urlscan.io logo urlscan.io
SecurityTrails logo

seguridadnbcr921.webcindario.com Open in urlscan Pro
5.57.226.202  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://seguridadnbcr921.webcindario.com/bnac/adfs/ls19c5.html
Submission: On September 16 via manual from CR — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 32 IPs in 9 countries across 34 domains to perform 79 HTTP transactions. The main IP is 5.57.226.202, located in Madrid, Spain and belongs to SERVIHOSTING-AS AireNetworks, ES. The main domain is seguridadnbcr921.webcindario.com.
TLS certificate: Issued by R3 on July 31st 2021. Valid for: 3 months.
This is the only time seguridadnbcr921.webcindario.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco Nacional (Banking)

Domain & IP information

IP Address AS Autonomous System
7 5.57.226.202 29119 (SERVIHOST...)
2 104.21.80.217 13335 (CLOUDFLAR...)
1 13.225.78.27 16509 (AMAZON-02)
1 216.58.212.136 15169 (GOOGLE)
3 142.250.185.234 15169 (GOOGLE)
3 142.250.184.238 15169 (GOOGLE)
1 2 91.228.74.133 16509 (AMAZON-02)
1 18.66.97.52 16509 (AMAZON-02)
2 66.102.1.157 15169 (GOOGLE)
2 142.250.185.228 15169 (GOOGLE)
1 35.186.194.101 15169 (GOOGLE)
1 205.185.216.42 20446 (HIGHWINDS3)
1 212.92.55.6 24592 (NEXICA-AS)
2 172.217.23.99 15169 (GOOGLE)
12 141.94.102.46 16276 (OVH)
1 18.222.46.171 16509 (AMAZON-02)
1 104.16.18.94 13335 (CLOUDFLAR...)
1 3.130.122.213 16509 (AMAZON-02)
2 35.241.45.217 15169 (GOOGLE)
1 8 162.55.233.28 24940 (HETZNER-AS)
2 2 185.94.180.125 35220 (SPOTX-AMS)
10 12 142.250.186.34 15169 (GOOGLE)
4 35.227.248.159 15169 (GOOGLE)
5 7 37.157.6.246 198622 (ADFORM)
1 6 35.244.159.8 15169 (GOOGLE)
2 2.21.141.175 16625 (AKAMAI-AS)
1 18.197.99.6 16509 (AMAZON-02)
2 2 18.156.0.31 16509 (AMAZON-02)
5 6 76.223.111.131 16509 (AMAZON-02)
1 185.64.190.78 62713 (AS-PUBMATIC)
4 4 185.29.134.248 30419 (MEDIAMATH...)
2 2 213.155.156.182 1299 (TELIANET ...)
5 185.64.189.110 62713 (AS-PUBMATIC)
2 185.64.189.114 62713 (AS-PUBMATIC)
2 2 146.59.148.16 16276 (OVH)
6 7 52.57.150.20 16509 (AMAZON-02)
1 1 46.228.164.13 56396 (AMOBEE)
2 2 151.101.130.49 54113 (FASTLY)
1 169.50.137.190 36351 (SOFTLAYER)
79 32
7    5.57.226.202 (Madrid, Spain)

ASN29119 (SERVIHOSTING-AS AireNetworks, ES)
seguridadnbcr921.webcindario.com
2    104.21.80.217 (None, )

ASN13335 (CLOUDFLARENET, US)
hosting.miarroba.info
1    13.225.78.27 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-27.fra2.r.cloudfront.net
quantcast.mgr.consensu.org
1    216.58.212.136 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f136.1e100.net
www.googletagmanager.com
3    142.250.185.234 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f10.1e100.net
fonts.googleapis.com
3    142.250.184.238 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f14.1e100.net
www.google-analytics.com
2    91.228.74.133 (United Kingdom)

ASN16509 (AMAZON-02, US)
secure.quantserve.com
pixel.quantserve.com
1    18.66.97.52 (United States)

ASN16509 (AMAZON-02, US)
rules.quantcount.com
2    66.102.1.157 (United States)

ASN15169 (GOOGLE, US)
PTR: wb-in-f157.1e100.net
stats.g.doubleclick.net
2    142.250.185.228 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f4.1e100.net
www.google.com
1    35.186.194.101 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 101.194.186.35.bc.googleusercontent.com
des.smartclip.net
1    205.185.216.42 (United States)

ASN20446 (HIGHWINDS3, US)
PTR: map2.hwcdn.net
img.sunmediaads.com
1    212.92.55.6 (Vilanova de la Roca, Spain)

ASN24592 (NEXICA-AS, ES)
PTR: unamed.nexica.net
play.sunmediaads.com
2    172.217.23.99 (United States)

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f3.1e100.net
fonts.gstatic.com
12    141.94.102.46 (France)

ASN16276 (OVH, FR)
PTR: ns31432935.ip-141-94-102.eu
static.sunmedia.tv
services.sunmedia.tv
track.sunmedia.tv
1    18.222.46.171 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-222-46-171.us-east-2.compute.amazonaws.com
servingcdn.net
1    104.16.18.94 (None, )

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    3.130.122.213 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-130-122-213.us-east-2.compute.amazonaws.com
jnxm2.com
2    35.241.45.217 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 217.45.241.35.bc.googleusercontent.com
pghub.io
8    162.55.233.28 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.28.233.55.162.clients.your-server.de
sync.richaudience.com
2    185.94.180.125 (Amsterdam, Netherlands)

ASN35220 (SPOTX-AMS, US)
sync.search.spotxchange.com
12    142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net
cm.g.doubleclick.net
4    35.227.248.159 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com
pandg.tapad.com
pixel.tapad.com
7    37.157.6.246 (Denmark)

ASN198622 (ADFORM, DK)
track.adform.net
c1.adform.net
6    35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com
us-u.openx.net
eu-u.openx.net
2    2.21.141.175 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-21-141-175.deploy.static.akamaitechnologies.com
ads.pubmatic.com
1    18.197.99.6 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-99-6.eu-central-1.compute.amazonaws.com
pixel.advertising.com
2    18.156.0.31 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
6    76.223.111.131 (United States)

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com
match.adsrvr.org
1    185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
4    185.29.134.248 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
2    213.155.156.182 (Uppsala, Sweden)

ASN1299 (TELIANET Telia Carrier, SE)
PTR: 213-155-156-182.teliacarrier-cust.com
d5p.de17a.com
5    185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
simage2.pubmatic.com
2    185.64.189.114 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image4.pubmatic.com
simage4.pubmatic.com
2    146.59.148.16 (France)

ASN16276 (OVH, FR)
PTR: pikafka-2.cloudy.ovh
pixel.onaudience.com
7    52.57.150.20 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-150-20.eu-central-1.compute.amazonaws.com
ps.eyeota.net
1    46.228.164.13 (United Kingdom)

ASN56396 (AMOBEE, GB)
d.turn.com
2    151.101.130.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
1    169.50.137.190 (United States)

ASN36351 (SOFTLAYER, US)
PTR: be.89.32a9.ip4.static.sl-reverse.com
um.simpli.fi
Apex Domain
Subdomains		 Transfer
14 doubleclick.net
stats.g.doubleclick.net
cm.g.doubleclick.net
1 KB
12 sunmedia.tv
static.sunmedia.tv
services.sunmedia.tv
track.sunmedia.tv
202 KB
10 pubmatic.com
ads.pubmatic.com
image6.pubmatic.com
image2.pubmatic.com
image4.pubmatic.com
simage2.pubmatic.com
simage4.pubmatic.com
24 KB
8 richaudience.com
sync.richaudience.com
4 KB
7 eyeota.net
ps.eyeota.net
4 KB
7 adform.net
track.adform.net
c1.adform.net
3 KB
7 webcindario.com
seguridadnbcr921.webcindario.com
229 KB
6 adsrvr.org
match.adsrvr.org
3 KB
6 openx.net
us-u.openx.net
eu-u.openx.net
2 KB
4 mathtag.com
sync.mathtag.com
2 KB
4 tapad.com
pandg.tapad.com
pixel.tapad.com
2 KB
3 google-analytics.com
www.google-analytics.com
20 KB
3 googleapis.com
fonts.googleapis.com
2 KB
2 everesttech.net
sync-tm.everesttech.net
692 B
2 onaudience.com
pixel.onaudience.com
791 B
2 de17a.com
d5p.de17a.com
637 B
2 yahoo.com
ups.analytics.yahoo.com
2 KB
2 spotxchange.com
sync.search.spotxchange.com
2 KB
2 pghub.io
pghub.io
4 KB
2 gstatic.com
fonts.gstatic.com
33 KB
2 sunmediaads.com
img.sunmediaads.com
play.sunmediaads.com
114 KB
2 google.com
www.google.com
629 B
2 quantserve.com
secure.quantserve.com
pixel.quantserve.com
9 KB
2 miarroba.info
hosting.miarroba.info
2 KB
1 simpli.fi
um.simpli.fi
610 B
1 turn.com
d.turn.com
472 B
1 advertising.com
pixel.advertising.com
125 B
1 jnxm2.com
jnxm2.com
22 KB
1 cloudflare.com
cdnjs.cloudflare.com
6 KB
1 servingcdn.net
servingcdn.net
32 KB
1 smartclip.net
des.smartclip.net
354 B
1 quantcount.com
rules.quantcount.com
429 B
1 googletagmanager.com
www.googletagmanager.com
47 KB
1 consensu.org
quantcast.mgr.consensu.org
322 B
79 34
Domain Requested by
12 cm.g.doubleclick.net 10 redirects us-u.openx.net
8 sync.richaudience.com 1 redirects seguridadnbcr921.webcindario.com
sync.richaudience.com
us-u.openx.net
ads.pubmatic.com
8 static.sunmedia.tv seguridadnbcr921.webcindario.com
static.sunmedia.tv
7 ps.eyeota.net 6 redirects ads.pubmatic.com
7 seguridadnbcr921.webcindario.com seguridadnbcr921.webcindario.com
6 c1.adform.net 5 redirects ads.pubmatic.com
6 match.adsrvr.org 5 redirects us-u.openx.net
4 sync.mathtag.com 4 redirects
4 us-u.openx.net 1 redirects sync.richaudience.com
us-u.openx.net
3 image2.pubmatic.com ads.pubmatic.com
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
3 fonts.googleapis.com seguridadnbcr921.webcindario.com
2 simage2.pubmatic.com ads.pubmatic.com
2 sync-tm.everesttech.net 2 redirects
2 pixel.onaudience.com 2 redirects
2 d5p.de17a.com 2 redirects
2 eu-u.openx.net us-u.openx.net
2 pixel.tapad.com pandg.tapad.com
2 ups.analytics.yahoo.com 2 redirects
2 ads.pubmatic.com sync.richaudience.com
ads.pubmatic.com
2 pandg.tapad.com pghub.io
2 sync.search.spotxchange.com 2 redirects
2 track.sunmedia.tv
2 pghub.io seguridadnbcr921.webcindario.com
2 services.sunmedia.tv static.sunmedia.tv
2 fonts.gstatic.com seguridadnbcr921.webcindario.com
fonts.googleapis.com
2 www.google.com seguridadnbcr921.webcindario.com
2 stats.g.doubleclick.net www.google-analytics.com
2 hosting.miarroba.info seguridadnbcr921.webcindario.com
1 simage4.pubmatic.com ads.pubmatic.com
1 um.simpli.fi ads.pubmatic.com
1 d.turn.com 1 redirects
1 image4.pubmatic.com ads.pubmatic.com
1 pixel.quantserve.com 1 redirects
1 image6.pubmatic.com ads.pubmatic.com
1 pixel.advertising.com sync.richaudience.com
1 track.adform.net sync.richaudience.com
1 jnxm2.com servingcdn.net
1 cdnjs.cloudflare.com servingcdn.net
1 servingcdn.net img.sunmediaads.com
1 play.sunmediaads.com img.sunmediaads.com
1 img.sunmediaads.com seguridadnbcr921.webcindario.com
1 des.smartclip.net seguridadnbcr921.webcindario.com
1 rules.quantcount.com secure.quantserve.com
1 secure.quantserve.com www.googletagmanager.com
1 www.googletagmanager.com seguridadnbcr921.webcindario.com
1 quantcast.mgr.consensu.org seguridadnbcr921.webcindario.com
79 47

This site contains links to these domains. Also see Links.

Domain
www.bncr.fi.cr
Subject Issuer Validity Valid
webcindario.com
R3		 2021-07-31 -
2021-10-29		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-06-15 -
2022-06-14		 a year crt.sh
quantcast.mgr.consensu.org
Amazon		 2021-04-24 -
2022-05-23		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-08-23 -
2021-11-15		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2021-08-23 -
2021-11-15		 3 months crt.sh
*.quantserve.com
DigiCert SHA2 High Assurance Server CA		 2020-10-02 -
2021-10-07		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-08-23 -
2021-11-15		 3 months crt.sh
www.google.com
GTS CA 1C3		 2021-08-23 -
2021-11-15		 3 months crt.sh
*.smartclip.net
GTS CA 1D4		 2021-08-10 -
2021-11-08		 3 months crt.sh
leadzuin.com
Sectigo RSA Domain Validation Secure Server CA		 2021-07-08 -
2022-07-07		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
*.sunmedia.tv
Sectigo ECC Domain Validation Secure Server CA		 2021-01-13 -
2022-02-13		 a year crt.sh
servingcdn.net
Sectigo RSA Domain Validation Secure Server CA		 2020-10-06 -
2021-11-06		 a year crt.sh
jnxm2.com
Amazon		 2021-05-26 -
2022-06-24		 a year crt.sh
*.pghub.io
DigiCert TLS RSA SHA256 2020 CA1		 2021-02-09 -
2022-02-16		 a year crt.sh
*.richaudience.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1		 2021-03-17 -
2022-03-16		 a year crt.sh
*.tapad.com
DigiCert SHA2 Secure Server CA		 2020-10-05 -
2021-11-06		 a year crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-06 -
2022-10-07		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2021-07-08 -
2022-08-08		 a year crt.sh
*.pubmatic.com
DigiCert SHA2 Secure Server CA		 2021-03-30 -
2022-04-04		 a year crt.sh
pixel.advertising.com
DigiCert SHA2 High Assurance Server CA		 2021-07-26 -
2022-01-19		 6 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2021-03-18 -
2022-04-19		 a year crt.sh
*.eyeota.net
R3		 2021-08-27 -
2021-11-25		 3 months crt.sh
*.simpli.fi
DigiCert SHA2 Secure Server CA		 2019-09-18 -
2021-12-12		 2 years crt.sh

This page contains 11 frames:

Primary Page: https://seguridadnbcr921.webcindario.com/bnac/adfs/ls19c5.html
Frame ID: 96B24EB3E3357592D75AB2527AD21D82
Requests: 46 HTTP requests in this frame

Frame: https://hosting.miarroba.info/607f6b0b381bbc1f64fa027d62891072_cookie.php
Frame ID: 91339EAA9C768D61D8890795907FE5BF
Requests: 1 HTTP requests in this frame

Frame: https://jnxm2.com/rnd?ref=https%3A%2F%2Fseguridadnbcr921.webcindario.com
Frame ID: 06B27BCA18A5E3B1DB7ABF511D01F724
Requests: 1 HTTP requests in this frame

Frame: https://pandg.tapad.com/tag?gdpr=%24%7Bgdpr%7D&gdpr_consent=%24%7Bgdpr_consent%7D&referrer_url=&page_url=https%3A%2F%2Fseguridadnbcr921.webcindario.com%2Fbnac%2Fadfs%2Fls19c5.html&owner=P%26G&bp_id=sunmedia&data=%7B%22category%22%3A%22Hobbies%20and%20Interests%22%7D
Frame ID: 45A53AB869A8256EF4EF7C8D28A3B9AE
Requests: 2 HTTP requests in this frame

Frame: https://sync.richaudience.com/b3adde1f4bbb31c3485562d6e3ddceb4/?rnd=27712470&rd=1
Frame ID: B88D8C1BAD80FE06034C8D0176B6CC9A
Requests: 5 HTTP requests in this frame

Frame: https://us-u.openx.net/w/1.0/cm?cc=1&id=5263ff89-48b7-4624-96e0-06c74faea01d&ph=2eba3060-f578-4886-93a0-d9a2346966ea&r=https%3A%2F%2Fsync.richaudience.com%2Fa9b03dc9bdef0bcb818e9c4110ca0368%2F%3Fuid%3D
Frame ID: E86FB506E7B4951DCDCF2B615AB48B89
Requests: 8 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156538&s=156538&gdpr=0&gdprConsent=&predirect=https%3A%2F%2Fsync.richaudience.com%2Fa8c1b6a2754b510b088f624c91944bf3%2F%3FpmUserId%3D
Frame ID: 3535F23D591B820B8E3C11DA8719D599
Requests: 11 HTTP requests in this frame

Frame: https://pandg.tapad.com/tag?gdpr=%24%7Bgdpr%7D&gdpr_consent=%24%7Bgdpr_consent%7D&referrer_url=&page_url=https%3A%2F%2Fseguridadnbcr921.webcindario.com%2Fbnac%2Fadfs%2Fls19c5.html&owner=P%26G&bp_id=sunmedia&data=%7B%22category%22%3A%22Business%22%7D
Frame ID: DDD9BE26528A42C2B5675AB407530152
Requests: 2 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=B672AA7C-7651-4081-B75F-D63AC8EDAE5F
Frame ID: 2D0AC1B3C9DDACB148CB9149E86682D8
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=6123537584819117045
Frame ID: 761D5E10280010C00F0D2E2F18FAD198
Requests: 1 HTTP requests in this frame

Frame: https://sync.richaudience.com/a8c1b6a2754b510b088f624c91944bf3/?pmUserId=B672AA7C-7651-4081-B75F-D63AC8EDAE5F
Frame ID: FC0A71C66AC3B6F890B62A0FD5D1883D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Banco Nacional de Costa Rica. Inicio de Sesion

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • googletagmanager\.com/gtm\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • quantcast\.mgr\.consensu\.org
Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js

Page Statistics

79
Requests

100 %
HTTPS

0 %
IPv6

34
Domains

47
Subdomains

32
IPs

9
Countries

758 kB
Transfer

1347 kB
Size

51
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 40
  • https://sync.search.spotxchange.com/partner?source=202100&gdpr=1&gdpr_consent=${gdpr_consent} HTTP 302
  • https://sync.search.spotxchange.com/partner?source=202100&gdpr=1&gdpr_consent=${gdpr_consent}&__user_check__=1&sync_id=31797ee9-170c-11ec-845b-1d03a5b20506 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_sc&gdpr=1&gdpr_consent=${gdpr_consent}
Request Chain 42
  • https://sync.richaudience.com/b3adde1f4bbb31c3485562d6e3ddceb4/?rnd=27712470 HTTP 302
  • https://sync.richaudience.com/b3adde1f4bbb31c3485562d6e3ddceb4/?rnd=27712470&rd=1
Request Chain 47
  • https://us-u.openx.net/w/1.0/cm?id=5263ff89-48b7-4624-96e0-06c74faea01d&ph=2eba3060-f578-4886-93a0-d9a2346966ea&r=https%3A%2F%2Fsync.richaudience.com%2Fa9b03dc9bdef0bcb818e9c4110ca0368%2F%3Fuid%3D HTTP 302
  • https://us-u.openx.net/w/1.0/cm?cc=1&id=5263ff89-48b7-4624-96e0-06c74faea01d&ph=2eba3060-f578-4886-93a0-d9a2346966ea&r=https%3A%2F%2Fsync.richaudience.com%2Fa9b03dc9bdef0bcb818e9c4110ca0368%2F%3Fuid%3D
Request Chain 50
  • https://ups.analytics.yahoo.com/ups/58368/occ?gdpr=0&gdpr_consent= HTTP 302
  • https://ups.analytics.yahoo.com/ups/58368/occ?gdpr=0&gdpr_consent=&verify=true HTTP 302
  • https://sync.richaudience.com/1334b6ec0ff0dc970481738a2374448c/?uid=y-2M3mxFpE2uF_CRasHja1NqJyaw0mMzC0UZifz8c-~A&gdpr=0&gdpr_consent=
Request Chain 51
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=89887d45-6f8a-4f43-bb26-bb61ad6c881c&gdpr=&gdpr_consent=${gdpr_consent} HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=89887d45-6f8a-4f43-bb26-bb61ad6c881c&gdpr=&gdpr_consent=${gdpr_consent} HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=024cb1f1-38f7-4aa0-bf61-87f2b8f4f401&ttd_puid=89887d45-6f8a-4f43-bb26-bb61ad6c881c
Request Chain 58
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=89887d45-6f8a-4f43-bb26-bb61ad6c881c&gdpr=&gdpr_consent=${gdpr_consent} HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=89887d45-6f8a-4f43-bb26-bb61ad6c881c&gdpr=&gdpr_consent=${gdpr_consent} HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=024cb1f1-38f7-4aa0-bf61-87f2b8f4f401&ttd_puid=89887d45-6f8a-4f43-bb26-bb61ad6c881c
Request Chain 60
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=33f96143-7278-4200-842a-bf8480281248
Request Chain 61
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=rvcNCq_0DgG19ltYrqcUAf32X1q1ogEBoadeb_34
Request Chain 62
  • https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2019622913180882545
Request Chain 64
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=Y2ZkOWVmMWEtYjNiNC02MThiLTc3OGItZDk2NWNkN2ViNDE2 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=Y2ZkOWVmMWEtYjNiNC02MThiLTc3OGItZDk2NWNkN2ViNDE2&google_tc=
Request Chain 65
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_sc=&google_tc= HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBMyj1niH_vW0fhhLBVAeVU&google_cver=1
Request Chain 66
  • https://c1.adform.net/serving/cookie/match?party=14&cid=B672AA7C-7651-4081-B75F-D63AC8EDAE5F HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=B672AA7C-7651-4081-B75F-D63AC8EDAE5F
Request Chain 67
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=6123537584819117045
Request Chain 69
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=tnKqfHZRQIG3X9Y6yO2uXw%3D%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=tnKqfHZRQIG3X9Y6yO2uXw%3D%3D&google_tc= HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Request Chain 70
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=08226143-7278-4a00-bfe7-ff52bd70fa3e
Request Chain 71
  • https://pixel.onaudience.com/?partner=214&mapped=B672AA7C-7651-4081-B75F-D63AC8EDAE5F HTTP 302
  • https://pixel.onaudience.com/?partner=236&icm&cver&smartmap=1&redirect=ps.eyeota.net%2Fpixel%3Fgdpr%3D%26gdpr_consent%3D%26pid%3D3b2cb90%26t%3Dgif%26uid%3D%25m HTTP 302
  • https://ps.eyeota.net/pixel?gdpr=&gdpr_consent=&pid=3b2cb90&t=gif&uid=1b184d13424a5675 HTTP 302
  • https://ps.eyeota.net/pixel/bounce/?gdpr=&gdpr_consent=&pid=3b2cb90&t=gif&uid=1b184d13424a5675 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&google_hm=MllscGNBLXJmbFA3LXRvZmQ0YWJnZTJkaTNuakNNVG44T0tMRVM1UGxhcU0&gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&dc_rc=1&dc_mr=5&dc_orig=3b2cb90&&referrer_pid=3b2cb90 HTTP 302
  • https://ps.eyeota.net/match?gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&dc_rc=1&dc_mr=5&dc_orig=3b2cb90&referrer_pid=3b2cb90&google_gid=CAESEAicJYrfIfh5rb60ucdTi3Q&google_cver=1 HTTP 302
  • https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjg0NTA1NDYvdC8w/url/https://ps.eyeota.net/match?bid=1mpjpn0&turn_id=$!{TURN_UUID}&newuser=1&dc_rc=2&dc_mr=5&dc_orig=3b2cb90&&referrer_pid=3b2cb90 HTTP 302
  • https://ps.eyeota.net/match?bid=1mpjpn0&turn_id=7833882712218283906&newuser=1&dc_rc=2&dc_mr=5&dc_orig=3b2cb90&&referrer_pid=3b2cb90 HTTP 302
  • https://sync.mathtag.com/sync/img?mt_exid=10015&redir=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3D7vi0rg0%26uid%3D%5BMM_UUID%5D%26dc_rc%3D3%26dc_mr%3D5%26dc_orig%3D3b2cb90%26%26referrer_pid%3D3b2cb90 HTTP 302
  • https://ps.eyeota.net/match?bid=7vi0rg0&uid=9e046143-7278-4e00-98dc-2ebe28689af5&dc_rc=3&dc_mr=5&dc_orig=3b2cb90&&referrer_pid=3b2cb90 HTTP 302
  • https://sync-tm.everesttech.net/upi/pid/lons7jax?redir=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24%7BTM_USER_ID%7D%26bid%3D0rijhbu%26dc_rc%3D4%26dc_mr%3D5%26dc_orig%3D3b2cb90%26%26referrer_pid%3D3b2cb90 HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/lons7jax?redir=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24%7BTM_USER_ID%7D%26bid%3D0rijhbu%26dc_rc%3D4%26dc_mr%3D5%26dc_orig%3D3b2cb90%26%26referrer_pid%3D3b2cb90&_test=YUNyeAAAAJMzdgAR HTTP 302
  • https://ps.eyeota.net/match?uid=YUNyeAAAAJMzdgAR&bid=0rijhbu&dc_rc=4&dc_mr=5&dc_orig=3b2cb90&&referrer_pid=3b2cb90&_test=YUNyeAAAAJMzdgAR HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=eyeota&ttd_tpi=1 HTTP 302
  • https://ps.eyeota.net/match?uid=024cb1f1-38f7-4aa0-bf61-87f2b8f4f401&bid=1e2n4ou
Request Chain 72
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QjY3MkFBN0MtNzY1MS00MDgxLUI3NUYtRDYzQUM4RURBRTVG&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QjY3MkFBN0MtNzY1MS00MDgxLUI3NUYtRDYzQUM4RURBRTVG&gdpr=0&gdpr_consent=&google_tc= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Request Chain 73
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm=&google_sc=&gdpr=0&gdpr_consent=&google_tc= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEImXxA_GmZye8Bu9l3c_1yE&google_cver=1
Request Chain 75
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=7858265921035962497
Request Chain 76
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:9e046143-7278-4e00-98dc-2ebe28689af5&gdpr=0&gdpr_consent=

79 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request ls19c5.html
seguridadnbcr921.webcindario.com/bnac/adfs/ 		57 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://seguridadnbcr921.webcindario.com/bnac/adfs/ls19c5.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
5.57.226.202 Madrid, Spain, ASN29119 (SERVIHOSTING-AS AireNetworks, ES),
Reverse DNS
Software
nginx / Webcindario Hosting Service
Resource Hash
76723860170ae5e7c55bb7d9a62f7a3f1e95f6cbf3278d5eb0856b979ebdda39

Request headers

:method
GET
:authority
seguridadnbcr921.webcindario.com
:scheme
https
:path
/bnac/adfs/ls19c5.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

server
nginx
date
Thu, 16 Sep 2021 16:36:05 GMT
content-type
text/html
vary
Accept-Encoding
set-cookie
__muid=f71544c344e6a70a656e50fe4ae84c943a97e5a3; Domain=.webcindario.com; Path=/; Expires=Tue, 19 Jan 2038 03:14:11 GMT; HttpOnly
x-powered-by
Webcindario Hosting Service
content-encoding
gzip
style8f57.css
seguridadnbcr921.webcindario.com/bnac/adfs/portal/css/ 		26 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://seguridadnbcr921.webcindario.com/bnac/adfs/portal/css/style8f57.css?id=0F9A4AAB2FC50B0189F436642AAAA301641D0685424D403AAAB8DD4459949820&rp=37d0e840-bdc3-e911-90f3-005056b6cfbb
Requested by
Host: seguridadnbcr921.webcindario.com
URL: https://seguridadnbcr921.webcindario.com/bnac/adfs/ls19c5.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
5.57.226.202 Madrid, Spain, ASN29119 (SERVIHOSTING-AS AireNetworks, ES),
Reverse DNS
Software
nginx / Webcindario Hosting Service
Resource Hash
be73cab6c4c09afb515cd2c2b637cbfbd5d3ed3af0a8f6e153c6288684d5cdd3

Request headers

:path
/bnac/adfs/portal/css/style8f57.css?id=0F9A4AAB2FC50B0189F436642AAAA301641D0685424D403AAAB8DD4459949820&rp=37d0e840-bdc3-e911-90f3-005056b6cfbb
pragma
no-cache
cookie
__muid=f71544c344e6a70a656e50fe4ae84c943a97e5a3
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
seguridadnbcr921.webcindario.com
referer
https://seguridadnbcr921.webcindario.com/bnac/adfs/ls19c5.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/bnac/adfs/ls19c5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:05 GMT
content-encoding
gzip
last-modified
Thu, 16 Sep 2021 14:48:03 GMT
server
nginx
x-powered-by
Webcindario Hosting Service
etag
W/"61435923-667d"
vary
Accept-Encoding
content-type
text/css
/
hosting.miarroba.info/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hosting.miarroba.info/?__muid=f71544c344e6a70a656e50fe4ae84c943a97e5a3&h=2076859&t=1631810165&k=dd01427f1f10bf03d94be271367b7122
Requested by
Host: seguridadnbcr921.webcindario.com
URL: https://seguridadnbcr921.webcindario.com/bnac/adfs/ls19c5.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.80.217 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa9610bbff147c273a1da11ab3c2c71cf38eeded6f9af6ad187ddd5bf23c003d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:05 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
pragma
no-cache
last-modified
Thu, 16 Sep 2021 16:36:05 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WAdcvG1ZaMghgWKuWnH9pBYWOPFinUZxd8dLUPFbgDDWjbgRJrvqI5oNG5dms3MFSwMcBegvWnHFH9HhuAnarxsrylFmdQGdYtwjyxQQ8jaNFSh5KefSBa4%2B3hUcOvW2e%2Bee%2F2aE044%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=iso-8859-1
cache-control
no-cache
cf-ray
68fb82fe9a934126-PRG
expires
Mon, 26 Jul 1997 05:00:00 GMT
choice.js
quantcast.mgr.consensu.org/choice/d5x2uDVHd7ALE/seguridadnbcr921.webcindario.com/ 		0
322 B 		Script
General
Check archive.org
Download Go to
Full URL
https://quantcast.mgr.consensu.org/choice/d5x2uDVHd7ALE/seguridadnbcr921.webcindario.com/choice.js
Requested by
Host: seguridadnbcr921.webcindario.com
URL: https://seguridadnbcr921.webcindario.com/bnac/adfs/ls19c5.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.27 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-27.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:05 GMT
via
1.1 217b7bc19321a4945b685521fa4f11ac.cloudfront.net (CloudFront)
server
AmazonS3
x-amz-cf-pop
FRA2-C2
vary
Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache
Miss from cloudfront
cache-control
max-age=900
cross-origin-resource-policy
cross-origin
x-amz-cf-id
91Z1FYu3lzczHTamGT2BTo5I0Qh0VA66OLz2un9CntmKFvwZlpgQIg==
gtm.js
www.googletagmanager.com/ 		125 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-T2VG59
Requested by
Host: seguridadnbcr921.webcindario.com
URL: https://seguridadnbcr921.webcindario.com/bnac/adfs/ls19c5.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.136 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f136.1e100.net
Software
Google Tag Manager /
Resource Hash
836331c667ad41f6ed86b1275b562d6f4e67e1adbd52518651d68c6e31dc189a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:05 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47567
x-xss-protection
0
last-modified
Thu, 16 Sep 2021 16:00:18 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 16 Sep 2021 16:36:05 GMT
css
fonts.googleapis.com/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans
Requested by
Host: seguridadnbcr921.webcindario.com
URL: https://seguridadnbcr921.webcindario.com/bnac/adfs/ls19c5.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.234 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f10.1e100.net
Software
ESF /
Resource Hash
3a57826dd4437403ec9dffe3d8a907466926d7123e4a765ec724d79ae24e1d54
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 16 Sep 2021 16:00:11 GMT
server
ESF
date
Thu, 16 Sep 2021 16:36:05 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 Sep 2021 16:36:05 GMT
css
fonts.googleapis.com/ 		664 B
427 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato
Requested by
Host: seguridadnbcr921.webcindario.com
URL: https://seguridadnbcr921.webcindario.com/bnac/adfs/ls19c5.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.234 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f10.1e100.net
Software
ESF /
Resource Hash
f8f5705ee03667d1a28565f6dc84b7748bb9d7c4ded30c270354edd054b86b32
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 16 Sep 2021 16:00:32 GMT
server
ESF
date
Thu, 16 Sep 2021 16:36:05 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 Sep 2021 16:36:05 GMT
css
fonts.googleapis.com/ 		5 KB
730 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400&display=swap
Requested by
Host: seguridadnbcr921.webcindario.com
URL: https://seguridadnbcr921.webcindario.com/bnac/adfs/ls19c5.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.234 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f10.1e100.net
Software
ESF /
Resource Hash
ab7baab728cf4fa117cbdd177d0d2f148a69f6ae40859bd3ee5624b5387ca70b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 16 Sep 2021 15:58:17 GMT
server
ESF
date
Thu, 16 Sep 2021 16:36:05 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 Sep 2021 16:36:05 GMT
analytics.js
www.google-analytics.com/ 		48 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T2VG59
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.238 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 11 Aug 2021 00:32:57 GMT
server
Golfe2
age
6245
date
Thu, 16 Sep 2021 14:52:00 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Thu, 16 Sep 2021 16:52:00 GMT
quant.js
secure.quantserve.com/ 		24 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T2VG59
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.228.74.133 , United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
95b17ad661699c049d42195b8ccd1d855045a1fcfbd20d8609a6d87fa5703810

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:05 GMT
content-encoding
gzip
etag
"lp772EpWKwf8Kq7YKMhbuw=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
expires
Thu, 23 Sep 2021 16:36:05 GMT
rules-p-d5x2uDVHd7ALE.js
rules.quantcount.com/ 		3 B
429 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-d5x2uDVHd7ALE.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 05:19:09 GMT
via
1.1 03ffca0f67e3596b9a0c92342fe91598.cloudfront.net (CloudFront)
age
43538
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
3
last-modified
Sat, 04 Mar 2017 20:57:48 GMT
server
AmazonS3
etag
"8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=86400
x-amz-cf-pop
FRA56-P2
accept-ranges
bytes
x-amz-cf-id
1Oq9eo5i5CgeqZmWXA4X2ptHbsHqzuYtZhw6yXDAYbAWvSOgf3U1rg==
collect
www.google-analytics.com/j/ 		2 B
218 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j93&a=158342099&t=pageview&_s=1&dl=https%3A%2F%2Fseguridadnbcr921.webcindario.com%2Fbnac%2Fadfs%2Fls19c5.html&ul=en-us&de=UTF-8&dt=Banco%20Nacional%20de%20Costa%20Rica.%20Inicio%20de%20Sesion&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAAABCAAAAC~&jid=1190166757&gjid=1047047907&cid=1487816547.1631810166&tid=UA-597118-7&_gid=945293949.1631810166&_r=1&gtm=2wg9f0T2VG59&z=1159376056
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.238 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://seguridadnbcr921.webcindario.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Sep 2021 16:36:05 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://seguridadnbcr921.webcindario.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		2 B
67 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j93&a=158342099&t=pageview&_s=1&dl=https%3A%2F%2Fseguridadnbcr921.webcindario.com%2Fbnac%2Fadfs%2Fls19c5.html&ul=en-us&de=UTF-8&dt=Banco%20Nacional%20de%20Costa%20Rica.%20Inicio%20de%20Sesion&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAAABCAAAAC~&jid=970861821&gjid=1240982282&cid=1487816547.1631810166&tid=UA-597118-1&_gid=945293949.1631810166&_r=1&gtm=2wg9f0T2VG59&z=526363926
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.238 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://seguridadnbcr921.webcindario.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 16 Sep 2021 16:36:05 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://seguridadnbcr921.webcindario.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		2 B
472 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-597118-7&cid=1487816547.1631810166&jid=1190166757&gjid=1047047907&_gid=945293949.1631810166&_u=YEBAAAAACAAAAC~&z=848755092
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
66.102.1.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wb-in-f157.1e100.net
Software
Golfe2 /
Resource Hash
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://seguridadnbcr921.webcindario.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Thu, 16 Sep 2021 16:36:05 GMT
content-type
text/plain
access-control-allow-origin
https://seguridadnbcr921.webcindario.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		2 B
68 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-597118-1&cid=1487816547.1631810166&jid=970861821&gjid=1240982282&_gid=945293949.1631810166&_u=YEDAAAABCAAAAC~&z=613927081
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
66.102.1.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wb-in-f157.1e100.net
Software
Golfe2 /
Resource Hash
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://seguridadnbcr921.webcindario.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Thu, 16 Sep 2021 16:36:05 GMT
content-type
text/plain
access-control-allow-origin
https://seguridadnbcr921.webcindario.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
522 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-597118-7&cid=1487816547.1631810166&jid=1190166757&_u=YEBAAAAACAAAAC~&z=1966487283
Requested by
Host: seguridadnbcr921.webcindario.com
URL: https://seguridadnbcr921.webcindario.com/bnac/adfs/ls19c5.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.228 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Sep 2021 16:36:05 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-597118-1&cid=1487816547.1631810166&jid=970861821&_u=YEDAAAABCAAAAC~&z=886432435
Requested by
Host: seguridadnbcr921.webcindario.com
URL: https://seguridadnbcr921.webcindario.com/bnac/adfs/ls19c5.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.228 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Sep 2021 16:36:05 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
des.smartclip.net/ 		20 B
354 B 		Script
General
Check archive.org
Download Go to
Full URL
https://des.smartclip.net/ads?type=dyn&plc=75133&elementId=f71544c344e6a70a656e50fe4ae84c943a97e5a3&sz=400x320&rnd=12774066
Requested by
Host: seguridadnbcr921.webcindario.com
URL: https://seguridadnbcr921.webcindario.com/bnac/adfs/ls19c5.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.194.101 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
101.194.186.35.bc.googleusercontent.com
Software
nginx/1.17.6 /
Resource Hash
7285303c6f1bd19a091fb8046d1c43704c3f846461b957fe4198c3e051fce7eb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:05 GMT
content-encoding
gzip
sc-supply-network
999999
vary
Accept-Encoding
p3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
via
1.1 google
sc-uuid
978251e5-87c9-43d5-bf1a-8e232462d821
access-control-allow-credentials
true
sc-device-type
PC
content-type
application/javascript; charset=utf-8
alt-svc
clear
server
nginx/1.17.6
lz_loader.js
img.sunmediaads.com/ads/ 		112 KB
113 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://img.sunmediaads.com/ads/lz_loader.js?ver=1.4
Requested by
Host: seguridadnbcr921.webcindario.com
URL: https://seguridadnbcr921.webcindario.com/bnac/adfs/ls19c5.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
7c074d5639b08b7eee3923842b52d5333c37eceb96baf14ee213584981066fe5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:05 GMT
last-modified
Sun, 05 Apr 2020 16:15:53 GMT
etag
"1586103353"
x-hw
1631810165.dop205.fr8.t,1631810165.cds221.fr8.hn,1631810165.cds208.fr8.c
content-type
text/javascript
cache-control
max-age=0
accept-ranges
bytes
content-length
115125
607f6b0b381bbc1f64fa027d62891072_cookie.php
hosting.miarroba.info/ Frame 9133 		46 B
724 B 		Document
General
Check archive.org
Download Go to
Full URL
https://hosting.miarroba.info/607f6b0b381bbc1f64fa027d62891072_cookie.php
Requested by
Host: seguridadnbcr921.webcindario.com
URL: https://seguridadnbcr921.webcindario.com/bnac/adfs/ls19c5.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.80.217 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
19603242f3bfa5b6cf922d65bc2353813d1b4c3a4b970638f3fa1c5b6dd39a88

Request headers

:method
POST
:authority
hosting.miarroba.info
:scheme
https
:path
/607f6b0b381bbc1f64fa027d62891072_cookie.php
content-length
162
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
origin
https://seguridadnbcr921.webcindario.com
content-type
application/x-www-form-urlencoded
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://seguridadnbcr921.webcindario.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
Origin
https://seguridadnbcr921.webcindario.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/

Response headers

date
Thu, 16 Sep 2021 16:36:07 GMT
content-type
text/html; charset=iso-8859-1
vary
Accept-Encoding
set-cookie
__weslvu=1631810165; expires=Thu, 16-Sep-2021 17:36:05 GMT; Max-Age=3599; path=/; domain=hosting.miarroba.info
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r0XRe67UR%2BCupDzLEY7Or4N6UmASXkhxXLulRGOc5xDorDD118kg5UfM0qT7mRIQK5mWjUVvQrd9TxW04xkFL%2BJjaDdZQ%2BU11YihWYFdCrLoeDnXGu4%2Biu%2F%2B%2FGZy8MlQaIMoPLRLhZw%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
68fb830099224107-PRG
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
zone.php
play.sunmediaads.com/red/ 		1005 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://play.sunmediaads.com/red/zone.php?code=HEZRL65RXYI2&a=&pubid=&lgid=18700770900.7683629546065436
Requested by
Host: img.sunmediaads.com
URL: https://img.sunmediaads.com/ads/lz_loader.js?ver=1.4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
212.92.55.6 Vilanova de la Roca, Spain, ASN24592 (NEXICA-AS, ES),
Reverse DNS
unamed.nexica.net
Software
Apache /
Resource Hash
be5eeb099a1cf713146da66dd7c33e478e64d3c021a1a08fc21ba103064951a9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Thu, 16 Sep 2021 16:29:53 GMT
Server
Apache
Connection
close
Content-Length
1005
Content-Type
text/html; charset=UTF-8
illustrationba1b.png
seguridadnbcr921.webcindario.com/bnac/adfs/portal/illustration/ 		114 KB
114 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://seguridadnbcr921.webcindario.com/bnac/adfs/portal/illustration/illustrationba1b.png?id=183128A3C941EDE3D9199FA37D6AA90E0A7DFE101B37D10B4FEDA0CF35E11AFD&amp;rp=37d0e840-bdc3-e911-90f3-005056b6cfbb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
5.57.226.202 Madrid, Spain, ASN29119 (SERVIHOSTING-AS AireNetworks, ES),
Reverse DNS
Software
nginx / Webcindario Hosting Service
Resource Hash
183128a3c941ede3d9199fa37d6aa90e0a7dfe101b37d10b4feda0cf35e11afd

Request headers

:path
/bnac/adfs/portal/illustration/illustrationba1b.png?id=183128A3C941EDE3D9199FA37D6AA90E0A7DFE101B37D10B4FEDA0CF35E11AFD&amp;rp=37d0e840-bdc3-e911-90f3-005056b6cfbb
pragma
no-cache
cookie
_dlt=1; __muid=f71544c344e6a70a656e50fe4ae84c943a97e5a3; _ga=GA1.3.1487816547.1631810166; _gid=GA1.3.945293949.1631810166; _gat_UA-597118-7=1; _gat_UA-597118-1=1
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
seguridadnbcr921.webcindario.com
referer
https://seguridadnbcr921.webcindario.com/bnac/adfs/ls19c5.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/bnac/adfs/ls19c5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:07 GMT
last-modified
Thu, 16 Sep 2021 14:48:05 GMT
server
nginx
x-powered-by
Webcindario Hosting Service
etag
"61435925-1c7db"
content-type
image/png
accept-ranges
bytes
content-length
116699
fondo.jpg
seguridadnbcr921.webcindario.com/bnac/adfs/portal/images/bncr/ 		83 KB
84 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://seguridadnbcr921.webcindario.com/bnac/adfs/portal/images/bncr/fondo.jpg
Requested by
Host: seguridadnbcr921.webcindario.com
URL: https://seguridadnbcr921.webcindario.com/bnac/adfs/portal/css/style8f57.css?id=0F9A4AAB2FC50B0189F436642AAAA301641D0685424D403AAAB8DD4459949820&rp=37d0e840-bdc3-e911-90f3-005056b6cfbb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
5.57.226.202 Madrid, Spain, ASN29119 (SERVIHOSTING-AS AireNetworks, ES),
Reverse DNS
Software
nginx / Webcindario Hosting Service
Resource Hash
a25ba1b157ec936592d10b603b83173744a279f8be236e4dc3f25aab9fbbd452

Request headers

:path
/bnac/adfs/portal/images/bncr/fondo.jpg
pragma
no-cache
cookie
_dlt=1; __muid=f71544c344e6a70a656e50fe4ae84c943a97e5a3; _ga=GA1.3.1487816547.1631810166; _gid=GA1.3.945293949.1631810166; _gat_UA-597118-7=1; _gat_UA-597118-1=1
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
seguridadnbcr921.webcindario.com
referer
https://seguridadnbcr921.webcindario.com/bnac/adfs/portal/css/style8f57.css?id=0F9A4AAB2FC50B0189F436642AAAA301641D0685424D403AAAB8DD4459949820&rp=37d0e840-bdc3-e911-90f3-005056b6cfbb
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/bnac/adfs/portal/css/style8f57.css?id=0F9A4AAB2FC50B0189F436642AAAA301641D0685424D403AAAB8DD4459949820&rp=37d0e840-bdc3-e911-90f3-005056b6cfbb
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:07 GMT
last-modified
Thu, 16 Sep 2021 14:48:08 GMT
server
nginx
x-powered-by
Webcindario Hosting Service
etag
"61435928-14d8f"
content-type
image/jpeg
accept-ranges
bytes
content-length
85391
firma.png
seguridadnbcr921.webcindario.com/bnac/adfs/portal/images/bncr/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://seguridadnbcr921.webcindario.com/bnac/adfs/portal/images/bncr/firma.png
Requested by
Host: seguridadnbcr921.webcindario.com
URL: https://seguridadnbcr921.webcindario.com/bnac/adfs/portal/css/style8f57.css?id=0F9A4AAB2FC50B0189F436642AAAA301641D0685424D403AAAB8DD4459949820&rp=37d0e840-bdc3-e911-90f3-005056b6cfbb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
5.57.226.202 Madrid, Spain, ASN29119 (SERVIHOSTING-AS AireNetworks, ES),
Reverse DNS
Software
nginx / Webcindario Hosting Service
Resource Hash
52691c4f90034c90a93cb95cf2c62e8bfee3f2da454e5ad4195b89db97dfe446

Request headers

:path
/bnac/adfs/portal/images/bncr/firma.png
pragma
no-cache
cookie
_dlt=1; __muid=f71544c344e6a70a656e50fe4ae84c943a97e5a3; _ga=GA1.3.1487816547.1631810166; _gid=GA1.3.945293949.1631810166; _gat_UA-597118-7=1; _gat_UA-597118-1=1
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
seguridadnbcr921.webcindario.com
referer
https://seguridadnbcr921.webcindario.com/bnac/adfs/portal/css/style8f57.css?id=0F9A4AAB2FC50B0189F436642AAAA301641D0685424D403AAAB8DD4459949820&rp=37d0e840-bdc3-e911-90f3-005056b6cfbb
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/bnac/adfs/portal/css/style8f57.css?id=0F9A4AAB2FC50B0189F436642AAAA301641D0685424D403AAAB8DD4459949820&rp=37d0e840-bdc3-e911-90f3-005056b6cfbb
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:07 GMT
last-modified
Thu, 16 Sep 2021 14:48:08 GMT
server
nginx
x-powered-by
Webcindario Hosting Service
etag
"61435928-a10"
content-type
image/png
accept-ranges
bytes
content-length
2576
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v12/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v12/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by
Host: seguridadnbcr921.webcindario.com
URL: https://seguridadnbcr921.webcindario.com/bnac/adfs/portal/css/style8f57.css?id=0F9A4AAB2FC50B0189F436642AAAA301641D0685424D403AAAB8DD4459949820&rp=37d0e840-bdc3-e911-90f3-005056b6cfbb
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f3.1e100.net
Software
sffe /
Resource Hash
4ab7918478793ceb022d3f5449e401b44b78d87bc4429058ebb8b64163640da2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://seguridadnbcr921.webcindario.com/
Origin
https://seguridadnbcr921.webcindario.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Fri, 10 Sep 2021 05:16:09 GMT
x-content-type-options
nosniff
age
559198
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18684
x-xss-protection
0
last-modified
Tue, 07 Nov 2017 15:24:32 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 10 Sep 2022 05:16:09 GMT
mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v23/ 		14 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v23/mem8YaGs126MiZpBA-UFVZ0b.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f3.1e100.net
Software
sffe /
Resource Hash
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://seguridadnbcr921.webcindario.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Mon, 13 Sep 2021 04:26:58 GMT
x-content-type-options
nosniff
age
302949
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14440
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:23:25 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 13 Sep 2022 04:26:58 GMT
logo.png
seguridadnbcr921.webcindario.com/bnac/adfs/portal/images/bncr/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://seguridadnbcr921.webcindario.com/bnac/adfs/portal/images/bncr/logo.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
5.57.226.202 Madrid, Spain, ASN29119 (SERVIHOSTING-AS AireNetworks, ES),
Reverse DNS
Software
nginx / Webcindario Hosting Service
Resource Hash
a11306b40a20c1d8d40e2746d1ee259b7556c00bcbc719e5e1065f02b7cc427c

Request headers

:path
/bnac/adfs/portal/images/bncr/logo.png
pragma
no-cache
cookie
_dlt=1; __muid=f71544c344e6a70a656e50fe4ae84c943a97e5a3; _ga=GA1.3.1487816547.1631810166; _gid=GA1.3.945293949.1631810166; _gat_UA-597118-7=1; _gat_UA-597118-1=1
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
seguridadnbcr921.webcindario.com
referer
https://seguridadnbcr921.webcindario.com/bnac/adfs/ls19c5.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/bnac/adfs/ls19c5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:07 GMT
last-modified
Thu, 16 Sep 2021 14:48:09 GMT
server
nginx
x-powered-by
Webcindario Hosting Service
etag
"61435929-8ea"
content-type
image/png
accept-ranges
bytes
content-length
2282
BNChat.png
seguridadnbcr921.webcindario.com/bnac/adfs/portal/images/bncr/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://seguridadnbcr921.webcindario.com/bnac/adfs/portal/images/bncr/BNChat.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
5.57.226.202 Madrid, Spain, ASN29119 (SERVIHOSTING-AS AireNetworks, ES),
Reverse DNS
Software
nginx / Webcindario Hosting Service
Resource Hash
2e4ecfa7866203cf7f8f705c2c9fffa8cdeb3b11bea0cae4399f6bc974b07b6f

Request headers

:path
/bnac/adfs/portal/images/bncr/BNChat.png
pragma
no-cache
cookie
_dlt=1; __muid=f71544c344e6a70a656e50fe4ae84c943a97e5a3; _ga=GA1.3.1487816547.1631810166; _gid=GA1.3.945293949.1631810166; _gat_UA-597118-7=1; _gat_UA-597118-1=1
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
seguridadnbcr921.webcindario.com
referer
https://seguridadnbcr921.webcindario.com/bnac/adfs/ls19c5.html
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/bnac/adfs/ls19c5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:07 GMT
last-modified
Thu, 16 Sep 2021 14:48:06 GMT
server
nginx
x-powered-by
Webcindario Hosting Service
etag
"61435926-15c3"
content-type
image/png
accept-ranges
bytes
content-length
5571
8c4105a4-90ec-434c-bf14-82b194e3019f.js
static.sunmedia.tv/integrations/8c4105a4-90ec-434c-bf14-82b194e3019f/ 		286 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.sunmedia.tv/integrations/8c4105a4-90ec-434c-bf14-82b194e3019f/8c4105a4-90ec-434c-bf14-82b194e3019f.js
Requested by
Host: seguridadnbcr921.webcindario.com
URL: https://seguridadnbcr921.webcindario.com/bnac/adfs/ls19c5.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
141.94.102.46 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31432935.ip-141-94-102.eu
Software
nginx /
Resource Hash
2ad412965bca33f6be3967b22f83dc48c653e2ba716c8f83d9bfe5fba992dda9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:07 GMT
content-encoding
gzip
tp-cache
HIT
last-modified
Tue, 14 Sep 2021 10:31:55 GMT
server
nginx
age
194561
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/javascript
cache-control
max-age=0, s-maxage=2592001
access-control-allow-credentials
true
content-length
93996
accept-ranges
bytes
x-device
desktop
/
servingcdn.net/ 		32 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://servingcdn.net/?uid=5e18adb5b6e69a5d886e2702&w=320&h=50&click=
Requested by
Host: img.sunmediaads.com
URL: https://img.sunmediaads.com/ads/lz_loader.js?ver=1.4
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.222.46.171 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-222-46-171.us-east-2.compute.amazonaws.com
Software
nginx/1.20.0 / Express
Resource Hash
e1a4a19cb8541a44257948aff5c794c8cded843994e97dd4c80236a6ae841a95

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Sep 2021 16:36:07 GMT
server
nginx/1.20.0
x-powered-by
Express
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
32808
expires
-1
adblockDetector.min.js
static.sunmedia.tv/AdBlockDetection/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.sunmedia.tv/AdBlockDetection/adblockDetector.min.js?abf=_smartads_%7C-ad-plugin-%7C-google-ads-%7C-google2-ad-&ref=https%253A%252F%252Fseguridadnbcr921.webcindario.com%252Fbnac%252Fadfs%252Fls19c5.html
Requested by
Host: static.sunmedia.tv
URL: https://static.sunmedia.tv/integrations/8c4105a4-90ec-434c-bf14-82b194e3019f/8c4105a4-90ec-434c-bf14-82b194e3019f.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
141.94.102.46 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31432935.ip-141-94-102.eu
Software
nginx /
Resource Hash
051a4df5ca07ec7979f14e486352a62c72733c9aabb6528adaddc9a911fbfca3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:07 GMT
content-encoding
gzip
tp-cache
HIT
last-modified
Mon, 21 Dec 2020 17:00:21 GMT
server
nginx
age
1550685
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800, s-maxage=2592000
x-device
mobile
accept-ranges
bytes
content-length
1634
geocity.php
services.sunmedia.tv/geotarget/ 		464 B
718 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.sunmedia.tv/geotarget/geocity.php
Requested by
Host: static.sunmedia.tv
URL: https://static.sunmedia.tv/integrations/8c4105a4-90ec-434c-bf14-82b194e3019f/8c4105a4-90ec-434c-bf14-82b194e3019f.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
141.94.102.46 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31432935.ip-141-94-102.eu
Software
nginx /
Resource Hash
f27f819e37c30a0e109cf556537192b1a5dfa5035d5272eec6f2a2a515f3e26b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:07 GMT
tp-cache
HIT
server
nginx
age
2060
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://seguridadnbcr921.webcindario.com
cache-control
max-age=0, s-maxage=2592000
access-control-allow-credentials
true
x-device
desktop
accept-ranges
bytes
content-length
464
outstream.json
static.sunmedia.tv/SMSdk/tracker/09c4c4e3-fdda-4924-9962-27814a8d84e8/ 		3 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://static.sunmedia.tv/SMSdk/tracker/09c4c4e3-fdda-4924-9962-27814a8d84e8/outstream.json
Requested by
Host: static.sunmedia.tv
URL: https://static.sunmedia.tv/integrations/8c4105a4-90ec-434c-bf14-82b194e3019f/8c4105a4-90ec-434c-bf14-82b194e3019f.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
141.94.102.46 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31432935.ip-141-94-102.eu
Software
nginx /
Resource Hash
8fa1f4e9501aa00a6ccc86f20c82a1f2d92601bf33ba69a09ed73722750e8874

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:07 GMT
tp-cache
HIT
last-modified
Tue, 08 Jun 2021 11:59:20 GMT
server
nginx
age
1550685
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=0, s-maxage=2592000
content-length
3049
accept-ranges
bytes
x-device
mobile
inhome-1-0.json
static.sunmedia.tv/SMSdk/tracker/09c4c4e3-fdda-4924-9962-27814a8d84e8/ 		3 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://static.sunmedia.tv/SMSdk/tracker/09c4c4e3-fdda-4924-9962-27814a8d84e8/inhome-1-0.json
Requested by
Host: static.sunmedia.tv
URL: https://static.sunmedia.tv/integrations/8c4105a4-90ec-434c-bf14-82b194e3019f/8c4105a4-90ec-434c-bf14-82b194e3019f.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
141.94.102.46 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31432935.ip-141-94-102.eu
Software
nginx /
Resource Hash
e3802f02f4480d3b247af948f029fc343b6947d933a8dc978a738be684e7a3f7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:07 GMT
tp-cache
HIT
last-modified
Tue, 01 Dec 2020 14:41:43 GMT
server
nginx
age
1550685
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=0, s-maxage=2592000
content-length
2788
accept-ranges
bytes
x-device
mobile
postscribe.min.js
cdnjs.cloudflare.com/ajax/libs/postscribe/2.0.8/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/postscribe/2.0.8/postscribe.min.js
Requested by
Host: servingcdn.net
URL: https://servingcdn.net/?uid=5e18adb5b6e69a5d886e2702&w=320&h=50&click=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.18.94 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c4e20f53f5ef0ed44b783437aa3f4638a9a56cc4aa29ae83ed9212eb2807052a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:07 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
243022
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
5117
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:15:38 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03faa-45f4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CFy88%2FttcHCgcZf80765xyAKL9RQbj%2FeuCuoMtpQ8UMUV3DFTglvzQwFHFcO74aoEc6GR4oWNtYTEwzDmoUh%2BJxcih4PftDJQsFWxjrb0A%2BVgaRMYSdUHL4elMynZqzSGkwwyBxN"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
68fb830be8962798-PRG
expires
Tue, 06 Sep 2022 16:36:07 GMT
b50000f8-170a-4dc8-a66e-61993d94c500.js
static.sunmedia.tv/integrations/b50000f8-170a-4dc8-a66e-61993d94c500/ 		285 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.sunmedia.tv/integrations/b50000f8-170a-4dc8-a66e-61993d94c500/b50000f8-170a-4dc8-a66e-61993d94c500.js
Requested by
Host: seguridadnbcr921.webcindario.com
URL: https://seguridadnbcr921.webcindario.com/bnac/adfs/ls19c5.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
141.94.102.46 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31432935.ip-141-94-102.eu
Software
nginx /
Resource Hash
4147765720de5d55d7cb75d797944735a16c8a179ee2653fb5eac1b094584c77

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:07 GMT
content-encoding
gzip
tp-cache
HIT
last-modified
Tue, 14 Sep 2021 10:32:01 GMT
server
nginx
age
194592
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/javascript
cache-control
max-age=0, s-maxage=2592001
access-control-allow-credentials
true
content-length
93296
accept-ranges
bytes
x-device
mobile
adblockDetector.min.js
static.sunmedia.tv/AdBlockDetection/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.sunmedia.tv/AdBlockDetection/adblockDetector.min.js?abf=_smartads_%7C-ad-plugin-%7C-google-ads-%7C-google2-ad-&ref=https%253A%252F%252Fseguridadnbcr921.webcindario.com%252Fbnac%252Fadfs%252Fls19c5.html
Requested by
Host: static.sunmedia.tv
URL: https://static.sunmedia.tv/integrations/b50000f8-170a-4dc8-a66e-61993d94c500/b50000f8-170a-4dc8-a66e-61993d94c500.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
141.94.102.46 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31432935.ip-141-94-102.eu
Software
nginx /
Resource Hash
051a4df5ca07ec7979f14e486352a62c72733c9aabb6528adaddc9a911fbfca3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:07 GMT
content-encoding
gzip
tp-cache
HIT
last-modified
Mon, 21 Dec 2020 17:00:21 GMT
server
nginx
age
1550685
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800, s-maxage=2592000
x-device
mobile
accept-ranges
bytes
content-length
1634
rnd
jnxm2.com/ Frame 06B2 		22 KB
22 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://jnxm2.com/rnd?ref=https%3A%2F%2Fseguridadnbcr921.webcindario.com
Requested by
Host: servingcdn.net
URL: https://servingcdn.net/?uid=5e18adb5b6e69a5d886e2702&w=320&h=50&click=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.130.122.213 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-130-122-213.us-east-2.compute.amazonaws.com
Software
nginx/1.20.0 / Express
Resource Hash
c41c246eebfa5b889aa05885a984238e855060454d41caa6fbfb2f5d5faecd1a

Request headers

:method
GET
:authority
jnxm2.com
:scheme
https
:path
/rnd?ref=https%3A%2F%2Fseguridadnbcr921.webcindario.com
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://seguridadnbcr921.webcindario.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/

Response headers

date
Thu, 16 Sep 2021 16:36:08 GMT
content-type
text/html; charset=utf-8
content-length
22743
server
nginx/1.20.0
x-powered-by
Express
access-control-allow-origin
*
etag
W/"58d7-2pvPl6o/qdLXDt/oziWcUk3xXOM"
pandg-sdk.js
pghub.io/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pghub.io/js/pandg-sdk.js
Requested by
Host: seguridadnbcr921.webcindario.com
URL: https://seguridadnbcr921.webcindario.com/bnac/adfs/ls19c5.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.45.217 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
217.45.241.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
443d41c905362e5073c79212ec86c5f69ddcfbc38f5530c6409b73c604e74259

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 15:54:04 GMT
content-encoding
gzip
age
2523
x-guploader-uploadid
ADPycdvAprNJuwwFkCNiixCSrwE990iPHsC3BhD8d2b_qKfjcwUQPdA8pBGN96RxXCCinpfJb_tQMdvRnihhgKcwTic
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1482
last-modified
Wed, 07 Apr 2021 18:40:01 GMT
server
UploadServer
etag
"dd7e4933d35d1a7cb610442e9bea8b94"
vary
Accept-Encoding
x-goog-hash
crc32c=dtXWGA==, md5=3X5JM9NdGny2EEQum+qLlA==
x-goog-generation
1617820801121016
cache-control
public,max-age=3600
x-goog-stored-content-length
1482
accept-ranges
bytes
content-type
application/javascript
/
sync.richaudience.com/DF2886F390D432DF0C8E98D69702ED6F/ 		301 B
311 B 		Script
General
Check archive.org
Download Go to
Full URL
https://sync.richaudience.com/DF2886F390D432DF0C8E98D69702ED6F/
Requested by
Host: seguridadnbcr921.webcindario.com
URL: https://seguridadnbcr921.webcindario.com/bnac/adfs/ls19c5.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.55.233.28 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.28.233.55.162.clients.your-server.de
Software
nginx/1.14.2 /
Resource Hash
0c4285522a69444c8b40c0e596d97e1f72db96e449beeb7ba2cae7a935f7a889

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:07 GMT
content-encoding
gzip
server
nginx/1.14.2
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
/
track.sunmedia.tv/ 		42 B
278 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.sunmedia.tv/?ap=smptf&it=8c4105a4-90ec-434c-bf14-82b194e3019f&tp=op&pb=1&pos=0&loop=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
141.94.102.46 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31432935.ip-141-94-102.eu
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:07 GMT
tp-cache
HIT
last-modified
Thu, 15 Nov 2018 09:59:07 GMT
server
nginx
age
1550686
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=0, s-maxage=31536000
access-control-allow-credentials
true
x-device
mobile
accept-ranges
bytes
content-length
42
pixel
cm.g.doubleclick.net/
Redirect Chain
  • https://sync.search.spotxchange.com/partner?source=202100&gdpr=1&gdpr_consent=${gdpr_consent}
  • https://sync.search.spotxchange.com/partner?source=202100&gdpr=1&gdpr_consent=${gdpr_consent}&__user_check__=1&sync_id=31797ee9-170c-11ec-845b-1d03a5b20506
  • https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_sc&gdpr=1&gdpr_consent=${gdpr_consent}
170 B
523 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_sc&gdpr=1&gdpr_consent=${gdpr_consent}
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Sep 2021 16:36:07 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Thu, 16 Sep 2021 16:36:07 GMT
Server
nginx
Location
//cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_sc&gdpr=1&gdpr_consent=${gdpr_consent}
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
text/plain
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials
false
X-fe
129
Connection
keep-alive
Content-Length
0
tag
pandg.tapad.com/ Frame 45A5 		188 B
672 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pandg.tapad.com/tag?gdpr=%24%7Bgdpr%7D&gdpr_consent=%24%7Bgdpr_consent%7D&referrer_url=&page_url=https%3A%2F%2Fseguridadnbcr921.webcindario.com%2Fbnac%2Fadfs%2Fls19c5.html&owner=P%26G&bp_id=sunmedia&data=%7B%22category%22%3A%22Hobbies%20and%20Interests%22%7D
Requested by
Host: pghub.io
URL: https://pghub.io/js/pandg-sdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
159.248.227.35.bc.googleusercontent.com
Software
/
Resource Hash
c0f558e80b9bd66f42a6005407dd5f613ac561a7425408fef4defee669c90103
Security Headers
Name Value
Content-Security-Policy default-src 'none';img-src https://*.tapad.com https://match.adsrvr.org
Strict-Transport-Security max-age=31536000

Request headers

:method
GET
:authority
pandg.tapad.com
:scheme
https
:path
/tag?gdpr=%24%7Bgdpr%7D&gdpr_consent=%24%7Bgdpr_consent%7D&referrer_url=&page_url=https%3A%2F%2Fseguridadnbcr921.webcindario.com%2Fbnac%2Fadfs%2Fls19c5.html&owner=P%26G&bp_id=sunmedia&data=%7B%22category%22%3A%22Hobbies%20and%20Interests%22%7D
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://seguridadnbcr921.webcindario.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/

Response headers

date
Thu, 16 Sep 2021 16:36:07 GMT
strict-transport-security
max-age=31536000
content-security-policy
default-src 'none';img-src https://*.tapad.com https://match.adsrvr.org
content-type
text/html;charset=utf-8
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
set-cookie
TapAd_TS=1631810167895;Expires=Mon, 15 Nov 2021 16:36:07 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None TapAd_DID=89887d45-6f8a-4f43-bb26-bb61ad6c881c;Expires=Mon, 15 Nov 2021 16:36:07 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
content-length
188
via
1.1 google
alt-svc
clear
/
sync.richaudience.com/b3adde1f4bbb31c3485562d6e3ddceb4/ Frame B88D
Redirect Chain
  • https://sync.richaudience.com/b3adde1f4bbb31c3485562d6e3ddceb4/?rnd=27712470
  • https://sync.richaudience.com/b3adde1f4bbb31c3485562d6e3ddceb4/?rnd=27712470&rd=1
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.richaudience.com/b3adde1f4bbb31c3485562d6e3ddceb4/?rnd=27712470&rd=1
Requested by
Host: sync.richaudience.com
URL: https://sync.richaudience.com/DF2886F390D432DF0C8E98D69702ED6F/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.55.233.28 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.28.233.55.162.clients.your-server.de
Software
nginx/1.14.2 /
Resource Hash
5fadb0c3b20e92fa7e4a2509e6899bb327d648074272420fbf90354c11f041aa

Request headers

:method
GET
:authority
sync.richaudience.com
:scheme
https
:path
/b3adde1f4bbb31c3485562d6e3ddceb4/?rnd=27712470&rd=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://seguridadnbcr921.webcindario.com/
accept-encoding
gzip, deflate, br
cookie
pdid=3d4f98b5-3b3e-45ec-82e8-1zz1631810167
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/

Response headers

server
nginx/1.14.2
date
Thu, 16 Sep 2021 16:36:07 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
set-cookie
cmpsync=1; expires=Thu, 16-Sep-2021 16:36:17 GMT; Max-Age=10; path=/; domain=.richaudience.com; secure; HttpOnly; SameSite=None
content-encoding
gzip

Redirect headers

server
nginx/1.14.2
date
Thu, 16 Sep 2021 16:36:07 GMT
content-type
text/html; charset=UTF-8
location
https://sync.richaudience.com/b3adde1f4bbb31c3485562d6e3ddceb4/?rnd=27712470&rd=1
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
set-cookie
pdid=3d4f98b5-3b3e-45ec-82e8-1zz1631810167; expires=Sat, 16-Oct-2021 16:36:07 GMT; Max-Age=2592000; path=/; domain=.richaudience.com; secure; HttpOnly; SameSite=None
geocity.php
services.sunmedia.tv/geotarget/ 		464 B
718 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://services.sunmedia.tv/geotarget/geocity.php
Requested by
Host: static.sunmedia.tv
URL: https://static.sunmedia.tv/integrations/b50000f8-170a-4dc8-a66e-61993d94c500/b50000f8-170a-4dc8-a66e-61993d94c500.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
141.94.102.46 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31432935.ip-141-94-102.eu
Software
nginx /
Resource Hash
f27f819e37c30a0e109cf556537192b1a5dfa5035d5272eec6f2a2a515f3e26b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:07 GMT
tp-cache
HIT
server
nginx
age
2060
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://seguridadnbcr921.webcindario.com
cache-control
max-age=0, s-maxage=2592000
access-control-allow-credentials
true
x-device
desktop
accept-ranges
bytes
content-length
464
outstream.json
static.sunmedia.tv/SMSdk/tracker/09c4c4e3-fdda-4924-9962-27814a8d84e8/ 		3 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://static.sunmedia.tv/SMSdk/tracker/09c4c4e3-fdda-4924-9962-27814a8d84e8/outstream.json
Requested by
Host: static.sunmedia.tv
URL: https://static.sunmedia.tv/integrations/b50000f8-170a-4dc8-a66e-61993d94c500/b50000f8-170a-4dc8-a66e-61993d94c500.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
141.94.102.46 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31432935.ip-141-94-102.eu
Software
nginx /
Resource Hash
8fa1f4e9501aa00a6ccc86f20c82a1f2d92601bf33ba69a09ed73722750e8874

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:07 GMT
tp-cache
HIT
last-modified
Tue, 08 Jun 2021 11:59:20 GMT
server
nginx
age
1550686
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=0, s-maxage=2592000
content-length
3049
accept-ranges
bytes
x-device
mobile
inhome-1-0.json
static.sunmedia.tv/SMSdk/tracker/09c4c4e3-fdda-4924-9962-27814a8d84e8/ 		3 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://static.sunmedia.tv/SMSdk/tracker/09c4c4e3-fdda-4924-9962-27814a8d84e8/inhome-1-0.json
Requested by
Host: static.sunmedia.tv
URL: https://static.sunmedia.tv/integrations/b50000f8-170a-4dc8-a66e-61993d94c500/b50000f8-170a-4dc8-a66e-61993d94c500.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
141.94.102.46 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31432935.ip-141-94-102.eu
Software
nginx /
Resource Hash
e3802f02f4480d3b247af948f029fc343b6947d933a8dc978a738be684e7a3f7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:07 GMT
tp-cache
HIT
last-modified
Tue, 01 Dec 2020 14:41:43 GMT
server
nginx
age
1550685
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=0, s-maxage=2592000
content-length
2788
accept-ranges
bytes
x-device
mobile
/
track.adform.net/Serving/Cookie/ Frame B88D 		73 B
495 B 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/Serving/Cookie/?adfaction=getjs;adfcookname=uid
Requested by
Host: sync.richaudience.com
URL: https://sync.richaudience.com/b3adde1f4bbb31c3485562d6e3ddceb4/?rnd=27712470&rd=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.246 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
5d9e8cfd13ab9f3cb184ee716c93c4c007837b001ab17f762269a64b2d8958cc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sync.richaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Sep 2021 16:36:07 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
180
expires
-1
cm
us-u.openx.net/w/1.0/ Frame E86F
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?id=5263ff89-48b7-4624-96e0-06c74faea01d&ph=2eba3060-f578-4886-93a0-d9a2346966ea&r=https%3A%2F%2Fsync.richaudience.com%2Fa9b03dc9bdef0bcb818e9c4110ca0368%2F%3Fuid%3D
  • https://us-u.openx.net/w/1.0/cm?cc=1&id=5263ff89-48b7-4624-96e0-06c74faea01d&ph=2eba3060-f578-4886-93a0-d9a2346966ea&r=https%3A%2F%2Fsync.richaudience.com%2Fa9b03dc9bdef0bcb818e9c4110ca0368%2F%3Fui...
784 B
820 B 		Document
General
Check archive.org
Download Go to
Full URL
https://us-u.openx.net/w/1.0/cm?cc=1&id=5263ff89-48b7-4624-96e0-06c74faea01d&ph=2eba3060-f578-4886-93a0-d9a2346966ea&r=https%3A%2F%2Fsync.richaudience.com%2Fa9b03dc9bdef0bcb818e9c4110ca0368%2F%3Fuid%3D
Requested by
Host: sync.richaudience.com
URL: https://sync.richaudience.com/b3adde1f4bbb31c3485562d6e3ddceb4/?rnd=27712470&rd=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.216.0 /
Resource Hash
04e005c62a9b5765cef586f7cc4e9f509272a604d151f71913f1da727a2a60ec

Request headers

:method
GET
:authority
us-u.openx.net
:scheme
https
:path
/w/1.0/cm?cc=1&id=5263ff89-48b7-4624-96e0-06c74faea01d&ph=2eba3060-f578-4886-93a0-d9a2346966ea&r=https%3A%2F%2Fsync.richaudience.com%2Fa9b03dc9bdef0bcb818e9c4110ca0368%2F%3Fuid%3D
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://sync.richaudience.com/
accept-encoding
gzip, deflate, br
cookie
i=301a0389-d344-00d8-38bd-4b3463bb498b|1631810167
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://sync.richaudience.com/

Response headers

vary
Accept, Accept-Encoding
set-cookie
i=301a0389-d344-00d8-38bd-4b3463bb498b|1631810167; Version=1; Expires=Fri, 16-Sep-2022 16:36:08 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1631810168|gekin0vNiygu; Version=1; Expires=Fri, 01-Oct-2021 16:36:08 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server
OXGW/16.216.0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Thu, 16 Sep 2021 16:36:08 GMT
content-type
text/html
content-length
486
content-encoding
gzip
via
1.1 google
alt-svc
clear

Redirect headers

set-cookie
i=301a0389-d344-00d8-38bd-4b3463bb498b|1631810167; Version=1; Expires=Fri, 16-Sep-2022 16:36:07 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None
server
OXGW/16.216.0
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://us-u.openx.net/w/1.0/cm?cc=1&id=5263ff89-48b7-4624-96e0-06c74faea01d&ph=2eba3060-f578-4886-93a0-d9a2346966ea&r=https%3A%2F%2Fsync.richaudience.com%2Fa9b03dc9bdef0bcb818e9c4110ca0368%2F%3Fuid%3D
date
Thu, 16 Sep 2021 16:36:07 GMT
content-length
0
via
1.1 google
alt-svc
clear
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 3535 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156538&s=156538&gdpr=0&gdprConsent=&predirect=https%3A%2F%2Fsync.richaudience.com%2Fa8c1b6a2754b510b088f624c91944bf3%2F%3FpmUserId%3D
Requested by
Host: sync.richaudience.com
URL: https://sync.richaudience.com/b3adde1f4bbb31c3485562d6e3ddceb4/?rnd=27712470&rd=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.21.141.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-21-141-175.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

:method
GET
:authority
ads.pubmatic.com
:scheme
https
:path
/AdServer/js/user_sync.html?p=156538&s=156538&gdpr=0&gdprConsent=&predirect=https%3A%2F%2Fsync.richaudience.com%2Fa8c1b6a2754b510b088f624c91944bf3%2F%3FpmUserId%3D
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://sync.richaudience.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://sync.richaudience.com/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=124113
expires
Sat, 18 Sep 2021 03:04:40 GMT
date
Thu, 16 Sep 2021 16:36:07 GMT
vary
Accept-Encoding
sync
pixel.advertising.com/ups/58170/ Frame B88D 		0
125 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.advertising.com/ups/58170/sync?gdpr=1&gdpr_consent=&_origin=1&redir=true
Requested by
Host: sync.richaudience.com
URL: https://sync.richaudience.com/b3adde1f4bbb31c3485562d6e3ddceb4/?rnd=27712470&rd=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.197.99.6 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-99-6.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sync.richaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:07 GMT
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
/
sync.richaudience.com/1334b6ec0ff0dc970481738a2374448c/ Frame B88D
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58368/occ?gdpr=0&gdpr_consent=
  • https://ups.analytics.yahoo.com/ups/58368/occ?gdpr=0&gdpr_consent=&verify=true
  • https://sync.richaudience.com/1334b6ec0ff0dc970481738a2374448c/?uid=y-2M3mxFpE2uF_CRasHja1NqJyaw0mMzC0UZifz8c-~A&gdpr=0&gdpr_consent=
95 B
369 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.richaudience.com/1334b6ec0ff0dc970481738a2374448c/?uid=y-2M3mxFpE2uF_CRasHja1NqJyaw0mMzC0UZifz8c-~A&gdpr=0&gdpr_consent=
Requested by
Host: sync.richaudience.com
URL: https://sync.richaudience.com/b3adde1f4bbb31c3485562d6e3ddceb4/?rnd=27712470&rd=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.55.233.28 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.28.233.55.162.clients.your-server.de
Software
nginx/1.14.2 /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sync.richaudience.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:08 GMT
server
nginx/1.14.2
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type
image/png

Redirect headers

Date
Thu, 16 Sep 2021 16:36:08 GMT
Server
ATS/7.1.2.138
Age
0
Strict-Transport-Security
max-age=31536000
P3P
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location
https://sync.richaudience.com/1334b6ec0ff0dc970481738a2374448c/?uid=y-2M3mxFpE2uF_CRasHja1NqJyaw0mMzC0UZifz8c-~A&gdpr=0&gdpr_consent=
Connection
keep-alive
Content-Length
0
receive
pixel.tapad.com/idsync/ex/ Frame 45A5
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=89887d45-6f8a-4f43-bb26-bb61ad6c881c&gdpr=&gdpr_consent=${gdpr_consent}
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=89887d45-6f8a-4f43-bb26-bb61ad6c881c&gdpr=&gdpr_consent=${gdpr_consent}
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=024cb1f1-38f7-4aa0-bf61-87f2b8f4f401&ttd_puid=89887d45-6f8a-4f43-bb26-bb61ad6c881c
95 B
431 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=024cb1f1-38f7-4aa0-bf61-87f2b8f4f401&ttd_puid=89887d45-6f8a-4f43-bb26-bb61ad6c881c
Requested by
Host: pandg.tapad.com
URL: https://pandg.tapad.com/tag?gdpr=%24%7Bgdpr%7D&gdpr_consent=%24%7Bgdpr_consent%7D&referrer_url=&page_url=https%3A%2F%2Fseguridadnbcr921.webcindario.com%2Fbnac%2Fadfs%2Fls19c5.html&owner=P%26G&bp_id=sunmedia&data=%7B%22category%22%3A%22Hobbies%20and%20Interests%22%7D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
159.248.227.35.bc.googleusercontent.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pandg.tapad.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:08 GMT
via
1.1 google
content-type
image/png
alt-svc
clear
content-length
95
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

pragma
no-cache
date
Thu, 16 Sep 2021 16:36:08 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=024cb1f1-38f7-4aa0-bf61-87f2b8f4f401&ttd_puid=89887d45-6f8a-4f43-bb26-bb61ad6c881c
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
347
pandg-sdk.js
pghub.io/js/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pghub.io/js/pandg-sdk.js
Requested by
Host: seguridadnbcr921.webcindario.com
URL: https://seguridadnbcr921.webcindario.com/bnac/adfs/ls19c5.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.241.45.217 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
217.45.241.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
443d41c905362e5073c79212ec86c5f69ddcfbc38f5530c6409b73c604e74259

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 15:54:04 GMT
content-encoding
gzip
age
2523
x-guploader-uploadid
ADPycdvAprNJuwwFkCNiixCSrwE990iPHsC3BhD8d2b_qKfjcwUQPdA8pBGN96RxXCCinpfJb_tQMdvRnihhgKcwTic
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1482
last-modified
Wed, 07 Apr 2021 18:40:01 GMT
server
UploadServer
etag
"dd7e4933d35d1a7cb610442e9bea8b94"
vary
Accept-Encoding
x-goog-hash
crc32c=dtXWGA==, md5=3X5JM9NdGny2EEQum+qLlA==
x-goog-generation
1617820801121016
cache-control
public,max-age=3600
x-goog-stored-content-length
1482
accept-ranges
bytes
content-type
application/javascript
/
sync.richaudience.com/DF2886F390D432DF0C8E98D69702ED6F/ 		301 B
310 B 		Script
General
Check archive.org
Download Go to
Full URL
https://sync.richaudience.com/DF2886F390D432DF0C8E98D69702ED6F/
Requested by
Host: seguridadnbcr921.webcindario.com
URL: https://seguridadnbcr921.webcindario.com/bnac/adfs/ls19c5.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.55.233.28 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.28.233.55.162.clients.your-server.de
Software
nginx/1.14.2 /
Resource Hash
d4f9d1e883307e803c77d317de9ea8749efae95fb0e4c95f9ef163106bd5c9fc

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:07 GMT
content-encoding
gzip
server
nginx/1.14.2
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
/
track.sunmedia.tv/ 		42 B
278 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.sunmedia.tv/?ap=smptf&it=b50000f8-170a-4dc8-a66e-61993d94c500&tp=op&pb=1&pos=0&loop=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
141.94.102.46 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31432935.ip-141-94-102.eu
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:07 GMT
tp-cache
HIT
last-modified
Thu, 15 Nov 2018 09:59:07 GMT
server
nginx
age
1550686
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=0, s-maxage=31536000
access-control-allow-credentials
true
x-device
mobile
accept-ranges
bytes
content-length
42
PugMaster
image6.pubmatic.com/AdServer/ Frame 3535 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=27445269&p=156538&s=156538&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156538&s=156538&gdpr=0&gdprConsent=&predirect=https%3A%2F%2Fsync.richaudience.com%2Fa8c1b6a2754b510b088f624c91944bf3%2F%3FpmUserId%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
1c862f8ca66133fcc0d34a84b3f587bd5a956708431954f7106c509e71424e9f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:06 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
1811
content-type
text/html; charset=UTF-8
tag
pandg.tapad.com/ Frame DDD9 		188 B
430 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pandg.tapad.com/tag?gdpr=%24%7Bgdpr%7D&gdpr_consent=%24%7Bgdpr_consent%7D&referrer_url=&page_url=https%3A%2F%2Fseguridadnbcr921.webcindario.com%2Fbnac%2Fadfs%2Fls19c5.html&owner=P%26G&bp_id=sunmedia&data=%7B%22category%22%3A%22Business%22%7D
Requested by
Host: pghub.io
URL: https://pghub.io/js/pandg-sdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
159.248.227.35.bc.googleusercontent.com
Software
/
Resource Hash
c0f558e80b9bd66f42a6005407dd5f613ac561a7425408fef4defee669c90103
Security Headers
Name Value
Content-Security-Policy default-src 'none';img-src https://*.tapad.com https://match.adsrvr.org
Strict-Transport-Security max-age=31536000

Request headers

:method
GET
:authority
pandg.tapad.com
:scheme
https
:path
/tag?gdpr=%24%7Bgdpr%7D&gdpr_consent=%24%7Bgdpr_consent%7D&referrer_url=&page_url=https%3A%2F%2Fseguridadnbcr921.webcindario.com%2Fbnac%2Fadfs%2Fls19c5.html&owner=P%26G&bp_id=sunmedia&data=%7B%22category%22%3A%22Business%22%7D
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://seguridadnbcr921.webcindario.com/
accept-encoding
gzip, deflate, br
cookie
TapAd_TS=1631810167895; TapAd_DID=89887d45-6f8a-4f43-bb26-bb61ad6c881c
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://seguridadnbcr921.webcindario.com/

Response headers

date
Thu, 16 Sep 2021 16:36:07 GMT
strict-transport-security
max-age=31536000
content-security-policy
default-src 'none';img-src https://*.tapad.com https://match.adsrvr.org
content-type
text/html;charset=utf-8
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
set-cookie
TapAd_TS=1631810167895;Expires=Mon, 15 Nov 2021 16:36:07 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None TapAd_DID=89887d45-6f8a-4f43-bb26-bb61ad6c881c;Expires=Mon, 15 Nov 2021 16:36:07 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
content-length
188
via
1.1 google
alt-svc
clear
/
sync.richaudience.com/502e2341fac2c140295d7b3b0c915c8c/ Frame B88D 		95 B
333 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.richaudience.com/502e2341fac2c140295d7b3b0c915c8c/?uid=
Requested by
Host: sync.richaudience.com
URL: https://sync.richaudience.com/b3adde1f4bbb31c3485562d6e3ddceb4/?rnd=27712470&rd=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.55.233.28 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.28.233.55.162.clients.your-server.de
Software
nginx/1.14.2 /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://sync.richaudience.com/b3adde1f4bbb31c3485562d6e3ddceb4/?rnd=27712470&rd=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:07 GMT
server
nginx/1.14.2
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type
image/png
receive
pixel.tapad.com/idsync/ex/ Frame DDD9
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=89887d45-6f8a-4f43-bb26-bb61ad6c881c&gdpr=&gdpr_consent=${gdpr_consent}
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=89887d45-6f8a-4f43-bb26-bb61ad6c881c&gdpr=&gdpr_consent=${gdpr_consent}
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=024cb1f1-38f7-4aa0-bf61-87f2b8f4f401&ttd_puid=89887d45-6f8a-4f43-bb26-bb61ad6c881c
95 B
420 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=024cb1f1-38f7-4aa0-bf61-87f2b8f4f401&ttd_puid=89887d45-6f8a-4f43-bb26-bb61ad6c881c
Requested by
Host: pandg.tapad.com
URL: https://pandg.tapad.com/tag?gdpr=%24%7Bgdpr%7D&gdpr_consent=%24%7Bgdpr_consent%7D&referrer_url=&page_url=https%3A%2F%2Fseguridadnbcr921.webcindario.com%2Fbnac%2Fadfs%2Fls19c5.html&owner=P%26G&bp_id=sunmedia&data=%7B%22category%22%3A%22Business%22%7D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
159.248.227.35.bc.googleusercontent.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pandg.tapad.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:08 GMT
via
1.1 google
content-type
image/png
alt-svc
clear
content-length
95
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

pragma
no-cache
date
Thu, 16 Sep 2021 16:36:08 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=024cb1f1-38f7-4aa0-bf61-87f2b8f4f401&ttd_puid=89887d45-6f8a-4f43-bb26-bb61ad6c881c
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
347
/
sync.richaudience.com/a9b03dc9bdef0bcb818e9c4110ca0368/ Frame E86F 		95 B
358 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.richaudience.com/a9b03dc9bdef0bcb818e9c4110ca0368/?uid=011b753a-22fd-0859-3956-0ee72adb193c
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=5263ff89-48b7-4624-96e0-06c74faea01d&ph=2eba3060-f578-4886-93a0-d9a2346966ea&r=https%3A%2F%2Fsync.richaudience.com%2Fa9b03dc9bdef0bcb818e9c4110ca0368%2F%3Fuid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.55.233.28 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.28.233.55.162.clients.your-server.de
Software
nginx/1.14.2 /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:08 GMT
server
nginx/1.14.2
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type
image/png
sd
eu-u.openx.net/w/1.0/ Frame E86F
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=33f96143-7278-4200-842a-bf8480281248
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=33f96143-7278-4200-842a-bf8480281248
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=5263ff89-48b7-4624-96e0-06c74faea01d&ph=2eba3060-f578-4886-93a0-d9a2346966ea&r=https%3A%2F%2Fsync.richaudience.com%2Fa9b03dc9bdef0bcb818e9c4110ca0368%2F%3Fuid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.216.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Sep 2021 16:36:08 GMT
via
1.1 google
server
OXGW/16.216.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Thu, 16 Sep 2021 16:36:08 GMT
Server
MT3 3944 2bcb57b master cdg-pixel-x16 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=33f96143-7278-4200-842a-bf8480281248
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 16 Sep 2021 16:36:07 GMT
sd
us-u.openx.net/w/1.0/ Frame E86F
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=rvcNCq_0DgG19ltYrqcUAf32X1q1ogEBoadeb_34
43 B
180 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=rvcNCq_0DgG19ltYrqcUAf32X1q1ogEBoadeb_34
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=5263ff89-48b7-4624-96e0-06c74faea01d&ph=2eba3060-f578-4886-93a0-d9a2346966ea&r=https%3A%2F%2Fsync.richaudience.com%2Fa9b03dc9bdef0bcb818e9c4110ca0368%2F%3Fuid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.216.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Sep 2021 16:36:08 GMT
via
1.1 google
server
OXGW/16.216.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 16 Sep 2021 16:36:08 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=rvcNCq_0DgG19ltYrqcUAf32X1q1ogEBoadeb_34
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame E86F
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=22
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2019622913180882545
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2019622913180882545
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=5263ff89-48b7-4624-96e0-06c74faea01d&ph=2eba3060-f578-4886-93a0-d9a2346966ea&r=https%3A%2F%2Fsync.richaudience.com%2Fa9b03dc9bdef0bcb818e9c4110ca0368%2F%3Fuid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.216.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Sep 2021 16:36:08 GMT
via
1.1 google
server
OXGW/16.216.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 16 Sep 2021 16:36:08 GMT
server
nginx
location
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=2019622913180882545
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
openx
match.adsrvr.org/track/cmf/ Frame E86F 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/openx?oxid=e3b63cd0-7ac3-3f2f-626b-83dc079c7a76&gdpr=0
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=5263ff89-48b7-4624-96e0-06c74faea01d&ph=2eba3060-f578-4886-93a0-d9a2346966ea&r=https%3A%2F%2Fsync.richaudience.com%2Fa9b03dc9bdef0bcb818e9c4110ca0368%2F%3Fuid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a97adde81b00f2ca4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Sep 2021 16:36:08 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame E86F
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=Y2ZkOWVmMWEtYjNiNC02MThiLTc3OGItZDk2NWNkN2ViNDE2
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=Y2ZkOWVmMWEtYjNiNC02MThiLTc3OGItZDk2NWNkN2ViNDE2&google_tc=
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=Y2ZkOWVmMWEtYjNiNC02MThiLTc3OGItZDk2NWNkN2ViNDE2&google_tc=
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=5263ff89-48b7-4624-96e0-06c74faea01d&ph=2eba3060-f578-4886-93a0-d9a2346966ea&r=https%3A%2F%2Fsync.richaudience.com%2Fa9b03dc9bdef0bcb818e9c4110ca0368%2F%3Fuid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Sep 2021 16:36:08 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 16 Sep 2021 16:36:08 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=Y2ZkOWVmMWEtYjNiNC02MThiLTc3OGItZDk2NWNkN2ViNDE2&google_tc=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame E86F
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_sc=&google_tc=
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBMyj1niH_vW0fhhLBVAeVU&google_cver=1
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBMyj1niH_vW0fhhLBVAeVU&google_cver=1
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/cm?cc=1&id=5263ff89-48b7-4624-96e0-06c74faea01d&ph=2eba3060-f578-4886-93a0-d9a2346966ea&r=https%3A%2F%2Fsync.richaudience.com%2Fa9b03dc9bdef0bcb818e9c4110ca0368%2F%3Fuid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.216.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 16 Sep 2021 16:36:08 GMT
via
1.1 google
server
OXGW/16.216.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 16 Sep 2021 16:36:08 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBMyj1niH_vW0fhhLBVAeVU&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
match
c1.adform.net/serving/cookie/ Frame 2D0A
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&cid=B672AA7C-7651-4081-B75F-D63AC8EDAE5F
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=B672AA7C-7651-4081-B75F-D63AC8EDAE5F
35 B
468 B 		Document
General
Check archive.org
Download Go to
Full URL
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=B672AA7C-7651-4081-B75F-D63AC8EDAE5F
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156538&s=156538&gdpr=0&gdprConsent=&predirect=https%3A%2F%2Fsync.richaudience.com%2Fa8c1b6a2754b510b088f624c91944bf3%2F%3FpmUserId%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.246 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

:method
GET
:authority
c1.adform.net
:scheme
https
:path
/serving/cookie/match?CC=1&party=14&cid=B672AA7C-7651-4081-B75F-D63AC8EDAE5F
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
cookie
C=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 16 Sep 2021 16:36:08 GMT
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate, no-transform
pragma
no-cache
expires
-1
set-cookie
uid=4058719656320750862; expires=Mon, 15 Nov 2021 16:36:08 GMT; domain=adform.net; path=/; secure; samesite=none
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
strict-transport-security
max-age=31536000; includeSubDomains

Redirect headers

server
nginx
date
Thu, 16 Sep 2021 16:36:08 GMT
content-length
0
location
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=B672AA7C-7651-4081-B75F-D63AC8EDAE5F
cache-control
no-cache, no-store, must-revalidate, no-transform
pragma
no-cache
expires
-1
set-cookie
C=1; expires=Sat, 16 Oct 2021 16:36:08 GMT; domain=adform.net; path=/; secure; samesite=none
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
strict-transport-security
max-age=31536000; includeSubDomains
Pug
image2.pubmatic.com/AdServer/ Frame 761D
Redirect Chain
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=6123537584819117045
42 B
210 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=6123537584819117045
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156538&s=156538&gdpr=0&gdprConsent=&predirect=https%3A%2F%2Fsync.richaudience.com%2Fa8c1b6a2754b510b088f624c91944bf3%2F%3FpmUserId%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method
GET
:authority
image2.pubmatic.com
:scheme
https
:path
/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=6123537584819117045
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
cookie
KADUSERCOOKIE=B672AA7C-7651-4081-B75F-D63AC8EDAE5F; chkChromeAb67Sec=1; DPSync3=1632960000%3A201_197_219%7C1631836800%3A174; SyncRTB3=1632960000%3A161_56_7_220_21_13; KRTBCOOKIE_391=22924-7858265921035962497&KRTB&23263-7858265921035962497; PUBMDCID=3; KRTBCOOKIE_27=16735-uid:9e046143-7278-4e00-98dc-2ebe28689af5&KRTB&16736-uid:9e046143-7278-4e00-98dc-2ebe28689af5&KRTB&23019-uid:9e046143-7278-4e00-98dc-2ebe28689af5&KRTB&23114-uid:9e046143-7278-4e00-98dc-2ebe28689af5; PugT=1631810166
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 16 Sep 2021 16:36:07 GMT
content-type
image/gif; charset=utf-8
content-length
42
set-cookie
KRTBCOOKIE_336=5844-6123537584819117045; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 16-Oct-2021 16:36:07 GMT; path=/ PugT=1631810167; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 16-Oct-2021 16:36:07 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 15-Dec-2021 16:36:07 GMT; path=/
x-lat
amspug004:0:390
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=6123537584819117045
content-length
0
p3p
CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV
/
sync.richaudience.com/a8c1b6a2754b510b088f624c91944bf3/ Frame FC0A 		0
468 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.richaudience.com/a8c1b6a2754b510b088f624c91944bf3/?pmUserId=B672AA7C-7651-4081-B75F-D63AC8EDAE5F
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156538&s=156538&gdpr=0&gdprConsent=&predirect=https%3A%2F%2Fsync.richaudience.com%2Fa8c1b6a2754b510b088f624c91944bf3%2F%3FpmUserId%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.55.233.28 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.28.233.55.162.clients.your-server.de
Software
nginx/1.14.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method
GET
:authority
sync.richaudience.com
:scheme
https
:path
/a8c1b6a2754b510b088f624c91944bf3/?pmUserId=B672AA7C-7651-4081-B75F-D63AC8EDAE5F
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
cookie
pdid=3d4f98b5-3b3e-45ec-82e8-1zz1631810167; cmpsync=1; avcid-yho-uid=y-2M3mxFpE2uF_CRasHja1NqJyaw0mMzC0UZifz8c-~A; avcid-opx-uid=011b753a-22fd-0859-3956-0ee72adb193c
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx/1.14.2
date
Thu, 16 Sep 2021 16:36:08 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
set-cookie
avcid-pmr-uid=B672AA7C-7651-4081-B75F-D63AC8EDAE5F; expires=Wed, 15-Dec-2021 16:36:08 GMT; Max-Age=7776000; path=/; domain=.richaudience.com; secure; HttpOnly; SameSite=None avcid-pmt-uid=B672AA7C-7651-4081-B75F-D63AC8EDAE5F; expires=Wed, 15-Dec-2021 16:36:08 GMT; Max-Age=7776000; path=/; domain=.richaudience.com; secure; HttpOnly; SameSite=None
content-encoding
gzip
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 3535
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=tnKqfHZRQIG3X9Y6yO2uXw%3D%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=tnKqfHZRQIG3X9Y6yO2uXw%3D%3D&google_tc=
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156538&s=156538&gdpr=0&gdprConsent=&predirect=https%3A%2F%2Fsync.richaudience.com%2Fa8c1b6a2754b510b088f624c91944bf3%2F%3FpmUserId%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.21.141.175 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-21-141-175.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:08 GMT
content-encoding
gzip
last-modified
Tue, 15 Jun 2021 06:08:03 GMT
server
Apache/2.2.15 (CentOS)
etag
"1300708-3945-5c4c7cc02bd56"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=124112
accept-ranges
bytes
content-type
text/html; charset=UTF-8
content-length
5054
expires
Sat, 18 Sep 2021 03:04:40 GMT

Redirect headers

pragma
no-cache
date
Thu, 16 Sep 2021 16:36:08 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
272
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
SPug
image4.pubmatic.com/AdServer/ Frame 3535
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=08226143-7278-4a00-bfe7-ff52bd70fa3e
0
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=08226143-7278-4a00-bfe7-ff52bd70fa3e
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156538&s=156538&gdpr=0&gdprConsent=&predirect=https%3A%2F%2Fsync.richaudience.com%2Fa8c1b6a2754b510b088f624c91944bf3%2F%3FpmUserId%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:07 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Thu, 16 Sep 2021 16:36:08 GMT
Server
MT3 3944 2bcb57b master cdg-pixel-x25 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=08226143-7278-4a00-bfe7-ff52bd70fa3e
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 16 Sep 2021 16:36:07 GMT
match
ps.eyeota.net/ Frame 3535
Redirect Chain
  • https://pixel.onaudience.com/?partner=214&mapped=B672AA7C-7651-4081-B75F-D63AC8EDAE5F
  • https://pixel.onaudience.com/?partner=236&icm&cver&smartmap=1&redirect=ps.eyeota.net%2Fpixel%3Fgdpr%3D%26gdpr_consent%3D%26pid%3D3b2cb90%26t%3Dgif%26uid%3D%25m
  • https://ps.eyeota.net/pixel?gdpr=&gdpr_consent=&pid=3b2cb90&t=gif&uid=1b184d13424a5675
  • https://ps.eyeota.net/pixel/bounce/?gdpr=&gdpr_consent=&pid=3b2cb90&t=gif&uid=1b184d13424a5675
  • https://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&google_hm=MllscGNBLXJmbFA3LXRvZmQ0YWJnZTJkaTNuakNNVG44T0tMRVM1UGxhcU0&gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&dc_rc=1&...
  • https://ps.eyeota.net/match?gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&dc_rc=1&dc_mr=5&dc_orig=3b2cb90&referrer_pid=3b2cb90&google_gid=CAESEAicJYrfIfh5rb60ucdTi3Q&google_cver=1
  • https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjg0NTA1NDYvdC8w/url/https://ps.eyeota.net/match?bid=1mpjpn0&turn_id=$!{TURN_UUID}&newuser=1&dc_rc=2&dc_mr=5&dc_orig=3b2cb90&&referrer_pid=3b2cb90
  • https://ps.eyeota.net/match?bid=1mpjpn0&turn_id=7833882712218283906&newuser=1&dc_rc=2&dc_mr=5&dc_orig=3b2cb90&&referrer_pid=3b2cb90
  • https://sync.mathtag.com/sync/img?mt_exid=10015&redir=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3D7vi0rg0%26uid%3D%5BMM_UUID%5D%26dc_rc%3D3%26dc_mr%3D5%26dc_orig%3D3b2cb90%26%26referrer_pid%3D3b2cb90
  • https://ps.eyeota.net/match?bid=7vi0rg0&uid=9e046143-7278-4e00-98dc-2ebe28689af5&dc_rc=3&dc_mr=5&dc_orig=3b2cb90&&referrer_pid=3b2cb90
  • https://sync-tm.everesttech.net/upi/pid/lons7jax?redir=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24%7BTM_USER_ID%7D%26bid%3D0rijhbu%26dc_rc%3D4%26dc_mr%3D5%26dc_orig%3D3b2cb90%26%26referrer_pid%...
  • https://sync-tm.everesttech.net/ct/upi/pid/lons7jax?redir=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24%7BTM_USER_ID%7D%26bid%3D0rijhbu%26dc_rc%3D4%26dc_mr%3D5%26dc_orig%3D3b2cb90%26%26referrer_p...
  • https://ps.eyeota.net/match?uid=YUNyeAAAAJMzdgAR&bid=0rijhbu&dc_rc=4&dc_mr=5&dc_orig=3b2cb90&&referrer_pid=3b2cb90&_test=YUNyeAAAAJMzdgAR
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=eyeota&ttd_tpi=1
  • https://ps.eyeota.net/match?uid=024cb1f1-38f7-4aa0-bf61-87f2b8f4f401&bid=1e2n4ou
70 B
440 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ps.eyeota.net/match?uid=024cb1f1-38f7-4aa0-bf61-87f2b8f4f401&bid=1e2n4ou
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156538&s=156538&gdpr=0&gdprConsent=&predirect=https%3A%2F%2Fsync.richaudience.com%2Fa8c1b6a2754b510b088f624c91944bf3%2F%3FpmUserId%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.57.150.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-57-150-20.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Thu, 16 Sep 2021 16:36:08 GMT
Content-Type
image/gif
Content-Length
70
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

pragma
no-cache
date
Thu, 16 Sep 2021 16:36:08 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://ps.eyeota.net/match?uid=024cb1f1-38f7-4aa0-bf61-87f2b8f4f401&bid=1e2n4ou
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
191
Pug
image2.pubmatic.com/AdServer/ Frame 3535
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QjY3MkFBN0MtNzY1MS00MDgxLUI3NUYtRDYzQUM4RURBRTVG&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QjY3MkFBN0MtNzY1MS00MDgxLUI3NUYtRDYzQUM4RURBRTVG&gdpr=0&gdpr_consent=&google_tc=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
42 B
341 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156538&s=156538&gdpr=0&gdprConsent=&predirect=https%3A%2F%2Fsync.richaudience.com%2Fa8c1b6a2754b510b088f624c91944bf3%2F%3FpmUserId%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:06 GMT
cache-control
no-store, no-cache, private
x-lat
amspug016:0:385
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 16 Sep 2021 16:36:08 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 3535
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm=&google_sc=&gdpr=0&gdpr_consent=&google_tc=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEImXxA_GmZye8Bu9l3c_1yE&google_cver=1
42 B
438 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEImXxA_GmZye8Bu9l3c_1yE&google_cver=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156538&s=156538&gdpr=0&gdprConsent=&predirect=https%3A%2F%2Fsync.richaudience.com%2Fa8c1b6a2754b510b088f624c91944bf3%2F%3FpmUserId%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:07 GMT
cache-control
no-store, no-cache, private
x-lat
amspug018:0:396
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 16 Sep 2021 16:36:08 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEImXxA_GmZye8Bu9l3c_1yE&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
379
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubmatic
um.simpli.fi/ Frame 3535 		43 B
610 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156538&s=156538&gdpr=0&gdprConsent=&predirect=https%3A%2F%2Fsync.richaudience.com%2Fa8c1b6a2754b510b088f624c91944bf3%2F%3FpmUserId%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
169.50.137.190 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
be.89.32a9.ip4.static.sl-reverse.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:08 GMT
x-content-type-options
nosniff
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
43
expires
Wed, 15 Sep 2021 16:36:08 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 3535
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=7858265921035962497
42 B
543 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=7858265921035962497
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156538&s=156538&gdpr=0&gdprConsent=&predirect=https%3A%2F%2Fsync.richaudience.com%2Fa8c1b6a2754b510b088f624c91944bf3%2F%3FpmUserId%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:05 GMT
cache-control
no-store, no-cache, private
x-lat
amspug007:0:409
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 16 Sep 2021 16:36:08 GMT
server
nginx
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=7858265921035962497
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
Pug
simage2.pubmatic.com/AdServer/ Frame 3535
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:9e046143-7278-4e00-98dc-2ebe28689af5&gdpr=0&gdpr_consent=
42 B
496 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:9e046143-7278-4e00-98dc-2ebe28689af5&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156538&s=156538&gdpr=0&gdprConsent=&predirect=https%3A%2F%2Fsync.richaudience.com%2Fa8c1b6a2754b510b088f624c91944bf3%2F%3FpmUserId%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:06 GMT
cache-control
no-store, no-cache, private
x-lat
amspug019:0:665
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Thu, 16 Sep 2021 16:36:08 GMT
Server
MT3 3944 2bcb57b master cdg-pixel-x2 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:9e046143-7278-4e00-98dc-2ebe28689af5&gdpr=0&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 16 Sep 2021 16:36:07 GMT
SPug
simage4.pubmatic.com/AdServer/ Frame 3535 		0
128 B 		Script
General
Check archive.org
Download Go to
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=156538&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156538&s=156538&gdpr=0&gdprConsent=&predirect=https%3A%2F%2Fsync.richaudience.com%2Fa8c1b6a2754b510b088f624c91944bf3%2F%3FpmUserId%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Thu, 16 Sep 2021 16:36:08 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco Nacional (Banking)

167 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| onbeforexrselect boolean| originAgentCluster function| __tcfapi function| __uspapi object| dataLayer function| LoginErrors number| maxPasswordLength function| InputUtil function| SelectOption function| Login string| Title string| LoginTitle string| urlBnMovilDefault string| urlIBDefault string| urlBNSDefault string| urlLostPassword string| urlLostPasswordBnMovil string| urlAffiliate string| urlAffiliateBnMovil string| urlApiToken string| urlCambioClave string| urlCambioClaveBNM string| indiceAuth string| indiceBNM string| indiceIB string| indiceBNS string| urlIBCDescarga string| rutabase string| urlLogo string| urlChatImg string| urlChat string| FooterSeccionLeftLogin string| FooterSeccionCenterLogin string| FooterSeccionRightLogin string| FooterSeccionLeftKeyBoard string| FooterSeccionCenterKeyBoard string| FooterSeccionRightKeyBoard string| FooterSeccionLeftOTP string| FooterSeccionCenterOTP string| FooterSeccionRightOTP string| Terms string| TermsUrl string| Privacy string| PrivacyUrl string| chatLink string| helpModal object| contentHtml undefined| emails undefined| msViewportStyle undefined| viewport function| getStyle function| LoadTheme function| IsIB function| IsIBMovil function| IsBNS function| Signout function| ClearDomain function| CambioContrasena function| HideShowControl function| ElementExist function| WindowsRedirect function| ExistMFA function| DrawMFA function| ApplyCSSInput function| SetValueInput function| ControlFooter function| GetReturnUri function| GetParamts function| GetUsrName function| AppendLostPassword function| AppendCertificate function| AppendUserName function| InitControls function| LettersAndNumbers function| CertificateClick function| HelpClick function| ValidarErrorCert function| RestringirMoviles function| Close object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| mia_ga object| _qevents function| quantserve function| __qc object| ezt object| _qoptions function| qtrack object| gaplugins object| gaGlobal object| gaData string| pubcidCookie object| s string| t object| lz_elem object| parser object| lz_ua function| _lz_console object| lz_console function| _lz_utils object| lz_utils object| dfcheck object| df_orientation_data object| df_motion_data object| pool undefined| current number| default_lz_max_time_fallback object| lz_fallback object| lz_ads number| lz_time_listener object| pila_ban function| fixtweakboxapp function| lz_loadads function| lz_loadscripts function| lz_loadfill function| lz_loadscr function| lz_callfallback function| lz_script_item function| lz_listener_dummy function| lz_listener_banner function| lz_fallback_banner function| lz_listener_sunmedia function| lz_fallback_sunmedia function| IW_carga function| UAParser boolean| scoreForce function| lz_touchend function| lz_touchstart function| lz_deviceorientation function| lz_MozOrientation function| lz_devicemotion number| lz_max_time_fallback function| htmlParser function| oldwrite function| oldwriteln function| IW_load string| lz_zone object| target function| a object| n object| regeneratorRuntime object| __sm__ object| adblockDetector object| _0x407e function| _0x573e function| script object| ls function| _getRandomInt function| _loadSingle function| _load function| parseDataTag function| randomSort function| _getScriptContent function| _cb function| postscribe object| h string| tcf string| raEuconsent string| raReferrer function| Tapad

51 Cookies

Domain/Path Name / Value
.webcindario.com/bnac/adfs Name: _dlt
Value: 1
.webcindario.com/ Name: __muid
Value: f71544c344e6a70a656e50fe4ae84c943a97e5a3
.seguridadnbcr921.webcindario.com/ Name: _ga
Value: GA1.3.1487816547.1631810166
.seguridadnbcr921.webcindario.com/ Name: _gid
Value: GA1.3.945293949.1631810166
.seguridadnbcr921.webcindario.com/ Name: _gat_UA-597118-7
Value: 1
.seguridadnbcr921.webcindario.com/ Name: _gat_UA-597118-1
Value: 1
.sunmediaads.com/ Name: lz_frecy
Value: %7B%22HEZRL65RXYI2%22%3A%7B%22times%22%3A1%2C%22time%22%3A1631829600%7D%7D
.sunmediaads.com/ Name: lz_frecy_crea
Value: %7B%22HEZRL65RXYI2%22%3A%7B%221%22%3A%7B%22visto%22%3A1%2C%22time%22%3A1631829600%7D%7D%7D
.spotxchange.com/ Name: audience
Value: 31797e93-170c-11ec-845b-1d03a5b20506
.richaudience.com/ Name: pdid
Value: 3d4f98b5-3b3e-45ec-82e8-1zz1631810167
.spotxchange.com/ Name: sl
Value: eyJnIjp0cnVlLCJzIjoiMjAyMTAwIiwic3AiOjEsImkiOnRydWUsImxwIjo3MDI1LCJnY3MiOiIke2dkcHJfY29uc2VudH0iLCJwbCI6WzcwMjgsNjY1Myw4NDU5LDc1NzcsNjQwOSw2NDY1XSwic2lkIjoiMzE3OTdlZTktMTcwYy0xMWVjLTg0NWItMWQwM2E1YjIwNTA2Iiwic29sIjo3LCJzbCI6Nn0=
.richaudience.com/ Name: cmpsync
Value: 1
.tapad.com/ Name: TapAd_TS
Value: 1631810167895
.tapad.com/ Name: TapAd_DID
Value: 89887d45-6f8a-4f43-bb26-bb61ad6c881c
.ads.pubmatic.com/ Name: KCCH
Value: YES
.openx.net/ Name: i
Value: 301a0389-d344-00d8-38bd-4b3463bb498b|1631810167
.yahoo.com/ Name: A3
Value: d=AQABBHdyQ2ECEMApMQT4EQE1PkPWjIE7xEgFEgEBAQHDRGFNYQAAAAAA_eMAAA&S=AQAAAgall_b1DcLTijM75HZcDoE
.analytics.yahoo.com/ Name: IDSYNC
Value: 191c~20fs
.openx.net/ Name: pd
Value: v2|1631810168|gekin0vNiygu
.richaudience.com/ Name: avcid-yho-uid
Value: y-2M3mxFpE2uF_CRasHja1NqJyaw0mMzC0UZifz8c-~A
.pubmatic.com/ Name: KADUSERCOOKIE
Value: B672AA7C-7651-4081-B75F-D63AC8EDAE5F
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 1
.pubmatic.com/ Name: DPSync3
Value: 1632960000%3A201_197_219%7C1631836800%3A174
.pubmatic.com/ Name: SyncRTB3
Value: 1632960000%3A161_56_7_220_21_13
.richaudience.com/ Name: avcid-opx-uid
Value: 011b753a-22fd-0859-3956-0ee72adb193c
.adsrvr.org/ Name: TDID
Value: 024cb1f1-38f7-4aa0-bf61-87f2b8f4f401
.quantserve.com/ Name: d
Value: EI8BDAGhJIqsMA
.quantserve.com/ Name: mc
Value: 61437278-0ba6a-8e0fc-d889a
.richaudience.com/ Name: avcid-pmr-uid
Value: B672AA7C-7651-4081-B75F-D63AC8EDAE5F
.richaudience.com/ Name: avcid-pmt-uid
Value: B672AA7C-7651-4081-B75F-D63AC8EDAE5F
.adform.net/ Name: C
Value: 1
.doubleclick.net/ Name: IDE
Value: AHWqTUnY7pEY87r0TJ3tYCqNRfQ3ZeoKbeVP6Ob3nznNoSb1yNq8G62vF73PcbsE9Vg
.onaudience.com/ Name: cookie
Value: 2001498333bd4b0c
.onaudience.com/ Name: done_redirects236
Value: 1
.mathtag.com/ Name: uuid
Value: 9e046143-7278-4e00-98dc-2ebe28689af5
.simpli.fi/ Name: suid
Value: 173CA706DB48455E9ED238FC621E5141
.adform.net/ Name: uid
Value: 7858265921035962497
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value: 1!6232
.eyeota.net/ Name: mako_uid
Value: 17bef772544-7cde0000010f599f
.eyeota.net/ Name: SERVERID
Value: 22943~DM
.de17a.com/ Name: guid2
Value: 1.6123537584819117045
.pubmatic.com/ Name: KRTBCOOKIE_391
Value: 22924-7858265921035962497&KRTB&23263-7858265921035962497
.pubmatic.com/ Name: PUBMDCID
Value: 3
.pubmatic.com/ Name: KRTBCOOKIE_27
Value: 16735-uid:9e046143-7278-4e00-98dc-2ebe28689af5&KRTB&16736-uid:9e046143-7278-4e00-98dc-2ebe28689af5&KRTB&23019-uid:9e046143-7278-4e00-98dc-2ebe28689af5&KRTB&23114-uid:9e046143-7278-4e00-98dc-2ebe28689af5
.pubmatic.com/ Name: KRTBCOOKIE_80
Value: 22987-CAESEImXxA_GmZye8Bu9l3c_1yE&KRTB&16514-CAESEImXxA_GmZye8Bu9l3c_1yE&KRTB&23025-CAESEImXxA_GmZye8Bu9l3c_1yE
.pubmatic.com/ Name: PugT
Value: 1631810167
.pubmatic.com/ Name: SPugT
Value: 1631810167
.pubmatic.com/ Name: KRTBCOOKIE_336
Value: 5844-6123537584819117045
.turn.com/ Name: uid
Value: 7833882712218283906
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~YUNyeAAAAJMzdgAR
.adsrvr.org/ Name: TDCPM
Value: CAESFAoFdGFwYWQSCwiM3bThw878ORAFGAEgASgCMgsIzM3mk9rO_DkQBTgBWgZleWVvdGFgAg..

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.pubmatic.com
c1.adform.net
cdnjs.cloudflare.com
cm.g.doubleclick.net
d.turn.com
d5p.de17a.com
des.smartclip.net
eu-u.openx.net
fonts.googleapis.com
fonts.gstatic.com
hosting.miarroba.info
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
img.sunmediaads.com
jnxm2.com
match.adsrvr.org
pandg.tapad.com
pghub.io
pixel.advertising.com
pixel.onaudience.com
pixel.quantserve.com
pixel.tapad.com
play.sunmediaads.com
ps.eyeota.net
quantcast.mgr.consensu.org
rules.quantcount.com
secure.quantserve.com
seguridadnbcr921.webcindario.com
services.sunmedia.tv
servingcdn.net
simage2.pubmatic.com
simage4.pubmatic.com
static.sunmedia.tv
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.mathtag.com
sync.richaudience.com
sync.search.spotxchange.com
track.adform.net
track.sunmedia.tv
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
www.google-analytics.com
www.google.com
www.googletagmanager.com
104.16.18.94
104.21.80.217
13.225.78.27
141.94.102.46
142.250.184.238
142.250.185.228
142.250.185.234
142.250.186.34
146.59.148.16
151.101.130.49
162.55.233.28
169.50.137.190
172.217.23.99
18.156.0.31
18.197.99.6
18.222.46.171
18.66.97.52
185.29.134.248
185.64.189.110
185.64.189.114
185.64.190.78
185.94.180.125
2.21.141.175
205.185.216.42
212.92.55.6
213.155.156.182
216.58.212.136
3.130.122.213
35.186.194.101
35.227.248.159
35.241.45.217
35.244.159.8
37.157.6.246
46.228.164.13
5.57.226.202
52.57.150.20
66.102.1.157
76.223.111.131
91.228.74.133
04e005c62a9b5765cef586f7cc4e9f509272a604d151f71913f1da727a2a60ec
051a4df5ca07ec7979f14e486352a62c72733c9aabb6528adaddc9a911fbfca3
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c4285522a69444c8b40c0e596d97e1f72db96e449beeb7ba2cae7a935f7a889
183128a3c941ede3d9199fa37d6aa90e0a7dfe101b37d10b4feda0cf35e11afd
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
19603242f3bfa5b6cf922d65bc2353813d1b4c3a4b970638f3fa1c5b6dd39a88
1c862f8ca66133fcc0d34a84b3f587bd5a956708431954f7106c509e71424e9f
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba
2ad412965bca33f6be3967b22f83dc48c653e2ba716c8f83d9bfe5fba992dda9
2e4ecfa7866203cf7f8f705c2c9fffa8cdeb3b11bea0cae4399f6bc974b07b6f
3a57826dd4437403ec9dffe3d8a907466926d7123e4a765ec724d79ae24e1d54
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
4147765720de5d55d7cb75d797944735a16c8a179ee2653fb5eac1b094584c77
443d41c905362e5073c79212ec86c5f69ddcfbc38f5530c6409b73c604e74259
4ab7918478793ceb022d3f5449e401b44b78d87bc4429058ebb8b64163640da2
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
52691c4f90034c90a93cb95cf2c62e8bfee3f2da454e5ad4195b89db97dfe446
5d9e8cfd13ab9f3cb184ee716c93c4c007837b001ab17f762269a64b2d8958cc
5fadb0c3b20e92fa7e4a2509e6899bb327d648074272420fbf90354c11f041aa
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
7285303c6f1bd19a091fb8046d1c43704c3f846461b957fe4198c3e051fce7eb
76723860170ae5e7c55bb7d9a62f7a3f1e95f6cbf3278d5eb0856b979ebdda39
7c074d5639b08b7eee3923842b52d5333c37eceb96baf14ee213584981066fe5
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
836331c667ad41f6ed86b1275b562d6f4e67e1adbd52518651d68c6e31dc189a
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8fa1f4e9501aa00a6ccc86f20c82a1f2d92601bf33ba69a09ed73722750e8874
95b17ad661699c049d42195b8ccd1d855045a1fcfbd20d8609a6d87fa5703810
a11306b40a20c1d8d40e2746d1ee259b7556c00bcbc719e5e1065f02b7cc427c
a25ba1b157ec936592d10b603b83173744a279f8be236e4dc3f25aab9fbbd452
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
aa9610bbff147c273a1da11ab3c2c71cf38eeded6f9af6ad187ddd5bf23c003d
ab7baab728cf4fa117cbdd177d0d2f148a69f6ae40859bd3ee5624b5387ca70b
be5eeb099a1cf713146da66dd7c33e478e64d3c021a1a08fc21ba103064951a9
be73cab6c4c09afb515cd2c2b637cbfbd5d3ed3af0a8f6e153c6288684d5cdd3
c0f558e80b9bd66f42a6005407dd5f613ac561a7425408fef4defee669c90103
c41c246eebfa5b889aa05885a984238e855060454d41caa6fbfb2f5d5faecd1a
c4e20f53f5ef0ed44b783437aa3f4638a9a56cc4aa29ae83ed9212eb2807052a
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d4f9d1e883307e803c77d317de9ea8749efae95fb0e4c95f9ef163106bd5c9fc
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98
e1a4a19cb8541a44257948aff5c794c8cded843994e97dd4c80236a6ae841a95
e3802f02f4480d3b247af948f029fc343b6947d933a8dc978a738be684e7a3f7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f27f819e37c30a0e109cf556537192b1a5dfa5035d5272eec6f2a2a515f3e26b
f8f5705ee03667d1a28565f6dc84b7748bb9d7c4ded30c270354edd054b86b32
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62