doubleclick.net/ Frame 726D
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yz7FWDs.Mb2B7swFQF.0PgAA

0
0

GET

setuid
ib.adnxs.com/ Frame 726D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEIw9GXq7NASgZ0BQeJshq7A&google_cver=1

0
0

GET

bounce
ib.adnxs.com/ Frame 726D
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D

0
0

GET
H3 200 gnLtmcL-mn53pq-EJRMXOCFACjpZd0iqiIv80oTeKas.js
pagead2.googlesyndication.com/bg/ Frame 7BDB 36 KB
16 KB 8ms
5ms Script
text/javascript 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gnLtmcL-mn53pq-EJRMXOCFACjpZd0iqiIv80oTeKas.js

Requested by

Host: uberturco.com.admin-us.cas.ms
URL: http://uberturco.com.admin-us.cas.ms/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 05:36:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23536
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16010
x-xss-protection: 0
last-modified: Tue, 27 Sep 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 06 Oct 2023 05:36:40 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame F47A 42 B
64 B 39ms
25ms Fetch
image/gif 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstlvLzBDaxSliapYWn9Q_nABSfiVfPcz0SBehqXavY_38eCnJIt--nZn7-QMiogD5rVDXsi8XbsTBmjDAWBh4zUaMzu9w4TidNscYttw93_EGrgO9S6NpuDZSymIvIo3pLHNPk&sai=AMfl-YQ-EirDvO9zHvaqNiha59DIIPAEq9crnAUQb4hBaK57MOxui99JvLaElTYEH8NFZWkycCXbKiDaY_-QUNc&sig=Cg0ArKJSzOlzoyMR1ir7EAE&id=lidar2&mcvt=1019&p=0,0,280,1200&mtos=1019,1019,1019,1019,1019&tos=1019,0,0,0,0&v=20221005&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=2754459079&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1665058134405&rpt=1154&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 06 Oct 2022 12:08:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20221003/r20110914/ Frame A9CB 30 KB
11 KB 7ms
6ms Script
text/javascript 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20221003/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CcljoNPviJ2RrwzfwExCeMxd57-UomNHBLyydRQ8KkauOlXU5wr6cvWqXRq-u0p9S0qrhs2EU4sd89ZZAJn3-lRjI_gRwb8tskpwEzxi3rfF0OQF0HFPvLWoYMlF5X9JBoStFZOq3aCgw_8YHiKN_o1urI8CEQ3TkaKwCUt8pdlG2NG8E&cry=1&dbm_d=AKAmf-DdTs4HLt30mgkMN9R1G8pRq97Oz88GAmDWXILJRtJB4Yq1XMd0WBY0omNvnriPvsatFK3DTAObYwWaGB-y5iMvBAHQhzn_dL2uE0UnytD04vmZw0lTsh2BccvWHKu9B2luhCChZER-D-RjwrBNjqdt0oo7vsSLM2r_R7cKuyuQgGt7c7njDt4HFiLJU6MdiaVJNVMASCjcXgXOJWOsIatqrK8MFrCWUZ9dPUjD17ZwIPCSNdUNnfBekjM_lVtNHPRsG7RLevvNj2GWo8Mww_1NLUN45jmjl4AeGOM5mhfN38lj_L11XItLscDg53k2cvndpuCGv0KY4JHru3znYGUmwAz4XI6dI64WpZZ65j5O1X3CSesig2lwPEJ5o0uqYpb-eV1yI-7FJdrPS7U7hopXHusjcPuV2Aal6xv2dzqRSiqpbnow7v5zcPlCqqlndstZiUl3UwlxcFVIfzIInd5EMJLaDDEh9PcQoWG1RDdYitBsLpP200rTF-h8J4Ds0KONulvq4rn-TfgcKxpkAxF3emrI1wfMYB3Svn7HVwe8lK5rXEjWOQlQ_6Dd2JuL9tW11aZ0vrTAOGW3bzFB_0ZJh5Y_qnAU3_xgDESsv43KQFcGAhjG2tAy6iunN6UNZUNgHmEPLIjqE9sKSKdop2fjWRLetxQb8r3ffm48KgHftuYiiXU6DS_-FKzCPnMHr9TjZ7xfzZDOVABfxmGKsZ3cFdo-HsY_0cIuYE0itDXYli_KLBrUgia2k3x8LNu3-f5xNpvGgXKrr2a1d6U4jsr1jwA0oEseza2edPGlRs7tZJgP38R5AjmLuiNSqHfhfc_XwSFxk7y_yMmB2_qBuMgIB1aqRn8-kw6OkkdouXaPv9tdwmdYC3LcRN6VQiHQSPFhimFDY4Z_FW6VehEAtcrL0n4Ow2tinydLRqKI_7jZL1lfqXPzq-YC0wE9vMwjovtqXYG4Krr9vZ9mk8JRNG1q9Hk_hHyjhYDOfgh4Uv1LAALTsPlcc6VqtuZCHEROsmfRxRGC6etZf51ICwZodD92hgl6PdhV5BI_jrWjzb7yL7eiAm9GBk3aek_pKRZKQJmf-gt8gE2sGDjSHbsTGd28XxSUjGqKODLEMWCOiHoDYr0jHjYZs4U-6z30z3HsMs-FDI4VwS6eBytpKZhhi6UjuOMZU3CqwwXqtb3b8gLc1IxMyoiewGZ5jv6DePwTbghadXHAIV7UoLSCuyvdvqHN1KMKFbTeNHLntIX08rBrjfrjXK5mvjCSfF77zTutHzXHULTDTB40KmrkD_bJ6LM54jTgalLsw1LWzg-VyL9SbSXxkdUL5QtUxbft-QXInG8889N3osbAjpyHX_VTftNGarOcFBA8_WmpUZuMvTvL2EMV6bLaAG2SU2W6_y6EwTSgAkz4ONgpWAnw-BJKdKYkfg-fShhlQNLLrpGce3jemBbzbpYa28KsPZwOz2ldhkDpXZgZDfyQF7jATwhLRsImhx94M_7Lfh44q_I8jwkX7_hiruI_CTowgfSfRG5MusfoLQhhQD3xu8nOOBURjSGthKtRMNYMMnRu0ttRoJ6-nOUkcOEgEcUEphM75grNDIcbP289iLkSKEgxbq1WNA0YFo7OTJlB5-zLkzmufpcXYxZOsFbyP56kFhlhWW9s6TXfqt7fRrNAJvibpTJumI6X5VaWBmVpFp_j5ZCiFeDDKg7y5VqEP1LccCqIi5NZXd0Fy8Iu2Jqe8gpF7QFDsOUHI2P6MPCwWW0hOr4VgEIen4I7WxZV1CIZ7jad9beL4nEQD0XaiQxXpZ2xGn3KqDcRfwOlgx7U-ts7kW1-e5WnQHkdC4v1xjcXko8AT6wCX18QFFWymXRX9mAzgyoO6BI5UZVsGZTfMvFd6uG581ai1ddE2MOqzX0JWuPQoemDqjKWgwElBFJntYl3kUHfK9Ldpb8DUmWmPIcd-4JKjcO8zTC-YsM0c_bKW9Up5KBsLH10xsa3VAIC6QbZn2HM7NmGKLHMh_Dti-fF6bI1-uDF9yFu0lBBO3tPMefUsCTTebYZbh5_JlBoj8xg1ZU-schSEHoXS5TwHq-K6vwIRtcOlKQePemmIv4ZKUihoALQVsTZgmSf44jZTLjBHDo4Oar_plUlCsOXIwPBPnSE1tsy8XK88NJHPC3hqe_t-uM2i81w-1o1F9M1RpPLGSDm3uusjZaHzzzIIwD40fmyHanuDHvARSCb0UXgOCwqDX9Ui4Bn4A6cDOaeY3hvPmwAfX24Uqvfgsxyy4__nEIyKVHvHuCv8hGJvepbolCz1B-qg3aez6gCsEVLx1DEd4bmVa4wOkL8CYxnMUudAOiXnX4AwMhQAr7VInmeoU3QXczONNoC9Zk7jisINHu9NkQ9R4gf6nsgGyYJpdOWIr2e3NInnuS3LwsBxWsyt7MdOFaG2bvABG1rESy1tGB2tfivanaSRqei5YcPYz_gAoqcfSaR9o0VgHDtU0xtM306zPntWXM6sCR4ifiVHv5of0elBdwZShQA_L3gjPWCZ7YsSgQ-zlmlUhkX3yCsQ0JWm8OuCVhh1l2lnyk6wrVdCsnF0TL2isu43MZa_juPLzbccxD3yrSku5bJ8ph_xrfRErxjnfes3pKF0rFMDWYhMcJn5cFOKsn6Myv61Rgxkn7gfk5q9LOUInI0P_Hb2zT5yDwGIzNonxPVlIpOH21cKApEi6Ta0UOpOBBn2ejTHvaVvx2_Yda6UmvzDUGW84urVn8HCckSHu8XIdejy0ur4OUE0N_07icy-YI5ryy3j9Kj12Ffuff8Fu7U_KlLvlZpcUa-Nz5PuwSWHXMab9afPMPtosaw8E0IXwNpxMqNVW4PpXu6Pj7ILaLChk6veYvemiTeCurvoc0-2H4Coo8VUX5juM0znjQDWVblHrakHryjkYidCOLMWyrfMkA_Zqfy6rqBpaJtCd3TLw9edBgyEBk__PqdstWExK2Trx-RmR1Ka0fxS6wHQPRwYLJu2fklcA-9ntJIYmtj6iavcyhcWK7z1EONnK202ffJvymwgOhhbHGl7mSbRvF9YB-EYR5L6S5XCxzHpvHzGfM2GhZhl02GTEe-URPC2g5PWOJ4qWwinN83eZeqaaQAx5OBor039PbOaRSyA2c0yN1UdS2pSZb__xvcS2gz--6jCZsMY4s6cdWcuy9BsulvWAGRJP5p1BmfP9yKQOJEvMZy9bNgUL23jKGoCeJmp6MDB5_x3WuiJxUgT_at32lB7pIKPEMb9mDby0FepgUvT156y-jxJufpNtm0tGEgXRoIx-R-H1dJj8sRo1cugHAUnsflpWUjCvVMo-9QRp5a1N5XdyHb2ECdpbB2ieYYA6oyeEd90_eZWfxvW4a8yEN8U0ymYHzuwh-zN1U15z9BkArmYztTjdPXypzkUrC_m4Q68se67xhUUOwDvripD2yRIAlmSsY2JQFMTRhIVGpG6QqGbozT6H5rcCjEm3X_ug&cid=CAASJeRoLkQhNQwtnkLXx7n-gO673sHzNpEOBTb3WefWkr0hXkrYwOw&rfl=2%2Chttps%253A%252F%252Fuberturco.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:06:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 139
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11696
x-xss-protection: 0
server: cafe
etag: 3440521625644817407
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 20 Oct 2022 12:06:37 GMT

GET
H3 200 UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame A9CB 41 KB
15 KB 7ms
7ms Script
text/javascript 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 22:47:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 48085
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Oct 2023 22:47:31 GMT

GET s-3614
e.dlx.addthis.com/e/a-1189/ Frame 93EC 0
0

GET

dds
rtb.openx.net/sync/ Frame 93EC
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEAQFleHULB7UX5HHqIhN-JA&google_cver=1&google_push=AZmPxg-TTXuGasFCq0SFZt1nWVMrIy5S9S6kucZko4GwC_0yAA_8R5DyC07oI2cTsACe9-HiXZ19g62url7WY6IA9Mnj_e2j-DkL
https://rtb.openx.net/sync/dds?google_gid=CAESEAQFleHULB7UX5HHqIhN-JA&google_cver=1&google_push=AZmPxg-TTXuGasFCq0SFZt1nWVMrIy5S9S6kucZko4GwC_0yAA_8R5DyC07oI2cTsACe9-HiXZ19g62url7WY6IA9Mnj_e2j-DkL&...

0
0

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 93EC 0
166 B 150ms
12ms Image
text/html 8.28.7.81

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEKtB-v8d5sdADE7O82ZBRIw&google_cver=1&google_push=AZmPxg8U7ehc1wvYIjV-6Et8XS-Aqgx7rPjAy8_RLEFHMDck6aMBWmKHMAMG4Zdbhh5utgwBSBWXyEU1M2Ysbpwmg8H_a-BMbohY
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-6820926494053328&output=html&h=280&adk=3363353524&adf=3655539425&pi=t.aa~a.1933430533~rp.1&w=1200&fwrn=4&fwrnh=100&lmt=1665058135&rafmt=1&to=qs&pwprc=8930795913&format=1200x280&url=https%3A%2F%2Fuberturco.com%2F%3F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665058135422&bpp=2&bdt=1688&idt=-M&shv=r20221003&mjsv=m202209290101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd02a2140e79f9283-22b16de189d70008%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_Mabi3PYAGGvXa880WDGxB6Ow4_zbg&gpic=UID%3D0000087b3ba0cced%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_MZPcNUPcX38xHMRZrtbYtaBWjPZQg&prev_fmts=0x0%2C1200x280&nras=2&correlator=46689774623&frm=20&pv=1&ga_vid=13632442.1665058134&ga_sid=1665058134&ga_hid=1484840707&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1356&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44774717%2C42531705%2C44774292%2C44773746&oid=2&psts=APxP-9DByzvzri-yfovjGURkzHcLrkzeMoVgRH0ur0NyH5BKjbvkHMqEc79QZo0cCS9MI3gd9Ngp-jW2aOog&pvsid=3253638542876489&tmod=1385536409&uas=0&nvt=1&ref=http%3A%2F%2Fuberturco.com.admin-us.cas.ms%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=bnpNIxEHiD&p=https%3A//uberturco.com&dtd=211
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.81 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Thu, 06 Oct 2022 12:08:55 GMT
content-length: 0
content-type: text/html; charset=UTF-8

GET

pixel
cm.g.doubleclick.net/ Frame 93EC
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJ0ax1jNXzmnUJbOl2mkLXk&google_cver=1&google_push=AZmPxg-Hn6zPEslakrDYu0UIm6aMbnb5cwian940HktZ_vCymTU4nIJXU5SV_b3_Kxe2S8-N8jE...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDhYME1HVTctRi1HNFcx&google_push=AZmPxg-Hn6zPEslakrDYu0UIm6aMbnb5cwian940HktZ_vCymTU4nIJXU5SV_b3_Kxe2S8-N8jEycxnqhPo8XGcsIU1itsz4H5y2

0
0

GET

usermatchredir
ssum-sec.casalemedia.com/ Frame 93EC
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEI-2YUaFmox-scg3F-lmHr0&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEI-2YUaFmox-scg3F-lmHr0&google_push=AZ...

0
0

GET

pixel
cm.g.doubleclick.net/ Frame 93EC
Redirect Chain

https://cc.adingo.jp/adx/push/?google_gid=CAESEEXu0gPQa7T-M2SayB4Xiic&google_cver=1&google_push=AZmPxg_jpm_kex8KAsdXQng1jYMA4HkcayGdjOWzfIVkkIc6O3AdstmCUHi_-D39XE01wfTg9nWTxiluH_eVPmVRQEfT5N3wl325
https://cm.g.doubleclick.net/pixel?google_nid=fluct_eb&google_push=AZmPxg_jpm_kex8KAsdXQng1jYMA4HkcayGdjOWzfIVkkIc6O3AdstmCUHi_-D39XE01wfTg9nWTxiluH_eVPmVRQEfT5N3wl325&google_hm=6f0e4f448ac8eb8dc0f...

0
0

GET googleredir
googlecm.hit.gemius.pl/ Frame 93EC 0
0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 93EC 0
59 B 173ms
27ms Image
text/html 142.250.80.2

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JWukhy2NreSdcYqWy8Os7OksqhO1HsIlW7lhfZVc-JOK8ALghVbCN0VL8A0zTj640VEgfAjw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.2 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 12:08:56 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 gnLtmcL-mn53pq-EJRMXOCFACjpZd0iqiIv80oTeKas.js
pagead2.googlesyndication.com/bg/ Frame 314C 36 KB
16 KB 11ms
7ms Script
text/javascript 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gnLtmcL-mn53pq-EJRMXOCFACjpZd0iqiIv80oTeKas.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 06 Oct 2022 05:36:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23536
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16010
x-xss-protection: 0
last-modified: Tue, 27 Sep 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 06 Oct 2023 05:36:40 GMT

GET
H2 200 player
realtime.clinch.co/video/player_v1/ Frame 234A 0
0 72ms
37ms Document
text/html 54.173.252.160

General

Check archive.org

Show headers Download Go to

Full URL: https://realtime.clinch.co/video/player_v1/player?cid=yldcQE&caid=11217&format=_300ax250a&clkUrl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCRBPxV8U-Y9uMK8_CxtYPhu60uAank-Ltab_297LaD_AuEAEgwOugYGDJxqmLwKTYD6ABsLP9qQLIAQmoAwGqBJoCT9Aw3BDTfyA76UprVIvg3Qi7A6JAoW_9V3ZoeJzwiizM-ObommfYiMFawZdGrxh2Wr7I8NCRjbjdiR3Utp2GLTHxS93EEL5lO281MqmhkaoLFpwtuVpcs3c5MidALU1oa89Q4CFPjpGllqqqLwYBWzmNMjtsvy4xfkkTBvMteW98IiuMZXfckK0ipZbZcPTOn-E_ysx9nn5dxkkcujWvYfzU_CIjWo1XiT13D8Xyg2BFxClj2eZZP4EX_HvRS68yQ33XcvNki57MNSQXEgS77xRU0zk85ft0O-wzjnwu_IFKbzJR_O0pBL41UxHmYVRTqQ7V2bPJHZovFjvb8nv56mm7oWX1xxsWmci9oh9Z0hUTGODug15B493qwAToqJDR-wPgBAOQBgGgBk2AB7jMgtYBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIIDwiAYRABGB8yAooCOgKAQIAKAZgLAcgLAYAMAbATr7XHENATANgTDdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASJeRoLkQhNQwtnkLXx7n-gO673sHzNpEOBTb3WefWkr0hXkrYwOw%26sig%3DAOD64_0TZyKPPt7CardnMyvW9mKpubwoyQ%26client%3Dca-pub-6820926494053328%26dbm_c%3DAKAmf-CJWtl09TuTKJv256CKZp-QWryN34yPI4NZrFXOZo5dN90jkLrfHvhyY_4Bd-LsgTx4yQD45LBK-raIUfUlUvrQFiMN3dGk6GLeUByOgrifqA-c2FjsQ76ZH3F9-DXstBT9O63yPFOUgTfPaUY4zCauhvsWphmbsS7IGEIt87eQ9HqsEgU%26cry%3D1%26dbm_d%3DAKAmf-D08eTD8HrStM1Yb00SfmZnNKvakaNRreBCV_6n-oOdOYP5pbCYVdFS657X5Dr2OfN6ELFwV23U16HnqB1H6V3mBWEtEPvz0cmerNK8PCKT6QhUr1P2fnggFLbHGfRsEqlP-nutu6-flh3f0WSuyceVLAEcR-Prs9S0EleDHZFNHULXd_3-LEk8maPqlPaXkX3zi8MT-gdEivKV889X8h59q-KPsVkQg94MZRZA3nvWG1mIrA8SsnOIx63Gr00seuWNEg8BZV2FjHW-S7nE0K6lbbCs_GmDd1JDzVg5yqh2W2gXMs6Jd5O_s0UypOGLBrwkILL401gExqLh6GlgW9karhYeBDBwhES7L4tINwZqKlk6SXV9oodMo54XWz9LhrUj-QjR8I-8_yEUB9o6MsaFpIqFMo8gbbH2gN_hAx4PDqPmPMtdgx4q_sSQpn_wMjSnhV47Y_m0uFINdhexu7PwR5Hlkv6np-XA1eHY-0u0LtjCpwz8rn2iXT1BZHZ38Qpj2nO2rYFM-orCm7d298Ro5E5AbztUptYAgwQf5zyT1NyowWM%26adurl%3D&dsp=dv360&plcId=334385315&dsp_impression_id=ABAjH0g1LkdQhdvckBkkkWqnI3Q6&site_url=https://uberturco.com/&dsp_pub_id=1&site_id=1397145345838&dsp_insertion_order_id=28045553&dsp_caid=16968901175&dsp_crid=421534988&dsp_tracker_token=AD1EzRQAAABoCmAKDAgAFQAAAAAdAAAAABIMCAAVAAAAAB0AAAAAIhMIt8Szmz-oAozVgvYBsALx4a8NQAHSAioYACITCJuU1vXIy_oCFU-h0QQdBjcNZygBMAE4v_b3stoPQAJIAViZgSAQjLqAyQHiy6HO4vkjpQ3cPQ9TJYqJ&rnd=1665058135706139&gdpr=&gdpr_consent=&gdpr_pd=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-6820926494053328&output=html&h=280&adk=311334090&adf=2834981708&pi=t.aa~a.21044265~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1665058135&rafmt=1&to=qs&pwprc=8930795913&format=370x280&url=https%3A%2F%2Fuberturco.com%2F%3F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665058135422&bpp=1&bdt=1688&idt=2&shv=r20221003&mjsv=m202209290101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd02a2140e79f9283-22b16de189d70008%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_Mabi3PYAGGvXa880WDGxB6Ow4_zbg&gpic=UID%3D0000087b3ba0cced%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_MZPcNUPcX38xHMRZrtbYtaBWjPZQg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=3&correlator=46689774623&frm=20&pv=1&ga_vid=13632442.1665058134&ga_sid=1665058134&ga_hid=1484840707&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1015&ady=2819&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44774717%2C42531705%2C44774292%2C44773746&oid=2&psts=APxP-9DByzvzri-yfovjGURkzHcLrkzeMoVgRH0ur0NyH5BKjbvkHMqEc79QZo0cCS9MI3gd9Ngp-jW2aOog&pvsid=3253638542876489&tmod=1385536409&uas=0&nvt=1&ref=http%3A%2F%2Fuberturco.com.admin-us.cas.ms%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=cslhppJtRY&p=https%3A//uberturco.com&dtd=238
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.173.252.160 -, , ASN (),
Reverse DNS
Software: clinch /
Resource Hash

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

cache-control: no-store
content-type: text/html; charset=utf-8
date: Thu, 06 Oct 2022 12:08:56 GMT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
server: clinch

GET
H3 200 cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame C6ED 1 KB
0 4ms
4ms Document
text/html 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-6820926494053328&output=html&h=280&adk=311334090&adf=2834981708&pi=t.aa~a.21044265~rp.4&w=370&fwrn=4&fwrnh=100&lmt=1665058135&rafmt=1&to=qs&pwprc=8930795913&format=370x280&url=https%3A%2F%2Fuberturco.com%2F%3F&host=ca-host-pub-2644536267352236&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1665058135422&bpp=1&bdt=1688&idt=2&shv=r20221003&mjsv=m202209290101&ptt=9&saldr=aa&abxe=1&cookie=ID%3Dd02a2140e79f9283-22b16de189d70008%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_Mabi3PYAGGvXa880WDGxB6Ow4_zbg&gpic=UID%3D0000087b3ba0cced%3AT%3D1665058134%3ART%3D1665058134%3AS%3DALNI_MZPcNUPcX38xHMRZrtbYtaBWjPZQg&prev_fmts=0x0%2C1200x280%2C1200x280&nras=3&correlator=46689774623&frm=20&pv=1&ga_vid=13632442.1665058134&ga_sid=1665058134&ga_hid=1484840707&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1015&ady=2819&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44774717%2C42531705%2C44774292%2C44773746&oid=2&psts=APxP-9DByzvzri-yfovjGURkzHcLrkzeMoVgRH0ur0NyH5BKjbvkHMqEc79QZo0cCS9MI3gd9Ngp-jW2aOog&pvsid=3253638542876489&tmod=1385536409&uas=0&nvt=1&ref=http%3A%2F%2Fuberturco.com.admin-us.cas.ms%2F&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=cslhppJtRY&p=https%3A//uberturco.com&dtd=238

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 Rockville, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 59836
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 19:31:40 GMT
etag: 48472445140208031
expires: Thu, 06 Oct 2022 19:31:40 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame A9CB 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: dsum-sec.casalemedia.com
URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGMl8cDCVKLx93i7byAInFU&google_cver=1

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yz7FWDs.Mb2B7swFQF.0PgAA

Domain: ib.adnxs.com
URL: https://ib.adnxs.com/setuid?entity=101&code=CAESEIw9GXq7NASgZ0BQeJshq7A&google_cver=1

Domain: ib.adnxs.com
URL: https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D

Domain: e.dlx.addthis.com
URL: https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAZmPxg9fTAMaRPiXTZGt6s9KVFdMvYEiiR3gLi26S1VtseSOrMgY1JFUA1PCmDe8Ohp8yi3-_Ey1X_J6U3dW68K390rdjlgUyDWa&google_gid=CAESEMJjVOfYOM7jADnRdcllKBo&google_cver=1

Domain: rtb.openx.net
URL: https://rtb.openx.net/sync/dds?google_gid=CAESEAQFleHULB7UX5HHqIhN-JA&google_cver=1&google_push=AZmPxg-TTXuGasFCq0SFZt1nWVMrIy5S9S6kucZko4GwC_0yAA_8R5DyC07oI2cTsACe9-HiXZ19g62url7WY6IA9Mnj_e2j-DkL&ox_sc=1

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDhYME1HVTctRi1HNFcx&google_push=AZmPxg-Hn6zPEslakrDYu0UIm6aMbnb5cwian940HktZ_vCymTU4nIJXU5SV_b3_Kxe2S8-N8jEycxnqhPo8XGcsIU1itsz4H5y2

Domain: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEI-2YUaFmox-scg3F-lmHr0&google_push=AZmPxg9-iRDTCUv-tPA6k_M0LyhLGJtNL6C1F6C1XdEn_ep6l_0a9hgr01o6ZxzlMfkcgZtpBSOn00Z8AYGHszH7Y5zE9MhiWZAV&s=184023&C=1

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=fluct_eb&google_push=AZmPxg_jpm_kex8KAsdXQng1jYMA4HkcayGdjOWzfIVkkIc6O3AdstmCUHi_-D39XE01wfTg9nWTxiluH_eVPmVRQEfT5N3wl325&google_hm=6f0e4f448ac8eb8dc0f15225a1b54d68

Domain: googlecm.hit.gemius.pl
URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEE_gw30SarJzXCqVpIqUj4w&google_cver=1&google_push=AZmPxg8oRgT_COdMBCrBV5CHJTiQmyJP45ACFnyTDo56fMYty6USgy2TjpT9IkBIkmTXUT0lF6bKEKu6FjsvEJmCkvOEljvMa6EFbQ

Verdicts & Comments Add Verdict or Comment

84 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.uberturco.com/	1970-01-20 16:06:58	Name: _ga_PS26M516QF Value: GS1.1.1665058134.1.0.1665058134.60.0.0
.uberturco.com/	1970-01-20 15:52:34	Name: __gads Value: ID=d02a2140e79f9283-22b16de189d70008:T=1665058134:RT=1665058134:S=ALNI_Mabi3PYAGGvXa880WDGxB6Ow4_zbg
.uberturco.com/	1970-01-20 15:52:34	Name: __gpi Value: UID=0000087b3ba0cced:T=1665058134:RT=1665058134:S=ALNI_MZPcNUPcX38xHMRZrtbYtaBWjPZQg
.uberturco.com/	1970-01-20 06:32:24	Name: _gid Value: GA1.2.829018324.1665058135
.uberturco.com/	1970-01-20 06:30:58	Name: _gat_gtag_UA_199967341_1 Value: 1
.uberturco.com/	1970-01-20 16:06:58	Name: _ga_Y24RMBGTWM Value: GS1.1.1665058134.1.0.1665058134.0.0.0
.uberturco.com/	1970-01-20 16:06:58	Name: _ga Value: GA1.1.13632442.1665058134
.doubleclick.net/	1970-01-20 16:06:58	Name: IDE Value: AHWqTUk5Lmhht2aTHxaJYrNYn8gSqIiVoKKCrwX67MKvSZ-Wu3L5o3droPbvSXzdwrs
.doubleclick.net/	1970-01-20 06:30:59	Name: test_cookie Value: CheckForPermission

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEE_gw30SarJzXCqVpIqUj4w&google_cver=1&google_push=AZmPxg8oRgT_COdMBCrBV5CHJTiQmyJP45ACFnyTDo56fMYty6USgy2TjpT9IkBIkmTXUT0lF6bKEKu6FjsvEJmCkvOEljvMa6EFbQ Message: Failed to load resource: net::ERR_ADDRESS_UNREACHABLE

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
analytics.google.com
c0.wp.com
cm.g.doubleclick.net
dsum-sec.casalemedia.com
e.dlx.addthis.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
googleads.g.doubleclick.net
googlecm.hit.gemius.pl
ib.adnxs.com
image6.pubmatic.com
mcasproxy.azureedge.net
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.wp.com
realtime.clinch.co
rtb.openx.net
ssum-sec.casalemedia.com
static.doubleclick.net
stats.g.doubleclick.net
stats.wp.com
tpc.googlesyndication.com
uberturco.com
uberturco.com.admin-us.cas.ms
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
cm.g.doubleclick.net
dsum-sec.casalemedia.com
e.dlx.addthis.com
googlecm.hit.gemius.pl
ib.adnxs.com
rtb.openx.net
ssum-sec.casalemedia.com
142.250.80.2
192.0.76.3
192.0.77.37
20.190.7.239
2001:4860:4802:38::181
2600:141b:13::17d7:825a
2607:f8b0:4004:c06::9c
2607:f8b0:4006:808::2002
2607:f8b0:4006:808::200a
2607:f8b0:4006:809::2001
2607:f8b0:4006:809::2003
2607:f8b0:4006:80a::2002
2607:f8b0:4006:80c::200e
2607:f8b0:4006:80d::2004
2607:f8b0:4006:816::2002
2607:f8b0:4006:817::200e
2607:f8b0:4006:81f::2003
2607:f8b0:4006:81f::2008
2607:f8b0:4006:822::2006
2607:f8b0:4006:823::2002
2a02:4780:1:600:0:1e95:2297:8
54.173.252.160
8.28.7.81
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
04078e2c2770c7fafd845205695de48286c4300a68b9e7651ee1cc342a8911fb
0c5fe43bcfb312486e00343211f37c791fabc22b197e91be480e00d36ad8778b
1594b05ace0c56f2951763aa876ed2923cae78a9c38ea7afd504e3599d16dc5e
1b54af7163c81179b8398b362829b825dd3d2054d9aa81830a44be72d5bbeb09
1c862636750cd450d3f1e79955d05c4f7207a29e62e8ad002dd92a64e301f60a
299016802f0b1790fa60313e3ef5b3767999d98b88105ed6fd552645e80ffd7e
29aad9399e1ce50de1d9ab1cdaaf1cbd29181d51f0d3f5f160688b1aed8f3cfd
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
2e9144add59427a85ff94bdab0fd9eef8ddc298d5134cb7be2ccbe999c3419e1
37f40dd8a27da3a75d4bc2e19d63e494b624ad2318f3f2075127be41cac3bbf9
3d6014e26f36575ae17bef576f09099fdaeda6e3ac7e2c840d27ecf7bfeb76bb
43c76c55901666edc020c33b12756390a7d723063c0bfe58899776b2db4d85da
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
462a882d03d64ec1b6851fcdab262ba8ea1be6365d69f54e821467b97e2fcb52
484ec1c347c17d7d3b98d5058aa5d90bb5c7315f3a67f44611e902de4be50831
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
57cb32a64ad9ff2550cce43d785bcbd9f54c90ad8c0ac2171193666f2ed4f677
5a80217519b9fa77b47f3467ffc52ae12c7cf3d44d31fabed8ce99ed0a531837
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
5bc8564e207031f15b374ba15cc29c6712b28826a3a18af29a20a5b88d67c5ba
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5cfd3418ebf7c95f8f7a9024ebfa383ff5a267a8568c9a2708c26733824bdf07
607855fd4b98abc3ebf49a5d5dcdf6a9cd450e1900827a9314ef91d9fad3a694
65f4e452b96ef3e5e3a4631d99c63dd7239dcbcb88de679ac74ac30d3d4988cd
66c492a71c3e62bba067cfab813663d8bf3595ee5ccae25b2ae40b0cb1ffae16
6773064afa4cda75c3c2f91ab0685e6ca3d55e4da53298f5585887dc7bf2c04e
68839f7ff6729a90f2e1b9df9468a7bfdedfe247002ff39d56ff94bc829e7a70
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6efff8ce63d77eba89e9cc15af6dbccc657068130e89225fc662a0c580cea9b7
726533d9e258ed9aaf0c5a1ae161022fdba3664958538049bb8384ff70a5eb67
72f68a10209f34b666a39ca68fd2f326168c0d75d235540cfa3add58350d7c42
7a0049831d92582305911a42f5ed743a1fbd56c69247dddca678d36c9d71b85e
7a2c6856e8437c3183ec517c59fc9724eb82cac59f685970113a7fb15ecd272c
7dd3dc81e2b72a78363c6e44d0923954a04fdb5ddf945362c0c0b008bdeb7f4e
7fa4abb686798756bc90d4d6d1e4da75137160ecf2bc7ff6c103263f9842c444
82020205c5dc1f2b2dfede6f288ce43524b03f5b86427c0887f9e6e0cde7e1fa
8272ed99c2fe9a7e77a6af842513173821400a3a597748aa888bfcd284de29ab
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
83d06e6ade07c44793408b52e3594aee6b95f456e785314992d5c2b42e9a157e
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
951f37cab7d131b5c217fa575428d6808b2f5d2f3f04064717a661c3454b9770
9725608bba669168ce648ce1cc5ceb5e9d49364ff6ff71880745e129530c08d2
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
9a61fe6e2743a18f977ac18a2f805735e8dccf115b16dbbbd2e3864ae98d4c33
a3c954e6d1422643abfe41e74b726918caa087460903ec4267bc4e5293132451
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940
a94a13d4e9df8dc2bc696a168930cd511f83498136bba3bb0b968d7556f0b807
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
af73c2f9713ad62fc9296f2a0e506f1870ea0dba0c6fd2ca1a191a663d0ac216
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b8d47e9f10562c9469dd780b169fd2743275e7e07d156f0bc8c6951236761479
ba29faf5efe544ed157bbf56aafd0555a22103b36514708d7fcd196fc361c2f5
bb3025114879b456f2fa65145ecf69a4b856523b89f030834508fb499912ab9f
bce51bff681d3836ac0709e974c41c31d9df7043248f502d9f8c5f3bf3fcb3b4
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bef802da4325c478f864972cdc4f32c162f1f6a1c0afb87271618f2ff3975148
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c384e03a11ca503f231b6b5bcfc02e5d8f2ead344719b7ac8dc6be9a8983870f
c4b31737c5fe64db34abea57a13239f3439ba864b7b3831b4872b58e0c6d5fd3
d3977491b252688118a85970ed86f15c1b9be569fabff025bf90411e71bbb9cc
d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d951736694abf6e078c76c38dc0c83979714734d020a73d59d066f652c75e3b0
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df5468b99087b3c7924705faf0311b35435c99bf416c40b416d1ab61a3b25cc2
e0e2bc4e1d3ee5024c4e1aa58a6cad9aa42fc63a8c89ce18013a1c8f2b94875c
e348d772480f8c0e5fa546b3c531a38700ae16b5dad5defb5e67ade7f6d332e8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3cc09317edff7a910580347cc4e5911f3ca99b849ab61225add4a152f45050a
e542326541f6dc1d89bd4d88aae9716fb54729a40e34548726c30cef00c7d4a2
eb90e7e62356f01c39599caf410f7a3da61beabc98f984fe1c73cd54b64566f4
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2df1cc32153f68449a7f6edc1429d4593357f672f4f956004aa10d9310ccc28
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a
fa872ad20e9bb1922c2c41769033e224122845f61f81fcbce2f3bcfad3f068e8
fab2c550fa601b966dfa3859f91004065655f025199f6c2fd0e9dc1c5574f018
fb7989597f1a10a56bd83de6a26eefec44a0c704979fb5e06f02195bc9cebfce
fd0b39fb0b3feae2231c2771515443f4d29d697b87efd5bc9af287c5d08f9e75

uberturco.com Open in urlscan Pro 2a02:4780:1:600:0:1e95:2297:8 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

136 Requests

91 %HTTPS

74 %IPv6

20 Domains

31 Subdomains

24 IPs

1 Countries

2003 kBTransfer

4917 kBSize

9 Cookies

5 Outgoing links

Page URL History

Redirected requests

136 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

uberturco.com Open in urlscan Pro
2a02:4780:1:600:0:1e95:2297:8 Public Scan

Screenshot
Live screenshot

Full Image

136
Requests

91 %
HTTPS

74 %
IPv6

20
Domains

31
Subdomains

24
IPs

1
Countries

2003 kB
Transfer

4917 kB
Size

9
Cookies

136 HTTP transactions
8 data transactions