www.elheraldo.co Open in urlscan Pro
169.48.223.140 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://elheraldo.co/
Effective URL:
https://www.elheraldo.co/
Submission Tags: tranco_l324
Submission: On October 31 via api (October 31st 2021, 6:08:19 am UTC) from DE — Scanned from DE

Summary HTTP 261 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 50 IPs in 7 countries across 35 domains to perform 261 HTTP transactions. The main IP is 169.48.223.140, located in Netherlands and belongs to SOFTLAYER, US. The main domain is www.elheraldo.co.
TLS certificate: Issued by RapidSSL RSA CA 2018 on October 26th 2019. Valid for: 2 years.

This is the only time www.elheraldo.co was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	169.48.223.138 169.48.223.138	36351 (SOFTLAYER) (SOFTLAYER)
81	169.48.223.140 169.48.223.140	36351 (SOFTLAYER) (SOFTLAYER)
2	18.66.99.146 18.66.99.146	16509 (AMAZON-02) (AMAZON-02)
3	69.16.175.42 69.16.175.42	33438 (HIGHWINDS2) (HIGHWINDS2)
1	142.250.184.206 142.250.184.206	15169 (GOOGLE) (GOOGLE)
5	23.79.131.70 23.79.131.70	16625 (AKAMAI-AS) (AKAMAI-AS)
5	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
5	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
2	142.250.184.200 142.250.184.200	15169 (GOOGLE) (GOOGLE)
1	151.101.194.202 151.101.194.202	54113 (FASTLY) (FASTLY)
2	169.48.223.141 169.48.223.141	36351 (SOFTLAYER) (SOFTLAYER)
3	104.17.185.177 104.17.185.177	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	147.75.85.120 147.75.85.120	54825 (PACKET) (PACKET)
2	142.250.186.110 142.250.186.110	15169 (GOOGLE) (GOOGLE)
1	205.234.175.175 205.234.175.175	23352 (SERVERCEN...) (SERVERCENTRAL)
2	157.240.221.16 157.240.221.16	32934 (FACEBOOK) (FACEBOOK)
1	172.67.192.182 172.67.192.182	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.16.240.21 104.16.240.21	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	104.16.42.65 104.16.42.65	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.74.194 142.250.74.194	15169 (GOOGLE) (GOOGLE)
2	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
5	142.250.185.129 142.250.185.129	15169 (GOOGLE) (GOOGLE)
3	178.63.12.147 178.63.12.147	24940 (HETZNER-AS) (HETZNER-AS)
6	104.16.11.243 104.16.11.243	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.217.16.142 172.217.16.142	15169 (GOOGLE) (GOOGLE)
2	173.194.76.156 173.194.76.156	15169 (GOOGLE) (GOOGLE)
2	142.250.74.195 142.250.74.195	15169 (GOOGLE) (GOOGLE)
2	157.240.221.35 157.240.221.35	32934 (FACEBOOK) (FACEBOOK)
1 5	142.250.186.36 142.250.186.36	15169 (GOOGLE) (GOOGLE)
1	18.204.74.96 18.204.74.96	14618 (AMAZON-AES) (AMAZON-AES)
10 34	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1 1	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS)
1	98.137.155.9 98.137.155.9	36646 (YAHOO-NE1) (YAHOO-NE1)
7	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
34	142.250.184.193 142.250.184.193	15169 (GOOGLE) (GOOGLE)
2	142.250.185.102 142.250.185.102	15169 (GOOGLE) (GOOGLE)
4	37.157.4.39 37.157.4.39	198622 (ADFORM) (ADFORM)
5 11	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
5 8	185.33.220.145 185.33.220.145	29990 (ASN-APPNEX) (ASN-APPNEX)
2	142.250.186.106 142.250.186.106	15169 (GOOGLE) (GOOGLE)
4	159.69.70.9 159.69.70.9	24940 (HETZNER-AS) (HETZNER-AS)
3	37.157.5.72 37.157.5.72	198622 (ADFORM) (ADFORM)
1	142.250.184.195 142.250.184.195	15169 (GOOGLE) (GOOGLE)
1 4	138.201.63.157 138.201.63.157	24940 (HETZNER-AS) (HETZNER-AS)
2 2	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
1	88.198.250.30 88.198.250.30	24940 (HETZNER-AS) (HETZNER-AS)
1 2	78.46.5.84 78.46.5.84	24940 (HETZNER-AS) (HETZNER-AS)
1	167.233.14.134 167.233.14.134	24940 (HETZNER-AS) (HETZNER-AS)
1 2	142.250.186.102 142.250.186.102	15169 (GOOGLE) (GOOGLE)
1	54.76.176.197 54.76.176.197	16509 (AMAZON-02) (AMAZON-02)
1	104.111.239.217 104.111.239.217	16625 (AKAMAI-AS) (AKAMAI-AS)
1 9	46.249.52.248 46.249.52.248	50673 (SERVERIUS-AS) (SERVERIUS-AS)
261	50

1 169.48.223.138 (Netherlands) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: 8a.df.30a9.ip4.static.sl-reverse.com

elheraldo.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

81 169.48.223.140 (Netherlands)

ASN36351 (SOFTLAYER, US)
PTR: 8c.df.30a9.ip4.static.sl-reverse.com

www.elheraldo.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.99.146 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.16.175.42 (Phoenix, United States)

ASN33438 (HIGHWINDS2, US)
PTR: tlb.hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.206 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f14.1e100.net

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.79.131.70 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-79-131-70.deploy.static.akamaitechnologies.com

scdn.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f98.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.200 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.202 (United States)

ASN54113 (FASTLY, US)

mab.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 169.48.223.141 (Netherlands)

ASN36351 (SOFTLAYER, US)
PTR: 8d.df.30a9.ip4.static.sl-reverse.com

web.cloudvideo.com.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.185.177 (United States)

ASN13335 (CLOUDFLARENET, US)

experience.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
buy.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 147.75.85.120 (Parsippany, United States)

ASN54825 (PACKET, US)

api.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.110 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.234.175.175 (United States)

ASN23352 (SERVERCENTRAL, US)
PTR: vip1.G-anycast1.cachefly.net

sakimg.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.221.16 (United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-lhr8.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.192.182 (United States)

ASN13335 (CLOUDFLARENET, US)

www.npttech.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.240.21 (United States)

ASN13335 (CLOUDFLARENET, US)

c2.piano.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.16.42.65 (United States)

ASN13335 (CLOUDFLARENET, US)

api-esp.piano.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.74.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.185.129 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f1.1e100.net

880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.63.12.147 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: de715.cxense.com

p1cluster.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
comcluster.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
id.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.16.11.243 (United States)

ASN13335 (CLOUDFLARENET, US)

tag.navdmp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
usr.navdmp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.navdmp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync2.navdmp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.navdmp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.142 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f14.1e100.net

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 173.194.76.156 (United States)

ASN15169 (GOOGLE, US)
PTR: ws-in-f156.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.74.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.221.35 (United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-lhr8.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.186.36 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.204.74.96 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-204-74-96.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

34 142.250.181.226 (United States) 10 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.233.201 (Ascension Island) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 98.137.155.9 (United States)

ASN36646 (YAHOO-NE1, US)
PTR: spcms.pbp.vip.ne1.yahoo.com

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f130.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

34 142.250.184.193 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f1.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.102 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f6.1e100.net

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.4.39 (Denmark)

ASN198622 (ADFORM, DK)

track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2.18.234.21 (Ascension Island) 5 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.33.220.145 (Netherlands) 5 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.106 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 159.69.70.9 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.9.70.69.159.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.5.72 (Denmark)

ASN198622 (ADFORM, DK)

s1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.63.157 (Heppenheim an der Bergstrasse, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.157.63.201.138.clients.your-server.de

hal90007.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 145.239.193.130 (France) 2 redirects

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.198.250.30 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-250-30.clients.your-server.de

pb.media01.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 78.46.5.84 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: dedi1284.your-server.de

cdn.retailads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 167.233.14.134 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: lb-2.futalis.de

futalis.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.102 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f6.1e100.net

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.76.176.197 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com

ad-server.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.239.217 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-239-217.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 46.249.52.248 (Netherlands) 1 redirects

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net

ads.us.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
82	elheraldo.co 1 redirects elheraldo.co www.elheraldo.co	1 MB
58	googlesyndication.com 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	314 KB
31	doubleclick.net 11 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net googleads4.g.doubleclick.net 5994599.fls.doubleclick.net	242 KB
11	casalemedia.com 5 redirects dsum-sec.casalemedia.com	10 KB
10	e-planning.net 1 redirects sakimg.e-planning.net ads.us.e-planning.net	19 KB
10	cxense.com scdn.cxense.com cdn.cxense.com api.cxense.com p1cluster.cxense.com comcluster.cxense.com id.cxense.com	97 KB
9	google.com 1 redirects apis.google.com adservice.google.com analytics.google.com www.google.com	23 KB
8	redintelligence.net 1 redirects hal9000.redintelligence.net hal90007.redintelligence.net	55 KB
8	adnxs.com 5 redirects ib.adnxs.com	6 KB
7	adform.net track.adform.net s1.adform.net	80 KB
6	navdmp.com tag.navdmp.com usr.navdmp.com cdn.navdmp.com sync2.navdmp.com sync.navdmp.com	6 KB
6	piano.io c2.piano.io api-esp.piano.io	19 KB
5	googletagservices.com www.googletagservices.com	173 KB
3	google.de adservice.google.de www.google.de	1 KB
3	tinypass.com experience.tinypass.com cdn.tinypass.com buy.tinypass.com	138 KB
3	jquery.com code.jquery.com	107 KB
3	chartbeat.com static.chartbeat.com mab.chartbeat.com	24 KB
2	retailads.net 1 redirects cdn.retailads.net	5 KB
2	medialead.de 2 redirects pv.medialead.de	2 KB
2	googleapis.com fonts.googleapis.com	2 KB
2	2mdn.net s0.2mdn.net	151 KB
2	facebook.com www.facebook.com	444 B
2	facebook.net connect.facebook.net	113 KB
2	google-analytics.com www.google-analytics.com	20 KB
2	cloudvideo.com.co web.cloudvideo.com.co	49 KB
2	googletagmanager.com www.googletagmanager.com	89 KB
1	awin1.com www.awin1.com	703 B
1	ad-server.eu ad-server.eu	312 B
1	futalis.de futalis.de	409 B
1	media01.eu pb.media01.eu	629 B
1	gstatic.com fonts.gstatic.com	20 KB
1	yahoo.com cms.analytics.yahoo.com
1	mathtag.com 1 redirects pixel.mathtag.com	578 B
1	chartbeat.net ping.chartbeat.net	201 B
1	npttech.com www.npttech.com	3 KB
261	35

	Domain	Requested by
81	www.elheraldo.co	www.elheraldo.co
34	tpc.googlesyndication.com	880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com www.elheraldo.co tpc.googlesyndication.com googleads.g.doubleclick.net securepubads.g.doubleclick.net
19	pagead2.googlesyndication.com	880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com www.elheraldo.co googleads.g.doubleclick.net tpc.googlesyndication.com securepubads.g.doubleclick.net www.googletagservices.com
13	cm.g.doubleclick.net	10 redirects googleads.g.doubleclick.net
11	dsum-sec.casalemedia.com	5 redirects googleads.g.doubleclick.net
9	ads.us.e-planning.net	1 redirects sakimg.e-planning.net
8	ib.adnxs.com	5 redirects googleads.g.doubleclick.net
7	googleads.g.doubleclick.net	880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com www.elheraldo.co
5	www.google.com	1 redirects www.elheraldo.co 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com tpc.googlesyndication.com
5	880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
5	api-esp.piano.io	cdn.tinypass.com www.elheraldo.co
5	securepubads.g.doubleclick.net	www.elheraldo.co www.googletagservices.com securepubads.g.doubleclick.net
5	www.googletagservices.com	www.elheraldo.co 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
4	hal90007.redintelligence.net	1 redirects 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com hal90007.redintelligence.net
4	hal9000.redintelligence.net	880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com hal90007.redintelligence.net
4	track.adform.net	880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com s1.adform.net
4	cdn.cxense.com	www.elheraldo.co cdn.cxense.com scdn.cxense.com
3	s1.adform.net	track.adform.net s1.adform.net www.elheraldo.co
3	code.jquery.com	www.elheraldo.co
2	5994599.fls.doubleclick.net	1 redirects www.elheraldo.co
2	cdn.retailads.net	1 redirects futalis.de
2	pv.medialead.de	2 redirects
2	fonts.googleapis.com	tpc.googlesyndication.com hal90007.redintelligence.net
2	s0.2mdn.net	880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com tpc.googlesyndication.com
2	googleads4.g.doubleclick.net	www.elheraldo.co
2	www.facebook.com	www.elheraldo.co
2	www.google.de	www.elheraldo.co
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	tag.navdmp.com	sakimg.e-planning.net tag.navdmp.com
2	adservice.google.com	securepubads.g.doubleclick.net 5994599.fls.doubleclick.net
2	connect.facebook.net	www.elheraldo.co connect.facebook.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	api.cxense.com	scdn.cxense.com
2	web.cloudvideo.com.co	www.elheraldo.co
2	www.googletagmanager.com	www.elheraldo.co www.googletagmanager.com
2	static.chartbeat.com	www.elheraldo.co
1	www.awin1.com	880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
1	ad-server.eu	880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
1	futalis.de	hal90007.redintelligence.net
1	pb.media01.eu	hal90007.redintelligence.net
1	fonts.gstatic.com	fonts.googleapis.com
1	cms.analytics.yahoo.com	www.elheraldo.co
1	sync.navdmp.com	www.elheraldo.co
1	pixel.mathtag.com	1 redirects
1	sync2.navdmp.com	www.elheraldo.co
1	cdn.navdmp.com	tag.navdmp.com
1	usr.navdmp.com	tag.navdmp.com
1	id.cxense.com	scdn.cxense.com
1	ping.chartbeat.net	www.elheraldo.co
1	comcluster.cxense.com	cdn.cxense.com
1	analytics.google.com	www.googletagmanager.com
1	p1cluster.cxense.com	cdn.cxense.com
1	adservice.google.de	securepubads.g.doubleclick.net
1	buy.tinypass.com	cdn.tinypass.com
1	c2.piano.io	cdn.tinypass.com
1	www.npttech.com	www.elheraldo.co
1	sakimg.e-planning.net	www.elheraldo.co
1	cdn.tinypass.com	experience.tinypass.com
1	experience.tinypass.com	www.elheraldo.co
1	mab.chartbeat.com	static.chartbeat.com
1	scdn.cxense.com	www.elheraldo.co
1	apis.google.com	www.elheraldo.co
1	elheraldo.co	1 redirects
261	63

This site contains links to these domains. Also see Links.

Domain
bit.ly
clasificados.elheraldo.co
www.partnerinmobiliaria.co
landing.elheraldo.co
elheraldo.pressreader.com
play.google.com
apps.apple.com
www.linkedin.com
www.facebook.com
twitter.com
www.instagram.com
www.youtube.com
www.aldia.co
www.sic.gov.co

Subject Issuer	Validity	Valid
*.elheraldo.co RapidSSL RSA CA 2018	`2019-10-26` - `2021-12-24`	2 years	crt.sh
*.chartbeat.com Thawte RSA CA 2018	`2021-05-20` - `2022-06-03`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
*.apis.google.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.cxense.com DigiCert SHA2 Secure Server CA	`2021-05-21` - `2022-05-26`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
web.cloudvideo.com.co R3	`2021-10-23` - `2022-01-21`	3 months	crt.sh
*.piano.io Sectigo RSA Domain Validation Secure Server CA	`2021-08-19` - `2022-09-18`	a year	crt.sh
sakimg.e-planning.net Sectigo RSA Domain Validation Secure Server CA	`2021-02-03` - `2022-03-06`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-09-09` - `2021-12-08`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-05` - `2022-07-04`	a year	crt.sh
*.google.de GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2020-12-01` - `2021-12-30`	a year	crt.sh
*.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-05-24` - `2021-11-17`	6 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
redintelligence.net R3	`2021-10-21` - `2022-01-19`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-10-04` - `2021-12-27`	3 months	crt.sh
*.media01.eu RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-05-27` - `2022-05-27`	a year	crt.sh
futalis.de R3	`2021-09-10` - `2021-12-09`	3 months	crt.sh
www.awin1.com DigiCert SHA2 Secure Server CA	`2021-06-11` - `2022-06-16`	a year	crt.sh
cdn.retailads.net Encryption Everywhere DV TLS CA - G1	`2021-07-17` - `2022-07-17`	a year	crt.sh
ads.us.e-planning.net R3	`2021-10-09` - `2022-01-07`	3 months	crt.sh

This page contains 22 frames:

Primary Page: https://www.elheraldo.co/
Frame ID: E9378B6D14592475BE756BBF4FB08A74
Requests: 144 HTTP requests in this frame

Frame: https://cdn.cxense.com/sp1.html
Frame ID: 51C70A1D6C690EAA5816777E64F155FE
Requests: 4 HTTP requests in this frame

Frame: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 2948BE91867BAC0292B3756B5D194767
Requests: 1 HTTP requests in this frame

Frame: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: F5BE9693C409E306A228C6B5F3B6892E
Requests: 13 HTTP requests in this frame

Frame: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 2CF0EA9EC71BC9FCC296241E99D874B9
Requests: 13 HTTP requests in this frame

Frame: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 7FEB52B751825AA0DBCFB1BD7BE55417
Requests: 17 HTTP requests in this frame

Frame: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 9A32BF1002390F5B0DF6A8C371A6DAFC
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsY583FlQEwAQ&v=APEucNWx6F40wUIWdEw5S5Fghe2JNi_e2FuuYxVVkPUbkFrnEIKxSAmYhcyZGZLvomL86eGVacNElSVCffXzt71hoZvOZdydRdV0v2Iu_rXMzLzw38G7rjuTgANuifwApcw0D5Kd3B2pOZKDyGZkMwEzVOAO7CCfbZMj1l30WjpD4RNTDGI75po
Frame ID: 7940DBD4630C46CC610E2D60CEAAEC13
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJKm1AIQlZHVAhiri7a3ATAB&v=APEucNXzEWqA1iIljZeT8S_UL2gwaJUi89c_1PMQ3fnJbQh19SkAOvBrrmrDA4k7PlbWfwfkG5_bDcNGKbf2XHBrQa2NX9wihMZVpnNCN1lle6pI67COKuMKsdkHhyr7yBMVMyH6VRWzZ5oZSjeQcSi_V-czCGN3hGQor4gLmOiAapUlTZouwoU
Frame ID: B08B10BEEAAE5B172DCE0E889C4CD523
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLCb4gIQ_8PTxAIYrdK4uAEwAQ&v=APEucNUf-3d1NJymas41tGi4HHTn1KjwURFHIfKLb76b70RaB6xOk5b92gxZDvZjZuzn3gIzpe7s_oxCkDxeFhQsoVEzTRn1_dPkF8UaCeQAu0yNK-VUfsckf57XwGf5A72-741jPEI-GmB4eUbYGrWwW1DV0OTM8tNYZS6vHNuojiY6JAuW9mg
Frame ID: 638B6218BE659669E1A77EE0840FAEDE
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/index.html
Frame ID: C31576207B4F14B7263F079BC3DCFB01
Requests: 21 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 74B34FDA46DDBD4E064475C087E2B994
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 07EBD80E9B6DF07018EDE251E7A48963
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 5B55C236AC33268FC1F81DEB52214766
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8DC6074DF81F4E8C663156F2A9DF1757
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 3764309B7F0CA06335C6CE94BE2773FC
Requests: 3 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=21638700024036500710580011764007&actionid=731824&produktid=businessgiro&dt_url=
Frame ID: C8454BC8E75C67AC38D58AB6E8374975
Requests: 1 HTTP requests in this frame

Frame: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=972344917
Frame ID: A853473DBA335557740999C34407C14A
Requests: 2 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CIv7w5X-8_MCFUaUhQodOM8IyQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2078892201127.398
Frame ID: F90E986AA3DA51EB7D541500A030682A
Requests: 2 HTTP requests in this frame

Frame: https://hal90007.redintelligence.net/request_content.php?s=21638700024036500710580011764007&a=3855b51f
Frame ID: 9F8517D24820F2C090B4B7CF0AD07EFD
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 31CE71C393E26C99DD08200A049E0F4E
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C51BF6061AD426BB7A9B6C2D5EBDC551
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Noticias de Barranquilla, la región Caribe, Colombia y el mundo - ELHERALDO.CO

Page URL History Show full URLs

http://elheraldo.co/ HTTP 301
https://www.elheraldo.co/ Page URL

Page Statistics

261
Requests

93 %
HTTPS

0 %
IPv6

35
Domains

63
Subdomains

50
IPs

7
Countries

3209 kB
Transfer

6693 kB
Size

50
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://bit.ly/2CR7fYG
Title: Seguros para mascotas

Search URL Search Domain Scan URL

URL: https://clasificados.elheraldo.co/
Title: Clasificados

Search URL Search Domain Scan URL

URL: http://www.partnerinmobiliaria.co/inversiones-en-el-extranjero-opisas/?utm_source=ELHERALDO&utm_medium=bloqueHtml&utm_campaign=home&utm_term=quiero-invertir
Title: QUIERO INVERTIR

Search URL Search Domain Scan URL

URL: http://www.partnerinmobiliaria.co/revive-60/?utm_source=ELHERALDO&utm_medium=bloqueHtml&utm_campaign=home&utm_term=Revive%2060
Title: Ver más

Search URL Search Domain Scan URL

URL: http://www.partnerinmobiliaria.co/simplicity/?utm_source=ELHERALDO&utm_medium=bloqueHtml&utm_campaign=home&utm_term=Simplicity
Title: Ver más

Search URL Search Domain Scan URL

URL: http://www.partnerinmobiliaria.co/coral-tower/?utm_source=ELHERALDO&utm_medium=bloqueHtml&utm_campaign=home&utm_term=Coral%20Tower
Title: Ver más

Search URL Search Domain Scan URL

URL: https://landing.elheraldo.co/aluna-beach-santa-marta?utm_source=ELHERALDO&utm_medium=bloqueHtml&utm_campaign=home&utm_term=Aluna
Title: Ver más

Search URL Search Domain Scan URL

URL: http://elheraldo.pressreader.com/gente-caribe/
Title: Abrir esta edición en la App

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.newspaperdirect.elheraldoandroid
Title: Google Play

Search URL Search Domain Scan URL

URL: https://apps.apple.com/co/app/el-heraldo/id1042164245
Title: App Store

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/el-heraldo-s.a./
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/fansheraldo
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/elheraldoco
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.instagram.com/elheraldoco/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/ELHERALDOINTERNET
Title: Youtube

Search URL Search Domain Scan URL

URL: https://www.aldia.co/
Title: Aldia.co

Search URL Search Domain Scan URL

URL: https://www.sic.gov.co/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://elheraldo.co/ HTTP 301
https://www.elheraldo.co/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 140

https://cm.g.doubleclick.net/pixel?google_nid=navegg_ddp&google_cm&id=67064758014 HTTP 302
https://sync2.navdmp.com/sync?prtid=2&id=67064758014&google_gid=CAESEOlq0Ir_pGbVeYK7A7-Walo&google_cver=1

Request Chain 141

https://pixel.mathtag.com/sync/img?redir=https%3A//sync.navdmp.com/sync%3Fimg%3D1%26mdia%3D%5BMM_UUID%5D HTTP 302
https://sync.navdmp.com/sync?img=1&mdia=8bea617e-32cc-4800-87b5-48e62c32b6bf

Request Chain 175

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI7dptcEsmtjjo83nWl1g50&google_cver=1

Request Chain 176

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YX4yzSL8WSLujiuqaCvP6gAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI7dptcEsmtjjo83nWl1g50&google_cver=1

Request Chain 177

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEHI3BLKhoxoxSLi7_eN71eY&google_cver=1

Request Chain 178

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTc3MzI1MzIyNDcxNTQwNjg1

Request Chain 179

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI7dptcEsmtjjo83nWl1g50&google_cver=1

Request Chain 180

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YX4yzSL8WSLujiuqaCvP6gAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI7dptcEsmtjjo83nWl1g50&google_cver=1

Request Chain 181

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEHI3BLKhoxoxSLi7_eN71eY&google_cver=1

Request Chain 182

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYxODc5NTE5ODc0ODMzOTg0OQ%3D%3D

Request Chain 193

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI7dptcEsmtjjo83nWl1g50&google_cver=1

Request Chain 194

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YX4yzSL8WSLujiuqaCvP6gAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI7dptcEsmtjjo83nWl1g50&google_cver=1

Request Chain 195

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEHI3BLKhoxoxSLi7_eN71eY&google_cver=1

Request Chain 196

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYxODc5NTE5ODc0ODMzOTg0OQ%3D%3D

Request Chain 221

https://hal90007.redintelligence.net/request.php?zone=k87fl8jofdhz&nw=20&renderingType=javascript&namespace=4b1edcea28&subid=&uid=61204cff86392a25&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1tryzDJ-YebeEI_igAezj62wAo_g-IZT_bGLpMoM8C4QASDn_MZnYJXikIKgB8gBCakCLoL0L5Flsz6oAwGqBIkCT9DE_fS1QkCRxwChQTLYk0F8WmAbdtd0zaLmJ7oq9RYY6uRmpxh_nYnuBWrIqpX-7Ofu_X4YsU88sPsCal8MfaYvAKAjYMEiykt1Xxnfy-HBHENMJX_6HTNtMu4S9S5FlmNNv2QR9uQq6O9UgR6Sy2-aGkU-UMp4RZ7DlZdZKHsq9i-gIwsXZ9_R6Gay1t-X9ffUsL-BwuaDfYH_wToszv5y2835eHaPURMZHIEn9xiD4wFg59fJz_zWTKD1HAsViWsNJIUWcmZkiTwOASarURIrlvKYeZVi_rOEc04r1_xW6EvmcnyM1qRp8f5nNgJIaK_e8AVtz1WbEm5YeIbjrLk0oi6cnRaJsMAEu_GowM8B4AQDkAYBoAZNgAfr5-heqAfw2RuoB_LZG6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiI4YAQEAEYHYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRoxD2rXp90RiUTEWHjc74tza1ZbA%26sig%3DAOD64_2rhjsZUjQVWEHyqABBJvh6FjaVUQ%26client%3Dca-pub-2063825275429439%26dbm_c%3DAKAmf-BqHhm0NKGBaIFg6ak1LTgAi87zbp4eKGd3bZNWbcFobmxC7pVRiTixwVVlQHd8rI2ylukuPcAKsHGVRP29cpIL21jCY5LSMPFSoVvp2Kd8oyBUXSSeC5UOLdoai8_tFtAHZorVa8luzJgpJA7hsxW-iIMC3Q%26cry%3D1%26dbm_d%3DAKAmf-BrX0Omhc3ZkUIqSP5JZxUPtS-zJiHPEZsBtVlVrMXMP9IejXBy9yodz8Uo19oQheeONB3apJsXnnlFyUffxFZ-f-wExgCmJzmq1B9gslFR1tHYKnKJ1U_YfMdyCL4_LiEGcd86pwGPB6DhC-C5S-_EFwiPbqWZiCjw0p8pkJgilNEIxSqlOl-Si-pTJJ9j76RJQTlcGkM3pvhzSuvnP04ZAlc5p3fjX0dVueRNaVqifb39EDCgpRBIERNU1IrSUietX9Bkjp_LMKpcZ2dsUSExfaez3yf4PQbxUMBqGZnyhIchMHLqLk7Cdk15LEI0q1PI7SonffOIsUpPfZfEl2z8mlw3qnrzgWFa5XKy4QZbE94-E_qJkErQj7jZgZAVLaIG0rxcGLLKrvq09aqIl_IeKy_3VI-5gP6tqjYlFSZB3Y5Tti2T8r0YEnRNxv0k8HtabDXr%26adurl%3D&documentReferer=https%3A%2F%2Fwww.elheraldo.co%2F&ancestorOrigins=https%3A%2F%2Fwww.elheraldo.co&random=4364696822486&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal90007.redintelligence.net/request.php?zone=k87fl8jofdhz&nw=20&renderingType=javascript&namespace=4b1edcea28&subid=&uid=61204cff86392a25&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1tryzDJ-YebeEI_igAezj62wAo_g-IZT_bGLpMoM8C4QASDn_MZnYJXikIKgB8gBCakCLoL0L5Flsz6oAwGqBIkCT9DE_fS1QkCRxwChQTLYk0F8WmAbdtd0zaLmJ7oq9RYY6uRmpxh_nYnuBWrIqpX-7Ofu_X4YsU88sPsCal8MfaYvAKAjYMEiykt1Xxnfy-HBHENMJX_6HTNtMu4S9S5FlmNNv2QR9uQq6O9UgR6Sy2-aGkU-UMp4RZ7DlZdZKHsq9i-gIwsXZ9_R6Gay1t-X9ffUsL-BwuaDfYH_wToszv5y2835eHaPURMZHIEn9xiD4wFg59fJz_zWTKD1HAsViWsNJIUWcmZkiTwOASarURIrlvKYeZVi_rOEc04r1_xW6EvmcnyM1qRp8f5nNgJIaK_e8AVtz1WbEm5YeIbjrLk0oi6cnRaJsMAEu_GowM8B4AQDkAYBoAZNgAfr5-heqAfw2RuoB_LZG6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiI4YAQEAEYHYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRoxD2rXp90RiUTEWHjc74tza1ZbA%26sig%3DAOD64_2rhjsZUjQVWEHyqABBJvh6FjaVUQ%26client%3Dca-pub-2063825275429439%26dbm_c%3DAKAmf-BqHhm0NKGBaIFg6ak1LTgAi87zbp4eKGd3bZNWbcFobmxC7pVRiTixwVVlQHd8rI2ylukuPcAKsHGVRP29cpIL21jCY5LSMPFSoVvp2Kd8oyBUXSSeC5UOLdoai8_tFtAHZorVa8luzJgpJA7hsxW-iIMC3Q%26cry%3D1%26dbm_d%3DAKAmf-BrX0Omhc3ZkUIqSP5JZxUPtS-zJiHPEZsBtVlVrMXMP9IejXBy9yodz8Uo19oQheeONB3apJsXnnlFyUffxFZ-f-wExgCmJzmq1B9gslFR1tHYKnKJ1U_YfMdyCL4_LiEGcd86pwGPB6DhC-C5S-_EFwiPbqWZiCjw0p8pkJgilNEIxSqlOl-Si-pTJJ9j76RJQTlcGkM3pvhzSuvnP04ZAlc5p3fjX0dVueRNaVqifb39EDCgpRBIERNU1IrSUietX9Bkjp_LMKpcZ2dsUSExfaez3yf4PQbxUMBqGZnyhIchMHLqLk7Cdk15LEI0q1PI7SonffOIsUpPfZfEl2z8mlw3qnrzgWFa5XKy4QZbE94-E_qJkErQj7jZgZAVLaIG0rxcGLLKrvq09aqIl_IeKy_3VI-5gP6tqjYlFSZB3Y5Tti2T8r0YEnRNxv0k8HtabDXr%26adurl%3D&documentReferer=https%3A%2F%2Fwww.elheraldo.co%2F&ancestorOrigins=https%3A%2F%2Fwww.elheraldo.co&random=4364696822486&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 223

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 228

https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=21638700024036500710580011764007&t=htlp HTTP 301
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=21638700024036500710580011764007&actionid=731824&produktid=businessgiro&dt_url=

Request Chain 229

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=21638700024036500710580011764007 HTTP 302
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=972344917

Request Chain 230

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2078892201127.398 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CIv7w5X-8_MCFUaUhQodOM8IyQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2078892201127.398

Request Chain 232

https://pv.medialead.de/trck/eview/e99aace94e6e5873830a7df8deda4aa6?subid=21638700024036500710580011764007 HTTP 301
https://ad-server.eu/wm/pb/native.png

Request Chain 256

https://ads.us.e-planning.net/hb/1/2c34d/12345093/www.elheraldo.co/ROS?rnd=0.8827107373896694&e=elheraldohomedesktop970x250:300x250!/elheraldo_home_desktop_970x250+elheraldohomedesktop1728x90:728x90!/elheraldo_home_desktop_1_728x90+elheraldohomedesktop2728x90:728x90!/elheraldo_home_desktop_2_728x90+elheraldohomedesktop1300x250:300x250!/elheraldo_home_desktop_1_300x250+elheraldohomedesktop2300x250:300x250!/elheraldo_home_desktop_2_300x250+elheraldohomedesktop3300x250:300x250!/elheraldo_home_desktop_3_300x250+elheraldohomedesktop4300x250:300x250!/elheraldo_home_desktop_4_300x250+elheraldohomedesktoplayer600x400:1x1!/elheraldo_home_desktop_layer_600x400+elheraldohomedesktopflotante1180x50:728x90!/elheraldo_home_desktop_flotante_1180x50&fv=0&ur=https%3A//www.elheraldo.co/&cb=hbepl.rH&ts=1635660495&tz=0&facmd5=0&srvtarg=section:home;url:https%3A//www.elheraldo.co/&sltarg=~!~!~!~!~!~!~!~!~&crs=UTF-8&vs=FFFFFFFFF&ncb=1&gdpr=0&ccpa=1--- HTTP 302
https://ads.us.e-planning.net/hb/1/2c34d/12345093/www.elheraldo.co/ROS?ct=1&rnd=0.8827107373896694&e=elheraldohomedesktop970x250:300x250!/elheraldo_home_desktop_970x250+elheraldohomedesktop1728x90:728x90!/elheraldo_home_desktop_1_728x90+elheraldohomedesktop2728x90:728x90!/elheraldo_home_desktop_2_728x90+elheraldohomedesktop1300x250:300x250!/elheraldo_home_desktop_1_300x250+elheraldohomedesktop2300x250:300x250!/elheraldo_home_desktop_2_300x250+elheraldohomedesktop3300x250:300x250!/elheraldo_home_desktop_3_300x250+elheraldohomedesktop4300x250:300x250!/elheraldo_home_desktop_4_300x250+elheraldohomedesktoplayer600x400:1x1!/elheraldo_home_desktop_layer_600x400+elheraldohomedesktopflotante1180x50:728x90!/elheraldo_home_desktop_flotante_1180x50&fv=0&ur=https%3A//www.elheraldo.co/&cb=hbepl.rH&ts=1635660495&tz=0&facmd5=0&srvtarg=section:home;url:https%3A//www.elheraldo.co/&sltarg=~!~!~!~!~!~!~!~!~&crs=UTF-8&vs=FFFFFFFFF&ncb=1&gdpr=0&ccpa=1---

261 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.elheraldo.co/
Redirect Chain

http://elheraldo.co/
https://www.elheraldo.co/

172 KB
37 KB

390ms
128ms

Document
text/html

169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elheraldo.co/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),

Reverse DNS

8c.df.30a9.ip4.static.sl-reverse.com

Software

openresty / PHP/5.6.40

Resource Hash

6523d333118cdcd10c238f305d89be560428e36b57209093e2f137b1667aef19

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

server: openresty
date: Sun, 31 Oct 2021 06:08:11 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
expires: Sun, 31 Oct 2021 06:09:11 GMT
cache-control: max-age=60 public
x-content-type-options: nosniff
content-language: es
x-generator: Drupal 7 (https://www.drupal.org)
link: <https://www.elheraldo.co/>; rel="canonical",<https://www.elheraldo.co/>; rel="shortlink"
access-control-allow-origin: *
x-cdnhost: node04a.cdn.net.co
x-cached: HIT
content-encoding: gzip

Redirect headers

Server: openresty
Date: Sun, 31 Oct 2021 06:08:10 GMT
Content-Type: text/html
Content-Length: 166
Connection: keep-alive
Location: https://www.elheraldo.co/

GET
H2 200 chartbeat_mab.js Show response
static.chartbeat.com/js/ 22 KB
10 KB 53ms
7ms Script
application/x-javascript 18.66.99.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat_mab.js
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.99.146 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 3d54d65d1a3e03ee57b6b3bea623447a1d39393610bdd51bb389fe20c0b17f78

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 04:18:09 GMT
content-encoding: gzip
last-modified: Thu, 28 Oct 2021 00:17:06 GMT
server: nginx
age: 6602
etag: W/"6179ec02-59c1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 b9d2ce196c8a711fb15d92175d58476e.cloudfront.net (CloudFront)
cache-control: max-age=7200
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: rgLENM9R9xKwho83X84LOOPSnhid-yO8ECXrNMm_YIVZoqH8Ze-DgA==
expires: Sun, 31 Oct 2021 06:18:09 GMT

GET
H2 200 global.css
www.elheraldo.co/sites/all/themes/elheraldo/css/ 106 KB
19 KB 166ms
165ms Stylesheet
text/css 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/css/global.css?r1tnuc
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 4cda0550ea8955071802004ed78ea3e4a87118c0ed092e770636ab9520bfa4f1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
last-modified: Mon, 27 Sep 2021 16:49:54 GMT
server: openresty
etag: W/"6151f632-1a6e4"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=3600, public
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 31 Oct 2021 07:08:11 GMT

GET
H2 200 portada.css
www.elheraldo.co/sites/all/themes/elheraldo/css/ 211 KB
27 KB 166ms
165ms Stylesheet
text/css 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/css/portada.css
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: d8e6f82292b7572298880ef024f38ed1cf762d5f5a56b05cd285d7acc288de17

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
last-modified: Fri, 29 Oct 2021 21:47:49 GMT
server: openresty
etag: W/"617c6c05-34a20"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=3600, public
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 31 Oct 2021 07:08:11 GMT

GET
H2 200 jquery-1.7.2.min.js Show response
code.jquery.com/ 93 KB
33 KB 55ms
15ms Script
application/javascript 69.16.175.42
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.7.2.min.js
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.42 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS: tlb.hwcdn.net
Software: nginx /
Resource Hash: 47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
last-modified: Fri, 24 Oct 2014 00:16:07 GMT
server: nginx
etag: W/"54499a47-17278"
vary: Accept-Encoding
x-hw: 1635660491.dop219.am5.t,1635660491.cds221.am5.hn,1635660491.cds259.am5.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 33626

GET
H2 200 platform.js Show response
apis.google.com/js/ 52 KB
21 KB 95ms
43ms Script
application/javascript 142.250.184.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/platform.js?onload=onLoad

Requested by

Host: www.elheraldo.co
URL: https://www.elheraldo.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f14.1e100.net

Software

ESF /

Resource Hash

05ab247fce0dfab52ea055e6d26c284823447b3a9af948c435a8d465e17a187f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-MtkDWRwByONG8xdEWNVK/A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
etag: "055039a0ef545619c2addf7061d086b9"
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"}]}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-MtkDWRwByONG8xdEWNVK/A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"
expires: Sun, 31 Oct 2021 06:08:11 GMT

GET
H2 200 drupa-ajax-superfish-mnoticas-recomen-front.min.js Show response
www.elheraldo.co/sites/all/themes/elheraldo/js/asset/ 24 KB
9 KB 166ms
165ms Script
application/javascript 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/js/asset/drupa-ajax-superfish-mnoticas-recomen-front.min.js?r1tnuc
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 3a955f347a21939a368857c5ff33fea8384c2865efac19eb0f5f21943b6312f9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
last-modified: Tue, 22 Jan 2019 16:05:45 GMT
server: openresty
etag: W/"5c473f59-5fcc"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 31 Oct 2021 07:08:11 GMT

GET
H2 200 jquery.min.js Show response
www.elheraldo.co/sites/all/themes/elheraldo/js/ 93 KB
37 KB 166ms
165ms Script
application/javascript 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/js/jquery.min.js?r1tnuc
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: def24fa0fffd908d60ace6dd4300f25ab734f7a222d076bfcd1ff5e34b1c4719

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
last-modified: Tue, 22 Jan 2019 16:05:46 GMT
server: openresty
etag: W/"5c473f5a-174a8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 31 Oct 2021 07:08:11 GMT

GET
H2 200 mediaelement-and-player.min.js Show response
www.elheraldo.co/sites/all/themes/elheraldo/js/ 67 KB
22 KB 168ms
168ms Script
application/javascript 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/js/mediaelement-and-player.min.js?r1tnuc
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: e77911a44cb8f18ba723b2306ae051f2e6cc49f8f696cbcf98bd01cc24d7ac46

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
last-modified: Mon, 10 Jun 2019 15:20:54 GMT
server: openresty
etag: W/"5cfe7556-10dca"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 31 Oct 2021 07:08:11 GMT

GET
H/1.1 200
OK cx.js Show response
scdn.cxense.com/ 116 KB
27 KB 43ms
12ms Script
application/x-javascript 23.79.131.70
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://scdn.cxense.com/cx.js
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.79.131.70 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-131-70.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: b64f53bf69d080d62a915b32b4c7c8a2b31a787b3ccf64c4a63aeba170355c22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 06:08:11 GMT
Content-Encoding: gzip
Last-Modified: Thu, 07 Oct 2021 12:43:03 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 27751
Expires: Sun, 31 Oct 2021 07:08:11 GMT

GET
H2 200 jquery.cookie.js Show response
www.elheraldo.co/sites/all/themes/elheraldo/js/ 3 KB
2 KB 168ms
168ms Script
application/javascript 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/js/jquery.cookie.js
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 8c0301b3dba5061632d7321cd8bb7bd527f48288d5cb15ff614ea0c1dcc1ad69

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
last-modified: Wed, 16 Dec 2020 01:50:39 GMT
server: openresty
etag: W/"5fd967ef-c44"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 31 Oct 2021 07:08:11 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 81 KB
27 KB 76ms
25ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.elheraldo.co
URL: https://www.elheraldo.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

sffe /

Resource Hash

9d8892bc43812f40a125039a7ed6189d38b4ba6154ed713893547d0d9626ab03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1029 / 553 of 1000 / last-modified: 1635545117"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27350
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 31 Oct 2021 06:08:11 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 81 KB
27 KB 99ms
46ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.elheraldo.co
URL: https://www.elheraldo.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

4dba1e011745c1bec0b32691b466bf85c8972935bdb186a45fc96296136b23d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1029 / 911 of 1000 / last-modified: 1635545062"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27294
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 31 Oct 2021 06:08:11 GMT

GET
H2 200 owl.carousel.min.js Show response
www.elheraldo.co/sites/all/themes/elheraldo/js/ 39 KB
12 KB 168ms
168ms Script
application/javascript 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/js/owl.carousel.min.js
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 337d3118dac28a5894b0c79a6aa89b2a7d6a5c3dd83f8ea59f094f5bd1a46f5c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
last-modified: Mon, 10 Jun 2019 15:21:00 GMT
server: openresty
etag: W/"5cfe755c-9d33"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 31 Oct 2021 07:08:11 GMT

GET
H2 200 el-heraldo-logo.svg
www.elheraldo.co/sites/all/themes/elheraldo/images/ 4 KB
2 KB 128ms
124ms Image
image/svg+xml 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/images/el-heraldo-logo.svg
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 154d603a272ba6f50340f0413f5e7405db85fd4fcf5a4c262696ef6741207ab0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
last-modified: Tue, 22 Jan 2019 16:11:39 GMT
server: openresty
etag: W/"5c4740bb-11be"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=604800, public
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 104 KB
40 KB 79ms
28ms Script
application/javascript 142.250.184.200
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MGHCJ5L

Requested by

Host: www.elheraldo.co
URL: https://www.elheraldo.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

100a446c34e1d66fda53593a4a7b4bbb4ef765113cc1084c0e93401957f970ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40872
x-xss-protection: 0
expires: Sun, 31 Oct 2021 06:08:11 GMT

GET
H2 200 logo-wasapea.svg
www.elheraldo.co/sites/all/themes/elheraldo/images/especiales/wasapea/ 14 KB
7 KB 128ms
124ms Image
image/svg+xml 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/images/especiales/wasapea/logo-wasapea.svg
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 5972dcc2a218e535aea4b3ef6c8119e806117690b4cf77e2c810f6d5bdd6a520

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
last-modified: Fri, 13 Mar 2020 19:44:57 GMT
server: openresty
etag: W/"5e6be2b9-3973"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=604800, public
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 picture-2897-1587678561.jpg
www.elheraldo.co/sites/default/files/styles/40x40/public/pictures/ 1 KB
1 KB 128ms
124ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/40x40/public/pictures/picture-2897-1587678561.jpg
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 3f70e7f6d813e2be815c5ebea1782b5b7ec4b3fde08702dfddf0d262a2c939b3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Thu, 23 Apr 2020 23:52:58 GMT
server: openresty
etag: "5ea22a5a-4c4"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 1220
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 picture-2931-1477582658.jpg
www.elheraldo.co/sites/default/files/styles/40x40/public/pictures/ 1 KB
1 KB 129ms
124ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/40x40/public/pictures/picture-2931-1477582658.jpg
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: beec1f82a77a9df0d7ca8c234f10f11e89593d7568fc16927ad1899e0bb6f3fb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Sun, 05 Apr 2020 15:31:06 GMT
server: openresty
etag: "5e89f9ba-495"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 1173
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 picture-176364-1572906800.jpg
www.elheraldo.co/sites/default/files/styles/40x40/public/pictures/ 1 KB
1 KB 130ms
125ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/40x40/public/pictures/picture-176364-1572906800.jpg
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 30a029db0f6873c5e78166df4f60bb15258566d927192ae7a3182e380b47703e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Sun, 05 Apr 2020 14:42:53 GMT
server: openresty
etag: "5e89ee6d-49e"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 1182
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 picture-292375-1600404440.jpg
www.elheraldo.co/sites/default/files/styles/40x40/public/pictures/ 1 KB
2 KB 131ms
127ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/40x40/public/pictures/picture-292375-1600404440.jpg
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: b79ad2538704c60b7166e9bde51a2e479d32eab9445755230ccbd8681e3d9611

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Fri, 18 Sep 2020 04:50:20 GMT
server: openresty
etag: "5f643c8c-552"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 1362
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 picture-2627-1605300459.jpg
www.elheraldo.co/sites/default/files/styles/40x40/public/pictures/ 1 KB
1 KB 131ms
127ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/40x40/public/pictures/picture-2627-1605300459.jpg
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 661abc672aeb86b2319c87347477dcecd2c0921700376fe19ac1152a3be01277

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Fri, 13 Nov 2020 20:51:25 GMT
server: openresty
etag: "5faef1cd-44e"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 1102
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 picture-330476-1618429941.jpg
www.elheraldo.co/sites/default/files/styles/40x40/public/pictures/ 1 KB
1 KB 132ms
128ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/40x40/public/pictures/picture-330476-1618429941.jpg
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: a15a5dc1f5dab9977b6bdd6e78fe18a24ca2876ec3fd345b81aa982ff0c1393a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Wed, 14 Apr 2021 21:58:02 GMT
server: openresty
etag: "6077656a-48f"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 1167
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 logo-partner.svg
www.elheraldo.co/sites/all/themes/elheraldo/images/especiales/partner/ 5 KB
2 KB 132ms
128ms Image
image/svg+xml 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/images/especiales/partner/logo-partner.svg
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: d1e93ecdf4f3797c36b6fae30baf399c44db6dfa0db44a7462844423eee831fb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
last-modified: Tue, 23 Jun 2020 16:54:28 GMT
server: openresty
etag: W/"5ef233c4-143f"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=604800, public
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 revive-60-desktop-300x166.jpg
www.elheraldo.co/sites/all/themes/elheraldo/images/especiales/partner/proyectos/ 16 KB
16 KB 132ms
128ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/images/especiales/partner/proyectos/revive-60-desktop-300x166.jpg
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 213b8e171fa928cdf534e06f0d30825268a59e50516cdd528930c172b538f137

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Wed, 27 Jan 2021 21:24:47 GMT
server: openresty
etag: "6011da1f-40b8"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 16568
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 symplicity-desktop-300x166.jpg
www.elheraldo.co/sites/all/themes/elheraldo/images/especiales/partner/proyectos/ 17 KB
18 KB 132ms
128ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/images/especiales/partner/proyectos/symplicity-desktop-300x166.jpg
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: eb9f4a149613f755fabb5847e72597aa631102023d74383cbd3b31a11900cb59

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Wed, 27 Jan 2021 21:24:20 GMT
server: openresty
etag: "6011da04-44f4"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 17652
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 coral-tower-desktop-300x166.jpg
www.elheraldo.co/sites/all/themes/elheraldo/images/especiales/partner/proyectos/ 22 KB
22 KB 132ms
129ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/images/especiales/partner/proyectos/coral-tower-desktop-300x166.jpg
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 50780a3ad6be0b7b71a2a9ecedb36d0b2c20bc3c605341ad0ea989d9119142fc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Wed, 27 Jan 2021 21:24:19 GMT
server: openresty
etag: "6011da03-580f"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 22543
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 aluna-desktop-300x166.jpg
www.elheraldo.co/sites/all/themes/elheraldo/images/especiales/partner/proyectos/ 18 KB
19 KB 132ms
129ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/images/especiales/partner/proyectos/aluna-desktop-300x166.jpg
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 3558894f845c27af72afd49d873ee38c3d8b112f5f2cd5eb50c3fd589690df10

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Wed, 27 Jan 2021 21:24:46 GMT
server: openresty
etag: "6011da1e-498d"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 18829
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 / Show response
mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/ 155 B
475 B 34ms
7ms XHR
application/json 151.101.194.202
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/?host=elheraldo.co&domain=elheraldo.co&path=%2F
Requested by: Host: static.chartbeat.com
URL: https://static.chartbeat.com/js/chartbeat_mab.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.202 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 07689f6658b657fbd9ba1348ac37ac90860644cf5fc136136232670c320ea784

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
x-cache-hits: 1
age: 384
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 122
x-served-by: cache-hhn4037-HHN
access-control-allow-origin: *
x-timer: S1635660491.324556,VS0,VE1
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
content-type: application/json
via: 1.1 varnish (Varnish/6.0), 1.1 varnish
cache-control: no-store, no-cache, must-revalidate, max-age=0, s-maxage=0
accept-ranges: bytes
expires: Fri, 29 Oct 2021 06:01:47 GMT

GET
H2 200 logo_SIC.png
www.elheraldo.co/sites/all/themes/elheraldo/images/ 9 KB
9 KB 132ms
129ms Image
image/png 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/images/logo_SIC.png
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 3dc008b4ede39cf19f3b6724b9087e1c95d97fcfe7280e6e53c417050c64a8db

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Thu, 13 May 2021 20:12:19 GMT
server: openresty
etag: "609d8823-22c4"
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 8900
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 jquery-ui.min.js Show response
code.jquery.com/ui/1.12.1/ 248 KB
66 KB 23ms
21ms Script
application/javascript 69.16.175.42
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/ui/1.12.1/jquery-ui.min.js
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.42 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS: tlb.hwcdn.net
Software: nginx /
Resource Hash: 55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
last-modified: Wed, 14 Sep 2016 16:34:16 GMT
server: nginx
etag: W/"57d97c08-3dee4"
vary: Accept-Encoding
x-hw: 1635660491.dop219.am5.t,1635660491.cds221.am5.hn,1635660491.cds263.am5.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 67751

GET
H2 200 jquery-ui.min.css
code.jquery.com/ui/1.12.1/themes/base/ 30 KB
8 KB 16ms
16ms Stylesheet
text/css 69.16.175.42
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.min.css
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.42 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS: tlb.hwcdn.net
Software: nginx /
Resource Hash: b0419faf03242236e04c1c062d52b7f011bf5f0222342fc4006f51cec7dd6ba0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
last-modified: Wed, 14 Sep 2016 16:34:16 GMT
server: nginx
etag: W/"57d97c08-7804"
vary: Accept-Encoding
x-hw: 1635660491.dop219.am5.t,1635660491.cds221.am5.hn,1635660491.cds115.am5.c
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 7543

GET
H2 200 owl.carousel.css
www.elheraldo.co/sites/all/themes/elheraldo/css/ 4 KB
1 KB 124ms
123ms Stylesheet
text/css 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/css/owl.carousel.css
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 296b45fa80965f80ddbd4da7e2dc984ebc1d06ef3b90ef631d35e4e4d0ae760f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
last-modified: Mon, 10 Jun 2019 15:21:29 GMT
server: openresty
etag: W/"5cfe7579-11f4"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=3600, public
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 31 Oct 2021 07:08:11 GMT

GET
H2 200 html.min.js Show response
www.elheraldo.co/sites/all/themes/elheraldo/js/ 9 KB
3 KB 139ms
137ms Script
application/javascript 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/js/html.min.js
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 8b962ceb839d35a3307e9f0189c91721a174cfffc8902e6479eb77ca06e5ddb2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
last-modified: Fri, 26 Mar 2021 15:23:25 GMT
server: openresty
etag: W/"605dfc6d-246b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 31 Oct 2021 07:08:11 GMT

GET
H2 200 scripts.min.js Show response
www.elheraldo.co/sites/all/themes/elheraldo/js/ 20 KB
6 KB 139ms
137ms Script
application/javascript 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/js/scripts.min.js
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 6b9fbbe50d28dc29f8dded097d36c88c31c2f027bd35a63197416be726f91203

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
last-modified: Thu, 13 May 2021 20:07:20 GMT
server: openresty
etag: W/"609d86f8-510a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 31 Oct 2021 07:08:11 GMT

GET
H2 200 111 Show response
web.cloudvideo.com.co/p/111/sp/11100/embedIframeJs/uiconf_id/23448638/partner_id/ 75 KB
25 KB 814ms
359ms Script
text/javascript 169.48.223.141
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://web.cloudvideo.com.co/p/111/sp/11100/embedIframeJs/uiconf_id/23448638/partner_id/111
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.48.223.141 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8d.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 3d88dbf70ea0989e74b8914c217497a613f705a8b2b8ecc68742a51e5aa8e616

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-kaltura: dumpUrl
x-me: web.cloudvideo.com.co
date: Sun, 31 Oct 2021 06:08:12 GMT
content-encoding: gzip
x-kaltura-session: 1751272368, 1635660492
x-cached: EXPIRED
x-cdnhost: node04a.cdn.net.co
pragma
allow: GET, POST, HEAD
last-modified: Sun, 31 Oct 2021 06:08:12 GMT
server: openresty
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=60, public
x-robots-tag: none
expires: Sun, 31 Oct 2021 06:09:12 GMT

GET
H2 200 111 Show response
web.cloudvideo.com.co/p/111/sp/11100/embedIframeJs/uiconf_id/23448395/partner_id/ 75 KB
25 KB 683ms
228ms Script
text/javascript 169.48.223.141
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://web.cloudvideo.com.co/p/111/sp/11100/embedIframeJs/uiconf_id/23448395/partner_id/111
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 169.48.223.141 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8d.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 358244d1c18662900f425b3a08885a9c29a2ed3a773ed06c1237d03bab49a7ce

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-kaltura: dumpUrl
x-me: web.cloudvideo.com.co
date: Sun, 31 Oct 2021 06:08:12 GMT
content-encoding: gzip
x-kaltura-session: 1040272041, 1635660492
x-cached: EXPIRED
x-cdnhost: node04a.cdn.net.co
pragma
allow: GET, POST, HEAD
last-modified: Sun, 31 Oct 2021 06:08:12 GMT
server: openresty
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=60, public
x-robots-tag: none
expires: Sun, 31 Oct 2021 06:09:12 GMT

GET
H2 200 nuevo--login.js Show response
www.elheraldo.co/sites/all/themes/elheraldo/js/ 5 KB
2 KB 139ms
137ms Script
application/javascript 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/js/nuevo--login.js
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: f65917eebc1429714fdb9e29c086e8bc3e40feb6067eedaa13f32dd27fa6f344

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
last-modified: Tue, 24 Aug 2021 01:20:58 GMT
server: openresty
etag: W/"6124497a-14ab"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 31 Oct 2021 07:08:11 GMT

GET
H/1.1 200
OK cx.cce.js Show response
cdn.cxense.com/ 22 KB
6 KB 40ms
13ms Script
application/x-javascript 23.79.131.70
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/cx.cce.js
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.79.131.70 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-131-70.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 78b341647e8bf718869378550c0c14b87bfe33967b4944d7dac6a2a1f3290d4c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 06:08:11 GMT
Content-Encoding: gzip
Last-Modified: Thu, 08 Jul 2021 14:49:19 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5864
Expires: Sun, 31 Oct 2021 07:08:11 GMT

GET
H2 200 load Show response
experience.tinypass.com/xbuilder/experience/ 4 KB
2 KB 68ms
20ms Script
application/javascript 104.17.185.177
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://experience.tinypass.com/xbuilder/experience/load?aid=Xb1AT5sffh

Requested by

Host: www.elheraldo.co
URL: https://www.elheraldo.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.185.177 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dbfede1e21d71d7f8e156372bf95614e055ae5297e43449564c52495f6190fac

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: br
vary: accept-encoding
cf-cache-status: HIT
age: 66
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-request-id: Cj7vt1rDilh
wn: prod-exp-10-0-116-179
last-modified: Sun, 31 Oct 2021 05:57:19 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=1800
cf-ray: 6a6ab518a8bd7160-DUS
expires: Sun, 31 Oct 2021 06:38:11 GMT

GET
H2 200 sprite-ico-generales.svg
www.elheraldo.co/sites/all/themes/elheraldo/images/ 30 KB
10 KB 236ms
236ms Image
image/svg+xml 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/images/sprite-ico-generales.svg
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/sites/all/themes/elheraldo/css/global.css?r1tnuc
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 3fa0f5ee776b6da2a6df7cb6926ae57124068fa9d6d88bf8a175eefcf0920337

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/sites/all/themes/elheraldo/css/global.css?r1tnuc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
last-modified: Fri, 09 Apr 2021 13:18:02 GMT
server: openresty
etag: W/"6070540a-7931"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=604800, public
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 ico-home.svg
www.elheraldo.co/sites/all/themes/elheraldo/images/ 569 B
598 B 235ms
235ms Image
image/svg+xml 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/images/ico-home.svg
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/sites/all/themes/elheraldo/css/global.css?r1tnuc
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: cbdb7e3c01d55adb8dc359bf16c0d1b8708d7c9ddd024bd66a9861fc04745b7a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/sites/all/themes/elheraldo/css/global.css?r1tnuc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
last-modified: Wed, 24 Jun 2020 17:34:36 GMT
server: openresty
etag: W/"5ef38eac-239"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=604800, public
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 roboto-regular-webfont.woff2
www.elheraldo.co/sites/all/themes/elheraldo/css/fonts/ 19 KB
19 KB 235ms
234ms Font
font/woff2 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/css/fonts/roboto-regular-webfont.woff2
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/sites/all/themes/elheraldo/css/global.css?r1tnuc
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 2491fb5e231d727b9a02dbf65c77a05a1c2ab565a4f08a72ced2e9f5cc9a1069

Request headers

Referer: https://www.elheraldo.co/sites/all/themes/elheraldo/css/global.css?r1tnuc
Origin: https://www.elheraldo.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Thu, 05 Sep 2019 19:32:15 GMT
server: openresty
etag: "5d7162bf-4b48"
content-type: font/woff2
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 19272
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 roboto-medium-webfont.woff2
www.elheraldo.co/sites/all/themes/elheraldo/css/fonts/ 19 KB
19 KB 235ms
234ms Font
font/woff2 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/css/fonts/roboto-medium-webfont.woff2
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/sites/all/themes/elheraldo/css/global.css?r1tnuc
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 863eddcf75a4fb1919045a54650067673a0d0fb531142b12b0e93e3bf07ec445

Request headers

Referer: https://www.elheraldo.co/sites/all/themes/elheraldo/css/global.css?r1tnuc
Origin: https://www.elheraldo.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Mon, 09 Sep 2019 14:59:34 GMT
server: openresty
etag: "5d7668d6-4c18"
content-type: font/woff2
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 19480
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 roboto-bold-webfont.woff2
www.elheraldo.co/sites/all/themes/elheraldo/css/fonts/ 19 KB
19 KB 235ms
235ms Font
font/woff2 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/css/fonts/roboto-bold-webfont.woff2
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/sites/all/themes/elheraldo/css/global.css?r1tnuc
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 3a14bf66583e4aedf509c1620ef8b9480d2af2ba1547257b027423cb82d790fe

Request headers

Referer: https://www.elheraldo.co/sites/all/themes/elheraldo/css/global.css?r1tnuc
Origin: https://www.elheraldo.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Thu, 05 Sep 2019 19:32:20 GMT
server: openresty
etag: "5d7162c4-4c08"
content-type: font/woff2
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 19464
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 ico-tipo-contenido.svg
www.elheraldo.co/sites/all/themes/elheraldo/images/ 4 KB
2 KB 204ms
204ms Image
image/svg+xml 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/images/ico-tipo-contenido.svg
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/sites/all/themes/elheraldo/css/global.css?r1tnuc
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 4936c54e53044016f3322862c2096511367d6ff29fb75aa41a3ca73505c3f42a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/sites/all/themes/elheraldo/css/global.css?r1tnuc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
last-modified: Tue, 25 Jun 2019 15:09:18 GMT
server: openresty
etag: W/"5d12391e-ed5"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=604800, public
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 2a_ninos.png
www.elheraldo.co/sites/default/files/styles/560x336/public/articulo/2021/10/30/ 374 KB
374 KB 200ms
199ms Image
image/png 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/560x336/public/articulo/2021/10/30/2a_ninos.png?itok=q9QnLJYF
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 71ee5deb9dfc777d684bef1ebe80848c9cd8f0fbd20e8a0247feab639c150271

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Sun, 31 Oct 2021 03:08:07 GMT
server: openresty
etag: "617e0897-5d6d1"
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 382673
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 comercio-halloween.jpg
www.elheraldo.co/sites/default/files/styles/200x113/public/articulo/2021/10/30/ 8 KB
8 KB 200ms
199ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/200x113/public/articulo/2021/10/30/comercio-halloween.jpg?itok=2hmqOPoP
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: c889e380f8c3bf53e987c697fe63ea8fcd5bb1853775e070b8637897dc1a95b6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Sun, 31 Oct 2021 03:08:08 GMT
server: openresty
etag: "617e0898-20de"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 8414
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 mallorquin.jpg
www.elheraldo.co/sites/default/files/styles/200x113/public/articulo/2021/10/30/ 8 KB
9 KB 200ms
200ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/200x113/public/articulo/2021/10/30/mallorquin.jpg?itok=w7vcFJok
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 219af1c64f6d98f74c132d0364b9b927336e6305555ed15a5363c18b3072e876

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Sun, 31 Oct 2021 03:08:07 GMT
server: openresty
etag: "617e0897-211f"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 8479
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 textura-banner-home.png
www.elheraldo.co/sites/all/themes/elheraldo/images/especiales/wasapea/ 22 KB
22 KB 187ms
187ms Image
image/png 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/images/especiales/wasapea/textura-banner-home.png
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/sites/all/themes/elheraldo/css/portada.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: d3eb67b57e26d8850555439a7223bf269277fbe945da55fb22b8ffa49328f1d8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/sites/all/themes/elheraldo/css/portada.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Wed, 28 Apr 2021 19:07:33 GMT
server: openresty
etag: "6089b275-5683"
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 22147
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 roboto-black-webfont.woff2
www.elheraldo.co/sites/all/themes/elheraldo/css/fonts/ 19 KB
19 KB 182ms
182ms Font
font/woff2 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/css/fonts/roboto-black-webfont.woff2
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/sites/all/themes/elheraldo/css/global.css?r1tnuc
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: dbe2ca01c41f45dc2d2be94da6df455d514077766377318330aa62ee04a5880e

Request headers

Referer: https://www.elheraldo.co/sites/all/themes/elheraldo/css/global.css?r1tnuc
Origin: https://www.elheraldo.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Thu, 05 Sep 2019 19:32:19 GMT
server: openresty
etag: "5d7162c3-4a94"
content-type: font/woff2
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 19092
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 roboto-light-webfont.woff2
www.elheraldo.co/sites/all/themes/elheraldo/css/fonts/ 19 KB
19 KB 182ms
182ms Font
font/woff2 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/css/fonts/roboto-light-webfont.woff2
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/sites/all/themes/elheraldo/css/global.css?r1tnuc
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 5f8a70a7042a8b2df5762f452b3957ab5d213950ea83af19cfdd3706563fb6b1

Request headers

Referer: https://www.elheraldo.co/sites/all/themes/elheraldo/css/global.css?r1tnuc
Origin: https://www.elheraldo.co
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Thu, 05 Sep 2019 19:32:21 GMT
server: openresty
etag: "5d7162c5-4a6c"
content-type: font/woff2
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 19052
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 otoniel-resena.jpg
www.elheraldo.co/sites/default/files/styles/300x168/public/articulo/2021/10/30/ 9 KB
9 KB 161ms
160ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/300x168/public/articulo/2021/10/30/otoniel-resena.jpg?itok=iq-Q0ZDo
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 2f285d87523186e406e7a832fc372e3a8f0664a5056c41be6195a010879ad19b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Sun, 31 Oct 2021 03:08:08 GMT
server: openresty
etag: "617e0898-22e7"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 8935
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 whatsapp_image_2021-10-30_at_4.52.10_pm.jpeg
www.elheraldo.co/sites/default/files/styles/300x168/public/articulo/2021/10/30/ 14 KB
15 KB 161ms
159ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/300x168/public/articulo/2021/10/30/whatsapp_image_2021-10-30_at_4.52.10_pm.jpeg?itok=izEkjGbP
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: d8ff49a6085ede2aeac2193dd88d8f3c1069f0c261f3e327c50d8f9547ddae77

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Sun, 31 Oct 2021 03:08:08 GMT
server: openresty
etag: "617e0898-396a"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 14698
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 juan_david_2.jpeg
www.elheraldo.co/sites/default/files/styles/300x168/public/articulo/2021/10/30/ 9 KB
9 KB 161ms
159ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/300x168/public/articulo/2021/10/30/juan_david_2.jpeg?itok=laeUSSIb
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 1c20412b48578377779983a6f75dc3a791d2356c0603997eb2907ac98448db2d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Sun, 31 Oct 2021 03:08:08 GMT
server: openresty
etag: "617e0898-2388"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 9096
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 omara_634068.jpeg
www.elheraldo.co/sites/default/files/styles/300x168/public/articulo/2021/10/30/ 10 KB
11 KB 172ms
171ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/300x168/public/articulo/2021/10/30/omara_634068.jpeg?itok=UAfgcNsj
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 469dc1f419a33e322b25e144378bb491fb703086a309258880028c71e7c9b56e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Sun, 31 Oct 2021 03:08:09 GMT
server: openresty
etag: "617e0899-2997"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 10647
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 pobreza-hambre.jpg
www.elheraldo.co/sites/default/files/styles/80x80/public/articulo/2021/10/30/ 3 KB
3 KB 173ms
171ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/80x80/public/articulo/2021/10/30/pobreza-hambre.jpg?itok=1gBVVgoW
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: ddebdef52889c9d97ed0cbc94f5535a649c42a5f5c84aa35b13a45e606666c52

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Sun, 31 Oct 2021 03:08:09 GMT
server: openresty
etag: "617e0899-bc1"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 3009
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 la_paz_1.jpg
www.elheraldo.co/sites/default/files/styles/80x80/public/articulo/2021/10/30/ 2 KB
3 KB 173ms
171ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/80x80/public/articulo/2021/10/30/la_paz_1.jpg?itok=TxcTMNn-
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 95ed2ab3458f795dac70ee4db137356fcd1c84d3610a88f6c7733689c3a88a6b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Sat, 30 Oct 2021 16:47:15 GMT
server: openresty
etag: "617d7713-9fd"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 2557
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 img-20211028-wa004956565656.jpg
www.elheraldo.co/sites/default/files/styles/80x80/public/articulo/2021/10/30/ 3 KB
3 KB 173ms
172ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/80x80/public/articulo/2021/10/30/img-20211028-wa004956565656.jpg?itok=vt8B-G6O
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 07d50c2c117a6ce3de82e0a152eb898bc1ec757990acede40845bdeba7ae0281

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Sat, 30 Oct 2021 23:21:53 GMT
server: openresty
etag: "617dd391-a00"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 2560
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 whatsapp_image_2021-10-29_at_7.50.25_am.jpeg
www.elheraldo.co/sites/default/files/styles/380x214/public/articulo/2021/10/29/ 24 KB
24 KB 173ms
171ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/380x214/public/articulo/2021/10/29/whatsapp_image_2021-10-29_at_7.50.25_am.jpeg?itok=4kQoc1D6
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: fff80c5594a973009511bce802768d6e3a03d2ce1a760c3e93bb5982c6def302

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Fri, 29 Oct 2021 13:20:10 GMT
server: openresty
etag: "617bf50a-5fbd"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 24509
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 alcalde_de_ayapel_critico_trabajos_en_care_e_gato_por_aparente_lentitud.jpeg
www.elheraldo.co/sites/default/files/styles/380x214/public/articulo/2021/10/29/ 20 KB
21 KB 173ms
171ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/380x214/public/articulo/2021/10/29/alcalde_de_ayapel_critico_trabajos_en_care_e_gato_por_aparente_lentitud.jpeg?itok=vkFbMfjh
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 2e9c7e7d418ef08a0df41fdf6b35d38790b3478e09c16804d3f7287f8721a7fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Sat, 30 Oct 2021 00:11:25 GMT
server: openresty
etag: "617c8dad-51bc"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 20924
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 whatsapp_image_2021-10-29_at_3.34.46_pm.jpeg
www.elheraldo.co/sites/default/files/styles/380x214/public/articulo/2021/10/29/ 16 KB
16 KB 173ms
171ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/380x214/public/articulo/2021/10/29/whatsapp_image_2021-10-29_at_3.34.46_pm.jpeg?itok=OmLue-HU
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: a8b44d40717335f76162967fab5169fa9ab2faa2721e5dc40160a9b7b6b1b543

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Fri, 29 Oct 2021 22:57:18 GMT
server: openresty
etag: "617c7c4e-4059"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 16473
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 extranjeros.jpg
www.elheraldo.co/sites/default/files/styles/560x336/public/articulo/2021/10/30/ 40 KB
40 KB 173ms
171ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/560x336/public/articulo/2021/10/30/extranjeros.jpg?itok=sJtVRUDX
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 5ac8b65754525d144cd6b5a7da182d54b5ba6c0909534c8a8d35b725c539514b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Sun, 31 Oct 2021 03:08:09 GMT
server: openresty
etag: "617e0899-a017"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 40983
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 foto_2_adelanto_valledupar_.jpg
www.elheraldo.co/sites/default/files/styles/165x93/public/articulo/2021/10/30/ 5 KB
5 KB 173ms
171ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/165x93/public/articulo/2021/10/30/foto_2_adelanto_valledupar_.jpg?itok=AylIkfbe
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: b2a52d596663e8cddbaf9d0c136e1154fe3e73860f01d001004b35dab61f6f3d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Sun, 31 Oct 2021 03:08:10 GMT
server: openresty
etag: "617e089a-12bc"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 4796
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 fotojet_-_2021-10-30t123227.868.jpg
www.elheraldo.co/sites/default/files/styles/165x93/public/articulo/2021/10/30/ 4 KB
5 KB 173ms
171ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/165x93/public/articulo/2021/10/30/fotojet_-_2021-10-30t123227.868.jpg?itok=QMBNrxYL
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 6c67932c9b1b3ba4594e5b4ef9a8810f345e4bab9b6db0392c471c22acc6c0b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Sun, 31 Oct 2021 03:08:10 GMT
server: openresty
etag: "617e089a-11c4"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 4548
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 cierres_viales.jpeg
www.elheraldo.co/sites/default/files/styles/165x93/public/articulo/2021/10/30/ 4 KB
5 KB 173ms
171ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/165x93/public/articulo/2021/10/30/cierres_viales.jpeg?itok=4w2jVuw8
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 361ad8b48b484d939f2a15f2f71835f1a5ba1b2c7a591461a1fd25a5f2963637

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Sun, 31 Oct 2021 03:08:10 GMT
server: openresty
etag: "617e089a-11ad"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 4525
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 cartagena.jpg
www.elheraldo.co/sites/default/files/styles/80x80/public/articulo/2021/10/30/ 3 KB
3 KB 173ms
172ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/80x80/public/articulo/2021/10/30/cartagena.jpg?itok=5XWsQQUd
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 5384340299fd4595fcd98664facbdbdb33bf2681d8fa0dd0a9214af463c99029

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Sat, 30 Oct 2021 17:33:04 GMT
server: openresty
etag: "617d81d0-a7f"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 2687
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 soledad901.jpg
www.elheraldo.co/sites/default/files/styles/80x80/public/articulo/2021/10/30/ 2 KB
3 KB 173ms
172ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/80x80/public/articulo/2021/10/30/soledad901.jpg?itok=tZQx04g0
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 390850be8488f3258b478afd6938c40eef6e26a1053c62d9289e12b56720f2d4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Sun, 31 Oct 2021 03:08:09 GMT
server: openresty
etag: "617e0899-909"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 2313
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 whatsapp_image_2021-10-30_at_7.31.23_pm_1.jpeg
www.elheraldo.co/sites/default/files/styles/80x80/public/articulo/2021/10/30/ 2 KB
3 KB 173ms
172ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/80x80/public/articulo/2021/10/30/whatsapp_image_2021-10-30_at_7.31.23_pm_1.jpeg?itok=FsNwvys3
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 58cf7d7817335e1debd7e26a2c411c9914cf22c213f69663a1441a1459e1f6b9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Sun, 31 Oct 2021 01:07:45 GMT
server: openresty
etag: "617dec61-99f"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 2463
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 lideres.jpg
www.elheraldo.co/sites/default/files/styles/80x80/public/articulo/2021/10/30/ 2 KB
2 KB 174ms
172ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/80x80/public/articulo/2021/10/30/lideres.jpg?itok=yIyuevvq
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: e3f6b0cd3e5f9865a5b4167d24214879859d917c71a4ad238057d2c8dcfaac2d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Sat, 30 Oct 2021 14:32:55 GMT
server: openresty
etag: "617d5797-8aa"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 2218
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 elmundo_de_turcios_4499_halloween.jpg
www.elheraldo.co/sites/default/files/styles/350x225/public/foto/2021/10/30/ 16 KB
16 KB 174ms
173ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/350x225/public/foto/2021/10/30/elmundo_de_turcios_4499_halloween.jpg?itok=8VsK-3cY
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: c1245f395ad5cfc6fd537fea235890a4d98b591e06a42a343ea19844d5242596

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Sun, 31 Oct 2021 02:54:36 GMT
server: openresty
etag: "617e056c-401e"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 16414
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 elmundo_de_turcios_4498_otoniel.jpg
www.elheraldo.co/sites/default/files/styles/350x225/public/foto/2021/10/29/ 16 KB
16 KB 174ms
173ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/350x225/public/foto/2021/10/29/elmundo_de_turcios_4498_otoniel.jpg?itok=GtPm2gx0
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 13f78d03b9bb427bd951fdfce078a59cfdb5d82edcfa77f7bd4e2f6198fc680c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Sat, 30 Oct 2021 04:21:17 GMT
server: openresty
etag: "617cc83d-409c"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 16540
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H/1.1 200
OK cx.js Show response
cdn.cxense.com/ 116 KB
27 KB 9ms
9ms Script
application/x-javascript 23.79.131.70
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/cx.js
Requested by: Host: cdn.cxense.com
URL: https://cdn.cxense.com/cx.cce.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.79.131.70 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-131-70.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: b64f53bf69d080d62a915b32b4c7c8a2b31a787b3ccf64c4a63aeba170355c22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 06:08:11 GMT
Content-Encoding: gzip
Last-Modified: Thu, 07 Oct 2021 12:43:03 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 27751
Expires: Sun, 31 Oct 2021 07:08:11 GMT

GET
H2 200 estattuto_de_proteccion.jpg
www.elheraldo.co/sites/default/files/styles/370x208/public/articulo/2021/10/30/ 15 KB
15 KB 271ms
268ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/370x208/public/articulo/2021/10/30/estattuto_de_proteccion.jpg?itok=Iky-gZI7
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 3b74feb9d111f5a6772bcf018ba7909f3bf0bbb982f6c46bfa6968fef47791e6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Sun, 31 Oct 2021 03:08:10 GMT
server: openresty
etag: "617e089a-3be6"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 15334
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 58fa6c07f29f0pago_pesos_colombianos_sdsdds_623_2.jpg
www.elheraldo.co/sites/default/files/styles/200x113/public/articulo/2021/10/30/ 7 KB
7 KB 271ms
269ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/200x113/public/articulo/2021/10/30/58fa6c07f29f0pago_pesos_colombianos_sdsdds_623_2.jpg?itok=dgX56AV2
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: d6e9f0db5fce6c47f4837d4662dd60968185b6fe819ae1a8d4961d639ae51e11

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Sat, 30 Oct 2021 20:44:19 GMT
server: openresty
etag: "617daea3-1c33"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 7219
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 subsidio.jpg
www.elheraldo.co/sites/default/files/styles/200x113/public/articulo/2021/10/30/ 6 KB
7 KB 271ms
270ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.elheraldo.co/sites/default/files/styles/200x113/public/articulo/2021/10/30/subsidio.jpg?itok=g_yh_j8-

Requested by

Host: www.elheraldo.co
URL: https://www.elheraldo.co/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),

Reverse DNS

8c.df.30a9.ip4.static.sl-reverse.com

Software

openresty / PHP/5.6.40

Resource Hash

b0dd093347ac25a6a0bf5eb0b9cc132b69f3c812e54033577a7b0208623fcf8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
x-content-type-options: nosniff
server: openresty
x-powered-by: PHP/5.6.40
content-type: image/jpeg
cache-control: max-age=604800, public
content-length: 6606
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 terror.jpg
www.elheraldo.co/sites/default/files/styles/200x113/public/articulo/2021/10/29/ 4 KB
4 KB 271ms
270ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/200x113/public/articulo/2021/10/29/terror.jpg?itok=ReHUft9T
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 1e270d9e47f4d8a39dcb67374c46261d26859096e0d7778eabf264c9e3436248

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
last-modified: Sat, 30 Oct 2021 17:27:07 GMT
server: openresty
etag: "617d806b-e91"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 3729
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 logo-especiales.svg
www.elheraldo.co/sites/all/themes/elheraldo/images/ 3 KB
1 KB 267ms
267ms Image
image/svg+xml 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/images/logo-especiales.svg
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/sites/all/themes/elheraldo/css/portada.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 2e56cb2710044308739b814c942e48efc60184162c3d91654d2236c63b629a93

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/sites/all/themes/elheraldo/css/portada.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
last-modified: Mon, 09 Nov 2020 14:43:45 GMT
server: openresty
etag: W/"5fa955a1-b61"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=604800, public
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 tinypass.min.js Show response
cdn.tinypass.com/api/ 412 KB
135 KB 43ms
33ms Script
application/javascript 104.17.185.177
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.tinypass.com/api/tinypass.min.js

Requested by

Host: experience.tinypass.com
URL: https://experience.tinypass.com/xbuilder/experience/load?aid=Xb1AT5sffh

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.185.177 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe6f0b2a8d837906138c2f10bf709e3662dae8799b43af37d92bf390a2a7e274

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 3513
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
wn: prod-dash-10-0-132-234
last-modified: Fri, 29 Oct 2021 09:22:22 GMT
server: cloudflare
etag: W/"421880-1635499342000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript
server-time: 0.000
cache-control: public, max-age=7200
cf-ray: 6a6ab519b9da7160-DUS
expires: Sun, 31 Oct 2021 08:08:11 GMT

GET
H2 200 pubads_impl_2021102801.js Show response
securepubads.g.doubleclick.net/gpt/ 350 KB
118 KB 25ms
24ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102801.js?31063351

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

d5b83174b14c8fb07a6cfc17abbc860e726a23b84f724c468049c73e1e8d7cba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 120786
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 08:34:36 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 31 Oct 2021 06:08:11 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 207 B
154 B 55ms
30ms XHR
application/json 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.elheraldo.co

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

51693d089db062e5a1ec930db9501d4e48976a66e57a6a7cf839f27e9a27655e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 129
x-xss-protection: 0
expires: Sun, 31 Oct 2021 06:08:11 GMT

GET
H/1.1 200
OK segment Show response
api.cxense.com/profile/user/ 77 B
694 B 73ms
20ms Script
text/javascript 147.75.85.120
PACKET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cxense.com/profile/user/segment?callback=cXJsonpCBkveu0wlcp7c0vpy3&persisted=80ba8552a3cc7d9df27724df846baa5238bf86b8&json=%7B%22identities%22%3A%5B%7B%22id%22%3A%22kveu0wlay5qb1xen%22%2C%22type%22%3A%22cx%22%7D%5D%7D

Requested by

Host: scdn.cxense.com
URL: https://scdn.cxense.com/cx.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

147.75.85.120 Parsippany, United States, ASN54825 (PACKET, US),

Reverse DNS

Software

Jetty(9.4.28.v20200408) /

Resource Hash

ef069beedf6275e263638b3c69c0458a3da10557339d56c3d3ec56d31c24eb55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:11 GMT
x-content-type-options: nosniff
server: Jetty(9.4.28.v20200408)
strict-transport-security: max-age=31536000
p3p: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-store, no-cache, must-revalidate
content-type: text/javascript;charset=utf-8
content-length: 77
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK sp1.html Show response
cdn.cxense.com/ Frame 51C7 1 KB
880 B 11ms
10ms Document
text/html 23.79.131.70
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/sp1.html
Requested by: Host: scdn.cxense.com
URL: https://scdn.cxense.com/cx.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.79.131.70 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-131-70.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: c92cab84b44ac37925a00450873a018ac601883a2d6e7a760ea38fdde7671004

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/

Response headers

Accept-Ranges: bytes
Last-Modified: Fri, 30 Jul 2021 08:31:32 GMT
Server: AkamaiNetStorage
Content-Length: 510
Cache-Control: max-age=864000
Expires: Wed, 10 Nov 2021 06:08:11 GMT
Date: Sun, 31 Oct 2021 06:08:11 GMT
Connection: keep-alive
Content-Type: text/html
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Vary: Accept-Encoding

GET
H/1.1 200
OK data Show response
api.cxense.com/public/widget/ 8 KB
5 KB 57ms
25ms Script
text/javascript 147.75.85.120
PACKET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cxense.com/public/widget/data?json=%7B%22context%22%3A%7B%22referrer%22%3A%22%22%2C%22categories%22%3A%7B%22testgroup%22%3A%228%22%7D%2C%22parameters%22%3A%5B%7B%22key%22%3A%22ver%22%2C%22value%22%3A%222.44%22%7D%2C%7B%22key%22%3A%22testGroup%22%2C%22value%22%3A%228%22%7D%2C%7B%22key%22%3A%22testgroup%22%2C%22value%22%3A%228%22%7D%5D%2C%22autoRefresh%22%3Afalse%2C%22url%22%3A%22https%3A%2F%2Fwww.elheraldo.co%2F%22%7D%2C%22widgetId%22%3A%22ce1e5227857c0fb59f3ee19be1cc457ddce49b6c%22%2C%22user%22%3A%7B%22ids%22%3A%7B%22usi%22%3A%22kveu0wlay5qb1xen%22%7D%7D%2C%22prnd%22%3A%22kveu0wirbmejtl8s%22%7D&media=javascript&sid=9222357279138026875&widgetId=ce1e5227857c0fb59f3ee19be1cc457ddce49b6c&resizeToContentSize=true&useSecureUrls=true&usi=kveu0wlay5qb1xen&rnd=2040702167&prnd=kveu0wirbmejtl8s&tzo=0&callback=cXJsonpCBkveu0wlxr2ge6ln9

Requested by

Host: scdn.cxense.com
URL: https://scdn.cxense.com/cx.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

147.75.85.120 Parsippany, United States, ASN54825 (PACKET, US),

Reverse DNS

Software

Jetty(9.4.28.v20200408) /

Resource Hash

7841c82995ba0ac8b49608ec76c459e16fd0dd39179f9df3ae7580d5b8a5be34

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: Jetty(9.4.28.v20200408)
strict-transport-security: max-age=31536000
p3p: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-store, no-cache, must-revalidate
content-type: text/javascript;charset=utf-8
content-length: 4921
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 125 KB
48 KB 55ms
30ms Script
application/javascript 142.250.184.200
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-82LDTX029Q&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGHCJ5L

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

489cb28af683e1c34ea521f157a8d4259948b03f3de267acfbbe1ca95c6f26c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49621
x-xss-protection: 0
expires: Sun, 31 Oct 2021 06:08:11 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 64ms
18ms Script
text/javascript 142.250.186.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGHCJ5L

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 26 Oct 2021 23:24:02 GMT
server: Golfe2
age: 425
date: Sun, 31 Oct 2021 06:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Sun, 31 Oct 2021 08:01:06 GMT

GET
H2 200 hbdfp.js Show response
sakimg.e-planning.net/layers/ 39 KB
14 KB 113ms
26ms Script
application/x-javascript 205.234.175.175
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://sakimg.e-planning.net/layers/hbdfp.js
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.234.175.175 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vip1.G-anycast1.cachefly.net
Software: CFS 0215 /
Resource Hash: 738832e51c55b88cc185c0ce29dfe95049caf277090e04dd84bcfc3077952a5c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
x-cf3: H
cf4ttl: 86400.000
x-cf1: 29080:fB.cdg1:co:1631813166:cacheB.cdg1-01:E
content-length: 14128
x-cf-tsc: 1635616387
x-cf2: H
last-modified: Thu, 16 Sep 2021 16:52:03 GMT
server: CFS 0215
x-cff: B
etag: "61437633-9b0b"
content-type: application/x-javascript
cache-control: max-age=86400
cf4age: 86401
accept-ranges: bytes
expires: Sat, 30 Oct 2021 17:53:05 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 74ms
18ms Script
application/x-javascript 157.240.221.16
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.elheraldo.co
URL: https://www.elheraldo.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.221.16 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-lhr8.fbcdn.net

Software

Resource Hash

cc21d5a9e609b2997b4f9c3a5b520216e5ef6522c656b81b6105c9b62a8fcc5b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 25967
x-xss-protection: 0
pragma: public
x-fb-debug: cORiFmu9PuQPS2YbOphKmjsFHZbhAA2xXgeH68rep+bGWP8gTWE8Rkl0rWAg9ovInWMcqBqOhtvWmt39YKTxiw==
x-fb-trip-id: 1679558926
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Sun, 31 Oct 2021 06:08:11 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 advertising.js Show response
www.npttech.com/ 7 KB
3 KB 76ms
23ms Script
application/javascript 172.67.192.182
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.npttech.com/advertising.js
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.192.182 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7538e8f23fac8278c6027d8865bd1240514a3ff64b2c0af3b8ed3583e8ecce6b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 795
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id: 6N3TQN63673JJZ5Q
x-amz-id-2: BAlzz+yyh3h/nDDNxCzR48K1aAEO7n74c8oMduVh0J6DDzI70j7WmSG+EYjn7XXd0ItBJ9BFdxw=
last-modified: Wed, 19 Jun 2019 08:25:01 GMT
server: cloudflare
etag: W/"3d6f80c860866175f58a84bbbc9217c6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JajoBQQG17X7AwHlNkFyt4BNHi1FfC5j7QPwBLrVeR2KiIXCEe%2Fs51ZgqLuqc3xN8f4u05kXMpFgkVbCcyfHF2c8MLrDDf4BW7w%2FKHWASxWng0hmTQw1Ytp%2FT3TtaS9yRVA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=28800
x-amz-version-id: hXQWgdpwSBM26VgKOeTSlm.4VT89.h9w
cf-ray: 6a6ab51a686b32b6-CDG

GET
H2 200 ico-play-store.svg
www.elheraldo.co/sites/all/themes/elheraldo/images/ 532 B
627 B 124ms
123ms Image
image/svg+xml 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/images/ico-play-store.svg
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/sites/all/themes/elheraldo/css/portada.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 645c89a68c425f24ab549714968757e9461198681bf1260ca84d11fce4d4f1e1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/sites/all/themes/elheraldo/css/portada.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
last-modified: Fri, 26 Mar 2021 15:22:52 GMT
server: openresty
etag: W/"605dfc4c-214"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=604800, public
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H2 200 ico-app-store.svg
www.elheraldo.co/sites/all/themes/elheraldo/images/ 843 B
750 B 124ms
124ms Image
image/svg+xml 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/images/ico-app-store.svg
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/sites/all/themes/elheraldo/css/portada.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: b9b2f6da614e3dd5239bc0293fcbf7b3e964b5a1db4f2038ce62a64d97363ac9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/sites/all/themes/elheraldo/css/portada.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:11 GMT
content-encoding: gzip
last-modified: Fri, 26 Mar 2021 15:23:08 GMT
server: openresty
etag: W/"605dfc5c-34b"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=604800, public
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:11 GMT

GET
H/1.1 200
OK cx.js Show response
cdn.cxense.com/ Frame 51C7 116 KB
27 KB 15ms
15ms Script
application/x-javascript 23.79.131.70
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/cx.js
Requested by: Host: cdn.cxense.com
URL: https://cdn.cxense.com/sp1.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.79.131.70 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-131-70.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: b64f53bf69d080d62a915b32b4c7c8a2b31a787b3ccf64c4a63aeba170355c22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.cxense.com/sp1.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 06:08:12 GMT
Content-Encoding: gzip
Last-Modified: Thu, 07 Oct 2021 12:43:03 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 27751
Expires: Sun, 31 Oct 2021 07:08:12 GMT

GET
H2 200 tiburon-widget.png
www.elheraldo.co/sites/all/themes/elheraldo/images/especiales/junior/ 14 KB
15 KB 125ms
124ms Image
image/png 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/images/especiales/junior/tiburon-widget.png
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/sites/all/themes/elheraldo/css/portada.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 1fdbd4ab835aac196d06f0a054368cddcef7bb47d7285b889a724cd27276cdfb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/sites/all/themes/elheraldo/css/portada.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
last-modified: Wed, 16 Dec 2020 01:50:49 GMT
server: openresty
etag: "5fd967f9-39c4"
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 14788
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:12 GMT

GET
H2 200 rayas-widget-top.jpg
www.elheraldo.co/sites/all/themes/elheraldo/images/especiales/junior/ 3 KB
4 KB 126ms
125ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/images/especiales/junior/rayas-widget-top.jpg
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/sites/all/themes/elheraldo/css/portada.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 85dbde15b4668e9e6b6517350fc2e930207daa42743faa7f3fc8de23b771d68f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/sites/all/themes/elheraldo/css/portada.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
last-modified: Wed, 16 Dec 2020 01:50:49 GMT
server: openresty
etag: "5fd967f9-db8"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 3512
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:12 GMT

GET
H2 200 rayas-widget-bottom.jpg
www.elheraldo.co/sites/all/themes/elheraldo/images/especiales/junior/ 2 KB
2 KB 126ms
125ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/images/especiales/junior/rayas-widget-bottom.jpg
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/sites/all/themes/elheraldo/css/portada.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 20065af6dcb81fe8679880e21b5f4f42a0331e12c98f8e64a665933d995c6bc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/sites/all/themes/elheraldo/css/portada.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
last-modified: Wed, 16 Dec 2020 01:50:38 GMT
server: openresty
etag: "5fd967ee-6e3"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 1763
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:12 GMT

POST
H2 200 execute Show response
c2.piano.io/xbuilder/experience/ 9 KB
3 KB 160ms
129ms XHR
application/json 104.16.240.21
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c2.piano.io/xbuilder/experience/execute?aid=Xb1AT5sffh

Requested by

Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.240.21 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41d97d5706a24c632eb48193238d2c84fb79169db7346c314ba45f95b5012005

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept: */*
Referer: https://www.elheraldo.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
content-encoding: gzip
vary: Accept-Encoding, Origin
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-request-id: n3s55svz49
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.elheraldo.co
cache-control: no-cache, no-store
access-control-allow-credentials: true
cf-ray: 6a6ab51ba8dd7181-DUS

GET
H2 200 sdk.js Show response
api-esp.piano.io/public/sdk/v04/ 43 KB
14 KB 54ms
23ms Script
application/javascript 104.16.42.65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api-esp.piano.io/public/sdk/v04/sdk.js?v=xxx

Requested by

Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.42.65 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a2f415894088c48d895ce6549090ee756a6f1b3e05699bbf0547b005b3b68d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 158251
x-cache-status: MISS
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-max-age: 36000
strict-transport-security: max-age=86400; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Tue, 26 Oct 2021 08:29:11 GMT
server: cloudflare
etag: W/"1bbec-17cbbb7b3d8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: api-esp.piano.io
cache-control: public, max-age=31536000
access-control-allow-credentials: true
cf-ray: 6a6ab51bbff92193-DUS
access-control-allow-headers: Accept-Encoding,Accept-Language,Accept,Content-Type,Cookie,Origin,Piano-ESP-Static-Content,User-Agent,X-CSRF-Token,X-CSRFToken,x-vixen-token
expires: Mon, 31 Oct 2022 06:08:12 GMT

GET
H2 200 get.js Show response
buy.tinypass.com/api/v3/anon/captcha/ 153 B
326 B 29ms
20ms Script
application/javascript 104.17.185.177
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/api/v3/anon/captcha/get.js?callback=jsonpCallback&aid=Xb1AT5sffh

Requested by

Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.185.177 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08fdae4469d1c78ca0fa365aaf1d189d8f095f0de74077ada7e00d2865ed935d

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 67
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-request-id: C7mvt1rUFjf
pragma
wn: prod-dash-10-0-94-165
last-modified: Sun, 31 Oct 2021 06:06:07 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript
server-time: 0.006
cache-control: public, max-age=1200
cf-ray: 6a6ab51b9c047160-DUS
expires: Sun, 31 Oct 2021 06:28:12 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 45ms
21ms XHR
text/plain 142.250.186.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1640989593&t=pageview&_s=1&dl=https%3A%2F%2Fwww.elheraldo.co%2F&ul=en-us&de=UTF-8&dt=Noticias%20de%20Barranquilla%2C%20la%20regi%C3%B3n%20Caribe%2C%20Colombia%20y%20el%20mundo%20-%20ELHERALDO.CO&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=428325212&gjid=476672968&cid=1972795091.1635660492&tid=UA-10510362-2&_gid=1488253272.1635660492&_r=1&gtm=2wgar0MGHCJ5L&z=957812290

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.110 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elheraldo.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:12 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.elheraldo.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 1624971474407665 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 90ms
69ms Script
application/x-javascript 157.240.221.16
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1624971474407665?v=2.9.48&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.221.16 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-lhr8.fbcdn.net

Software

Resource Hash

572be96edfb2d5994249bab66626a9e0e665ddae16421d96004c517b472b34b1

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: vjagsZ26o1n+TG4kBjI4wMupfcuHXzjE9EQ6LzKyFzjtlRIP+bIUn3J5DWbJR3ztCxXto1ODtZ+D17q+jjRa6Q==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Sun, 31 Oct 2021 06:08:12 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 74ms
30ms Script
application/javascript 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.elheraldo.co

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102801.js?31063351

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 06:08:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 72ms
29ms Script
application/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.elheraldo.co

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102801.js?31063351

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 06:08:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 194 KB
64 KB 552ms
552ms XHR
text/plain 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1555389292883347&correlator=2385035532567151&output=ldjh&impl=fifs&eid=31063135%2C31063313%2C31063351%2C31063139&vrg=2021102801&ptt=17&sc=1&sfv=1-0-38&ecs=20211031&iu_parts=12345093%2Celheraldo_home_desktop_970x250%2Celheraldo_home_desktop_1_728x90%2Celheraldo_home_desktop_2_728x90%2Celheraldo_home_desktop_1_300x250%2Celheraldo_home_desktop_2_300x250%2Celheraldo_home_desktop_3_300x250%2Celheraldo_home_desktop_4_300x250%2Celheraldo_home_desktop_layer_600x400%2Celheraldo_home_desktop_flotante_1180x50&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7%2C%2F0%2F8%2C%2F0%2F9&prev_iu_szs=970x250%7C728x90%7C300x250%7C200x200%7C970x90%2C728x90%2C728x90%2C300x250%2C300x250%2C300x250%2C300x250%2C1x1%7C600x400%2C900x80%7C960x90%7C970x90%7C1180x50%7C1180x100%7C728x90%7C750x100%7C950x90%7C980x90%7C1000x34&cust_params=section%3Dhome%26url%3Dhttps%253A%252F%252Fwww.elheraldo.co%252F&cookie_enabled=1&bc=31&abxe=1&lmt=1635660491&dt=1635660491924&dlt=1635660490895&idt=988&frm=20&biw=1600&bih=1200&oid=2&adxs=315%2C436%2C276%2C1100%2C-9%2C1100%2C1100%2C800%2C210&adys=30%2C5120%2C6410%2C540%2C-9%2C2854%2C7226%2C600%2C1166&adks=3262913694%2C4133818699%2C4222005882%2C139170558%2C1121461070%2C3990035911%2C1953612410%2C3566301926%2C1459099965&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.elheraldo.co%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x8309%7C1200x90%7C880x90%7C300x250%7C0x-1%7C300x250%7C300x250%7C0x-1%7C1180x-1&msz=1600x90%7C728x0%7C728x0%7C300x0%7C0x-1%7C300x0%7C300x0%7C0x-1%7C1180x-1&ga_vid=1972795091.1635660492&ga_sid=1635660492&ga_hid=1640989593&ga_fc=true&fws=0%2C0%2C0%2C4%2C2%2C0%2C0%2C516%2C512&ohw=0%2C0%2C0%2C300%2C0%2C0%2C0%2C0%2C0&btvi=0%7C1%7C2%7C0%7C-1%7C3%7C4%7C0%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102801.js?31063351

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

81cfbed654ccca8ebd842ed6a29361b9faeeb3b01472dcff57718c2259fb9e61

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COj09ZT-8_MCFQ8x4Aods0cLJg&gqi=&layout=/sadbundle/%24csp%253Der3%24/14459537531482684182/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COj09ZT-8_MCFQ8x4Aods0cLJg&gqi=&layout=/sadbundle/%24csp%253Der3%24/14459537531482684182/index.html
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2,-2
google-creative-id: -1,-1,-1,-1,-2,-2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65326
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1,-2,-2,-2,-2,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
date: Sun, 31 Oct 2021 06:08:12 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.elheraldo.co
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2948 6 KB
4 KB 80ms
21ms Document
text/html 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102801.js?31063351

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 31 Oct 2021 06:08:12 GMT
expires: Mon, 31 Oct 2022 06:08:12 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 36 KB
14 KB 13ms
12ms Script
application/x-javascript 18.66.99.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.99.146 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e2c28f3e8b6a2e5170859e67cff3e8240e6b888d02005306ef3d2129f5cbd74c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 04:28:48 GMT
content-encoding: gzip
last-modified: Thu, 28 Oct 2021 00:27:20 GMT
server: nginx
age: 5964
etag: W/"6179ee68-8e96"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 b9d2ce196c8a711fb15d92175d58476e.cloudfront.net (CloudFront)
cache-control: max-age=7200
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: 21EVW9xXTrsHFiDny3QEyZ5nNQaEIYeC6ecxFgbLgv74woaZ7wzEKg==
expires: Sun, 31 Oct 2021 06:28:48 GMT

GET
H/1.1 200
OK p1.js Show response
p1cluster.cxense.com/ Frame 51C7 47 B
636 B 73ms
12ms Script
text/javascript 178.63.12.147
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://p1cluster.cxense.com/p1.js
Requested by: Host: cdn.cxense.com
URL: https://cdn.cxense.com/sp1.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.63.12.147 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: de715.cxense.com
Software: Jetty(9.4.28.v20200408) /
Resource Hash: e974ca99fff4530963e3bae2fde432adfd844bb2848cfca84799b98d2b1e4ab3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.cxense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 06:08:12 GMT
Last-Modified: Fri, 30 Apr 2021 06:08:12 GMT
Server: Jetty(9.4.28.v20200408)
ETag: 1e9rag3eyumlx3czp9bq1tsxlq
P3P: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: private, proxy-revalidate
Content-Type: text/javascript;charset=utf-8
Content-Length: 47
Expires: Mon, 31 Oct 2022 06:08:12 GMT

GET
H2 200 universal.min.js Show response
tag.navdmp.com/ 13 KB
5 KB 56ms
20ms Script
application/javascript 104.16.11.243
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.navdmp.com/universal.min.js
Requested by: Host: sakimg.e-planning.net
URL: https://sakimg.e-planning.net/layers/hbdfp.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.11.243 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c3ce70e61d9a67ba701f05ab26feb479d3c0c90ec09f2869d6e7010c4eac6b4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 18 Oct 2021 19:13:24 GMT
server: cloudflare
age: 468
etag: W/"616dc754-330b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin: *
cache-control: max-age=3600
cf-ray: 6a6ab51cd94e874d-DUS
content-type: application/javascript
expires: Sun, 31 Oct 2021 06:55:39 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
348 B 74ms
28ms Ping
text/plain 172.217.16.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-82LDTX029Q&gtm=2oear0&_p=1640989593&sr=1600x1200&_gaz=1&ul=en-us&cid=1972795091.1635660492&_s=1&dl=https%3A%2F%2Fwww.elheraldo.co%2F&dt=Noticias%20de%20Barranquilla%2C%20la%20regi%C3%B3n%20Caribe%2C%20Colombia%20y%20el%20mundo%20-%20ELHERALDO.CO&sid=1635660491&sct=1&seg=0&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-82LDTX029Q&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.16.142 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra15s46-in-f14.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elheraldo.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:12 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.elheraldo.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
348 B 81ms
27ms Ping
text/plain 173.194.76.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-82LDTX029Q&cid=1972795091.1635660492&gtm=2oear0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-82LDTX029Q&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 173.194.76.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: ws-in-f156.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elheraldo.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:12 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.elheraldo.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 73ms
25ms Image
image/gif 142.250.74.195
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-82LDTX029Q&cid=1972795091.1635660492&gtm=2oear0&aip=1&z=1946533684

Requested by

Host: www.elheraldo.co
URL: https://www.elheraldo.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 web_1920_-_6.png
www.elheraldo.co/sites/default/files/styles/300x470/public/especiales/2021/09/20/ 277 KB
278 KB 133ms
132ms Image
image/png 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/300x470/public/especiales/2021/09/20/web_1920_-_6.png?itok=Sr6SW1nO
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 2a41d290b7fccafa90a193bd85835e80594eaa862b2d73696cedfc58c1dc8fc4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
last-modified: Mon, 20 Sep 2021 22:31:25 GMT
server: openresty
etag: "61490bbd-4550d"
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 283917
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:12 GMT

GET
H2 200 2e9b8e38fdc2b1a6312f18410791ad330c3b2c32w.jpg
www.elheraldo.co/sites/default/files/styles/560x336/public/foto/2021/10/30/ 28 KB
28 KB 133ms
133ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/560x336/public/foto/2021/10/30/2e9b8e38fdc2b1a6312f18410791ad330c3b2c32w.jpg?itok=YnckQZQS
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: d43062b29c5092ee5ebc084b0a21fc3068a55440a7f2a68fb103561d56216d21

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
last-modified: Sat, 30 Oct 2021 17:19:16 GMT
server: openresty
etag: "617d7e94-6e10"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 28176
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:12 GMT

GET
H2 200 fotojet_-_2021-10-28t094951.230.jpg
www.elheraldo.co/sites/default/files/styles/80x80/public/foto/2021/10/28/ 3 KB
3 KB 136ms
135ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/80x80/public/foto/2021/10/28/fotojet_-_2021-10-28t094951.230.jpg?itok=LPQT-ykM
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 8262ce8f6ab082065523beaf2516b67eb667a8bbb4792dfeb67f35128e32b727

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
last-modified: Thu, 28 Oct 2021 16:48:11 GMT
server: openresty
etag: "617ad44b-a57"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 2647
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:12 GMT

GET
H2 200 captura_de_pantalla_2021-10-27_094246.jpg
www.elheraldo.co/sites/default/files/styles/80x80/public/video/2021/10/27/ 3 KB
3 KB 139ms
138ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/80x80/public/video/2021/10/27/captura_de_pantalla_2021-10-27_094246.jpg?itok=PcDX7eo_
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 0e05f2a95c1ee8aecf5fc69fdefb513d6b857a38c25f650de83935570ed12fed

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
last-modified: Wed, 27 Oct 2021 15:13:04 GMT
server: openresty
etag: "61796c80-a50"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 2640
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:12 GMT

GET
H2 200 3d036fc25e6f30c62ccbc84bb30aa8c5cc9634e1w.jpg
www.elheraldo.co/sites/default/files/styles/80x80/public/foto/2021/10/25/ 2 KB
2 KB 140ms
138ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/80x80/public/foto/2021/10/25/3d036fc25e6f30c62ccbc84bb30aa8c5cc9634e1w.jpg?itok=HAFrP89h
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 747140515bd48174949431dd43f8c0fbb17af015b28430bb7a58540d2eedb8af

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
last-modified: Mon, 25 Oct 2021 16:11:07 GMT
server: openresty
etag: "6176d71b-897"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 2199
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:12 GMT

GET
H2 200 439a408897105331f427e9083353845dc478b41dw.jpg
www.elheraldo.co/sites/default/files/styles/80x80/public/foto/2021/10/24/ 3 KB
3 KB 140ms
138ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/80x80/public/foto/2021/10/24/439a408897105331f427e9083353845dc478b41dw.jpg?itok=7I3rbnTL
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: a958fb233ebadca6c71a15914551245146004081e28d2ba6854d3d454d799518

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
last-modified: Sun, 24 Oct 2021 14:20:51 GMT
server: openresty
etag: "61756bc3-bd5"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 3029
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:12 GMT

GET
H2 200 logo-gente-caribe-gris.svg
www.elheraldo.co/sites/all/themes/elheraldo/images/especiales/revistas/gente-caribe/ 3 KB
2 KB 140ms
138ms Image
image/svg+xml 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/all/themes/elheraldo/images/especiales/revistas/gente-caribe/logo-gente-caribe-gris.svg
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: f4ffdfba4d1c4abb63316f09560cd722967e7fde15942a6134591c32a2b8dc46

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
content-encoding: gzip
last-modified: Tue, 06 Apr 2021 14:17:10 GMT
server: openresty
etag: W/"606c6d66-c07"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=604800, public
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:12 GMT

GET
H2 200 opcion_de_portada_2_ora5932_1.jpg
www.elheraldo.co/sites/default/files/styles/300x400/public/articulo/2021/10/29/ 19 KB
19 KB 140ms
138ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/300x400/public/articulo/2021/10/29/opcion_de_portada_2_ora5932_1.jpg?itok=uzYlqzvj
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 8cfbbc83e14a9ffcc89c751b40db1d139229219213ce971c089c8088372aa1d4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
last-modified: Sat, 30 Oct 2021 12:21:23 GMT
server: openresty
etag: "617d38c3-4c5d"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 19549
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:12 GMT

GET
H2 200 whatsapp_image_2021-10-29_at_2.28.35_pm.jpeg
www.elheraldo.co/sites/default/files/styles/300x168/public/articulo/2021/10/29/ 12 KB
12 KB 139ms
138ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/300x168/public/articulo/2021/10/29/whatsapp_image_2021-10-29_at_2.28.35_pm.jpeg?itok=WIJ-aW5v
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 82fcfdf1592369ef6b575719128d78a3501ab73e75f235ee42f116881b50e309

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
last-modified: Sat, 30 Oct 2021 12:21:23 GMT
server: openresty
etag: "617d38c3-2f62"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 12130
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:12 GMT

GET
H2 200 whatsapp_image_2021-10-28_at_7.45.24_pm.jpg
www.elheraldo.co/sites/default/files/styles/300x168/public/articulo/2021/10/28/ 7 KB
7 KB 139ms
138ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/300x168/public/articulo/2021/10/28/whatsapp_image_2021-10-28_at_7.45.24_pm.jpg?itok=ngipB4Br
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 77fba7cce7a3d9f7ae902f96947f0fb7a5287034a8df59b1898efc9869817957

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
last-modified: Sat, 30 Oct 2021 12:21:24 GMT
server: openresty
etag: "617d38c4-1a8d"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 6797
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:12 GMT

GET
H2 200 whatsapp_image_2021-10-28_at_8.13.00_pm.jpg
www.elheraldo.co/sites/default/files/styles/165x93/public/articulo/2021/10/28/ 3 KB
3 KB 140ms
138ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/165x93/public/articulo/2021/10/28/whatsapp_image_2021-10-28_at_8.13.00_pm.jpg?itok=IWbHzxL4
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 366fc3a38b8b6b6e9727cb9c87a6b3d024aedb817d3a44ad191413f62c08414b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
last-modified: Sat, 30 Oct 2021 12:21:24 GMT
server: openresty
etag: "617d38c4-c79"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 3193
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:12 GMT

GET
H2 200 secundaria-_ora5843_0.jpg
www.elheraldo.co/sites/default/files/styles/165x93/public/articulo/2021/10/29/ 4 KB
4 KB 140ms
139ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/165x93/public/articulo/2021/10/29/secundaria-_ora5843_0.jpg?itok=neawDq7q
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 94c03c1cbe9d95ab93cdee8b27283c2afb7f57b7db4332a3a08bc5e30ba0ca8a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
last-modified: Sat, 30 Oct 2021 12:21:24 GMT
server: openresty
etag: "617d38c4-ea9"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 3753
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:12 GMT

GET
H2 200 abrir-img_7943_1.jpg
www.elheraldo.co/sites/default/files/styles/165x93/public/articulo/2021/10/29/ 4 KB
4 KB 140ms
139ms Image
image/jpeg 169.48.223.140
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.elheraldo.co/sites/default/files/styles/165x93/public/articulo/2021/10/29/abrir-img_7943_1.jpg?itok=b3iXA6JQ
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 169.48.223.140 , Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS: 8c.df.30a9.ip4.static.sl-reverse.com
Software: openresty /
Resource Hash: 6219570c349d06e8cee1293e9793393f8500d3bcb2125e34dc9e5610e0896ba1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
last-modified: Sat, 30 Oct 2021 12:21:24 GMT
server: openresty
etag: "617d38c4-ef0"
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 3824
x-cached: HIT
x-cdnhost: node04a.cdn.net.co
expires: Sun, 07 Nov 2021 06:08:12 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 24ms
24ms XHR
text/plain 173.194.76.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-10510362-2&cid=1972795091.1635660492&jid=428325212&gjid=476672968&_gid=1488253272.1635660492&_u=YEBAAEAAAAAAAC~&z=632611648

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

173.194.76.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ws-in-f156.1e100.net

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elheraldo.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sun, 31 Oct 2021 06:08:12 GMT
content-type: text/plain
access-control-allow-origin: https://www.elheraldo.co
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
426 B 61ms
19ms Image
image/gif 157.240.221.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1624971474407665&ev=PageView&dl=https%3A%2F%2Fwww.elheraldo.co%2F&rl=&if=false&ts=1635660492115&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1635660492113.1506833578&it=1635660491862&coo=false&exp=p1&rqm=GET

Requested by

Host: www.elheraldo.co
URL: https://www.elheraldo.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.221.35 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-lhr8.facebook.com

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Sun, 31 Oct 2021 06:08:12 GMT

GET
H3 200 277 Show response
api-esp.piano.io/publisher/fusion/lucid/data/ 643 B
1 KB 135ms
123ms XHR
application/json 104.16.42.65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api-esp.piano.io/publisher/fusion/lucid/data/277?email=&visitor=zF36jg5KRWQQhkd72eNnAkczyhQHZltF40wHIMdJX7VOSM2hoiSFF2988JNd&stored_visitor=&pnespid=

Requested by

Host: www.elheraldo.co
URL: https://www.elheraldo.co/sites/all/themes/elheraldo/js/jquery.min.js?r1tnuc

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.42.65 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

755840da0e88dae45aec1d3a8721732c49df2d853ce66c90fdb52ae7adb156ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.elheraldo.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
x-cache-status: BYPASS
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-max-age: 36000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server: cloudflare
etag: W/"283-N+1pQR31+mElloha3/TWLk+f5+k"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elheraldo.co
access-control-allow-credentials: true
cf-ray: 6a6ab51e698d7169-DUS
access-control-allow-headers: Accept-Encoding,Accept-Language,Accept,Content-Type,Cookie,Origin,Piano-ESP-Static-Content,User-Agent,X-CSRF-Token,X-CSRFToken,x-vixen-token

OPTIONS
H3 200 277
api-esp.piano.io/publisher/fusion/lucid/data/ Frame 0
0 129ms
115ms Preflight 104.16.42.65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api-esp.piano.io/publisher/fusion/lucid/data/277?email=&visitor=zF36jg5KRWQQhkd72eNnAkczyhQHZltF40wHIMdJX7VOSM2hoiSFF2988JNd&stored_visitor=&pnespid=

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.42.65 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://www.elheraldo.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.elheraldo.co
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Accept-Encoding,Accept-Language,Accept,Content-Type,Cookie,Origin,Piano-ESP-Static-Content,User-Agent,X-CSRF-Token,X-CSRFToken,x-vixen-token
access-control-max-age: 36000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
strict-transport-security: max-age=86400; includeSubDomains
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6a6ab51d9dfb716c-DUS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H/1.1 200
OK rep.gif
comcluster.cxense.com/Repo/ Frame 51C7 43 B
467 B 68ms
18ms Image
image/gif 178.63.12.147
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://comcluster.cxense.com/Repo/rep.gif?ver=1&typ=pgv&rnd=kveu0wirbmejtl8s&sid=9222357279138026875&loc=https%3A%2F%2Fwww.elheraldo.co%2F&new=0&arf=0&ltm=1635660491427&ref=&tzo=0&res=1600x1200&dpr=1&col=24&bln=en-US&chs=UTF-8&cks=kveu0wlkw92zwwhb&ckp=kveu0wlay5qb1xen&glb=&wsz=1600x1200&cp_ver=2.44&cp_testGroup=8&cst=1e9rag3eyumlx3czp9bq1tsxlq
Requested by: Host: cdn.cxense.com
URL: https://cdn.cxense.com/sp1.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.63.12.147 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: de715.cxense.com
Software: Jetty(9.4.28.v20200408) /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.cxense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 06:08:12 GMT
Server: Jetty(9.4.28.v20200408)
P3P: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 43
Content-Type: image/gif

GET
H2 200 60118 Show response
tag.navdmp.com/u/ 690 B
533 B 273ms
273ms Script
application/javascript 104.16.11.243
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.navdmp.com/u/60118
Requested by: Host: tag.navdmp.com
URL: https://tag.navdmp.com/universal.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.11.243 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27245a8a3f678528283aa04f0767f4e880e0ddc8b3d517a4a770d03b556926c6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Tue, 07 Sep 2021 18:45:01 GMT
server: cloudflare
etag: W/"6137b32d-2b2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin: *
cache-control: max-age=3600
cf-ray: 6a6ab51d8992874d-DUS
content-type: application/javascript
expires: Sun, 31 Oct 2021 07:08:12 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 84ms
23ms Image
image/gif 142.250.186.36
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-10510362-2&cid=1972795091.1635660492&jid=428325212&_u=YEBAAEAAAAAAAC~&z=1417098715

Requested by

Host: www.elheraldo.co
URL: https://www.elheraldo.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.36 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 55ms
27ms Image
image/gif 142.250.74.195
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-10510362-2&cid=1972795091.1635660492&jid=428325212&_u=YEBAAEAAAAAAAC~&z=1417098715

Requested by

Host: www.elheraldo.co
URL: https://www.elheraldo.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ping
ping.chartbeat.net/ 43 B
201 B 297ms
96ms Image
image/gif 18.204.74.96
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=elheraldo.co&p=%2F&u=BgADifgtQTzBXikao&d=elheraldo.co&g=65677&g0=No%20Section&g1=El%20Heraldo&n=1&f=00001&c=0&x=0&m=0&y=6949&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=1910&t=BN7yh9B6q_mwBYd_A5DJ5khNrKrO7&V=129&i=Noticias%20de%20Barranquilla%2C%20la%20regi%C3%B3n%20Caribe%2C%20Colombia%20y%20el%20mundo%20-%20ELHERALDO.CO&tz=0&_acct=anon&sn=1&sv=DlNVZLBIiLupdJntTDbz80jDrMPXj&sd=1&im=066bff7f&_
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.204.74.96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-204-74-96.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:12 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 43
expires: 0

GET
H/1.1 200
OK id Show response
id.cxense.com/public/user/ 116 B
687 B 66ms
17ms Script
text/javascript 178.63.12.147
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://id.cxense.com/public/user/id?json=%7B%22identities%22%3A%5B%7B%22type%22%3A%22ckp%22%2C%22id%22%3A%22kveu0wlay5qb1xen%22%7D%2C%7B%22type%22%3A%22lst%22%2C%22id%22%3A%221e9rag3eyumlx3czp9bq1tsxlq%22%7D%2C%7B%22type%22%3A%22cst%22%2C%22id%22%3A%221e9rag3eyumlx3czp9bq1tsxlq%22%7D%5D%2C%22siteId%22%3A%229222357279138026875%22%2C%22location%22%3A%22https%3A%2F%2Fwww.elheraldo.co%2F%22%7D&callback=cXJsonpCBkveu0x31rmo22ivu

Requested by

Host: scdn.cxense.com
URL: https://scdn.cxense.com/cx.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.63.12.147 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

de715.cxense.com

Software

Jetty(9.4.28.v20200408) /

Resource Hash

4244f1d0a84530c05ab10a34036bfa9786ba3f156cbe549552040760526239d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 06:08:12 GMT
X-Content-Type-Options: nosniff
Server: Jetty(9.4.28.v20200408)
P3P: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/javascript;charset=utf-8
Content-Length: 116
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 usr Show response
usr.navdmp.com/ 358 B
431 B 161ms
152ms Script
application/javascript 104.16.11.243
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://usr.navdmp.com/usr?v=7&acc=60118&u=1&new=1&wst=0&wct=1&wla=1
Requested by: Host: tag.navdmp.com
URL: https://tag.navdmp.com/universal.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.11.243 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 50b45dc181467f71cfe75c4b86bdf071c51c0b0e802f44dcab5b44edbfb4879a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: public
date: Sun, 31 Oct 2021 06:08:12 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6a6ab51f5a8f874d-DUS
p3p: CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control: max-age=3600
act: f0
content-type: application/javascript
expires: Sun, 31 Oct 2021 07:08:12 GMT

GET
H3 200 container.html Show response
880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F5BE 6 KB
3 KB 41ms
17ms Document
text/html 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102801.js?31063351

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 31 Oct 2021 06:08:12 GMT
expires: Mon, 31 Oct 2022 06:08:12 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2CF0 6 KB
3 KB 37ms
17ms Document
text/html 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102801.js?31063351

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 31 Oct 2021 06:08:12 GMT
expires: Mon, 31 Oct 2022 06:08:12 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7FEB 6 KB
3 KB 35ms
20ms Document
text/html 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102801.js?31063351

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 31 Oct 2021 06:08:12 GMT
expires: Mon, 31 Oct 2022 06:08:12 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9A32 6 KB
3 KB 30ms
20ms Document
text/html 142.250.185.129
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102801.js?31063351

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.129 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 31 Oct 2021 06:08:12 GMT
expires: Mon, 31 Oct 2022 06:08:12 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

OPTIONS
H3 200 354
api-esp.piano.io/tracker/lucid/visit/ Frame 0
0 119ms
118ms Preflight 104.16.42.65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api-esp.piano.io/tracker/lucid/visit/354?story_url=https%3A%2F%2Fwww.elheraldo.co%2F&visitor=zF36jg5KRWQQhkd72eNnAkczyhQHZltF40wHIMdJX7VOSM2hoiSFF2988JNd

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.42.65 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.elheraldo.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.elheraldo.co
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-headers: Accept-Encoding,Accept-Language,Accept,Content-Type,Cookie,Origin,Piano-ESP-Static-Content,User-Agent,X-CSRF-Token,X-CSRFToken,x-vixen-token
access-control-max-age: 36000
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
strict-transport-security: max-age=86400; includeSubDomains
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6a6ab52048ed716c-DUS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

POST
H3 200 354 Show response
api-esp.piano.io/tracker/lucid/visit/ 109 B
918 B 129ms
128ms XHR
application/json 104.16.42.65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api-esp.piano.io/tracker/lucid/visit/354?story_url=https%3A%2F%2Fwww.elheraldo.co%2F&visitor=zF36jg5KRWQQhkd72eNnAkczyhQHZltF40wHIMdJX7VOSM2hoiSFF2988JNd

Requested by

Host: www.elheraldo.co
URL: https://www.elheraldo.co/sites/all/themes/elheraldo/js/jquery.min.js?r1tnuc

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.42.65 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

03145b6348fc1d29bf2cd35953b4c2a38676cc2a96af63a2a8ce2a7236fa8e02

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.elheraldo.co/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 31 Oct 2021 06:08:13 GMT
content-encoding: gzip
vary: X-HTTP-Method-Override
cf-cache-status: DYNAMIC
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
strict-transport-security: max-age=86400; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server: cloudflare
etag: W/"6d-Ge2FNLGCoG9hEqpSSxBew5RuTiw"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 36000
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elheraldo.co
access-control-allow-credentials: true
cf-ray: 6a6ab5210c4b7169-DUS
access-control-allow-headers: Accept-Encoding,Accept-Language,Accept,Content-Type,Cookie,Origin,Piano-ESP-Static-Content,User-Agent,X-CSRF-Token,X-CSRFToken,x-vixen-token

GET
H2 200 req Show response
cdn.navdmp.com/ 6 B
78 B 152ms
143ms Script
application/x-javascript 104.16.11.243
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.navdmp.com/req?v=7&id=f9d5efefeb972d90414dfe97709%7C0&acc=60118&tit=Noticias%2520de%2520Barranquilla%252C%2520la%2520regi%25F3n%2520Caribe%252C%2520Colombia%2520y%2520el%2520mundo%2520-%2520ELHERALDO.CO&url=https%253A%2F%2Fwww.elheraldo.co%2F&upd=1&new=1&h1=EL%2520HERALDO
Requested by: Host: tag.navdmp.com
URL: https://tag.navdmp.com/universal.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.11.243 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e6340844af1c0a02b8150c4bc93d54d679f716452d6a97cd99ed45786e97ed8f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 6a6ab5205aea874d-DUS
content-length: 6
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: application/x-javascript

GET
H2

200

sync Show response
sync2.navdmp.com/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=navegg_ddp&google_cm&id=67064758014
https://sync2.navdmp.com/sync?prtid=2&id=67064758014&google_gid=CAESEOlq0Ir_pGbVeYK7A7-Walo&google_cver=1

6 B
58 B

194ms
146ms

Script
application/javascript

104.16.11.243
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sync2.navdmp.com/sync?prtid=2&id=67064758014&google_gid=CAESEOlq0Ir_pGbVeYK7A7-Walo&google_cver=1
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Server: 104.16.11.243 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e6340844af1c0a02b8150c4bc93d54d679f716452d6a97cd99ed45786e97ed8f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:13 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 6a6ab5214b37874d-DUS
content-length: 6
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: application/javascript

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:12 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync2.navdmp.com/sync?prtid=2&id=67064758014&google_gid=CAESEOlq0Ir_pGbVeYK7A7-Walo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sync
sync.navdmp.com/
Redirect Chain

https://pixel.mathtag.com/sync/img?redir=https%3A//sync.navdmp.com/sync%3Fimg%3D1%26mdia%3D%5BMM_UUID%5D
https://sync.navdmp.com/sync?img=1&mdia=8bea617e-32cc-4800-87b5-48e62c32b6bf

43 B
153 B

154ms
145ms

Image
image/gif

104.16.11.243
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.navdmp.com/sync?img=1&mdia=8bea617e-32cc-4800-87b5-48e62c32b6bf
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Server: 104.16.11.243 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:13 GMT
cf-cache-status: DYNAMIC
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: image/gif
cf-ray: 6a6ab5210b2a874d-DUS
content-length: 43

Redirect headers

Date: Sun, 31 Oct 2021 06:08:12 GMT
Server: MT3 4067 88cc6bf master cdg-pixel-x28 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://sync.navdmp.com/sync?img=1&mdia=8bea617e-32cc-4800-87b5-48e62c32b6bf
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 0
Expires: Sun, 31 Oct 2021 06:08:11 GMT

GET
H2 204 cms
cms.analytics.yahoo.com/ 0
0 372ms
119ms Image
text/html 98.137.155.9
YAHOO-NE1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cms.analytics.yahoo.com/cms?partner_id=NAVEG
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 98.137.155.9 , United States, ASN36646 (YAHOO-NE1, US),
Reverse DNS: spcms.pbp.vip.ne1.yahoo.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7940 624 B
558 B 63ms
24ms Document
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsY583FlQEwAQ&v=APEucNWx6F40wUIWdEw5S5Fghe2JNi_e2FuuYxVVkPUbkFrnEIKxSAmYhcyZGZLvomL86eGVacNElSVCffXzt71hoZvOZdydRdV0v2Iu_rXMzLzw38G7rjuTgANuifwApcw0D5Kd3B2pOZKDyGZkMwEzVOAO7CCfbZMj1l30WjpD4RNTDGI75po

Requested by

Host: 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
URL: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 31 Oct 2021 06:08:12 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 31 Oct 2021 06:08:12 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 2CF0 26 KB
14 KB 79ms
42ms Script
text/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DEa79bNm4hDJWMtcOR-QagPgxkEBfJofiy3e48edocczKlhspD1P19-rDojgdjgA95fAi1A8wtoPzm_YaAtEP1T0zK8O9lkkSb2BqWN3whyqiDudTcbc9G9PDU6mqMjcI7KAh72NyaXcXVMJqNZP2cDHlVjQ&cry=1&dbm_d=AKAmf-A3Y09ebbUN_Ml_vtpPjmgY3Vrcpqsv4TZ7BbkSwz3kpfJGhCzUzqZwma89rlKSYrLbkZ9sckwKo_HawmqEeQZ71GmnRPtufoacUO5L91Y2bEUwytjvAtwIoHIYKMZQXwTxTNtIcCfmwKhYZ59hPWOrlyf9wdc_NE8RHHdCgOkhLNr0Qd6kaF-Q2iBsbrPUZmwPLaXQ9Ns8oBEa3PGbYN4tRl2OiC31343Z1sdYOvTy0bfZS2gW4_IHSGP40KSE5XBti2h5l4Re9GPsjZldhNgkChPT4QOMgrtG6YeP5U6Cnrwi59SmFoOfnD1od9rsZTovKl-R4TXPcb5JrPohe_IEaVWlFbuq-29CyYsUdtcRj-ozEzXzkWpfoaNmRxuaSzIiyCyn9ZP5H4cA44XL8JrGsHUmdzY6gkDNz8QMjxGaHgZTvCVP53lFr1uKrowAkA46Jk04dK0qN5j9kSXbDrhLh1uL6o2FGQJLqCr9iA5S_NdCqUvgsY9fXfOkatwRxOrVVS_gpi3WCD2_q1IO0Hs-aJsKH-vWw5HMp3-n54VO-Nol8dtSpQ1ST6eHUQGVAdzqd_Il8YdlnE_HHE7TNnhsiTpTT0u45qtq1zVTjZgfMQJsj9swll9ZCD0cTgV-N_r-eABjiidk_h7J5EjP4jjNoC3mB7f5oQkRx4ySAnFVHlOYWJkt-LSIZjnd8azZN3KT_KMVkKeybsd_-CVg4A01kJqAURPmVc3dOoCU1jht7wQ2_TmZeS9y75FKdVLwX4bvFBVi1WAyaTaXHNuz4AFZqHMquvYBcSUbA26F1170oiI0HcYq4xmByDu89v2jMQAFmyHaG9nHl_VH1D7vLHBbQ9z7JZXdxCdJnvvvpfREsUHj8XNOG2EphIBuoMqCSyb0NvPc3s1PF6TiaaFdiWpRcP6pXPX5TQN0n92-s_n3UYDF--2-ZEtNyP_bPR7TLnxTRus7IFbq-9yYmYU_d-OkbBZZaBbWvkQ-B_J1tWfIxYivGGauFQoxMplOYMEk0zprRU4yxCGix-JOlvC3wkB6ODmpdJJDSHi8NeVM0uas4AdK3q3aFP0m3Ra5YJNDGIvveiF-s60X39aZS6GwQouoTLD18THULKIky0ULxYpg6Mf8AydjNvz1YCnRy2GsZNyZffY8pOQ9i3N8Q2HcBsaS07xp5LIM2t57X8HGWKAZSOO2Tdh3AwvTMKVDtv1XaroafjrFtxGu8r2aeCzn_QAykuglNZCeY5QFIhr5WEnfBKssDEkyycxcV-WbkGiUMFfiCmwBn1L7FS03ShOGk7SWoTo00mXvWfHUTuDN2vCEFd4cTbuiCFQoQ6cwDgExtugAsX7ul2G8wN7QbHXcljmhK2p9WbMhCJ-bMJlg37GM2t9SJlnRqyt7HGSuxDU_vPR9eaHVXJn4dU5RRFQYWLkSa6Xwk4evbAphjbqISNWjcrZ6UwqHyUuULB7-iWtd5IYYavkwhKi10o4lI5PY8O_TTHBg0Zaxlrq4Spcm0xczJvGWXRXpUQMxP881UgO_fUlLG9sw3kyfYXImUHBpSOaKIL4IYiLYyQOuJ476TNrrcx6rackg1WjXgA6QBeOQy8l0Ul9IrugGeiD8uRd7MpBmAhDtO5HvXioiXgEt63CvX71hexrDdm-I42hqdFW7JDYmJ3Nnq18rj1n43i3QYi1gCM8oLUXfmkWzjQ7uhxmwfuEBts4EF4lqseAc4UOMr-iLk5EBfioPX6JbhrzK4Fva7aXzSDVxrSimBU1KpR5afCQpB7vCTJB16_qQbCFoEiHu-DiCu9TcKtMTMig2DwPWbNZ4kLTBSz7l2kHZQucdfBh0asWjOJnPfkjhmQ9JwbBQasa39qmpSx7k4Vupy68TVIPgP7rnuUtk_n_3AEZSPoIx442zp6fGOjdPSWMtFCotnGpjyfgVAwsdZYFZJgdFaDNWnOSJeeG7--N_Gfv7iPL0PD984JoEMSOm2FkR7f-Ch9UM1xpAROurvXthXt8fzqYRIBEGSCgrezASs8ln0hu9Fc51P1o5AK-VM5LK7YvoTlN-W-bEKnBi2lBm0-rNUqgZP-IeWvcTgO7Svl9UPKR5ciTrR0L_wLaew72-GV-sdEcTLdsWrW8iBQRKXzJSwOfzxGEC2T_gkSyOXeb2phLMZd3GI68EZ7CleIsbM7675HEQRvVxZN2kVJD4E5eTA9zfcN4xjhDGMiC859U6luu3guWMdKzU61DKjivQJK9FdjVyFSNh3D0p_fOCbbwDd3Q0kibRPOHQiY5_ZSlLWXy0uFv8x8TmyNlmWsQeTZkibyMvlG2AfecIlSitZisEGcKqQcYfgLXSAFoAIxbB3me2khBeAu8eIV_vLyO3fbDNPPZuTqwpUbCNbRCgsrkb9DTy8IvdUKnF334nsVwHhjOeMi7VNKa_DXbKMkS-nVbeCS9hC6rF1GBG0W85Ful6q7V8LiYLQ5l6el_wHrngbu5SiGoctbEaw8EIDvr6TPfAYa6XFjwhPkydltTIIc2LHCiBchclprW06N9ug2XvkfEF-rNWAYnaXwFIQzNK3DOGSr2agWbwUy7ZLO_DnArpSiYN8_Q1GhJ_K3DNS1zw4X0njxQS_Y2ky3OpmvIPuvdAEYpXTHP_mzCITnINvBUXtzfq4ixg1YD0RJtvaTbgcImVT_ucTu60YASdjv5Rs82yKDFin69Iv6JQFeGB9wYfF4X_RgAzPCv19wN3FvVNyVN8Ic2i6rCQynUPrQ1qx1zcP97Jgl2iDAe-0BhYcouJdilEA8ZzvdJy8Bm5JVeR6vQ45D0gUDmDkVD1Eoi6gEnAfLIoel2jOeKaGke9njVyaqqEkGmBlzzqMJhsxKZ9at3E4CCHpouksbwXO7o971HD_FrhkgPOqxI5MyI8hcc_TkFiXT9qjnj-jG5iDuvE16-0l4MyEtlrqPTzYl6Sd9w1-o7wshvS5EY2_lb_RvhCjdLkkmfvNv1wxyR7sfJAzDPaTQ77g1lLcyoNoK3Xezvof46rCwTRxrm7GjcULKa5hAKBV7fQ9OoQNn6kjad5SUALKyMc9otgF5Iom4sfkeTM5YudhNfOHl_6YF_oxsRAfTFQr1L1BEjMUaUsCd6kkeSz7n0zrcWxSQCg9jCp_sPJXpAh-ttauNDYZq81HkZwvqaGLnBi2Ypc5gwYvnluXmg7qjYuobQ6j-MnWoLgB6o3SyBdReAEJxYFB1iwLS5jebc0iB3AX0UFEeZTB3cBICHKulkjQThfzVXj644tfHO8zoDD&cid=CAASFeRoxD2rXp90RiUTEWHjc74tza1ZbA&rfl=1%2Chttps%253A%252F%252Fwww.elheraldo.co%252F%240

Requested by

Host: www.elheraldo.co
URL: https://www.elheraldo.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

e9a306515f73fd3f4a863163748535891638b6ef3be4c6ac89870142800e8094

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:12 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13758
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2CF0 42 B
118 B 50ms
49ms Image
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AFEsxuX3bW7ZjwmN3uuk8Ptr6X07hzDxdlKIX6sPL7vY_rxaK5-ELhlL4cN5DLCEtjAaLckxm_NvW9mj1PUyBLWmhKcAHrveZfQhuL_OFrTPXsB1w

Requested by

Host: 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
URL: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 2CF0 3 KB
1 KB 76ms
34ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/window_focus_fy2019.js

Requested by

Host: 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
URL: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

4af635698cb6488a8df86b99febedbc979c76e04f675f3a9cdc66f7b4d86aff6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 05:42:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1529
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1470
x-xss-protection: 0
server: cafe
etag: 9165589572046851897
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 05:42:43 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2CF0 120 KB
37 KB 96ms
73ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
URL: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

sffe /

Resource Hash

eaaa6059ef4c9ca12e78fcc03ae77ad4cbf05dc73c1fedf64b28a632868bd829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37344
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1635161763799786"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 31 Oct 2021 06:08:12 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 2CF0 14 KB
7 KB 55ms
14ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
URL: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

7155d8dd40ece849d72213770b3a5b84467de8c6cab5c3bda3266808502cb69b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:01:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 407
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6337
x-xss-protection: 0
server: cafe
etag: 7721474052657771746
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 06:01:25 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame B08B 624 B
975 B 56ms
23ms Document
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJKm1AIQlZHVAhiri7a3ATAB&v=APEucNXzEWqA1iIljZeT8S_UL2gwaJUi89c_1PMQ3fnJbQh19SkAOvBrrmrDA4k7PlbWfwfkG5_bDcNGKbf2XHBrQa2NX9wihMZVpnNCN1lle6pI67COKuMKsdkHhyr7yBMVMyH6VRWzZ5oZSjeQcSi_V-czCGN3hGQor4gLmOiAapUlTZouwoU

Requested by

Host: 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
URL: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 31 Oct 2021 06:08:12 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 31 Oct 2021 06:08:12 GMT

GET
H2 200 abg_lite_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/ Frame F5BE 19 KB
8 KB 16ms
16ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/abg_lite_fy2019.js

Requested by

Host: www.elheraldo.co
URL: https://www.elheraldo.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

9098bce32fa311e967ba3bae1f3c4763801acf08ba95c67fb477f468e42a69a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 05:58:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 566
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7760
x-xss-protection: 0
server: cafe
etag: 2659786357195577193
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 05:58:46 GMT

GET
H2 200 omrhp_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/elements/html/ Frame F5BE 6 KB
3 KB 18ms
18ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/elements/html/omrhp_fy2019.js

Requested by

Host: www.elheraldo.co
URL: https://www.elheraldo.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

fb9268e99659f17a183de7aa0d4e27453f96c159a7ba99d6482522f8f72d1009

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2631
x-xss-protection: 0
server: cafe
etag: 10983085961369067521
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 06:08:04 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame F5BE 0
203 B 76ms
60ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvyXyU9-RrLIRxeqYr1NMfo3TbXc4HVXLoSpqant5CHaTfiBgjmBHbLAF_6btLVhD9lpn9SW5VQuvMnGkwiaVT8gvNGYo-4qtLU-Uuu3TLlFNR6LJ2VH-3axsBws8KhkvPqnJ5rAtXxdN1ItSG6cJIkJSCeMC7KH_el25cMbCZuZptYbpqYhrHUYx2Y2aMF2dik5IX4W05OLX-7CDBgFgU8t9v3Gq5Bn7xEfyLMYfLaDU3nb9BxPacv8Tfjz7Vj6YpznOZM7Os1bitkN7CWy_vDMU6knRPvXVfCA6WUwN6ycO_gl00LVyz-N2LuyC0qjCLIHM0yPAhoSVARbz_daOIxgYw-gyvzXb92Ep7WSGzhPLLY5HfrBsIkqwHuqd0U29_KFuGjhMKrp1fZ7pU0_DNdE1hdtta4-dUphMfplBso_3n2z-v6wFFFQnhmr7R0fFB-y_J1R4SkdqjOPADB8LyIgxYifj5urburdpFIc37tbUbjZ-dTFDORkYxy6XaJJD0W4HRCdizjHQHKgtaVq1-ZuJtNuwTRljz7q6bfFP8ZTrwfIGYizI8RnQzigJYSYVpY1yrexdncf7wmbSObRg7k-VpYDs4W9A15Dagg_j0Xns0bWSDiXG1rC5md-t1XYgi13kkcXbtXLf1E_5E2w1KztAmQJroRE8JgfLIaly31Tmydif9eYOFPsq39dDCBSio6M2TQ8eMrVEM7u_dFJv1I69zUNsnsXJ5vdYzKih8Og-_P_RAwdjrhx4udwvUVK4BoKwyhfaX-79qiSWG9XUeP6FPQQyZ5I3ZQD-Zo8D8yW9Hazg5y2fjv3vyaQh6oAKYRw0YZ0TpBA5A7Yf6v5t1RpF9BJKJEkLoe9S2GWGxXlgVl2rkYdXLSwZDHOMmr4Ix3u0ac8UOyVccOBczjGYYMWdea-Nrjo17kQRRlZRYkoBAcjs_WrhZdk1pLtK176-j_JIBI64eViipU0hj4t1xXkjX-_qAscNpu1GXftDs96RF-xvs-lB7I3vFNF65kUzUXRpnRbCSk_v5B8wgNDidmp9gUP5dDv-h_p9ja5oCDEKcQ_9HaVzJAOJBICgTpdWgZ50u_g95v3MoRZ_iMoQ3gA-vkRwKsvUiU5luuXLgxUwOdS7w4ZVWPNVI8Fx76WOF6w_uAusj5Oe6VWDqEY3WVbh6E_01D7KieFlG3ZNM_2zY8ka1T3mAcVhc0jF8OK8JU5rXjuUDe5Q&sai=AMfl-YTEL5rK3eBv9Svt2kz1ksdXA5LJX3_BcK3BeRhZQ0VpIZ3snZmGnlqPj-d9Xr31EhmG_7DPS9f_avei7RBISnmIV5e_OeZdM9SOaq72hpYd16wFM6_NFFnZrcAllJZ-gE9LQpSvXyNUdOv6TYyXdwDRmEM9_2tYrRVm2sevw6D3No6JzPwvRLHo0l3gOya91RXO8lLTtgIpiaOZqGH7TRZh8S6-TsWC_IyktT-z7hREW64EdVDarKWA6S8ykR47jDNFYGbEKh0BiQQDpvQ3L02ta_E8_r5b8kEm2iscekgxV_qxEhJzm2xZbGIGEJ0sCV7xUXYGMJRKeicf-a4oTU8Amw39WbnuLj_CBYP5gK8T2MKBxU_GS6fmP93Cmpo5Rmp7BVVpe0n_BlMh2TODdA&sig=Cg0ArKJSzJFn4n9Vy2GjEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=0&cisv=r20211027.99244&adurl=

Requested by

Host: www.elheraldo.co
URL: https://www.elheraldo.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sun, 31 Oct 2021 06:08:12 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame F5BE 41 KB
15 KB 58ms
28ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.elheraldo.co
URL: https://www.elheraldo.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 14:19:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 229708
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Fri, 28 Oct 2022 14:19:44 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F5BE 42 B
107 B 71ms
70ms Image
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AihZRUX2MTf9tuaFEdgjiJCyPVbxRDbIsPWfH-wY5N6CRYLfBd6V0Tgo3Zvm5FNl-Rw2wGBcGKiSurTAUagWKRNxRsnaI8JcFMx5NSt2qp2OuKsoA

Requested by

Host: 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
URL: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame F5BE 3 KB
2 KB 63ms
33ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/window_focus_fy2019.js

Requested by

Host: 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
URL: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

4af635698cb6488a8df86b99febedbc979c76e04f675f3a9cdc66f7b4d86aff6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 05:42:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1529
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1470
x-xss-protection: 0
server: cafe
etag: 9165589572046851897
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 05:42:43 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F5BE 120 KB
37 KB 89ms
77ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
URL: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

sffe /

Resource Hash

eaaa6059ef4c9ca12e78fcc03ae77ad4cbf05dc73c1fedf64b28a632868bd829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37344
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1635161763799786"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 31 Oct 2021 06:08:12 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame F5BE 14 KB
6 KB 45ms
17ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
URL: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

7155d8dd40ece849d72213770b3a5b84467de8c6cab5c3bda3266808502cb69b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:01:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 407
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6337
x-xss-protection: 0
server: cafe
etag: 7721474052657771746
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 06:01:25 GMT

GET
H2 200 3591169250840744178
s0.2mdn.net/simgad/ Frame F5BE 128 KB
129 KB 101ms
6ms Image
image/jpeg 142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/3591169250840744178

Requested by

Host: 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
URL: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

sffe /

Resource Hash

a76365658428d1937cdb1ce022376a7bfc0f94b6309ca2bf80d5b2406065b9f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 22:00:13 GMT
x-content-type-options: nosniff
age: 374879
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131126
x-xss-protection: 0
last-modified: Tue, 12 Oct 2021 15:49:22 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 26 Oct 2022 22:00:13 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 638B 624 B
340 B 82ms
61ms Document
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLCb4gIQ_8PTxAIYrdK4uAEwAQ&v=APEucNUf-3d1NJymas41tGi4HHTn1KjwURFHIfKLb76b70RaB6xOk5b92gxZDvZjZuzn3gIzpe7s_oxCkDxeFhQsoVEzTRn1_dPkF8UaCeQAu0yNK-VUfsckf57XwGf5A72-741jPEI-GmB4eUbYGrWwW1DV0OTM8tNYZS6vHNuojiY6JAuW9mg

Requested by

Host: 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
URL: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 31 Oct 2021 06:08:12 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7FEB 26 KB
13 KB 79ms
59ms Script
text/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BPckhNR8DF-7AFxhtz6GwgeqoZaj711_a0eI3L-TDSZKg1r6C9ZuqkxQjw0HGYOHK6oIX7yJwdEvzfb9QW_JnPmcTMt3sxyudSUiSQy0tSCsWZNG2l2Axgb7010SDM-KcGtLW6MY_qurKBwjYUm0G_9rVy7Q&cry=1&dbm_d=AKAmf-CcI1tc41gX-tj75PdwrbdPUGRKGCJXnp7mnuKT_qfMEBGc1b7RuqMFpap0wLYk5qwv0cHohF6bYgNL51nLkgQxh9GjtMORbCvQE1RpBPu9g5eTMu79pndPRCrlDA42VrIhCsfEjECNnxv5re0o9QaoOu5SJyCKzNmIl7OFfzaOhU69Xb_t4yDiF-rzAAcHzM4RiRqZFQ5FpvH0rVJtD8z0aCG8wNrn8sRcyY40uRnSz7aWSyqHUReTe3BRILssTlAMP0YguQfjU42NngabCPh4yzTyy1FnDO70n6PPX9Mg_vvm9BmSHhZfz95wtkysO9-lYS0qL29M6uz3VA5H9Liqok6LM6Cu_xpWvo33G6wTQjhWahPdWRss6rgaY7wzT2gYiHm_UM_KQhasI34OrOCExX-2ZfkIDMl_FbW0CaOYRr8gzdSzV61zOseJ6xuzu1pkwPr6tKz9FG5mF22THJjN5o-W5WbWh-9pi6a9NlcXbQJzRwkkON43yiTZnbo8kedvr93hw7UP3EWYxL2oPxYA1m7KCQvJ4RjkFZGDHM8IFRq2GLEm4XDI3kYjJiNdf48CHvrowmtl6Gk4U5bcNuCzOYbO_incpfbqDhONKfnEphFJiBTl3LfEd4hJILD4tA7iBw4EQ8I0xOvXVZ086JUNVKytC-qzS2VDf7KpzXLCveAVIGBwl_rINZQbPGBLbj5rcB_4HBXSFA418HVsk1eHqcVrlRSWd0oRwbw5NmFvPIel4qVpmPBkx4sfVSNpSCt2639pzgpCy6Vfb_2SL1e8S3VZxN--J4oDIEAjPl7EjQ9GNNUP4-H0vmlJT6hyRMBBU5cLCX9A18OkaFWneBsZMFWdGlB2dMddh6g2QeLgf6ElXuWkO2K1W58u6QBo1g03I_eNGhaoCCDIJWhN_T0PuOt4SitLfyRbCYajUIhHAziB-oiPkiSkC7N3SmmZFSNzMBIyK29HNSJcoolc3ZVQGlPXD48QKI_QX1qUREUCDaRVvfAVH7Ph8bQW1ak-vucimGpomrufxQeyHfb7IttHUD5kp7a-Aor7-U2OOGBE08v6o0uvQClqO9DoCSNHnV61SidkRotKHgZdk0D0BKoE-yKuk_xMnSfOkItdOusnUc-Thx212q6FKQi61MwQPXvhWNaVszwehTwVyf_awmABB0Mw4zISXyyRRVfMkDzOiBwOCSOmC2MthkNzxn8L9GQzjxVhkHYxikEQSpZQzK4FrU5MHZ1VeELrpG4EuLmdnFR3kM4OdETksKzJYOX02XAPo0nh05U1kspYQGQlOZ4vHfM9f1DJAqNOeToRY2B9ZUzaSgLLMAaeqIw6Z2H0sS7N96iHI10yZR8lzc1k8JZCM78YDtZ0fcIdDGgqEiVUmYINyDmRs5pXM8G_jT_EK2zv4YiCYP2zZzYPZ9YQguIP_32kWPRd8Z9LRrmZDGWFbq10g1DV29KJz1nYIhJzyFErhbtn_EYGvc69AoqyELpQTWUCuLPPq-zIQHWI8V0ifw_HAwKhw4aXjjZrNW44D48sdxQpXREekGw4zQAhUEwow0rXwKu8M8aH4gd28V1C5vs1KPJ4-x2V1DdbDVuK-P4YklYuKpF6hoN572R8V7ibrpQCUUL90AsnaJ1cgttghLcZ-IDBYZC36Qq2GpDFnm3H7kBLqvYjdprYil56G5ILTkOmvZNpjkcD_ZM4Ak1KkTEP0z5KwDSy3RxgKtxXjoQnKFxtWcEm2dv0WMPkfvdxhepaGUpeG5vMfMy_IjOAtPgTtxziWFWi2yAbCRucyQAoycAvtxnUdn933zQyl-GTK5smrEMBxedqsTRsrrbq4UaiB0dMrj9wa-lzzustKuxPnGme0CZ1vGii1oPF62kf__Vx3H3GRDd0mR7FIVXsl8Hsg0fWvvnJmUToD-40wmHxwz5xe0jGGyc6tjxF-2oxavpdO9wcYcoCDYKILtyoCz1qYgar_b6VI4pdS_PBzkSBzWqueI7zhac0TMlxmL-jPI7I-e5RPO9YlKwoemAYxC30UgUPURHxC1Q411J2_kU0epKCXxPLJbNONeuDje5fVX-rGRS8xEMv54d4OHz_0pYejiRmAzYpPgCWEo7aMXzsZleAmXo7LbwG__FWMBXekY2Kh9KFtuwRxKXsXhJLuIW1fq2MpnSRB_pZ8qH9jEgfNO4nbylCRarGI_tfHsITDciUUXMG8ZbQe-WnSd3lcQRBzPUNOqagHZYONrS7vXoKU-MlqGdNe-HsdW33vZP-hS39ikFx0eoQNTmVq24WNuP3XF42vqPam6NfqPLj3ATZgWDFxW3h1aTcH2DZ12XtEAq4sCbbefftm8f22phFAkOeQqoPBuG-VYTzAVmVJKhUuco2yVYicbyxkeOQkBHpMgHODitB3bN4HSDWBt8PLfdjQ1BULJK_xAIWa_amljTnav_ZretGI5FvTHX66l3CSGx4oqnkQNHQKa1t2d2OQz5zm8gVWLW-ux-dIFhpvUFqDtWaOSjBY6w-HzqM8ClZ-revyu11AgdVDwQaAeNQRTvQSb4ac2g74IOrkSSGl43SgaogYE6rgmJl1X_MAcB73-37iySS8UUlkDcH1l5FO0qIWOOgjHNfYhzjAYD_xdvTMGm7UrcACcXXbZ3yzfVDGpUP0eeRMYGZzlIaggdPjrXe5_QAMi93r4y_4eE2mL68suORoESXjC13_OBVA12uijG0aBBbRjxFOaQyk2uZNb6uZZPL3w7CasKU8WnD8RWoAQrO0tQrvKJCQi4sBK5EKQbqN_d_ayY4FArxFwGfHkBT6HfX3VW_RTCKla-uWbZwepqYTpBnZqToUDagGolLDiduqyv-5WWkqfeGM9FLwUu-uvTprkh90kPI42QY4iLRPnlLGsZkrsK62D41KgZNCxk6QJ4ysh0OJzB18nanV61lDZLbAO-IaUeWm2-3OFzLEujt00mtmItdIB0kZOoH-CqZjYojAutdDJjoKNOI-p_50e2EimzdGsM-q1JCbimPU1aRBxUC7NqZ9BXlyKs-gACkF_KQCdQka8jzM81E0VfD-arQF324OIHOTxz1cuSL1SKNoBvTg0Shb97779bXxA2rDmAvO82f6DlnRNUk8OmO-2F8q_9otlsTjM8FBJoJW5O4uxl7TTQLHnHbk3I6yhQ2IOqw8m5raTePe7ar-ZIgwffDrbIfhqg8n0Xc9hqFHKpP14N2-mMNmC0ppxQ6CX5-sw&cid=CAASFeRoMcZaqGQSRPzQBpQOQLFGfUP1Zw&rfl=1%2Chttps%253A%252F%252Fwww.elheraldo.co%252F%240

Requested by

Host: www.elheraldo.co
URL: https://www.elheraldo.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

bb79fff632114803a2bb9f4cea18961e9ab777c47ba611ac32e208d7509b268d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:12 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13636
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7FEB 42 B
107 B 37ms
36ms Image
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C2Yd1Mr5SHwitCyimHQ9WQPOVt8JdkSVBogHE0axnmPQqxsLnH_f7piPHl5g8VrOgZ1B3VVBxK8FZyrfM9gp_RE9dlGGKamyYmATJHhNmomo81w6E

Requested by

Host: 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
URL: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 7FEB 2 KB
2 KB 119ms
22ms Script
text/javascript 37.157.4.39
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=50436508;click=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CyhP6zDJ-YefeEI_igAezj62wAruW_8tlu6Ts99sO8C4QASDn_MZnYJXikIKgB6AB0JDRuwHIAQmpAi6C9C-RZbM-qAMBqgTsAU_Q1oointrLzVhVjYfyfCEJz3TmUg-FycsiZUIxwuSycVS0zePM9aOvNaKdV8dSznMQEX2rVl9LEBQ1AMNWAsVrnkE9hJZbgfEmpQf6dcwUCrYNnxt8lvArTcgpny3nSj7HDelKv4BkeYPVArFPrLCh_PnaJ3tUIgawO1BhvynsH-Uj6eZEeR8k4FPpsw6dg0dKw8jECszsF_Dk6khQBcg8Akyyg9uMYKWwp5vhois01G_EPP1CBUomC30MT8BvpUcrQg_nirgGwENC3lVAR3hdZIa9Y1-cZa6Nr2VchIqHmaCpBBZNnZg1-COMwASTh8OqzAPgBAOQBgGgBk2AB5jvrsQCqAfw2RuoB_LZG6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiI4YAQEAEYHYAKA5gLAcgLAYAMAbATvZmFDdATANgTDdgUAdAVAYAXAQ&ae=1&num=1&cid=CAASFeRoMcZaqGQSRPzQBpQOQLFGfUP1Zw&sig=AOD64_04UI-hiw0NQ5Ytk1SkSPi8IqwZdw&client=ca-pub-2063825275429439&dbm_c=AKAmf-BseaezmktnIVCgKfKKZUGMA6AHVdEpTvLMIarRzcT5GRLddmU8frhCWxFCMaJ1rlfzIu4i1FnWm6YN_R-fNXqHH8i3DTrehbuRBvvtMl9u-OFuCePe-R8mXm4FVeGLE45z6pl74Si5FsOhybPsAfJd7Wy-gQ&cry=1&dbm_d=AKAmf-CTrkC98jkSMQa5xTrdhosWE_B5j2gvH_JxBPBbYJ-nwbVqssB8KsjeL_RqB5iIZ1Mpjfsop4O1dtBstyp0BfUmbti8eWdAACnEHneKwzHiUFrJS4dD1BRACDzcIrBKjTfWyCgYAYs7hL0fGsf3p1uAptXx6iT6Xht2xfygeWxKRkmBfxF7BhYDwotnVuLb_ejpUFoE8hs15XA1FcwZvvYE2vzlHLYUSvTTX93lteW5KyBXQ-byQhKqqb2tOhJPfulCcwJJ6gbIZ4vFryrfIkbV1QZ2wKwsFIlGYvTHMtnCAOSDRGtghtdXoPIH-VVsemeeNN3PX7fOBAnPM1P810Mk4xE9MtPuCt_CI9M2dhcLRn0CpzE7oCWORFHPuP_g2damcttEXMbdS01ki_vTkVucZBctqTB3Sotengg7a5yAPmZgMuPOrqJOhGWxtq6k_QvaBmmfxwZ0ybsTB9pWOllJhykHKg&adurl=

Requested by

Host: 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
URL: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.39 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

5dc675effaff1f7428bf16fa9cdf2bfcdce5d099e7ccad7c1274d2768af8a594

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:13 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 2053
expires: -1

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 7FEB 3 KB
1 KB 59ms
35ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/window_focus_fy2019.js

Requested by

Host: 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
URL: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

4af635698cb6488a8df86b99febedbc979c76e04f675f3a9cdc66f7b4d86aff6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 05:42:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1529
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1470
x-xss-protection: 0
server: cafe
etag: 9165589572046851897
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 05:42:43 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7FEB 120 KB
37 KB 39ms
34ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
URL: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

sffe /

Resource Hash

eaaa6059ef4c9ca12e78fcc03ae77ad4cbf05dc73c1fedf64b28a632868bd829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37344
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1635161763799786"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 31 Oct 2021 06:08:12 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 7FEB 14 KB
6 KB 41ms
18ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
URL: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

7155d8dd40ece849d72213770b3a5b84467de8c6cab5c3bda3266808502cb69b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:01:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 407
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6337
x-xss-protection: 0
server: cafe
etag: 7721474052657771746
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 06:01:25 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 7FEB 0
0 54ms
23ms Image
text/html 142.250.186.36
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTIpQlRMtEg2oLU6mPfJyF47P_zeW-WuBFFbn-aX2TlEiMiDuFlyJpKYTm-ORL48-E44ylktsZ4oB8Hg-aA0trpNI2Dmw
Requested by: Host: 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
URL: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s04-in-f4.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/ Frame C315 76 KB
21 KB 41ms
36ms Document
text/html 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/index.html

Requested by

Host: www.elheraldo.co
URL: https://www.elheraldo.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

5236be883713c6bc5c3b466e256a214bcb387458c66fc7cd6f4cc3f02f89df03

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin: *
date: Thu, 28 Oct 2021 20:56:33 GMT
expires: Fri, 28 Oct 2022 20:56:33 GMT
last-modified: Thu, 29 Jul 2021 08:43:51 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 19655
age: 205899
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 9A32 0
0 52ms
50ms Fetch
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CnSrwzDJ-YejeEI_igAezj62wAs39ltVl38HW9uQOkJLJ48IBEAEg5_zGZ2CV4pCCoAegAZ_StbcByAEJqQIugvQvkWWzPuACAKgDAcgDCKoEkQJP0LNyoApdOcaDMCeskWaJH7f372ppNg-fMckxspMvArHHWLirRtLWzmqXVKf3egR1QupYSXCruefXloX4_SJ-7uyQj4YgRV91POKbejb5bADCJP6NWI4xXmKILGGdmAznIv7a-cXLtppfbv9PbyAEDlt-YlCsmYd_yzytWOw7Ak3FkCWZ2ks6m_jwcKeIjWgWQk4iQu9E07mNOOY4XzaFaXg1aYJsB_hGNXMEaiAZLEzCyciH8pW7TX4mNEHMnpEQQJdRerDIXL2bJqqbbZnGsy7fkS2me8rolP8g5iY0YChBkU4FdNSbXl9ygVBxT0aaPJN6L94zn6FCcn4kjafr0Dc6oqG8WbC7MBKYIlivvUzABNjtu6nPA-AEAZIFBAgEGAGSBQQIBRgEoAYugAfJrcrIAqgH8NkbqAfy2RuoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBCs2RPSCAkIiOGAEBABGB2ACgPICwHYEw3QFQGYFgGAFwGyFx4KHAgAEhRwdWItMjA2MzgyNTI3NTQyOTQzORiN5BQ&sigh=txPFE7debi8&uach_m=[UACH]&template_id=419
Requested by: Host: www.elheraldo.co
URL: https://www.elheraldo.co/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s53-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/ Frame 9A32 19 KB
8 KB 43ms
41ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/abg_lite_fy2019.js

Requested by

Host: 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
URL: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

9098bce32fa311e967ba3bae1f3c4763801acf08ba95c67fb477f468e42a69a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:04:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 230
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7760
x-xss-protection: 0
server: cafe
etag: 2659786357195577193
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 06:04:22 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 9A32 3 KB
1 KB 45ms
44ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/window_focus_fy2019.js

Requested by

Host: 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
URL: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

4af635698cb6488a8df86b99febedbc979c76e04f675f3a9cdc66f7b4d86aff6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 05:42:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1529
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1470
x-xss-protection: 0
server: cafe
etag: 9165589572046851897
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 05:42:43 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9A32 120 KB
36 KB 64ms
63ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
URL: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

sffe /

Resource Hash

eaaa6059ef4c9ca12e78fcc03ae77ad4cbf05dc73c1fedf64b28a632868bd829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37344
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1635161763799786"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 31 Oct 2021 06:08:12 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/ Frame 9A32 14 KB
6 KB 43ms
43ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211027/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
URL: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

7155d8dd40ece849d72213770b3a5b84467de8c6cab5c3bda3266808502cb69b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:01:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 407
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6337
x-xss-protection: 0
server: cafe
etag: 7721474052657771746
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 06:01:25 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 9A32 0
0 32ms
24ms Image
text/html 142.250.186.36
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSKWCsciYhhoQdMGJntMSXem30dN_wBv-quvElqWzH9nsWZFr_eS-D_pCasgPuIHeMo8ej8HNu5zaDWguUGzwPdebruRw
Requested by: Host: 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
URL: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s04-in-f4.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 74B3 0
18 B 54ms
18ms Document
text/plain 157.240.221.35
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.elheraldo.co
URL: https://www.elheraldo.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.221.35 , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-lhr8.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://www.elheraldo.co
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/

Response headers

content-type: text/plain
access-control-allow-origin: https://www.elheraldo.co
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
date: Sun, 31 Oct 2021 06:08:13 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame B08B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI7dptcEsmtjjo83nWl1g50&google_cver=1

43 B
1014 B

35ms
21ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI7dptcEsmtjjo83nWl1g50&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJKm1AIQlZHVAhiri7a3ATAB&v=APEucNXzEWqA1iIljZeT8S_UL2gwaJUi89c_1PMQ3fnJbQh19SkAOvBrrmrDA4k7PlbWfwfkG5_bDcNGKbf2XHBrQa2NX9wihMZVpnNCN1lle6pI67COKuMKsdkHhyr7yBMVMyH6VRWzZ5oZSjeQcSi_V-czCGN3hGQor4gLmOiAapUlTZouwoU
Protocol: HTTP/1.1
Server: 2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 06:08:13 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 31 Oct 2021 06:08:13 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:13 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI7dptcEsmtjjo83nWl1g50&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame B08B
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YX4yzSL8WSLujiuqaCvP6gAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI7dptcEsmtjjo83nWl1g50&google_cver=1

43 B
894 B

17ms
15ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI7dptcEsmtjjo83nWl1g50&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJKm1AIQlZHVAhiri7a3ATAB&v=APEucNXzEWqA1iIljZeT8S_UL2gwaJUi89c_1PMQ3fnJbQh19SkAOvBrrmrDA4k7PlbWfwfkG5_bDcNGKbf2XHBrQa2NX9wihMZVpnNCN1lle6pI67COKuMKsdkHhyr7yBMVMyH6VRWzZ5oZSjeQcSi_V-czCGN3hGQor4gLmOiAapUlTZouwoU
Protocol: HTTP/1.1
Server: 2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 06:08:13 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 31 Oct 2021 06:08:13 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:13 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI7dptcEsmtjjo83nWl1g50&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame B08B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEHI3BLKhoxoxSLi7_eN71eY&google_cver=1

0
580 B

42ms
15ms

Image
text/html

185.33.220.145
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEHI3BLKhoxoxSLi7_eN71eY&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJKm1AIQlZHVAhiri7a3ATAB&v=APEucNXzEWqA1iIljZeT8S_UL2gwaJUi89c_1PMQ3fnJbQh19SkAOvBrrmrDA4k7PlbWfwfkG5_bDcNGKbf2XHBrQa2NX9wihMZVpnNCN1lle6pI67COKuMKsdkHhyr7yBMVMyH6VRWzZ5oZSjeQcSi_V-czCGN3hGQor4gLmOiAapUlTZouwoU

Protocol

HTTP/1.1

Server

185.33.220.145 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 06:08:13 GMT
X-Proxy-Origin: 216.131.111.132; 216.131.111.132; 623.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: cf8c8174-f269-41ae-b268-e2118447990f
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:13 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEHI3BLKhoxoxSLi7_eN71eY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B08B
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTc3MzI1MzIyNDcxNTQwNjg1

170 B
188 B

37ms
35ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTc3MzI1MzIyNDcxNTQwNjg1

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 06:08:13 GMT
X-Proxy-Origin: 216.131.111.132; 216.131.111.132; 623.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 014ef872-fd4d-4477-8a1c-ba66b1f08e86
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTc3MzI1MzIyNDcxNTQwNjg1
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7940
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI7dptcEsmtjjo83nWl1g50&google_cver=1

43 B
1014 B

36ms
22ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI7dptcEsmtjjo83nWl1g50&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsY583FlQEwAQ&v=APEucNWx6F40wUIWdEw5S5Fghe2JNi_e2FuuYxVVkPUbkFrnEIKxSAmYhcyZGZLvomL86eGVacNElSVCffXzt71hoZvOZdydRdV0v2Iu_rXMzLzw38G7rjuTgANuifwApcw0D5Kd3B2pOZKDyGZkMwEzVOAO7CCfbZMj1l30WjpD4RNTDGI75po
Protocol: HTTP/1.1
Server: 2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 06:08:13 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 31 Oct 2021 06:08:13 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:13 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI7dptcEsmtjjo83nWl1g50&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7940
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YX4yzSL8WSLujiuqaCvP6gAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI7dptcEsmtjjo83nWl1g50&google_cver=1

43 B
894 B

15ms
14ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI7dptcEsmtjjo83nWl1g50&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsY583FlQEwAQ&v=APEucNWx6F40wUIWdEw5S5Fghe2JNi_e2FuuYxVVkPUbkFrnEIKxSAmYhcyZGZLvomL86eGVacNElSVCffXzt71hoZvOZdydRdV0v2Iu_rXMzLzw38G7rjuTgANuifwApcw0D5Kd3B2pOZKDyGZkMwEzVOAO7CCfbZMj1l30WjpD4RNTDGI75po
Protocol: HTTP/1.1
Server: 2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 06:08:13 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 31 Oct 2021 06:08:13 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:13 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI7dptcEsmtjjo83nWl1g50&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 7940
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEHI3BLKhoxoxSLi7_eN71eY&google_cver=1

0
580 B

51ms
23ms

Image
text/html

185.33.220.145
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEHI3BLKhoxoxSLi7_eN71eY&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsY583FlQEwAQ&v=APEucNWx6F40wUIWdEw5S5Fghe2JNi_e2FuuYxVVkPUbkFrnEIKxSAmYhcyZGZLvomL86eGVacNElSVCffXzt71hoZvOZdydRdV0v2Iu_rXMzLzw38G7rjuTgANuifwApcw0D5Kd3B2pOZKDyGZkMwEzVOAO7CCfbZMj1l30WjpD4RNTDGI75po

Protocol

HTTP/1.1

Server

185.33.220.145 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 06:08:13 GMT
X-Proxy-Origin: 216.131.111.132; 216.131.111.132; 623.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 16b36e40-c759-4d64-be27-b8d0eeb33203
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:13 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEHI3BLKhoxoxSLi7_eN71eY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7940
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYxODc5NTE5ODc0ODMzOTg0OQ%3D%3D

170 B
188 B

32ms
30ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYxODc5NTE5ODc0ODMzOTg0OQ%3D%3D

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 06:08:13 GMT
X-Proxy-Origin: 216.131.111.132; 216.131.111.132; 623.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 2f723c43-96f3-4866-972c-d95aadeb1757
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYxODc5NTE5ODc0ODMzOTg0OQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 07EB 22 KB
8 KB 42ms
17ms Document
text/html 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Wed, 27 Oct 2021 14:26:02 GMT
expires: Thu, 27 Oct 2022 14:26:02 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 315731
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/ Frame 2CF0 24 KB
9 KB 18ms
17ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DEa79bNm4hDJWMtcOR-QagPgxkEBfJofiy3e48edocczKlhspD1P19-rDojgdjgA95fAi1A8wtoPzm_YaAtEP1T0zK8O9lkkSb2BqWN3whyqiDudTcbc9G9PDU6mqMjcI7KAh72NyaXcXVMJqNZP2cDHlVjQ&cry=1&dbm_d=AKAmf-A3Y09ebbUN_Ml_vtpPjmgY3Vrcpqsv4TZ7BbkSwz3kpfJGhCzUzqZwma89rlKSYrLbkZ9sckwKo_HawmqEeQZ71GmnRPtufoacUO5L91Y2bEUwytjvAtwIoHIYKMZQXwTxTNtIcCfmwKhYZ59hPWOrlyf9wdc_NE8RHHdCgOkhLNr0Qd6kaF-Q2iBsbrPUZmwPLaXQ9Ns8oBEa3PGbYN4tRl2OiC31343Z1sdYOvTy0bfZS2gW4_IHSGP40KSE5XBti2h5l4Re9GPsjZldhNgkChPT4QOMgrtG6YeP5U6Cnrwi59SmFoOfnD1od9rsZTovKl-R4TXPcb5JrPohe_IEaVWlFbuq-29CyYsUdtcRj-ozEzXzkWpfoaNmRxuaSzIiyCyn9ZP5H4cA44XL8JrGsHUmdzY6gkDNz8QMjxGaHgZTvCVP53lFr1uKrowAkA46Jk04dK0qN5j9kSXbDrhLh1uL6o2FGQJLqCr9iA5S_NdCqUvgsY9fXfOkatwRxOrVVS_gpi3WCD2_q1IO0Hs-aJsKH-vWw5HMp3-n54VO-Nol8dtSpQ1ST6eHUQGVAdzqd_Il8YdlnE_HHE7TNnhsiTpTT0u45qtq1zVTjZgfMQJsj9swll9ZCD0cTgV-N_r-eABjiidk_h7J5EjP4jjNoC3mB7f5oQkRx4ySAnFVHlOYWJkt-LSIZjnd8azZN3KT_KMVkKeybsd_-CVg4A01kJqAURPmVc3dOoCU1jht7wQ2_TmZeS9y75FKdVLwX4bvFBVi1WAyaTaXHNuz4AFZqHMquvYBcSUbA26F1170oiI0HcYq4xmByDu89v2jMQAFmyHaG9nHl_VH1D7vLHBbQ9z7JZXdxCdJnvvvpfREsUHj8XNOG2EphIBuoMqCSyb0NvPc3s1PF6TiaaFdiWpRcP6pXPX5TQN0n92-s_n3UYDF--2-ZEtNyP_bPR7TLnxTRus7IFbq-9yYmYU_d-OkbBZZaBbWvkQ-B_J1tWfIxYivGGauFQoxMplOYMEk0zprRU4yxCGix-JOlvC3wkB6ODmpdJJDSHi8NeVM0uas4AdK3q3aFP0m3Ra5YJNDGIvveiF-s60X39aZS6GwQouoTLD18THULKIky0ULxYpg6Mf8AydjNvz1YCnRy2GsZNyZffY8pOQ9i3N8Q2HcBsaS07xp5LIM2t57X8HGWKAZSOO2Tdh3AwvTMKVDtv1XaroafjrFtxGu8r2aeCzn_QAykuglNZCeY5QFIhr5WEnfBKssDEkyycxcV-WbkGiUMFfiCmwBn1L7FS03ShOGk7SWoTo00mXvWfHUTuDN2vCEFd4cTbuiCFQoQ6cwDgExtugAsX7ul2G8wN7QbHXcljmhK2p9WbMhCJ-bMJlg37GM2t9SJlnRqyt7HGSuxDU_vPR9eaHVXJn4dU5RRFQYWLkSa6Xwk4evbAphjbqISNWjcrZ6UwqHyUuULB7-iWtd5IYYavkwhKi10o4lI5PY8O_TTHBg0Zaxlrq4Spcm0xczJvGWXRXpUQMxP881UgO_fUlLG9sw3kyfYXImUHBpSOaKIL4IYiLYyQOuJ476TNrrcx6rackg1WjXgA6QBeOQy8l0Ul9IrugGeiD8uRd7MpBmAhDtO5HvXioiXgEt63CvX71hexrDdm-I42hqdFW7JDYmJ3Nnq18rj1n43i3QYi1gCM8oLUXfmkWzjQ7uhxmwfuEBts4EF4lqseAc4UOMr-iLk5EBfioPX6JbhrzK4Fva7aXzSDVxrSimBU1KpR5afCQpB7vCTJB16_qQbCFoEiHu-DiCu9TcKtMTMig2DwPWbNZ4kLTBSz7l2kHZQucdfBh0asWjOJnPfkjhmQ9JwbBQasa39qmpSx7k4Vupy68TVIPgP7rnuUtk_n_3AEZSPoIx442zp6fGOjdPSWMtFCotnGpjyfgVAwsdZYFZJgdFaDNWnOSJeeG7--N_Gfv7iPL0PD984JoEMSOm2FkR7f-Ch9UM1xpAROurvXthXt8fzqYRIBEGSCgrezASs8ln0hu9Fc51P1o5AK-VM5LK7YvoTlN-W-bEKnBi2lBm0-rNUqgZP-IeWvcTgO7Svl9UPKR5ciTrR0L_wLaew72-GV-sdEcTLdsWrW8iBQRKXzJSwOfzxGEC2T_gkSyOXeb2phLMZd3GI68EZ7CleIsbM7675HEQRvVxZN2kVJD4E5eTA9zfcN4xjhDGMiC859U6luu3guWMdKzU61DKjivQJK9FdjVyFSNh3D0p_fOCbbwDd3Q0kibRPOHQiY5_ZSlLWXy0uFv8x8TmyNlmWsQeTZkibyMvlG2AfecIlSitZisEGcKqQcYfgLXSAFoAIxbB3me2khBeAu8eIV_vLyO3fbDNPPZuTqwpUbCNbRCgsrkb9DTy8IvdUKnF334nsVwHhjOeMi7VNKa_DXbKMkS-nVbeCS9hC6rF1GBG0W85Ful6q7V8LiYLQ5l6el_wHrngbu5SiGoctbEaw8EIDvr6TPfAYa6XFjwhPkydltTIIc2LHCiBchclprW06N9ug2XvkfEF-rNWAYnaXwFIQzNK3DOGSr2agWbwUy7ZLO_DnArpSiYN8_Q1GhJ_K3DNS1zw4X0njxQS_Y2ky3OpmvIPuvdAEYpXTHP_mzCITnINvBUXtzfq4ixg1YD0RJtvaTbgcImVT_ucTu60YASdjv5Rs82yKDFin69Iv6JQFeGB9wYfF4X_RgAzPCv19wN3FvVNyVN8Ic2i6rCQynUPrQ1qx1zcP97Jgl2iDAe-0BhYcouJdilEA8ZzvdJy8Bm5JVeR6vQ45D0gUDmDkVD1Eoi6gEnAfLIoel2jOeKaGke9njVyaqqEkGmBlzzqMJhsxKZ9at3E4CCHpouksbwXO7o971HD_FrhkgPOqxI5MyI8hcc_TkFiXT9qjnj-jG5iDuvE16-0l4MyEtlrqPTzYl6Sd9w1-o7wshvS5EY2_lb_RvhCjdLkkmfvNv1wxyR7sfJAzDPaTQ77g1lLcyoNoK3Xezvof46rCwTRxrm7GjcULKa5hAKBV7fQ9OoQNn6kjad5SUALKyMc9otgF5Iom4sfkeTM5YudhNfOHl_6YF_oxsRAfTFQr1L1BEjMUaUsCd6kkeSz7n0zrcWxSQCg9jCp_sPJXpAh-ttauNDYZq81HkZwvqaGLnBi2Ypc5gwYvnluXmg7qjYuobQ6j-MnWoLgB6o3SyBdReAEJxYFB1iwLS5jebc0iB3AX0UFEeZTB3cBICHKulkjQThfzVXj644tfHO8zoDD&cid=CAASFeRoxD2rXp90RiUTEWHjc74tza1ZbA&rfl=1%2Chttps%253A%252F%252Fwww.elheraldo.co%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

df660fd3ad4168b7c32eadc3b588ee90334003a7ea1af3299536be4e6697fcd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 05:38:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1786
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9375
x-xss-protection: 0
server: cafe
etag: 6887285106501176819
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 05:38:27 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 2CF0 41 KB
15 KB 19ms
19ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 14:19:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 229709
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Fri, 28 Oct 2022 14:19:44 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/ Frame 7FEB 24 KB
9 KB 20ms
19ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211027/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BPckhNR8DF-7AFxhtz6GwgeqoZaj711_a0eI3L-TDSZKg1r6C9ZuqkxQjw0HGYOHK6oIX7yJwdEvzfb9QW_JnPmcTMt3sxyudSUiSQy0tSCsWZNG2l2Axgb7010SDM-KcGtLW6MY_qurKBwjYUm0G_9rVy7Q&cry=1&dbm_d=AKAmf-CcI1tc41gX-tj75PdwrbdPUGRKGCJXnp7mnuKT_qfMEBGc1b7RuqMFpap0wLYk5qwv0cHohF6bYgNL51nLkgQxh9GjtMORbCvQE1RpBPu9g5eTMu79pndPRCrlDA42VrIhCsfEjECNnxv5re0o9QaoOu5SJyCKzNmIl7OFfzaOhU69Xb_t4yDiF-rzAAcHzM4RiRqZFQ5FpvH0rVJtD8z0aCG8wNrn8sRcyY40uRnSz7aWSyqHUReTe3BRILssTlAMP0YguQfjU42NngabCPh4yzTyy1FnDO70n6PPX9Mg_vvm9BmSHhZfz95wtkysO9-lYS0qL29M6uz3VA5H9Liqok6LM6Cu_xpWvo33G6wTQjhWahPdWRss6rgaY7wzT2gYiHm_UM_KQhasI34OrOCExX-2ZfkIDMl_FbW0CaOYRr8gzdSzV61zOseJ6xuzu1pkwPr6tKz9FG5mF22THJjN5o-W5WbWh-9pi6a9NlcXbQJzRwkkON43yiTZnbo8kedvr93hw7UP3EWYxL2oPxYA1m7KCQvJ4RjkFZGDHM8IFRq2GLEm4XDI3kYjJiNdf48CHvrowmtl6Gk4U5bcNuCzOYbO_incpfbqDhONKfnEphFJiBTl3LfEd4hJILD4tA7iBw4EQ8I0xOvXVZ086JUNVKytC-qzS2VDf7KpzXLCveAVIGBwl_rINZQbPGBLbj5rcB_4HBXSFA418HVsk1eHqcVrlRSWd0oRwbw5NmFvPIel4qVpmPBkx4sfVSNpSCt2639pzgpCy6Vfb_2SL1e8S3VZxN--J4oDIEAjPl7EjQ9GNNUP4-H0vmlJT6hyRMBBU5cLCX9A18OkaFWneBsZMFWdGlB2dMddh6g2QeLgf6ElXuWkO2K1W58u6QBo1g03I_eNGhaoCCDIJWhN_T0PuOt4SitLfyRbCYajUIhHAziB-oiPkiSkC7N3SmmZFSNzMBIyK29HNSJcoolc3ZVQGlPXD48QKI_QX1qUREUCDaRVvfAVH7Ph8bQW1ak-vucimGpomrufxQeyHfb7IttHUD5kp7a-Aor7-U2OOGBE08v6o0uvQClqO9DoCSNHnV61SidkRotKHgZdk0D0BKoE-yKuk_xMnSfOkItdOusnUc-Thx212q6FKQi61MwQPXvhWNaVszwehTwVyf_awmABB0Mw4zISXyyRRVfMkDzOiBwOCSOmC2MthkNzxn8L9GQzjxVhkHYxikEQSpZQzK4FrU5MHZ1VeELrpG4EuLmdnFR3kM4OdETksKzJYOX02XAPo0nh05U1kspYQGQlOZ4vHfM9f1DJAqNOeToRY2B9ZUzaSgLLMAaeqIw6Z2H0sS7N96iHI10yZR8lzc1k8JZCM78YDtZ0fcIdDGgqEiVUmYINyDmRs5pXM8G_jT_EK2zv4YiCYP2zZzYPZ9YQguIP_32kWPRd8Z9LRrmZDGWFbq10g1DV29KJz1nYIhJzyFErhbtn_EYGvc69AoqyELpQTWUCuLPPq-zIQHWI8V0ifw_HAwKhw4aXjjZrNW44D48sdxQpXREekGw4zQAhUEwow0rXwKu8M8aH4gd28V1C5vs1KPJ4-x2V1DdbDVuK-P4YklYuKpF6hoN572R8V7ibrpQCUUL90AsnaJ1cgttghLcZ-IDBYZC36Qq2GpDFnm3H7kBLqvYjdprYil56G5ILTkOmvZNpjkcD_ZM4Ak1KkTEP0z5KwDSy3RxgKtxXjoQnKFxtWcEm2dv0WMPkfvdxhepaGUpeG5vMfMy_IjOAtPgTtxziWFWi2yAbCRucyQAoycAvtxnUdn933zQyl-GTK5smrEMBxedqsTRsrrbq4UaiB0dMrj9wa-lzzustKuxPnGme0CZ1vGii1oPF62kf__Vx3H3GRDd0mR7FIVXsl8Hsg0fWvvnJmUToD-40wmHxwz5xe0jGGyc6tjxF-2oxavpdO9wcYcoCDYKILtyoCz1qYgar_b6VI4pdS_PBzkSBzWqueI7zhac0TMlxmL-jPI7I-e5RPO9YlKwoemAYxC30UgUPURHxC1Q411J2_kU0epKCXxPLJbNONeuDje5fVX-rGRS8xEMv54d4OHz_0pYejiRmAzYpPgCWEo7aMXzsZleAmXo7LbwG__FWMBXekY2Kh9KFtuwRxKXsXhJLuIW1fq2MpnSRB_pZ8qH9jEgfNO4nbylCRarGI_tfHsITDciUUXMG8ZbQe-WnSd3lcQRBzPUNOqagHZYONrS7vXoKU-MlqGdNe-HsdW33vZP-hS39ikFx0eoQNTmVq24WNuP3XF42vqPam6NfqPLj3ATZgWDFxW3h1aTcH2DZ12XtEAq4sCbbefftm8f22phFAkOeQqoPBuG-VYTzAVmVJKhUuco2yVYicbyxkeOQkBHpMgHODitB3bN4HSDWBt8PLfdjQ1BULJK_xAIWa_amljTnav_ZretGI5FvTHX66l3CSGx4oqnkQNHQKa1t2d2OQz5zm8gVWLW-ux-dIFhpvUFqDtWaOSjBY6w-HzqM8ClZ-revyu11AgdVDwQaAeNQRTvQSb4ac2g74IOrkSSGl43SgaogYE6rgmJl1X_MAcB73-37iySS8UUlkDcH1l5FO0qIWOOgjHNfYhzjAYD_xdvTMGm7UrcACcXXbZ3yzfVDGpUP0eeRMYGZzlIaggdPjrXe5_QAMi93r4y_4eE2mL68suORoESXjC13_OBVA12uijG0aBBbRjxFOaQyk2uZNb6uZZPL3w7CasKU8WnD8RWoAQrO0tQrvKJCQi4sBK5EKQbqN_d_ayY4FArxFwGfHkBT6HfX3VW_RTCKla-uWbZwepqYTpBnZqToUDagGolLDiduqyv-5WWkqfeGM9FLwUu-uvTprkh90kPI42QY4iLRPnlLGsZkrsK62D41KgZNCxk6QJ4ysh0OJzB18nanV61lDZLbAO-IaUeWm2-3OFzLEujt00mtmItdIB0kZOoH-CqZjYojAutdDJjoKNOI-p_50e2EimzdGsM-q1JCbimPU1aRBxUC7NqZ9BXlyKs-gACkF_KQCdQka8jzM81E0VfD-arQF324OIHOTxz1cuSL1SKNoBvTg0Shb97779bXxA2rDmAvO82f6DlnRNUk8OmO-2F8q_9otlsTjM8FBJoJW5O4uxl7TTQLHnHbk3I6yhQ2IOqw8m5raTePe7ar-ZIgwffDrbIfhqg8n0Xc9hqFHKpP14N2-mMNmC0ppxQ6CX5-sw&cid=CAASFeRoMcZaqGQSRPzQBpQOQLFGfUP1Zw&rfl=1%2Chttps%253A%252F%252Fwww.elheraldo.co%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

df660fd3ad4168b7c32eadc3b588ee90334003a7ea1af3299536be4e6697fcd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 05:38:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1786
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9375
x-xss-protection: 0
server: cafe
etag: 6887285106501176819
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 14 Nov 2021 05:38:27 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 7FEB 41 KB
15 KB 25ms
25ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 14:19:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 229709
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Fri, 28 Oct 2022 14:19:44 GMT

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame C315 9 KB
3 KB 19ms
19ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 01:24:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 17015
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 01 Nov 2021 01:24:38 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame C315 26 KB
10 KB 19ms
19ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 00:06:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21733
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 01 Nov 2021 00:06:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame C315 29 KB
2 KB 64ms
26ms Stylesheet
text/css 142.250.186.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:100,100italic,200,200italic,300,300italic,regular,italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic&cb=1626772622

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.106 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f10.1e100.net

Software

ESF /

Resource Hash

2b2eeb7b890430b990ead38e7ac0e2715d47e1584e68b77000e3d58a5ebde5e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 31 Oct 2021 05:36:06 GMT
server: ESF
date: Sun, 31 Oct 2021 06:08:13 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Sun, 31 Oct 2021 06:08:13 GMT

GET
H3 200 gsap_3.2.4_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame C315 57 KB
23 KB 44ms
22ms Script
text/javascript 142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.2.4_min.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

sffe /

Resource Hash

e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23276
x-xss-protection: 0
last-modified: Thu, 05 Mar 2020 03:53:22 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 31 Oct 2021 06:08:13 GMT

GET
DATA 200
OK truncated
/ Frame F5BE 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0abf02495c28c3b14847db6d2549447bfeea42572934611895cc1b5b8ab51f0f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 638B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI7dptcEsmtjjo83nWl1g50&google_cver=1

43 B
894 B

17ms
17ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI7dptcEsmtjjo83nWl1g50&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLCb4gIQ_8PTxAIYrdK4uAEwAQ&v=APEucNUf-3d1NJymas41tGi4HHTn1KjwURFHIfKLb76b70RaB6xOk5b92gxZDvZjZuzn3gIzpe7s_oxCkDxeFhQsoVEzTRn1_dPkF8UaCeQAu0yNK-VUfsckf57XwGf5A72-741jPEI-GmB4eUbYGrWwW1DV0OTM8tNYZS6vHNuojiY6JAuW9mg
Protocol: HTTP/1.1
Server: 2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 06:08:13 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 31 Oct 2021 06:08:13 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:13 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI7dptcEsmtjjo83nWl1g50&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 638B
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YX4yzSL8WSLujiuqaCvP6gAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI7dptcEsmtjjo83nWl1g50&google_cver=1

43 B
894 B

13ms
13ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI7dptcEsmtjjo83nWl1g50&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLCb4gIQ_8PTxAIYrdK4uAEwAQ&v=APEucNUf-3d1NJymas41tGi4HHTn1KjwURFHIfKLb76b70RaB6xOk5b92gxZDvZjZuzn3gIzpe7s_oxCkDxeFhQsoVEzTRn1_dPkF8UaCeQAu0yNK-VUfsckf57XwGf5A72-741jPEI-GmB4eUbYGrWwW1DV0OTM8tNYZS6vHNuojiY6JAuW9mg
Protocol: HTTP/1.1
Server: 2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 06:08:13 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 31 Oct 2021 06:08:13 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:13 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI7dptcEsmtjjo83nWl1g50&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 638B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEHI3BLKhoxoxSLi7_eN71eY&google_cver=1

0
580 B

16ms
15ms

Image
text/html

185.33.220.145
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEHI3BLKhoxoxSLi7_eN71eY&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLCb4gIQ_8PTxAIYrdK4uAEwAQ&v=APEucNUf-3d1NJymas41tGi4HHTn1KjwURFHIfKLb76b70RaB6xOk5b92gxZDvZjZuzn3gIzpe7s_oxCkDxeFhQsoVEzTRn1_dPkF8UaCeQAu0yNK-VUfsckf57XwGf5A72-741jPEI-GmB4eUbYGrWwW1DV0OTM8tNYZS6vHNuojiY6JAuW9mg

Protocol

HTTP/1.1

Server

185.33.220.145 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 06:08:13 GMT
X-Proxy-Origin: 216.131.111.132; 216.131.111.132; 623.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 32c8a648-84af-4ff9-b5a5-f4a1bbf1c283
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:13 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEHI3BLKhoxoxSLi7_eN71eY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 638B
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYxODc5NTE5ODc0ODMzOTg0OQ%3D%3D

170 B
188 B

29ms
27ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYxODc5NTE5ODc0ODMzOTg0OQ%3D%3D

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 06:08:13 GMT
X-Proxy-Origin: 216.131.111.132; 216.131.111.132; 623.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 84b95dc8-fa79-428e-abf1-e18fe5e3ba78
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjYxODc5NTE5ODc0ODMzOTg0OQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 5B55 143 B
163 B 44ms
16ms Document
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
URL: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 31 Oct 2021 05:43:08 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1505
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 9A32 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 00b8bb2509147448cb82a51b2ab4bf8c036766fa49d2348498817e2276691194

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame F5BE 0
23 B 64ms
64ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.elheraldo.co
URL: https://www.elheraldo.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 06:08:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK k87fl8jofdhz Show response
hal9000.redintelligence.net/zone/ Frame 2CF0 11 KB
4 KB 51ms
14ms Script
text/html 159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/k87fl8jofdhz?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1tryzDJ-YebeEI_igAezj62wAo_g-IZT_bGLpMoM8C4QASDn_MZnYJXikIKgB8gBCakCLoL0L5Flsz6oAwGqBIkCT9DE_fS1QkCRxwChQTLYk0F8WmAbdtd0zaLmJ7oq9RYY6uRmpxh_nYnuBWrIqpX-7Ofu_X4YsU88sPsCal8MfaYvAKAjYMEiykt1Xxnfy-HBHENMJX_6HTNtMu4S9S5FlmNNv2QR9uQq6O9UgR6Sy2-aGkU-UMp4RZ7DlZdZKHsq9i-gIwsXZ9_R6Gay1t-X9ffUsL-BwuaDfYH_wToszv5y2835eHaPURMZHIEn9xiD4wFg59fJz_zWTKD1HAsViWsNJIUWcmZkiTwOASarURIrlvKYeZVi_rOEc04r1_xW6EvmcnyM1qRp8f5nNgJIaK_e8AVtz1WbEm5YeIbjrLk0oi6cnRaJsMAEu_GowM8B4AQDkAYBoAZNgAfr5-heqAfw2RuoB_LZG6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiI4YAQEAEYHYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRoxD2rXp90RiUTEWHjc74tza1ZbA%26sig%3DAOD64_2rhjsZUjQVWEHyqABBJvh6FjaVUQ%26client%3Dca-pub-2063825275429439%26dbm_c%3DAKAmf-BqHhm0NKGBaIFg6ak1LTgAi87zbp4eKGd3bZNWbcFobmxC7pVRiTixwVVlQHd8rI2ylukuPcAKsHGVRP29cpIL21jCY5LSMPFSoVvp2Kd8oyBUXSSeC5UOLdoai8_tFtAHZorVa8luzJgpJA7hsxW-iIMC3Q%26cry%3D1%26dbm_d%3DAKAmf-BrX0Omhc3ZkUIqSP5JZxUPtS-zJiHPEZsBtVlVrMXMP9IejXBy9yodz8Uo19oQheeONB3apJsXnnlFyUffxFZ-f-wExgCmJzmq1B9gslFR1tHYKnKJ1U_YfMdyCL4_LiEGcd86pwGPB6DhC-C5S-_EFwiPbqWZiCjw0p8pkJgilNEIxSqlOl-Si-pTJJ9j76RJQTlcGkM3pvhzSuvnP04ZAlc5p3fjX0dVueRNaVqifb39EDCgpRBIERNU1IrSUietX9Bkjp_LMKpcZ2dsUSExfaez3yf4PQbxUMBqGZnyhIchMHLqLk7Cdk15LEI0q1PI7SonffOIsUpPfZfEl2z8mlw3qnrzgWFa5XKy4QZbE94-E_qJkErQj7jZgZAVLaIG0rxcGLLKrvq09aqIl_IeKy_3VI-5gP6tqjYlFSZB3Y5Tti2T8r0YEnRNxv0k8HtabDXr%26adurl%3D
Requested by: Host: 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
URL: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 159.69.70.9 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: 1dd3459725e379d29c5bf24e634266120bd518abbc63cfb46c2b177458dd0a76

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 06:08:13 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3935
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 7FEB 33 KB
16 KB 100ms
35ms Script
text/javascript 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=50436508;click=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CyhP6zDJ-YefeEI_igAezj62wAruW_8tlu6Ts99sO8C4QASDn_MZnYJXikIKgB6AB0JDRuwHIAQmpAi6C9C-RZbM-qAMBqgTsAU_Q1oointrLzVhVjYfyfCEJz3TmUg-FycsiZUIxwuSycVS0zePM9aOvNaKdV8dSznMQEX2rVl9LEBQ1AMNWAsVrnkE9hJZbgfEmpQf6dcwUCrYNnxt8lvArTcgpny3nSj7HDelKv4BkeYPVArFPrLCh_PnaJ3tUIgawO1BhvynsH-Uj6eZEeR8k4FPpsw6dg0dKw8jECszsF_Dk6khQBcg8Akyyg9uMYKWwp5vhois01G_EPP1CBUomC30MT8BvpUcrQg_nirgGwENC3lVAR3hdZIa9Y1-cZa6Nr2VchIqHmaCpBBZNnZg1-COMwASTh8OqzAPgBAOQBgGgBk2AB5jvrsQCqAfw2RuoB_LZG6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiI4YAQEAEYHYAKA5gLAcgLAYAMAbATvZmFDdATANgTDdgUAdAVAYAXAQ&ae=1&num=1&cid=CAASFeRoMcZaqGQSRPzQBpQOQLFGfUP1Zw&sig=AOD64_04UI-hiw0NQ5Ytk1SkSPi8IqwZdw&client=ca-pub-2063825275429439&dbm_c=AKAmf-BseaezmktnIVCgKfKKZUGMA6AHVdEpTvLMIarRzcT5GRLddmU8frhCWxFCMaJ1rlfzIu4i1FnWm6YN_R-fNXqHH8i3DTrehbuRBvvtMl9u-OFuCePe-R8mXm4FVeGLE45z6pl74Si5FsOhybPsAfJd7Wy-gQ&cry=1&dbm_d=AKAmf-CTrkC98jkSMQa5xTrdhosWE_B5j2gvH_JxBPBbYJ-nwbVqssB8KsjeL_RqB5iIZ1Mpjfsop4O1dtBstyp0BfUmbti8eWdAACnEHneKwzHiUFrJS4dD1BRACDzcIrBKjTfWyCgYAYs7hL0fGsf3p1uAptXx6iT6Xht2xfygeWxKRkmBfxF7BhYDwotnVuLb_ejpUFoE8hs15XA1FcwZvvYE2vzlHLYUSvTTX93lteW5KyBXQ-byQhKqqb2tOhJPfulCcwJJ6gbIZ4vFryrfIkbV1QZ2wKwsFIlGYvTHMtnCAOSDRGtghtdXoPIH-VVsemeeNN3PX7fOBAnPM1P810Mk4xE9MtPuCt_CI9M2dhcLRn0CpzE7oCWORFHPuP_g2damcttEXMbdS01ki_vTkVucZBctqTB3Sotengg7a5yAPmZgMuPOrqJOhGWxtq6k_QvaBmmfxwZ0ybsTB9pWOllJhykHKg&adurl=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 342d2740192ed3d4a2772391d7e14496028a133a605b7ecb1671c5ff5d9e8d2e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:13 GMT
content-encoding: gzip
last-modified: Mon, 25 Oct 2021 09:07:47 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Mon, 01 Nov 2021 09:17:13 GMT

GET
H3 200 e47c22e8b914b2ac317ee8574e0e9d15.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/ Frame C315 1017 B
1 KB 22ms
22ms Image
image/png 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/e47c22e8b914b2ac317ee8574e0e9d15.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

ec12520cbefe8332b188d556ed950022b283fe115e8fbbe6d92f0a035973ec7c

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 335410
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1017
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 08:43:51 GMT
server: sffe
date: Wed, 27 Oct 2021 08:58:03 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 27 Oct 2022 08:58:03 GMT

GET
H3 200 864b1e0426dae7371c461cbd2f028db5.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/ Frame C315 135 B
163 B 26ms
25ms Image
image/png 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/864b1e0426dae7371c461cbd2f028db5.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

e0ff4032cc37ee30c83692ea623e669426e79ed74d670bcd54104938c397aacc

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 202020
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 135
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 08:43:51 GMT
server: sffe
date: Thu, 28 Oct 2021 22:01:13 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 28 Oct 2022 22:01:13 GMT

GET
H3 200 33dc2170c53ddb496269136f0396aa79.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/ Frame C315 1 KB
1 KB 25ms
24ms Image
image/jpeg 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/33dc2170c53ddb496269136f0396aa79.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

f375deaeadd1b99d6c9cb9e64ae6fa01d17869a577906d5477532d656dc08a2e

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 335512
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1080
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 08:43:51 GMT
server: sffe
date: Wed, 27 Oct 2021 08:56:21 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 27 Oct 2022 08:56:21 GMT

GET
H3 200 1046e711211686b4206d997e305b2f4e.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/ Frame C315 6 KB
6 KB 23ms
23ms Image
image/jpeg 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/1046e711211686b4206d997e305b2f4e.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

985a95cdd7670aee9b0d01a81ad52389698fbe2860fe614307a4d16461cc788d

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 474720
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5700
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 08:43:51 GMT
server: sffe
date: Mon, 25 Oct 2021 18:16:13 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 25 Oct 2022 18:16:13 GMT

GET
H3 200 bc9662360663e190845abef96cf51c04.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/ Frame C315 13 KB
13 KB 30ms
29ms Image
image/jpeg 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/bc9662360663e190845abef96cf51c04.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

09813ce96c0615aaa714b8ee5b9af5f331f9a295ac80333cfee984b8bb131383

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 198502
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13470
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 08:43:51 GMT
server: sffe
date: Thu, 28 Oct 2021 22:59:51 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 28 Oct 2022 22:59:51 GMT

GET
H3 200 46e5b860694084a45ac3b13d9a7b3a37.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/ Frame C315 12 KB
12 KB 27ms
26ms Image
image/jpeg 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/46e5b860694084a45ac3b13d9a7b3a37.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

88bc81bcf989a3b6afd4f96d1605467861ddd16c459ac63c08f777a09579888d

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 271562
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12513
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 08:43:51 GMT
server: sffe
date: Thu, 28 Oct 2021 02:42:11 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 28 Oct 2022 02:42:11 GMT

GET
H3 200 2c6a571cf2e42695f3dad46cbfe40244.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/ Frame C315 7 KB
7 KB 26ms
25ms Image
image/jpeg 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/2c6a571cf2e42695f3dad46cbfe40244.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

52d2a89eb357fa6c714b9001affa7aa1d5c2f610860a86b71a76b310f8da2c38

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 188090
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6896
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 08:43:51 GMT
server: sffe
date: Fri, 29 Oct 2021 01:53:23 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 29 Oct 2022 01:53:23 GMT

GET
H3 200 872b5b1b7ba396c8c6ae7c3aac67db10.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/ Frame C315 194 B
223 B 28ms
28ms Image
image/png 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/872b5b1b7ba396c8c6ae7c3aac67db10.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

7a1bd058692997f41b685612cfdb2fafdaad3a3332a9cac0bf57292ef5d19de9

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 586295
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 194
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 08:43:51 GMT
server: sffe
date: Sun, 24 Oct 2021 11:16:38 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 24 Oct 2022 11:16:38 GMT

GET
H3 200 351d757f2fa0b981cb60fddb362e9fd8.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/ Frame C315 512 B
543 B 26ms
24ms Image
image/jpeg 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/351d757f2fa0b981cb60fddb362e9fd8.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

024d16adc0044cc6ce113d1b195100578c0bd59ba58b3dbd1856386b580fb4e4

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 354461
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 512
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 08:43:51 GMT
server: sffe
date: Wed, 27 Oct 2021 03:40:32 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 27 Oct 2022 03:40:32 GMT

GET
H3 200 2fab9a8d208c5404d9ffbaa76d329d57.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/ Frame C315 192 B
224 B 26ms
24ms Image
image/png 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/2fab9a8d208c5404d9ffbaa76d329d57.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

666625ffdacf823b459afe9dd409db8420f73f31331bb6e1b426946e8c82d0ce

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 335070
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 192
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 08:43:51 GMT
server: sffe
date: Wed, 27 Oct 2021 09:03:43 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 27 Oct 2022 09:03:43 GMT

GET
H3 200 64bb8d5256a0a498a1af5aa0a7f7cc4c.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/ Frame C315 8 KB
8 KB 28ms
26ms Image
image/jpeg 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/64bb8d5256a0a498a1af5aa0a7f7cc4c.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

ec2430e51815d80a1fd1fc0bfaa71cfacf79ee348bbe4d0eb74d46a1431f9ce3

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 233018
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7964
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 08:43:51 GMT
server: sffe
date: Thu, 28 Oct 2021 13:24:35 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 28 Oct 2022 13:24:35 GMT

GET
H3 200 0f9364ce62f66682211762ecfba02248.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/ Frame C315 187 B
219 B 30ms
28ms Image
image/png 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/0f9364ce62f66682211762ecfba02248.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

b4d961b75ebfd23625074af97d27353f622eebba5624c0cc65ec709c78ed7d81

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 194505
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 187
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 08:43:51 GMT
server: sffe
date: Fri, 29 Oct 2021 00:06:28 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 29 Oct 2022 00:06:28 GMT

GET
H3 200 imagesc3uhuw3yh5rad0ki2mge.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/ Frame C315 3 KB
3 KB 27ms
25ms Image
image/png 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/imagesc3uhuw3yh5rad0ki2mge.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

032f2f6de0a27532766834d16dddb82167346a3f41e1c251980a2c2a392504f7

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 233026
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3193
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 08:43:51 GMT
server: sffe
date: Thu, 28 Oct 2021 13:24:27 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 28 Oct 2022 13:24:27 GMT

GET
H3 200 imagesdiiaauxk7g3fac2n5sm6.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/ Frame C315 1 KB
2 KB 29ms
27ms Image
image/png 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/imagesdiiaauxk7g3fac2n5sm6.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

019901bf0906da82f22340234d83e0508441a05067bb93d1b7e30db554dc2be9

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 409028
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1504
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 08:43:51 GMT
server: sffe
date: Tue, 26 Oct 2021 12:31:05 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 26 Oct 2022 12:31:05 GMT

GET
DATA 200
OK truncated
/ Frame C315 18 KB
18 KB Font
font/truetype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: af3e53ba239afaf52cd9039fff2045b9907b860a90ff469c7c22eeb3be9bf74c

Request headers

Referer
Origin: null
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: font/truetype;charset=utf-8

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v18/ Frame C315 19 KB
20 KB 59ms
16ms Font
font/woff2 142.250.184.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:100,100italic,200,200italic,300,300italic,regular,italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic&cb=1626772622

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f3.1e100.net

Software

sffe /

Resource Hash

2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 28 Oct 2021 04:48:55 GMT
x-content-type-options: nosniff
age: 263958
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19844
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:20:10 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 28 Oct 2022 04:48:55 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8DC6 22 KB
8 KB 22ms
19ms Document
text/html 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Wed, 27 Oct 2021 14:26:02 GMT
expires: Thu, 27 Oct 2022 14:26:02 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 315731
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 3764 22 KB
8 KB 21ms
19ms Document
text/html 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Wed, 27 Oct 2021 14:26:02 GMT
expires: Thu, 27 Oct 2022 14:26:02 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 315731
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 xS6JB0ywRAptsFOT5LlkHzkyWwWFpYCRTNQA3ELqIG4.js Show response
pagead2.googlesyndication.com/bg/ Frame 07EB 35 KB
13 KB 17ms
16ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/xS6JB0ywRAptsFOT5LlkHzkyWwWFpYCRTNQA3ELqIG4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

c52e89074cb0440a6db05393e4b9641f39325b0585a580914cd400dc42ea206e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 18:44:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 127442
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13354
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 18:58:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Sat, 29 Oct 2022 18:44:11 GMT

GET
H/1.1

200
OK

request.php Show response
hal90007.redintelligence.net/ Frame 2CF0
Redirect Chain

https://hal90007.redintelligence.net/request.php?zone=k87fl8jofdhz&nw=20&renderingType=javascript&namespace=4b1edcea28&subid=&uid=61204cff86392a25&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90007.redintelligence.net/request.php?zone=k87fl8jofdhz&nw=20&renderingType=javascript&namespace=4b1edcea28&subid=&uid=61204cff86392a25&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

3 KB
2 KB

101ms
79ms

Script
application/x-javascript

138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/request.php?zone=k87fl8jofdhz&nw=20&renderingType=javascript&namespace=4b1edcea28&subid=&uid=61204cff86392a25&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1tryzDJ-YebeEI_igAezj62wAo_g-IZT_bGLpMoM8C4QASDn_MZnYJXikIKgB8gBCakCLoL0L5Flsz6oAwGqBIkCT9DE_fS1QkCRxwChQTLYk0F8WmAbdtd0zaLmJ7oq9RYY6uRmpxh_nYnuBWrIqpX-7Ofu_X4YsU88sPsCal8MfaYvAKAjYMEiykt1Xxnfy-HBHENMJX_6HTNtMu4S9S5FlmNNv2QR9uQq6O9UgR6Sy2-aGkU-UMp4RZ7DlZdZKHsq9i-gIwsXZ9_R6Gay1t-X9ffUsL-BwuaDfYH_wToszv5y2835eHaPURMZHIEn9xiD4wFg59fJz_zWTKD1HAsViWsNJIUWcmZkiTwOASarURIrlvKYeZVi_rOEc04r1_xW6EvmcnyM1qRp8f5nNgJIaK_e8AVtz1WbEm5YeIbjrLk0oi6cnRaJsMAEu_GowM8B4AQDkAYBoAZNgAfr5-heqAfw2RuoB_LZG6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiI4YAQEAEYHYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRoxD2rXp90RiUTEWHjc74tza1ZbA%26sig%3DAOD64_2rhjsZUjQVWEHyqABBJvh6FjaVUQ%26client%3Dca-pub-2063825275429439%26dbm_c%3DAKAmf-BqHhm0NKGBaIFg6ak1LTgAi87zbp4eKGd3bZNWbcFobmxC7pVRiTixwVVlQHd8rI2ylukuPcAKsHGVRP29cpIL21jCY5LSMPFSoVvp2Kd8oyBUXSSeC5UOLdoai8_tFtAHZorVa8luzJgpJA7hsxW-iIMC3Q%26cry%3D1%26dbm_d%3DAKAmf-BrX0Omhc3ZkUIqSP5JZxUPtS-zJiHPEZsBtVlVrMXMP9IejXBy9yodz8Uo19oQheeONB3apJsXnnlFyUffxFZ-f-wExgCmJzmq1B9gslFR1tHYKnKJ1U_YfMdyCL4_LiEGcd86pwGPB6DhC-C5S-_EFwiPbqWZiCjw0p8pkJgilNEIxSqlOl-Si-pTJJ9j76RJQTlcGkM3pvhzSuvnP04ZAlc5p3fjX0dVueRNaVqifb39EDCgpRBIERNU1IrSUietX9Bkjp_LMKpcZ2dsUSExfaez3yf4PQbxUMBqGZnyhIchMHLqLk7Cdk15LEI0q1PI7SonffOIsUpPfZfEl2z8mlw3qnrzgWFa5XKy4QZbE94-E_qJkErQj7jZgZAVLaIG0rxcGLLKrvq09aqIl_IeKy_3VI-5gP6tqjYlFSZB3Y5Tti2T8r0YEnRNxv0k8HtabDXr%26adurl%3D&documentReferer=https%3A%2F%2Fwww.elheraldo.co%2F&ancestorOrigins=https%3A%2F%2Fwww.elheraldo.co&random=4364696822486&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
URL: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Server: 138.201.63.157 Heppenheim an der Bergstrasse, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 32ab168f98dad33f27ad525b0b66165d8aba4a401e224b1e729d1d7797be7075

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 06:08:13 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 21638700024036500710580011764007
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 1116
Expires: Sun, 31 Oct 2021 06:08:13 +0100

Redirect headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 06:08:13 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=k87fl8jofdhz&nw=20&renderingType=javascript&namespace=4b1edcea28&subid=&uid=61204cff86392a25&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1tryzDJ-YebeEI_igAezj62wAo_g-IZT_bGLpMoM8C4QASDn_MZnYJXikIKgB8gBCakCLoL0L5Flsz6oAwGqBIkCT9DE_fS1QkCRxwChQTLYk0F8WmAbdtd0zaLmJ7oq9RYY6uRmpxh_nYnuBWrIqpX-7Ofu_X4YsU88sPsCal8MfaYvAKAjYMEiykt1Xxnfy-HBHENMJX_6HTNtMu4S9S5FlmNNv2QR9uQq6O9UgR6Sy2-aGkU-UMp4RZ7DlZdZKHsq9i-gIwsXZ9_R6Gay1t-X9ffUsL-BwuaDfYH_wToszv5y2835eHaPURMZHIEn9xiD4wFg59fJz_zWTKD1HAsViWsNJIUWcmZkiTwOASarURIrlvKYeZVi_rOEc04r1_xW6EvmcnyM1qRp8f5nNgJIaK_e8AVtz1WbEm5YeIbjrLk0oi6cnRaJsMAEu_GowM8B4AQDkAYBoAZNgAfr5-heqAfw2RuoB_LZG6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiI4YAQEAEYHYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRoxD2rXp90RiUTEWHjc74tza1ZbA%26sig%3DAOD64_2rhjsZUjQVWEHyqABBJvh6FjaVUQ%26client%3Dca-pub-2063825275429439%26dbm_c%3DAKAmf-BqHhm0NKGBaIFg6ak1LTgAi87zbp4eKGd3bZNWbcFobmxC7pVRiTixwVVlQHd8rI2ylukuPcAKsHGVRP29cpIL21jCY5LSMPFSoVvp2Kd8oyBUXSSeC5UOLdoai8_tFtAHZorVa8luzJgpJA7hsxW-iIMC3Q%26cry%3D1%26dbm_d%3DAKAmf-BrX0Omhc3ZkUIqSP5JZxUPtS-zJiHPEZsBtVlVrMXMP9IejXBy9yodz8Uo19oQheeONB3apJsXnnlFyUffxFZ-f-wExgCmJzmq1B9gslFR1tHYKnKJ1U_YfMdyCL4_LiEGcd86pwGPB6DhC-C5S-_EFwiPbqWZiCjw0p8pkJgilNEIxSqlOl-Si-pTJJ9j76RJQTlcGkM3pvhzSuvnP04ZAlc5p3fjX0dVueRNaVqifb39EDCgpRBIERNU1IrSUietX9Bkjp_LMKpcZ2dsUSExfaez3yf4PQbxUMBqGZnyhIchMHLqLk7Cdk15LEI0q1PI7SonffOIsUpPfZfEl2z8mlw3qnrzgWFa5XKy4QZbE94-E_qJkErQj7jZgZAVLaIG0rxcGLLKrvq09aqIl_IeKy_3VI-5gP6tqjYlFSZB3Y5Tti2T8r0YEnRNxv0k8HtabDXr%26adurl%3D&documentReferer=https%3A%2F%2Fwww.elheraldo.co%2F&ancestorOrigins=https%3A%2F%2Fwww.elheraldo.co&random=4364696822486&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Sun, 31 Oct 2021 06:08:13 +0100

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 7FEB 7 KB
4 KB 22ms
22ms Script
text/javascript 37.157.4.39
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?CC=1&bn=50436508;click=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CyhP6zDJ-YefeEI_igAezj62wAruW_8tlu6Ts99sO8C4QASDn_MZnYJXikIKgB6AB0JDRuwHIAQmpAi6C9C-RZbM-qAMBqgTsAU_Q1oointrLzVhVjYfyfCEJz3TmUg-FycsiZUIxwuSycVS0zePM9aOvNaKdV8dSznMQEX2rVl9LEBQ1AMNWAsVrnkE9hJZbgfEmpQf6dcwUCrYNnxt8lvArTcgpny3nSj7HDelKv4BkeYPVArFPrLCh_PnaJ3tUIgawO1BhvynsH-Uj6eZEeR8k4FPpsw6dg0dKw8jECszsF_Dk6khQBcg8Akyyg9uMYKWwp5vhois01G_EPP1CBUomC30MT8BvpUcrQg_nirgGwENC3lVAR3hdZIa9Y1-cZa6Nr2VchIqHmaCpBBZNnZg1-COMwASTh8OqzAPgBAOQBgGgBk2AB5jvrsQCqAfw2RuoB_LZG6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiI4YAQEAEYHYAKA5gLAcgLAYAMAbATvZmFDdATANgTDdgUAdAVAYAXAQ&ae=1&num=1&cid=CAASFeRoMcZaqGQSRPzQBpQOQLFGfUP1Zw&sig=AOD64_04UI-hiw0NQ5Ytk1SkSPi8IqwZdw&client=ca-pub-2063825275429439&dbm_c=AKAmf-BseaezmktnIVCgKfKKZUGMA6AHVdEpTvLMIarRzcT5GRLddmU8frhCWxFCMaJ1rlfzIu4i1FnWm6YN_R-fNXqHH8i3DTrehbuRBvvtMl9u-OFuCePe-R8mXm4FVeGLE45z6pl74Si5FsOhybPsAfJd7Wy-gQ&cry=1&dbm_d=AKAmf-CTrkC98jkSMQa5xTrdhosWE_B5j2gvH_JxBPBbYJ-nwbVqssB8KsjeL_RqB5iIZ1Mpjfsop4O1dtBstyp0BfUmbti8eWdAACnEHneKwzHiUFrJS4dD1BRACDzcIrBKjTfWyCgYAYs7hL0fGsf3p1uAptXx6iT6Xht2xfygeWxKRkmBfxF7BhYDwotnVuLb_ejpUFoE8hs15XA1FcwZvvYE2vzlHLYUSvTTX93lteW5KyBXQ-byQhKqqb2tOhJPfulCcwJJ6gbIZ4vFryrfIkbV1QZ2wKwsFIlGYvTHMtnCAOSDRGtghtdXoPIH-VVsemeeNN3PX7fOBAnPM1P810Mk4xE9MtPuCt_CI9M2dhcLRn0CpzE7oCWORFHPuP_g2damcttEXMbdS01ki_vTkVucZBctqTB3Sotengg7a5yAPmZgMuPOrqJOhGWxtq6k_QvaBmmfxwZ0ybsTB9pWOllJhykHKg&adurl=;js=1;adfxid=1x;4542;set=en-US|en-US|1600X1200|0|750|100|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;fd=0|0&CREFURL=https%3A%2F%2Fwww.elheraldo.co

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.39 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

f477ec458156070a4b9b3faf62c86c2a4a19314035ba7ef1cac8d6fc058e2465

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:13 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 3417
expires: -1

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 5B55
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

94ms
94ms

Document
text/html

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
URL: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 31 Oct 2021 06:08:13 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 31 Oct 2021 06:08:13 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 31 Oct 2021 06:08:13 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 7FEB 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ae3419b6580460d416285b1e7a43d95cca9a9f18b5b575dacdde88155592760b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 xS6JB0ywRAptsFOT5LlkHzkyWwWFpYCRTNQA3ELqIG4.js Show response
pagead2.googlesyndication.com/bg/ Frame 8DC6 35 KB
13 KB 16ms
16ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/xS6JB0ywRAptsFOT5LlkHzkyWwWFpYCRTNQA3ELqIG4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

c52e89074cb0440a6db05393e4b9641f39325b0585a580914cd400dc42ea206e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 18:44:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 127442
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13354
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 18:58:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Sat, 29 Oct 2022 18:44:11 GMT

GET
H3 200 xS6JB0ywRAptsFOT5LlkHzkyWwWFpYCRTNQA3ELqIG4.js Show response
pagead2.googlesyndication.com/bg/ Frame 3764 35 KB
13 KB 17ms
16ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/xS6JB0ywRAptsFOT5LlkHzkyWwWFpYCRTNQA3ELqIG4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

c52e89074cb0440a6db05393e4b9641f39325b0585a580914cd400dc42ea206e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 29 Oct 2021 18:44:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 127442
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13354
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 18:58:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Sat, 29 Oct 2022 18:44:11 GMT

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.211/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/ImageTag:types/ Frame 7FEB 85 KB
36 KB 30ms
29ms Script
text/javascript 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.211/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/ImageTag:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 1f647589f081c26a24954bf8f32fb7ea1b828fe3a41cebc760154191a167efea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:13 GMT
content-encoding: gzip
last-modified: Mon, 25 Oct 2021 09:07:47 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Mon, 01 Nov 2021 09:17:24 GMT

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame C845
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=21638700024036500710580011764007&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=21638700024036500710580011764007&actionid=731824&produktid=businessgiro&dt_url=

0
629 B

84ms
50ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=21638700024036500710580011764007&actionid=731824&produktid=businessgiro&dt_url=

Requested by

Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request.php?zone=k87fl8jofdhz&nw=20&renderingType=javascript&namespace=4b1edcea28&subid=&uid=61204cff86392a25&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1tryzDJ-YebeEI_igAezj62wAo_g-IZT_bGLpMoM8C4QASDn_MZnYJXikIKgB8gBCakCLoL0L5Flsz6oAwGqBIkCT9DE_fS1QkCRxwChQTLYk0F8WmAbdtd0zaLmJ7oq9RYY6uRmpxh_nYnuBWrIqpX-7Ofu_X4YsU88sPsCal8MfaYvAKAjYMEiykt1Xxnfy-HBHENMJX_6HTNtMu4S9S5FlmNNv2QR9uQq6O9UgR6Sy2-aGkU-UMp4RZ7DlZdZKHsq9i-gIwsXZ9_R6Gay1t-X9ffUsL-BwuaDfYH_wToszv5y2835eHaPURMZHIEn9xiD4wFg59fJz_zWTKD1HAsViWsNJIUWcmZkiTwOASarURIrlvKYeZVi_rOEc04r1_xW6EvmcnyM1qRp8f5nNgJIaK_e8AVtz1WbEm5YeIbjrLk0oi6cnRaJsMAEu_GowM8B4AQDkAYBoAZNgAfr5-heqAfw2RuoB_LZG6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiI4YAQEAEYHYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRoxD2rXp90RiUTEWHjc74tza1ZbA%26sig%3DAOD64_2rhjsZUjQVWEHyqABBJvh6FjaVUQ%26client%3Dca-pub-2063825275429439%26dbm_c%3DAKAmf-BqHhm0NKGBaIFg6ak1LTgAi87zbp4eKGd3bZNWbcFobmxC7pVRiTixwVVlQHd8rI2ylukuPcAKsHGVRP29cpIL21jCY5LSMPFSoVvp2Kd8oyBUXSSeC5UOLdoai8_tFtAHZorVa8luzJgpJA7hsxW-iIMC3Q%26cry%3D1%26dbm_d%3DAKAmf-BrX0Omhc3ZkUIqSP5JZxUPtS-zJiHPEZsBtVlVrMXMP9IejXBy9yodz8Uo19oQheeONB3apJsXnnlFyUffxFZ-f-wExgCmJzmq1B9gslFR1tHYKnKJ1U_YfMdyCL4_LiEGcd86pwGPB6DhC-C5S-_EFwiPbqWZiCjw0p8pkJgilNEIxSqlOl-Si-pTJJ9j76RJQTlcGkM3pvhzSuvnP04ZAlc5p3fjX0dVueRNaVqifb39EDCgpRBIERNU1IrSUietX9Bkjp_LMKpcZ2dsUSExfaez3yf4PQbxUMBqGZnyhIchMHLqLk7Cdk15LEI0q1PI7SonffOIsUpPfZfEl2z8mlw3qnrzgWFa5XKy4QZbE94-E_qJkErQj7jZgZAVLaIG0rxcGLLKrvq09aqIl_IeKy_3VI-5gP6tqjYlFSZB3Y5Tti2T8r0YEnRNxv0k8HtabDXr%26adurl%3D&documentReferer=https%3A%2F%2Fwww.elheraldo.co%2F&ancestorOrigins=https%3A%2F%2Fwww.elheraldo.co&random=4364696822486&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 31 Oct 2021 07:07:53 GMT
server: Microsoft-IIS/10.0
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
access-control-allow-origin: *
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Sun, 31 Oct 2021 06:07:53 GMT
content-length: 0

Redirect headers

Server: nginx/1.19.7
Date: Sun, 31 Oct 2021 06:08:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Keep-Alive: timeout=20
X-Powered-By: PHP/7.2.34
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Range, Content-Disposition, Content-Type, Authorization
Access-Control-Allow-Credentials: true
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=21638700024036500710580011764007&actionid=731824&produktid=businessgiro&dt_url=
Strict-Transport-Security: max-age=63072000;includeSubdomains;preload max-age=15768000
X-IPLB-Request-ID: D8836F84:A3B0_91EFC182:01BB_617E32CD_339D5AC:2A262
X-IPLB-Instance: 40028
Cache-control: private

GET
H2

200

htlp Show response
futalis.de/ Frame A853
Redirect Chain

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=21638700024036500710580011764007
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=972344917

350 B
409 B

40ms
10ms

Document
text/html

167.233.14.134
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=972344917
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request.php?zone=k87fl8jofdhz&nw=20&renderingType=javascript&namespace=4b1edcea28&subid=&uid=61204cff86392a25&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1tryzDJ-YebeEI_igAezj62wAo_g-IZT_bGLpMoM8C4QASDn_MZnYJXikIKgB8gBCakCLoL0L5Flsz6oAwGqBIkCT9DE_fS1QkCRxwChQTLYk0F8WmAbdtd0zaLmJ7oq9RYY6uRmpxh_nYnuBWrIqpX-7Ofu_X4YsU88sPsCal8MfaYvAKAjYMEiykt1Xxnfy-HBHENMJX_6HTNtMu4S9S5FlmNNv2QR9uQq6O9UgR6Sy2-aGkU-UMp4RZ7DlZdZKHsq9i-gIwsXZ9_R6Gay1t-X9ffUsL-BwuaDfYH_wToszv5y2835eHaPURMZHIEn9xiD4wFg59fJz_zWTKD1HAsViWsNJIUWcmZkiTwOASarURIrlvKYeZVi_rOEc04r1_xW6EvmcnyM1qRp8f5nNgJIaK_e8AVtz1WbEm5YeIbjrLk0oi6cnRaJsMAEu_GowM8B4AQDkAYBoAZNgAfr5-heqAfw2RuoB_LZG6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiI4YAQEAEYHYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRoxD2rXp90RiUTEWHjc74tza1ZbA%26sig%3DAOD64_2rhjsZUjQVWEHyqABBJvh6FjaVUQ%26client%3Dca-pub-2063825275429439%26dbm_c%3DAKAmf-BqHhm0NKGBaIFg6ak1LTgAi87zbp4eKGd3bZNWbcFobmxC7pVRiTixwVVlQHd8rI2ylukuPcAKsHGVRP29cpIL21jCY5LSMPFSoVvp2Kd8oyBUXSSeC5UOLdoai8_tFtAHZorVa8luzJgpJA7hsxW-iIMC3Q%26cry%3D1%26dbm_d%3DAKAmf-BrX0Omhc3ZkUIqSP5JZxUPtS-zJiHPEZsBtVlVrMXMP9IejXBy9yodz8Uo19oQheeONB3apJsXnnlFyUffxFZ-f-wExgCmJzmq1B9gslFR1tHYKnKJ1U_YfMdyCL4_LiEGcd86pwGPB6DhC-C5S-_EFwiPbqWZiCjw0p8pkJgilNEIxSqlOl-Si-pTJJ9j76RJQTlcGkM3pvhzSuvnP04ZAlc5p3fjX0dVueRNaVqifb39EDCgpRBIERNU1IrSUietX9Bkjp_LMKpcZ2dsUSExfaez3yf4PQbxUMBqGZnyhIchMHLqLk7Cdk15LEI0q1PI7SonffOIsUpPfZfEl2z8mlw3qnrzgWFa5XKy4QZbE94-E_qJkErQj7jZgZAVLaIG0rxcGLLKrvq09aqIl_IeKy_3VI-5gP6tqjYlFSZB3Y5Tti2T8r0YEnRNxv0k8HtabDXr%26adurl%3D&documentReferer=https%3A%2F%2Fwww.elheraldo.co%2F&ancestorOrigins=https%3A%2F%2Fwww.elheraldo.co&random=4364696822486&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 167.233.14.134 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: lb-2.futalis.de
Software: /
Resource Hash: 582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/

Response headers

content-length: 350
content-type: text/html; charset=utf-8

Redirect headers

date: Sun, 31 Oct 2021 06:08:13 GMT
server: Apache
p3p: policyref="https://www.retailads.net//w3c/p3p.xml",CP="NOI CUR OUR STP"
location: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=972344917
content-length: 0
content-type: text/html; charset=utf-8

GET
H3

200

activityi;dc_pre=CIv7w5X-8_MCFUaUhQodOM8IyQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2078892201127.398 Show response
5994599.fls.doubleclick.net/ Frame F90E
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2078892201127.398?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CIv7w5X-8_MCFUaUhQodOM8IyQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2078892201127.398?

391 B
345 B

60ms
36ms

Document
text/html

142.250.186.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CIv7w5X-8_MCFUaUhQodOM8IyQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2078892201127.398?

Requested by

Host: www.elheraldo.co
URL: https://www.elheraldo.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f6.1e100.net

Software

cafe /

Resource Hash

e979f50a44b9fa8b7c7fb5c4019a69735edb324968229cc3750a33a80469131b

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 31 Oct 2021 06:08:13 GMT
expires: Sun, 31 Oct 2021 06:08:13 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 322
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 31 Oct 2021 06:08:13 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CIv7w5X-8_MCFUaUhQodOM8IyQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2078892201127.398?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK request_content.php Show response
hal90007.redintelligence.net/ Frame 9F85 7 KB
2 KB 38ms
14ms Document
text/html 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/request_content.php?s=21638700024036500710580011764007&a=3855b51f
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request.php?zone=k87fl8jofdhz&nw=20&renderingType=javascript&namespace=4b1edcea28&subid=&uid=61204cff86392a25&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC1tryzDJ-YebeEI_igAezj62wAo_g-IZT_bGLpMoM8C4QASDn_MZnYJXikIKgB8gBCakCLoL0L5Flsz6oAwGqBIkCT9DE_fS1QkCRxwChQTLYk0F8WmAbdtd0zaLmJ7oq9RYY6uRmpxh_nYnuBWrIqpX-7Ofu_X4YsU88sPsCal8MfaYvAKAjYMEiykt1Xxnfy-HBHENMJX_6HTNtMu4S9S5FlmNNv2QR9uQq6O9UgR6Sy2-aGkU-UMp4RZ7DlZdZKHsq9i-gIwsXZ9_R6Gay1t-X9ffUsL-BwuaDfYH_wToszv5y2835eHaPURMZHIEn9xiD4wFg59fJz_zWTKD1HAsViWsNJIUWcmZkiTwOASarURIrlvKYeZVi_rOEc04r1_xW6EvmcnyM1qRp8f5nNgJIaK_e8AVtz1WbEm5YeIbjrLk0oi6cnRaJsMAEu_GowM8B4AQDkAYBoAZNgAfr5-heqAfw2RuoB_LZG6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiI4YAQEAEYHYAKA5gLAcgLAYAMAbATwpraCtATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASFeRoxD2rXp90RiUTEWHjc74tza1ZbA%26sig%3DAOD64_2rhjsZUjQVWEHyqABBJvh6FjaVUQ%26client%3Dca-pub-2063825275429439%26dbm_c%3DAKAmf-BqHhm0NKGBaIFg6ak1LTgAi87zbp4eKGd3bZNWbcFobmxC7pVRiTixwVVlQHd8rI2ylukuPcAKsHGVRP29cpIL21jCY5LSMPFSoVvp2Kd8oyBUXSSeC5UOLdoai8_tFtAHZorVa8luzJgpJA7hsxW-iIMC3Q%26cry%3D1%26dbm_d%3DAKAmf-BrX0Omhc3ZkUIqSP5JZxUPtS-zJiHPEZsBtVlVrMXMP9IejXBy9yodz8Uo19oQheeONB3apJsXnnlFyUffxFZ-f-wExgCmJzmq1B9gslFR1tHYKnKJ1U_YfMdyCL4_LiEGcd86pwGPB6DhC-C5S-_EFwiPbqWZiCjw0p8pkJgilNEIxSqlOl-Si-pTJJ9j76RJQTlcGkM3pvhzSuvnP04ZAlc5p3fjX0dVueRNaVqifb39EDCgpRBIERNU1IrSUietX9Bkjp_LMKpcZ2dsUSExfaez3yf4PQbxUMBqGZnyhIchMHLqLk7Cdk15LEI0q1PI7SonffOIsUpPfZfEl2z8mlw3qnrzgWFa5XKy4QZbE94-E_qJkErQj7jZgZAVLaIG0rxcGLLKrvq09aqIl_IeKy_3VI-5gP6tqjYlFSZB3Y5Tti2T8r0YEnRNxv0k8HtabDXr%26adurl%3D&documentReferer=https%3A%2F%2Fwww.elheraldo.co%2F&ancestorOrigins=https%3A%2F%2Fwww.elheraldo.co&random=4364696822486&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 Heppenheim an der Bergstrasse, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: db886cf78b7d69146ef807e080f2e42c686b64d2bf880724c33897bcb5c653ef

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/

Response headers

Date: Sun, 31 Oct 2021 06:08:13 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Sun, 31 Oct 2021 06:08:13 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2059
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame 2CF0
Redirect Chain

https://pv.medialead.de/trck/eview/e99aace94e6e5873830a7df8deda4aa6?subid=21638700024036500710580011764007
https://ad-server.eu/wm/pb/native.png

68 B
312 B

148ms
27ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
URL: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 06:12:13 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Sun, 31 Oct 2021 06:08:13 GMT
Server: nginx/1.17.5
X-IPLB-Request-ID: D8836F84:A3B2_91EFC182:01BB_617E32CD_33A24C9:2A264
X-Powered-By: PHP/7.2.21
X-IPLB-Instance: 40028
Strict-Transport-Security: max-age=63072000;includeSubdomains;preload, max-age=15768000
Content-Type: text/html; charset=UTF-8
Location: https://ad-server.eu/wm/pb/native.png
Cache-control: private
Transfer-Encoding: chunked
Keep-Alive: timeout=20

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 2CF0 43 B
703 B 55ms
13ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2601049&v=18332&q=376776&r=296283&pref1=21638700024036500710580011764007&pv=1

Requested by

Host: 880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
URL: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.217 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 31 Oct 2021 06:08:13 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
DATA 200
OK truncated
/ Frame 2CF0 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 15de072f08c7bd01e36c107d9f1a3d2d3773af840c04c82d9f45f80a268396f1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 /
track.adform.net/csimpr/ Frame 7FEB 35 B
494 B 22ms
22ms Ping
image/gif 37.157.4.39
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=50436508&csi=top7UU3Fu8MU7i-DJJ0XiHZy6d33Ynflk8-2sFuSXkrrygPkIxxfk8kkjSs81i_M3eePI_FAK1aUEc7fGu6dqt6vWmW1dlSa0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.39 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:13 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 47706634.jpg
s1.adform.net/Banners/47706634/ Frame 7FEB 20 KB
20 KB 22ms
22ms Image
image/jpeg 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/47706634/47706634.jpg?bv=1

Requested by

Host: www.elheraldo.co
URL: https://www.elheraldo.co/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

925898c2c2040343690b2616e8ae71a9f626aab0732a31cffa8d5d1332979a2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:13 GMT
last-modified: Tue, 31 Aug 2021 12:07:05 GMT
server: nginx
etag: "612e1b69-50ad"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 20653

GET
H3 200 css
fonts.googleapis.com/ Frame 9F85 1 KB
420 B 46ms
25ms Stylesheet
text/css 142.250.186.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=21638700024036500710580011764007&a=3855b51f

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.106 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f10.1e100.net

Software

ESF /

Resource Hash

9c1521286e7dd2d6f8c2262b15bca8867bcae973a83879accdd00e1cb9831e5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 31 Oct 2021 06:06:35 GMT
server: ESF
date: Sun, 31 Oct 2021 06:08:13 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Sun, 31 Oct 2021 06:08:13 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 9F85 16 KB
16 KB 46ms
12ms Image
image/png 159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/pb_goldschmied_1200x627.jpg
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=21638700024036500710580011764007&a=3855b51f
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 159.69.70.9 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: fd3ef805cf9ba4d9437699263f2146b36dec9486f8a562f2045e5890020c27fb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 06:08:13 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16464
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 9F85 15 KB
15 KB 43ms
13ms Image
image/png 159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/52343/creativesup/1200x627_2.jpg
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=21638700024036500710580011764007&a=3855b51f
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 159.69.70.9 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: f02700e472d70dbda59a8f619b6422cdf90fd27cc6dd4b0745ef2806c04627fc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 06:08:13 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 15245
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 9F85 13 KB
13 KB 42ms
12ms Image
image/png 159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/55487/creativesup/1200x627.jpg
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=21638700024036500710580011764007&a=3855b51f
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 159.69.70.9 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: 95862077951abd07f7b2ba091c145263652038d4a95acc340717eb177d72c914

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 06:08:13 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 12989
Vary: Accept-Encoding
Content-Type: image/png

GET
H2 200 ts.js Show response
cdn.retailads.net/ Frame A853 5 KB
5 KB 11ms
11ms Script
application/javascript 78.46.5.84
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.retailads.net/ts.js
Requested by: Host: futalis.de
URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=972344917
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 78.46.5.84 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: dedi1284.your-server.de
Software: Apache /
Resource Hash: 06a1b5afc54f03b03f1ec1d55390a43b7d0bea926033263e0988e33a8db55d19

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://futalis.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:13 GMT
last-modified: Thu, 17 Jun 2021 11:09:56 GMT
server: Apache
accept-ranges: bytes
etag: "13e5-5c4f43f50991d"
content-length: 5093
content-type: application/javascript

GET
H/1.1 200
OK viewability Show response
hal90007.redintelligence.net/ Frame 9F85 0
150 B 34ms
12ms Script
text/html 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/viewability?s=21638700024036500710580011764007&a=304bd1f6&vb=m
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=21638700024036500710580011764007&a=3855b51f
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 Heppenheim an der Bergstrasse, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/request_content.php?s=21638700024036500710580011764007&a=3855b51f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sun, 31 Oct 2021 06:08:13 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 dc_pre=CIv7w5X-8_MCFUaUhQodOM8IyQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2078892201127.398
adservice.google.com/ddm/fls/z/ Frame F90E 42 B
63 B 88ms
59ms Image
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CIv7w5X-8_MCFUaUhQodOM8IyQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2078892201127.398

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CIv7w5X-8_MCFUaUhQodOM8IyQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=2078892201127.398?

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 07EB 0
20 B 39ms
38ms Image
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BS9d8zDJ-YeXeEI_igAezj62wAgAAAAA4AeAEAg&bg=!cXKlcjbNAAZzbWp4c207ACkAdvg8WvHAqtSxg2ov9WpKlPS6Y-s5osg4tOKa_P0QvOp8Vscjr3E3XwIAAAGrUgAAACNoAQeZAwQcnY6JWxXX6TDoZ70DNRoy94nkKGbt_i6BoL2ND6YtlD2zVpzlVMyDCAyLaDjC4XS-BZNksGRyK8zZR7imcoWkMXiPll3TGFmoFbrF3R-PsH1a3iHhT2OUSp5pU3AJurFXt04rcFNby5-_KScrOz4Vjho2sgxmxtyPT8qJElgZE7uSUORqrhryePHfvWszRDGF3LVJmTJk_WUpYhRAsmmD4uhV_9sudCe8jUmSm3j3A8RopdFn1beajMOnEjRwH_1cEUNtehLmX76LwuXxqg2NJ9a4xbtFRuS6uSf2cI9SGF5iVC6T5JMFcFn4YITOQqMzxCHMZXQRlkS9FyCPI-R1jL9KTY-PEYGFvEvbKJ2-TeFeTqQMXdBLvX3BGPr95aJnuSQ0VWg13sZ7_bfEAedlZ2mLh1NbF65icRIQSD7uU0NjpS7tVGGaCJbkkvU4i7H_k9b84odLLxpa8rUMBRtw1hE5Ir3-aSwUMvu-INkouunVAVnoEs0tu1LqzEdSvF5a_WgF7rHqAPcVcrJ3-aMmAqWUOt7kkYBaAciyUyCBE8OK_VUsyGsQBxoAFP3uC07OhPaiWmnV_CLO18nnKdKY0aGq_qlFhd54AsuZ4RgKsYkyD3IGqLAfVZ8SdiauLCG_2OBZcHZwHYaoeyc07jVsoNAUa4c7TFNzfMZcH7t1uqpNOEb7blbMh3zRN4J_JlhF9OOsy3hKxjVBaxJuGcgRO1qcgax5tki7WsAK_gbREM01m-7Tnr66fWstUEP-UmtaFy-ecESlH8M7EmdBF1JkEQ88QERU28bc54hS0b1wBGn08g5PBoU3PxQyW8dBsPm_Trz4oT3zlD_roB8Z7BkRKGffrWjaz09htUQ8B5wln05vXVQVozzYxfk6N8uLKFEB-bOx33uMtRJFmEHrATg5yoRwR-XU9sVQ3pDMrMC5tF_6bBxB2H3YUNonrXNNPxdMMG-YKLqniKBR_v2vv3GcXFqBSYBMwOQo6LVBd79xxuSZ133CID8aleR5-fNhOcgzZUpQ

Requested by

Host: www.elheraldo.co
URL: https://www.elheraldo.co/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 50ms
27ms XHR
application/json 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021102801&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102801.js?31063351

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

74988224243f193166ee9d0cc8306a4d10669f978fedfc3f1a47cf04036c2372

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 31 Oct 2021 06:08:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8542
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3764 0
20 B 39ms
39ms Image
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bc-ajzDJ-YZOWOv_D7_UP3fei-A4AAAAAOAHgBAI&bg=!YGOlYyfNAAZzbWp4c207ACkAdvg8WqKWMgHOc1Gp1fIv5j1_cUu5liPA14XY9FvkvYc3loDvNiyKWAIAAAF2UgAAAApoAQeZAwQApeBWOeYlbt4PRk9VQfWv0yb97NUXDo4E8tXKf9ec_gQ7R4cCPXI2qkIdBwE6L5-a7BRXIiIzgzOecYg48tzkICsFEyNW84gL1esgtoNYQh6y8uyUAtRNL6O7WnEq0gpxeOXWwvYrWNNUYPMvgWmqquMMSWgrfX7SjfE3ufOQqhG8CzhU9nK0otseacZFcU9g-kw9R00aOFQgz3jUwKlB6rNuo2TU6xSQNmAbrrq8I3q7XjBYjWbUHyfEONSB0ghSsBz8ffj-bjdZfVNrRK2Qd0ONF0iC19nyh2IPUHyzhNwBooI39pXy-GlKQ4Y0bE_IcqXDGw78JzVUP0wUoO92oYb3UiaizElq9UNNWxCu_94akVnQ754PsZUXuSPbAaaXhzJ20tRUKahxNcO9TeXVsR8Eoyw-q83fMjSBfHpw4_E_khvg-EXY9PzhhfZgL3A3duJZhF9SshDbwLJA5xFPIUidmbUv1qBPkwR5qhPpNGajG69whK5ZvkSmY2km3HAASJLFRtri1tWwau9C4MtBe6iFoTooqOaYF2WsG71BQz8koWqYH7Zf00io5nRX0CqbJfC4llmakCeqc_ZQPHNtaMG42KsaXJbKie6kpY7S4ox_n7MQ9bacfQ_DAjW-ZhPfgbbvOiqVRh8vEcuF7vcqlap4wbl5Ib95x_iywmrBfUH7FobNBc7Jwkze8bURMXtiYKKRk9rGG2rsLJ75L8A2UP0Bw-tpMnv8lojgubIzm4Av3qx-X1dQ2K7Yatifb9VqScL8UaqHl4BueTiB3rEpM6eu8dIVg0EqK_kZSWdIunU5o8TanU5-sP48TGMt1nMuaEuxMeoTRtrB7ToQg_iZwxh85i1KUA-39ONNDpsahZ1aHHJ-6_OxiMUrRI11MSQKEpE9zp7G8AxPQegibEX5hqQJHcJTO8E29YH_0zphnwfriMzKHffIX6M7a8hvWHJ107Ojm57mjs-xYsQk9E95p6qvjMu5ID5ZFRKQ2wysHYGIKhLv-MJMrZ7VuQXJHQVpja9_

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8DC6 0
20 B 39ms
38ms Image
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BsPk8zDJ-YeCzOY7U7_UPm4SkoAIAAAAAOAHgBAI&bg=!tLelt_PNAAZzbWp4c207ACkAdvg8WgQSIDUQieSn3PKYcVmUWRn6DjJkHwb7HRy4ZG-2skORqgaB5wIAAAGOUgAAAApoAQeZAvFqTAJIyAXYWMrhYevHBnRPhYZGCvO7Hw1naLMR8BgDnJLiwMkreXBpv1KwxR32MXjiJa7U2tcekeephh0LkGLo4G7D3gPpPh8Tx4ppPDHF-luPaNrfcoXYlF04vvfXLMz3wkL8MfwKAxUWbqL2Nvik-w5xBgXcRE-NQbMRx_GhAL3hhOZ0iDBvo0hSLDcCP7v-gj9vWXKRd_YqJOZYrnShdyaW5w6ZQTXUwUWzdsMHzYPfEnqaUXFR2dr7_UiwGdMPjIVGNwemGxiIcpFUGvsQzRR9L4Yaiwi0Td_zGd3snZnp1JhW6O8othlq0nvV5p5VlPww_Gv6vNfUtvv0gzvVtD4sFRCHTWQcZLvG3LvwtiEDa7wPNQKKdv9tHMfouvnbV1_0jDtgz9WJyZZ9--RH3yAdM159EtLJ8EOYVAyX6glG18hLVnjnjlB7AmKfJ3fCHzfGpOdJNwGqbQlxSB67_iSKvIAyLLPHSWhdduc6MAmCW7EZZ6mcw2ga6UmydVoMzLYkQzUfGCVTsxk_74vSt9HuvRRAnAShZYVeiHr2Z7YOwjzyRhdxXfbvYN94OYc0UPuGftPLqalicJORaV20oEJHuX9wL_Th1msgUyq3zWg9_IjLdeYxfwNioDnH8Vv8ii0Nrtx8cbt3CGLI_3xd1cleofov_mDIzmiEphUcVKRT4hHaRcQTGKK-XgEq7yMGNyeikumATkRTk7_VYZt4ctgT13IbOIRUS0hzmGf4O31WAX_-tlDQMDeY5rH6joor85vaF96GwfdWYAhddATPhbX-PRBsy-ZN8zNMGksY5EqRxrJSfosT6XgViOia7bQ87WdcePrY7zuX6eXuGqrSb0iNMa3AflItUaUZD9SNfuNbtUFMenF0NiJQ7JKwHni0GdKI4vX9yE6An4vjQlb3038gST-52YH1lIIgazOwN2zdyBO2poqKIw6eqYwYkET3RKY3JZysQXlN3mzoGrt4ilJ8TaNYF9rbvCytUF-hLd8

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 39ms
39ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102801.js?31063351

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sun, 31 Oct 2021 06:08:13 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 31CE 12 KB
5 KB 18ms
17ms Document
text/html 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f1.1e100.net

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Sat, 30 Oct 2021 15:45:52 GMT
expires: Sun, 30 Oct 2022 15:45:52 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 51741
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame C51B 783 B
534 B 26ms
25ms Document
text/html 142.250.186.36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.36 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f4.1e100.net

Software

GSE /

Resource Hash

b6ce71d7d51123a34fe9289dc467f1209b939c38504b2af9ec0f70144fa4d01c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-MLzsVWtedb8LTSeGr6A87A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sun, 31 Oct 2021 06:08:13 GMT
date: Sun, 31 Oct 2021 06:08:13 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-MLzsVWtedb8LTSeGr6A87A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame C51B 0
0 69ms
69ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021102801&jk=1555389292883347&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s56-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H3 200 C8m29kB8iYAnQnzidy4_DrlfbpyEWo1zyweSB2Yey3c.js Show response
pagead2.googlesyndication.com/bg/ Frame 31CE 35 KB
13 KB 17ms
17ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/C8m29kB8iYAnQnzidy4_DrlfbpyEWo1zyweSB2Yey3c.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

0bc9b6f6407c898027427ce2772e3f0eb95f6e9c845a8d73cb079207661ecb77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 30 Oct 2021 12:10:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64635
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13263
x-xss-protection: 0
last-modified: Tue, 19 Oct 2021 13:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Sun, 30 Oct 2022 12:10:59 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F5BE 42 B
64 B 44ms
44ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuGl2bnmzChwUv184pMPVDCAk_thaqIikmuAaNc8e3iX2ieBkIQzsl0tlOEF98C3FJf9qU8l2F3Xk7qne-pTlJWpWshY82ZiWyEUv9IB-brUqkDfAp0DA&sai=AMfl-YSWipJvBuDum4jGwDJcVySYoYhz066cwti55kACf0KZtbFAf6Fe1DKa7el8C7GvDhsiZZKPnxj67jV390aNa_k0WCBznsSr6Ymm-l-oN_9E1sNzA5_HH6Vf1IQtVVRD&sig=Cg0ArKJSzMsWelB_Cg0QEAE&cid=CAASFeRoa6U9K9f6tj-Cy0CfJH5OiVg2gw&id=lidar2&mcvt=1000&p=30,315,284,1285&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20211025&bin=7&avms=nio&bs=0,0&mc=0.98&if=1&app=0&itpl=20&adk=3262913694&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1635660492533&rpt=294&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9A32 42 B
64 B 29ms
29ms Fetch
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsusSIcG2wrsrL4qYrXO4Z1SV8AIOGx5OFP0G9LSKcDe9IgaxbvJN9aeLT0FOC4HGtyQaKLLrkpWv2mshlnSYFa1OyjStp8_LEvUH2lqChTapWGkHLlhlHUiz-z1VZSmVPrFN_KazXrh_tnA&sai=AMfl-YQSZrjKN80z-DbfFaqTya8x5jwbQuaA2_zSzBF9diCXYJGAPkMYQShwEc7t4RP14A5KpBomH7BUeg3EARZnA84fkPz8eJcsvjzMgAJ5lfXtYD4Gr3m3jpYu8YpwMJcB&sig=Cg0ArKJSzGhGFIWJlwq5EAE&id=lidar2&mcvt=1022&p=760,1100,1010,1400&mtos=1022,1022,1022,1022,1022&tos=1022,0,0,0,0&v=20211025&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=139170558&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1635660492547&rpt=324&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 40ms
39ms Image
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021102801&jk=1555389292883347&bg=!U1ClUBTNAAbUs_yW1LM7ACkAdvg8Wk9NYXCZEqY9XK-FrOnTssWcxo8hfB42JSX1fgix0pAVIxwuUwIAAACdUgAAAAtoAQcKAKiubCyxwa2mjkxJmMADOpUbV7KV_sarDYchv6Mvllm_3OY8_huK8O47mj63HAQOYBbh3f0Pn7CYfEKmZYxAJkv4itKbRlJtu6dg4l889-mLxI19ROdGUcstl0KtRGaQZOaP0AKReiP8V6q74BSh_lhZvhc1KUEm_Qk0BZ7FlKBNMayMrx0hoVdq9oP53sCzQ_DkFfc8mYB1ceyOvmh5BYT6HNs-HAJIqz6ZArtBHGxPP-XrH51pT5DLAh_1gL9dAvKd0LaHnCAesU2iikmsH3Hx542P_xIZOtNchHDzQRJL0zCSfZRVMo7YxlLPzANExrUYUYkx_En_b6aN18h2Lj0ao_ZuBm15aG1Y2rVChplbONP7h7t9o7niKGmhhYBL8jQgPfom8MVtvOtdG0D1AveAImd6PeQg9cDJLXwfoppgH8tV0hOdcCHV4Rr02rQbbn4PqrAoCI64FpQwmZv7uKfKf2xubngB5LPunpxSxhYeFstJPF4rxFmcpYIFvlAAieNsO3asQ00Xoj3E0FCmpROUvJymFFswzGoP5Sqkb_gbUmCZxEa3ijpy6OYQXKwcFyOHvm3mwdCeQjOmOieto2bK7MZezYFx1Qi0AbQyZ_qKdatLsV8kgfvdgJ0IqJmrUCoDyT7vGMamgdFSUvWdD_DZj0gCQ9mIBexUemhHPl_oTfUjE9V3hpFgjI13airBHr0pG4fwpqxqzaZ810n2QYUb7v7szfKZ4F9ZwMcWmbFFblskoI94R8Rtg7KErvHWoJfa_Kq0L3mEvYnC1yoSMHkH8ow_3waya_4Lh7tiHaSZ8ldTbALne8g0sIqPQdSrxqU-8Wlnm_1nqU-ICI21J6IXEsxpv8N4eaIenaWdjuR85yRhMTa-lcJbWfmHG5ZgYsjQYmeWvkHe3JALxe_ik3SuOiSp8ovx908Y-9rAFyTvf5xkK4gClsHpsO0a5h1Kp5L4ywqbZTUZcA9wIlxDvvECzyJWo-i4U-ojG037LCfJh6Jf1AgLYBw0Uk1jU1b2B1SNsh4Utrci3Uaa_Pn3-sZq2zUrQeoCKCIkzwWPTVmmzf_3_jT9MbXabdlN36RdKF4lPaDp6GF3driI4GdmwWjFaoo2nnwMWO8mjBH2FzdgLFaB1syRYgmbGO_DiXZY-Pf8ohi0Lmo

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

ROS Show response
ads.us.e-planning.net/hb/1/2c34d/12345093/www.elheraldo.co/
Redirect Chain

https://ads.us.e-planning.net/hb/1/2c34d/12345093/www.elheraldo.co/ROS?rnd=0.8827107373896694&e=elheraldohomedesktop970x250:300x250!/elheraldo_home_desktop_970x250+elheraldohomedesktop1728x90:728x9...
https://ads.us.e-planning.net/hb/1/2c34d/12345093/www.elheraldo.co/ROS?ct=1&rnd=0.8827107373896694&e=elheraldohomedesktop970x250:300x250!/elheraldo_home_desktop_970x250+elheraldohomedesktop1728x90:...

434 B
757 B

15ms
14ms

XHR
application/json

46.249.52.248
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/hb/1/2c34d/12345093/www.elheraldo.co/ROS?ct=1&rnd=0.8827107373896694&e=elheraldohomedesktop970x250:300x250!/elheraldo_home_desktop_970x250+elheraldohomedesktop1728x90:728x90!/elheraldo_home_desktop_1_728x90+elheraldohomedesktop2728x90:728x90!/elheraldo_home_desktop_2_728x90+elheraldohomedesktop1300x250:300x250!/elheraldo_home_desktop_1_300x250+elheraldohomedesktop2300x250:300x250!/elheraldo_home_desktop_2_300x250+elheraldohomedesktop3300x250:300x250!/elheraldo_home_desktop_3_300x250+elheraldohomedesktop4300x250:300x250!/elheraldo_home_desktop_4_300x250+elheraldohomedesktoplayer600x400:1x1!/elheraldo_home_desktop_layer_600x400+elheraldohomedesktopflotante1180x50:728x90!/elheraldo_home_desktop_flotante_1180x50&fv=0&ur=https%3A//www.elheraldo.co/&cb=hbepl.rH&ts=1635660495&tz=0&facmd5=0&srvtarg=section:home;url:https%3A//www.elheraldo.co/&sltarg=~!~!~!~!~!~!~!~!~&crs=UTF-8&vs=FFFFFFFFF&ncb=1&gdpr=0&ccpa=1---
Protocol: H2
Server: 46.249.52.248 , Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: 267076153fe8714d9083f946675d99018085e82c915c50caee8e7fa25afc50f8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:15 GMT
server: openresty
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
access-control-allow-origin: https://www.elheraldo.co
expires: Sun, 31 Oct 2021 06:08:15 GMT
cache-control: max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 434
x-sid: AMS-743

Redirect headers

date: Sun, 31 Oct 2021 06:08:15 GMT
server: openresty
access-control-allow-origin: https://www.elheraldo.co
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
location: /hb/1/2c34d/12345093/www.elheraldo.co/ROS?ct=1&rnd=0.8827107373896694&e=elheraldohomedesktop970x250:300x250!/elheraldo_home_desktop_970x250+elheraldohomedesktop1728x90:728x90!/elheraldo_home_desktop_1_728x90+elheraldohomedesktop2728x90:728x90!/elheraldo_home_desktop_2_728x90+elheraldohomedesktop1300x250:300x250!/elheraldo_home_desktop_1_300x250+elheraldohomedesktop2300x250:300x250!/elheraldo_home_desktop_2_300x250+elheraldohomedesktop3300x250:300x250!/elheraldo_home_desktop_3_300x250+elheraldohomedesktop4300x250:300x250!/elheraldo_home_desktop_4_300x250+elheraldohomedesktoplayer600x400:1x1!/elheraldo_home_desktop_layer_600x400+elheraldohomedesktopflotante1180x50:728x90!/elheraldo_home_desktop_flotante_1180x50&fv=0&ur=https%3A//www.elheraldo.co/&cb=hbepl.rH&ts=1635660495&tz=0&facmd5=0&srvtarg=section:home;url:https%3A//www.elheraldo.co/&sltarg=~!~!~!~!~!~!~!~!~&crs=UTF-8&vs=FFFFFFFFF&ncb=1&gdpr=0&ccpa=1---
access-control-allow-credentials: true
content-type: text/html; charset=iso-8859-1
x-sid: AMS-743

GET
H2 200 ROS Show response
ads.us.e-planning.net/hb/1/2c34d/12345093/www.elheraldo.co/ 81 B
403 B 16ms
15ms XHR
application/json 46.249.52.248
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/hb/1/2c34d/12345093/www.elheraldo.co/ROS?rnd=0.8827107373896694&e=elheraldohomedesktop1728x90:728x90!/elheraldo_home_desktop_1_728x90&fv=0&ur=https%3A//www.elheraldo.co/&cb=hbepl.rH&ts=1635660495&tz=0&dc=1&facmd5=0&srvtarg=section:home;url:https%3A//www.elheraldo.co/&sltarg=~&crs=UTF-8&vs=F&ncb=1&gdpr=0&ccpa=1---
Requested by: Host: sakimg.e-planning.net
URL: https://sakimg.e-planning.net/layers/hbdfp.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.249.52.248 , Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: 7a6de55c6c87e9179b9604680357ec7d0441f1ac79d23ffde62c26e9f9301ff7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:15 GMT
server: openresty
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
access-control-allow-origin: https://www.elheraldo.co
expires: Sun, 31 Oct 2021 06:08:15 GMT
cache-control: max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 81
x-sid: AMS-743

GET
H2 200 ROS Show response
ads.us.e-planning.net/hb/1/2c34d/12345093/www.elheraldo.co/ 81 B
403 B 17ms
16ms XHR
application/json 46.249.52.248
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/hb/1/2c34d/12345093/www.elheraldo.co/ROS?rnd=0.8827107373896694&e=elheraldohomedesktop2728x90:728x90!/elheraldo_home_desktop_2_728x90&fv=0&ur=https%3A//www.elheraldo.co/&cb=hbepl.rH&ts=1635660495&tz=0&dc=1&facmd5=0&srvtarg=section:home;url:https%3A//www.elheraldo.co/&sltarg=~&crs=UTF-8&vs=F&ncb=1&gdpr=0&ccpa=1---
Requested by: Host: sakimg.e-planning.net
URL: https://sakimg.e-planning.net/layers/hbdfp.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.249.52.248 , Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: bebe9e8010dc2b783623b7b3c79bfdfa26fc34b15f0813bb88e540f4c8e153fb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:15 GMT
server: openresty
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
access-control-allow-origin: https://www.elheraldo.co
expires: Sun, 31 Oct 2021 06:08:15 GMT
cache-control: max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 81
x-sid: AMS-743

GET
H2 200 ROS Show response
ads.us.e-planning.net/hb/1/2c34d/12345093/www.elheraldo.co/ 82 B
404 B 17ms
17ms XHR
application/json 46.249.52.248
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/hb/1/2c34d/12345093/www.elheraldo.co/ROS?rnd=0.8827107373896694&e=elheraldohomedesktop1300x250:300x250!/elheraldo_home_desktop_1_300x250&fv=0&ur=https%3A//www.elheraldo.co/&cb=hbepl.rH&ts=1635660495&tz=0&dc=1&facmd5=0&srvtarg=section:home;url:https%3A//www.elheraldo.co/&sltarg=~&crs=UTF-8&vs=F&ncb=1&gdpr=0&ccpa=1---
Requested by: Host: sakimg.e-planning.net
URL: https://sakimg.e-planning.net/layers/hbdfp.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.249.52.248 , Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: 82df9fdce91353530c3fb582a48061750ab5ab6ec6958d1e8b5063f020bcdeab

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:15 GMT
server: openresty
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
access-control-allow-origin: https://www.elheraldo.co
expires: Sun, 31 Oct 2021 06:08:15 GMT
cache-control: max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 82
x-sid: AMS-743

GET
H2 200 ROS Show response
ads.us.e-planning.net/hb/1/2c34d/12345093/www.elheraldo.co/ 82 B
404 B 16ms
16ms XHR
application/json 46.249.52.248
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/hb/1/2c34d/12345093/www.elheraldo.co/ROS?rnd=0.8827107373896694&e=elheraldohomedesktop3300x250:300x250!/elheraldo_home_desktop_3_300x250&fv=0&ur=https%3A//www.elheraldo.co/&cb=hbepl.rH&ts=1635660495&tz=0&dc=1&facmd5=0&srvtarg=section:home;url:https%3A//www.elheraldo.co/&sltarg=~&crs=UTF-8&vs=F&ncb=1&gdpr=0&ccpa=1---
Requested by: Host: sakimg.e-planning.net
URL: https://sakimg.e-planning.net/layers/hbdfp.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.249.52.248 , Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: 39d812d05c5a7f9b99f1702166a96bdd6fab54d9076d3115a7c6ed6ced0a73a8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:15 GMT
server: openresty
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
access-control-allow-origin: https://www.elheraldo.co
expires: Sun, 31 Oct 2021 06:08:15 GMT
cache-control: max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 82
x-sid: AMS-743

GET
H2 200 ROS Show response
ads.us.e-planning.net/hb/1/2c34d/12345093/www.elheraldo.co/ 82 B
404 B 17ms
17ms XHR
application/json 46.249.52.248
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/hb/1/2c34d/12345093/www.elheraldo.co/ROS?rnd=0.8827107373896694&e=elheraldohomedesktop4300x250:300x250!/elheraldo_home_desktop_4_300x250&fv=0&ur=https%3A//www.elheraldo.co/&cb=hbepl.rH&ts=1635660495&tz=0&dc=1&facmd5=0&srvtarg=section:home;url:https%3A//www.elheraldo.co/&sltarg=~&crs=UTF-8&vs=F&ncb=1&gdpr=0&ccpa=1---
Requested by: Host: sakimg.e-planning.net
URL: https://sakimg.e-planning.net/layers/hbdfp.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.249.52.248 , Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: 0380a1edddd903d980269a4a8443fe5863fc15ce5ac9c2b0ea382d4b7684f4b9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:15 GMT
server: openresty
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
access-control-allow-origin: https://www.elheraldo.co
expires: Sun, 31 Oct 2021 06:08:15 GMT
cache-control: max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 82
x-sid: AMS-743

GET
H2 200 ROS Show response
ads.us.e-planning.net/hb/1/2c34d/12345093/www.elheraldo.co/ 86 B
408 B 17ms
16ms XHR
application/json 46.249.52.248
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/hb/1/2c34d/12345093/www.elheraldo.co/ROS?rnd=0.8827107373896694&e=elheraldohomedesktoplayer600x400:1x1!/elheraldo_home_desktop_layer_600x400&fv=0&ur=https%3A//www.elheraldo.co/&cb=hbepl.rH&ts=1635660495&tz=0&dc=1&facmd5=0&srvtarg=section:home;url:https%3A//www.elheraldo.co/&sltarg=~&crs=UTF-8&vs=F&ncb=1&gdpr=0&ccpa=1---
Requested by: Host: sakimg.e-planning.net
URL: https://sakimg.e-planning.net/layers/hbdfp.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.249.52.248 , Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: bb4530c4f52ef0d7e5046a73bee148da83a31d8f6518d145670c6268fbd54c52

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:15 GMT
server: openresty
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
access-control-allow-origin: https://www.elheraldo.co
expires: Sun, 31 Oct 2021 06:08:15 GMT
cache-control: max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 86
x-sid: AMS-743

GET
H2 200 ROS Show response
ads.us.e-planning.net/hb/1/2c34d/12345093/www.elheraldo.co/ 89 B
411 B 15ms
15ms XHR
application/json 46.249.52.248
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/hb/1/2c34d/12345093/www.elheraldo.co/ROS?rnd=0.8827107373896694&e=elheraldohomedesktopflotante1180x50:728x90!/elheraldo_home_desktop_flotante_1180x50&fv=0&ur=https%3A//www.elheraldo.co/&cb=hbepl.rH&ts=1635660495&tz=0&dc=1&facmd5=0&srvtarg=section:home;url:https%3A//www.elheraldo.co/&sltarg=~&crs=UTF-8&vs=F&ncb=1&gdpr=0&ccpa=1---
Requested by: Host: sakimg.e-planning.net
URL: https://sakimg.e-planning.net/layers/hbdfp.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 46.249.52.248 , Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: 5a07abbd089059f19df0d52366d559720c8a475864f4921e0b9a600caab39ae9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elheraldo.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 31 Oct 2021 06:08:15 GMT
server: openresty
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
access-control-allow-origin: https://www.elheraldo.co
expires: Sun, 31 Oct 2021 06:08:15 GMT
cache-control: max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 89
x-sid: AMS-743

POST
H2 200 /
track.adform.net/serving/unload/ Frame 7FEB 35 B
503 B 21ms
21ms Ping
image/gif 37.157.4.39
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=8715999198518154976@@50436508,6348579070709946258,0|0|0|0|0|0|0|0|0||0|1|||||1|0|0|hLw2RYJZLP1cPlakbYq96Z58liesynlKGM7r97yV913fweFDp_5I_Im3nyX34Xgm0|||11||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.39 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 31 Oct 2021 06:08:18 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

Verdicts & Comments Add Verdict or Comment

171 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

50 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.elheraldo.co/	1969-12-31 23:59:59	Name: sitetype Value: desktop
www.elheraldo.co/	1970-01-20 07:49:48	Name: _cb_ls Value: 1
.google.com/	1970-01-20 02:44:31	Name: NID Value: 511=X0dgot0mP5jPQTwMKl2rieh90Gmd-iMvSzlRXc6N1dgBfyOHz2rXi6zlswtsE4yx5Iw9HsghS_a9bjSK2PodtVCMqxsrC7vxlE5n_Pc9OVLRruGXuvKXCfBGhSrnXJ0384l6V7KEQXSe99srtPqywnteu1TXGwU2ty1E6cMSnYI
www.elheraldo.co/	1969-12-31 23:59:59	Name: has_js Value: 1
.elheraldo.co/	1970-01-20 07:06:36	Name: cX_P Value: kveu0wlay5qb1xen
.elheraldo.co/	1969-12-31 23:59:59	Name: cX_S Value: kveu0wlkw92zwwhb
.elheraldo.co/	1970-01-19 22:22:26	Name: _gid Value: GA1.2.1488253272.1635660492
.elheraldo.co/	1970-01-19 22:21:00	Name: _gat_UA-10510362-2 Value: 1
.cxense.com/	1970-01-19 22:22:26	Name: cX_T Value: kveu0wxg2d77p8d4
.elheraldo.co/	1970-01-20 15:52:12	Name: _ga_82LDTX029Q Value: GS1.1.1635660491.1.0.1635660491.60
.elheraldo.co/	1970-01-20 15:52:12	Name: _ga Value: GA1.1.1972795091.1635660492
.elheraldo.co/	1970-01-20 15:52:12	Name: __tbc Value: %7Bjzx%7DWNE2V62ol3sTaWpVW9g20x4kFCIHMlyqNhWMrbCmilp6kY_8PiA1KImDKui6eTxGaQ-w75-3yojyi93zQEnkOZJ7uYSL6EANKsSh7UYvfnpeNzXsrnz_iPpG9ZCJ0NN3OIOcJdqVQouwBQ8m6jZEXg
.elheraldo.co/	1970-01-19 23:04:12	Name: __pat Value: -18000000
.elheraldo.co/	1970-01-19 22:22:26	Name: __pvi Value: %7B%22id%22%3A%22v-kveu0wsurfnqucln%22%2C%22domain%22%3A%22.elheraldo.co%22%2C%22time%22%3A1635660492067%7D
.elheraldo.co/	1970-01-20 15:52:12	Name: xbc Value: %7Bjzx%7DjDjMoDmck8VELjzCZmYp_VPplCdso-1R1GiJOYY26thY9WtEwOt6kPJcBfIVPF-ki_3R7H8q4mU5jRuWP_prD-STIHnVBBk9z8hQpvOBtG2rOHt9hdjqzLXrEydYQLfx3jhcG4NtjQJlCUjJdqfoXJZ5ojch7Hvig1HMHEb0g4ivpByhj3LF4ZXV3H7_P1P17VgeNuCZyZuUFtrnZuSKFyfBjwaaYT0ELs6yCWNEGy88RnXFx6oNyOzyxWOpQdRjzz5OAxii2ynwsObdM3mNQMHVOyJkFXZrqyrEOkA-aJsCa4FlUtTBAG37ykXhWs6AeXRzFgBQd3Pp69-0FzHLEIA73TBc5TAZ218mQx_WxfWF6kiTY6fXDK28WrGO3eTK
.elheraldo.co/	1970-01-20 00:30:36	Name: _fbp Value: fb.1.1635660492113.1506833578
www.elheraldo.co/	1970-01-20 07:49:48	Name: _cb Value: BgADifgtQTzBXikao
www.elheraldo.co/	1970-01-20 07:49:48	Name: _chartbeat2 Value: .1635660492138.1635660492138.1.DlNVZLBIiLupdJntTDbz80jDrMPXj.1
www.elheraldo.co/	1970-01-19 22:21:02	Name: _cb_svref Value: null
www.elheraldo.co/	1970-01-19 22:21:00	Name: __adblocker Value: false
.facebook.com/	1970-01-20 00:30:36	Name: fr Value: 0SaCoFxXqq3rX8iY6..BhfjLM...1.0.BhfjLM.
.cxense.com/	1970-01-20 07:06:36	Name: gckp Value: u2cxgzafmsf3n50qi80e540b
.elheraldo.co/	1970-01-20 07:06:36	Name: cX_G Value: cx%3A3dwj8g5mc9nqtv9exxcc6v480%3Axg59130ya112
www.elheraldo.co/	1969-12-31 23:59:59	Name: pnespsdk_ssn Value: %7B%22%24s%22%3A1635660492392%2C%22visitNumber%22%3A1%7D
www.elheraldo.co/	1970-01-20 07:06:36	Name: pnespsdk_visitor Value: zF36jg5KRWQQhkd72eNnAkczyhQHZltF40wHIMdJX7VOSM2hoiSFF2988JNd
.navdmp.com/	1970-01-20 07:06:57	Name: ac3 Value: 1
.elheraldo.co/	1970-01-20 07:42:36	Name: __gads Value: ID=fa9456958a6148cd-22337bcc06cb00c4:T=1635660492:S=ALNI_MYyQZlr3Q2qyfYSCaQXI_MjUIl8vg
.navdmp.com/	1970-01-20 15:37:48	Name: nid Value: f9d5efefeaac476f8b4c8b0a809\|1\|331
.elheraldo.co/	1970-01-20 07:06:36	Name: nvg60118 Value: f9d5efefeb972d90414dfe97709\|0_305
.mathtag.com/	1970-01-20 07:46:55	Name: uuid Value: 8bea617e-32cc-4800-87b5-48e62c32b6bf
.doubleclick.net/	1970-01-20 07:42:36	Name: IDE Value: AHWqTUm-CEeXz90nfTwjiTUiYXH3yoRLL1qEzgd4nxZgWQEgbhok-0XXASHLWywdKfI
.adform.net/	1970-01-19 23:04:12	Name: C Value: 1
.casalemedia.com/	1970-01-20 00:30:36	Name: CMPS Value: 3218
.casalemedia.com/	1970-01-20 07:06:36	Name: CMID Value: YX4yzSL8WSLujiuqaCvP6gAA
.piano.io/	1970-01-19 22:21:02	Name: __cf_bm Value: EgKk_LIDuQshN0VRRJ2glT3TWjOecGZ_Ynb8m6loYwQ-1635660493-0-AVFyno1+F4xRikGgHQ3SjagXETWipzxHjX2BpzIzxm6fVwWqxMnWZsrq3gpSpBv1pHmiifrxYnpHH1uPc/vGsik=
.casalemedia.com/	1970-01-20 00:30:36	Name: CMPRO Value: 1123
.casalemedia.com/	1970-01-19 22:22:26	Name: CMST Value: YX4yzWF+Ms0A
.adnxs.com/	1970-01-20 00:30:36	Name: uuid2 Value: 6618795198748339849
.casalemedia.com/	1970-01-20 07:06:36	Name: CMRUM3 Value: 2d617e32cd2760CAESEI7dptcEsmtjjo83nWl1g50
.redintelligence.net/	1970-01-20 00:30:36	Name: 8lcfmzhxc8d6_uid Value: 759920c514565f92
.adform.net/	1970-01-19 23:47:24	Name: uid Value: 8715999198518154976
.doubleclick.net/	1970-01-19 22:21:04	Name: DSID Value: NO_DATA
.retailads.net/	1970-01-19 23:04:12	Name: ppb2172 Value: 972344917
.awin1.com/	1970-01-19 22:23:53	Name: awpv18332 Value: 296283\|1635660493\|ee690330-3a10-11ec-831c-2264cd1b8b1d
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 376776:2601049
.medialead.de/	1970-01-20 07:06:36	Name: trscj Value: MTYzNTY2MDQ5M3xMM1J5WTJzdlpYQjJMMlU1T1dGaFkyVTVOR1UyWlRVNE56TTRNekJoTjJSbU9HUmxaR0UwWVdFMlAzTjFZbWxrUFRJeE5qTTROekF3TURJME1ETTJOVEF3TnpFd05UZ3dNREV4TnpZME1EQTNKblE5YUhSc2NBPT18YUhSMGNITTZMeTg0T0RBM056Vm1ORFJqTldReVlUTTVNamcwWWprM1pqUTRaR05pTmpnd01DNXpZV1psWm5KaGJXVXVaMjl2WjJ4bGMzbHVaR2xqWVhScGIyNHVZMjl0THc9PQ%3D%3D
pb.media01.eu/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: c2okvvfmccjn4dkpk0ljvqpy
pb.media01.eu/	1970-01-20 15:52:12	Name: DTU Value: 335113EE497FC3E2F7AE291F31E91868
.futalis.de/	1970-01-19 23:47:24	Name: raSIDb Value: 972344917
ads.us.e-planning.net/	1969-12-31 23:59:59	Name: CT Value: 1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14459537531482684182/index.html#t=9940903585285931240&p=https%3A%2F%2F880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com Message: <link rel=preload> has an invalid `href` value

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5994599.fls.doubleclick.net
880775f44c5d2a39284b97f48dcb6800.safeframe.googlesyndication.com
ad-server.eu
ads.us.e-planning.net
adservice.google.com
adservice.google.de
analytics.google.com
api-esp.piano.io
api.cxense.com
apis.google.com
buy.tinypass.com
c2.piano.io
cdn.cxense.com
cdn.navdmp.com
cdn.retailads.net
cdn.tinypass.com
cm.g.doubleclick.net
cms.analytics.yahoo.com
code.jquery.com
comcluster.cxense.com
connect.facebook.net
dsum-sec.casalemedia.com
elheraldo.co
experience.tinypass.com
fonts.googleapis.com
fonts.gstatic.com
futalis.de
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal90007.redintelligence.net
ib.adnxs.com
id.cxense.com
mab.chartbeat.com
p1cluster.cxense.com
pagead2.googlesyndication.com
pb.media01.eu
ping.chartbeat.net
pixel.mathtag.com
pv.medialead.de
s0.2mdn.net
s1.adform.net
sakimg.e-planning.net
scdn.cxense.com
securepubads.g.doubleclick.net
static.chartbeat.com
stats.g.doubleclick.net
sync.navdmp.com
sync2.navdmp.com
tag.navdmp.com
tpc.googlesyndication.com
track.adform.net
usr.navdmp.com
web.cloudvideo.com.co
www.awin1.com
www.elheraldo.co
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.npttech.com
104.111.239.217
104.16.11.243
104.16.240.21
104.16.42.65
104.17.185.177
138.201.63.157
142.250.181.226
142.250.184.193
142.250.184.195
142.250.184.200
142.250.184.206
142.250.185.102
142.250.185.129
142.250.185.226
142.250.186.102
142.250.186.106
142.250.186.110
142.250.186.130
142.250.186.36
142.250.74.194
142.250.74.195
145.239.193.130
147.75.85.120
151.101.194.202
157.240.221.16
157.240.221.35
159.69.70.9
167.233.14.134
169.48.223.138
169.48.223.140
169.48.223.141
172.217.16.130
172.217.16.142
172.217.18.98
172.67.192.182
173.194.76.156
178.63.12.147
18.204.74.96
18.66.99.146
185.33.220.145
2.18.233.201
2.18.234.21
205.234.175.175
23.79.131.70
37.157.4.39
37.157.5.72
46.249.52.248
54.76.176.197
69.16.175.42
78.46.5.84
88.198.250.30
98.137.155.9
00b8bb2509147448cb82a51b2ab4bf8c036766fa49d2348498817e2276691194
019901bf0906da82f22340234d83e0508441a05067bb93d1b7e30db554dc2be9
024d16adc0044cc6ce113d1b195100578c0bd59ba58b3dbd1856386b580fb4e4
03145b6348fc1d29bf2cd35953b4c2a38676cc2a96af63a2a8ce2a7236fa8e02
032f2f6de0a27532766834d16dddb82167346a3f41e1c251980a2c2a392504f7
0380a1edddd903d980269a4a8443fe5863fc15ce5ac9c2b0ea382d4b7684f4b9
05ab247fce0dfab52ea055e6d26c284823447b3a9af948c435a8d465e17a187f
06a1b5afc54f03b03f1ec1d55390a43b7d0bea926033263e0988e33a8db55d19
07689f6658b657fbd9ba1348ac37ac90860644cf5fc136136232670c320ea784
07d50c2c117a6ce3de82e0a152eb898bc1ec757990acede40845bdeba7ae0281
08fdae4469d1c78ca0fa365aaf1d189d8f095f0de74077ada7e00d2865ed935d
09813ce96c0615aaa714b8ee5b9af5f331f9a295ac80333cfee984b8bb131383
0abf02495c28c3b14847db6d2549447bfeea42572934611895cc1b5b8ab51f0f
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bc9b6f6407c898027427ce2772e3f0eb95f6e9c845a8d73cb079207661ecb77
0c3ce70e61d9a67ba701f05ab26feb479d3c0c90ec09f2869d6e7010c4eac6b4
0e05f2a95c1ee8aecf5fc69fdefb513d6b857a38c25f650de83935570ed12fed
100a446c34e1d66fda53593a4a7b4bbb4ef765113cc1084c0e93401957f970ac
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13f78d03b9bb427bd951fdfce078a59cfdb5d82edcfa77f7bd4e2f6198fc680c
154d603a272ba6f50340f0413f5e7405db85fd4fcf5a4c262696ef6741207ab0
15de072f08c7bd01e36c107d9f1a3d2d3773af840c04c82d9f45f80a268396f1
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1a2f415894088c48d895ce6549090ee756a6f1b3e05699bbf0547b005b3b68d3
1c20412b48578377779983a6f75dc3a791d2356c0603997eb2907ac98448db2d
1dd3459725e379d29c5bf24e634266120bd518abbc63cfb46c2b177458dd0a76
1e270d9e47f4d8a39dcb67374c46261d26859096e0d7778eabf264c9e3436248
1f647589f081c26a24954bf8f32fb7ea1b828fe3a41cebc760154191a167efea
1fdbd4ab835aac196d06f0a054368cddcef7bb47d7285b889a724cd27276cdfb
20065af6dcb81fe8679880e21b5f4f42a0331e12c98f8e64a665933d995c6bc1
213b8e171fa928cdf534e06f0d30825268a59e50516cdd528930c172b538f137
219af1c64f6d98f74c132d0364b9b927336e6305555ed15a5363c18b3072e876
2491fb5e231d727b9a02dbf65c77a05a1c2ab565a4f08a72ced2e9f5cc9a1069
267076153fe8714d9083f946675d99018085e82c915c50caee8e7fa25afc50f8
27245a8a3f678528283aa04f0767f4e880e0ddc8b3d517a4a770d03b556926c6
296b45fa80965f80ddbd4da7e2dc984ebc1d06ef3b90ef631d35e4e4d0ae760f
2a41d290b7fccafa90a193bd85835e80594eaa862b2d73696cedfc58c1dc8fc4
2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3
2b2eeb7b890430b990ead38e7ac0e2715d47e1584e68b77000e3d58a5ebde5e1
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e56cb2710044308739b814c942e48efc60184162c3d91654d2236c63b629a93
2e9c7e7d418ef08a0df41fdf6b35d38790b3478e09c16804d3f7287f8721a7fd
2f285d87523186e406e7a832fc372e3a8f0664a5056c41be6195a010879ad19b
30a029db0f6873c5e78166df4f60bb15258566d927192ae7a3182e380b47703e
32ab168f98dad33f27ad525b0b66165d8aba4a401e224b1e729d1d7797be7075
337d3118dac28a5894b0c79a6aa89b2a7d6a5c3dd83f8ea59f094f5bd1a46f5c
342d2740192ed3d4a2772391d7e14496028a133a605b7ecb1671c5ff5d9e8d2e
3558894f845c27af72afd49d873ee38c3d8b112f5f2cd5eb50c3fd589690df10
358244d1c18662900f425b3a08885a9c29a2ed3a773ed06c1237d03bab49a7ce
361ad8b48b484d939f2a15f2f71835f1a5ba1b2c7a591461a1fd25a5f2963637
366fc3a38b8b6b6e9727cb9c87a6b3d024aedb817d3a44ad191413f62c08414b
390850be8488f3258b478afd6938c40eef6e26a1053c62d9289e12b56720f2d4
39d812d05c5a7f9b99f1702166a96bdd6fab54d9076d3115a7c6ed6ced0a73a8
3a14bf66583e4aedf509c1620ef8b9480d2af2ba1547257b027423cb82d790fe
3a955f347a21939a368857c5ff33fea8384c2865efac19eb0f5f21943b6312f9
3b74feb9d111f5a6772bcf018ba7909f3bf0bbb982f6c46bfa6968fef47791e6
3d54d65d1a3e03ee57b6b3bea623447a1d39393610bdd51bb389fe20c0b17f78
3d88dbf70ea0989e74b8914c217497a613f705a8b2b8ecc68742a51e5aa8e616
3dc008b4ede39cf19f3b6724b9087e1c95d97fcfe7280e6e53c417050c64a8db
3f70e7f6d813e2be815c5ebea1782b5b7ec4b3fde08702dfddf0d262a2c939b3
3fa0f5ee776b6da2a6df7cb6926ae57124068fa9d6d88bf8a175eefcf0920337
41d97d5706a24c632eb48193238d2c84fb79169db7346c314ba45f95b5012005
4244f1d0a84530c05ab10a34036bfa9786ba3f156cbe549552040760526239d5
469dc1f419a33e322b25e144378bb491fb703086a309258880028c71e7c9b56e
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4
489cb28af683e1c34ea521f157a8d4259948b03f3de267acfbbe1ca95c6f26c5
4936c54e53044016f3322862c2096511367d6ff29fb75aa41a3ca73505c3f42a
4af635698cb6488a8df86b99febedbc979c76e04f675f3a9cdc66f7b4d86aff6
4cda0550ea8955071802004ed78ea3e4a87118c0ed092e770636ab9520bfa4f1
4dba1e011745c1bec0b32691b466bf85c8972935bdb186a45fc96296136b23d8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50780a3ad6be0b7b71a2a9ecedb36d0b2c20bc3c605341ad0ea989d9119142fc
50b45dc181467f71cfe75c4b86bdf071c51c0b0e802f44dcab5b44edbfb4879a
51693d089db062e5a1ec930db9501d4e48976a66e57a6a7cf839f27e9a27655e
5236be883713c6bc5c3b466e256a214bcb387458c66fc7cd6f4cc3f02f89df03
52d2a89eb357fa6c714b9001affa7aa1d5c2f610860a86b71a76b310f8da2c38
5384340299fd4595fcd98664facbdbdb33bf2681d8fa0dd0a9214af463c99029
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5
572be96edfb2d5994249bab66626a9e0e665ddae16421d96004c517b472b34b1
582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd
58cf7d7817335e1debd7e26a2c411c9914cf22c213f69663a1441a1459e1f6b9
5972dcc2a218e535aea4b3ef6c8119e806117690b4cf77e2c810f6d5bdd6a520
5a07abbd089059f19df0d52366d559720c8a475864f4921e0b9a600caab39ae9
5ac8b65754525d144cd6b5a7da182d54b5ba6c0909534c8a8d35b725c539514b
5dc675effaff1f7428bf16fa9cdf2bfcdce5d099e7ccad7c1274d2768af8a594
5f8a70a7042a8b2df5762f452b3957ab5d213950ea83af19cfdd3706563fb6b1
6219570c349d06e8cee1293e9793393f8500d3bcb2125e34dc9e5610e0896ba1
645c89a68c425f24ab549714968757e9461198681bf1260ca84d11fce4d4f1e1
6523d333118cdcd10c238f305d89be560428e36b57209093e2f137b1667aef19
661abc672aeb86b2319c87347477dcecd2c0921700376fe19ac1152a3be01277
666625ffdacf823b459afe9dd409db8420f73f31331bb6e1b426946e8c82d0ce
6b9fbbe50d28dc29f8dded097d36c88c31c2f027bd35a63197416be726f91203
6c67932c9b1b3ba4594e5b4ef9a8810f345e4bab9b6db0392c471c22acc6c0b1
7155d8dd40ece849d72213770b3a5b84467de8c6cab5c3bda3266808502cb69b
71ee5deb9dfc777d684bef1ebe80848c9cd8f0fbd20e8a0247feab639c150271
738832e51c55b88cc185c0ce29dfe95049caf277090e04dd84bcfc3077952a5c
747140515bd48174949431dd43f8c0fbb17af015b28430bb7a58540d2eedb8af
74988224243f193166ee9d0cc8306a4d10669f978fedfc3f1a47cf04036c2372
7538e8f23fac8278c6027d8865bd1240514a3ff64b2c0af3b8ed3583e8ecce6b
755840da0e88dae45aec1d3a8721732c49df2d853ce66c90fdb52ae7adb156ec
77fba7cce7a3d9f7ae902f96947f0fb7a5287034a8df59b1898efc9869817957
7841c82995ba0ac8b49608ec76c459e16fd0dd39179f9df3ae7580d5b8a5be34
78b341647e8bf718869378550c0c14b87bfe33967b4944d7dac6a2a1f3290d4c
7a1bd058692997f41b685612cfdb2fafdaad3a3332a9cac0bf57292ef5d19de9
7a6de55c6c87e9179b9604680357ec7d0441f1ac79d23ffde62c26e9f9301ff7
81cfbed654ccca8ebd842ed6a29361b9faeeb3b01472dcff57718c2259fb9e61
8262ce8f6ab082065523beaf2516b67eb667a8bbb4792dfeb67f35128e32b727
82df9fdce91353530c3fb582a48061750ab5ab6ec6958d1e8b5063f020bcdeab
82fcfdf1592369ef6b575719128d78a3501ab73e75f235ee42f116881b50e309
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85dbde15b4668e9e6b6517350fc2e930207daa42743faa7f3fc8de23b771d68f
863eddcf75a4fb1919045a54650067673a0d0fb531142b12b0e93e3bf07ec445
88bc81bcf989a3b6afd4f96d1605467861ddd16c459ac63c08f777a09579888d
8b962ceb839d35a3307e9f0189c91721a174cfffc8902e6479eb77ca06e5ddb2
8c0301b3dba5061632d7321cd8bb7bd527f48288d5cb15ff614ea0c1dcc1ad69
8cfbbc83e14a9ffcc89c751b40db1d139229219213ce971c089c8088372aa1d4
9098bce32fa311e967ba3bae1f3c4763801acf08ba95c67fb477f468e42a69a2
925898c2c2040343690b2616e8ae71a9f626aab0732a31cffa8d5d1332979a2e
93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20
94c03c1cbe9d95ab93cdee8b27283c2afb7f57b7db4332a3a08bc5e30ba0ca8a
95862077951abd07f7b2ba091c145263652038d4a95acc340717eb177d72c914
95ed2ab3458f795dac70ee4db137356fcd1c84d3610a88f6c7733689c3a88a6b
985a95cdd7670aee9b0d01a81ad52389698fbe2860fe614307a4d16461cc788d
9c1521286e7dd2d6f8c2262b15bca8867bcae973a83879accdd00e1cb9831e5f
9d8892bc43812f40a125039a7ed6189d38b4ba6154ed713893547d0d9626ab03
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a15a5dc1f5dab9977b6bdd6e78fe18a24ca2876ec3fd345b81aa982ff0c1393a
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a76365658428d1937cdb1ce022376a7bfc0f94b6309ca2bf80d5b2406065b9f9
a8b44d40717335f76162967fab5169fa9ab2faa2721e5dc40160a9b7b6b1b543
a958fb233ebadca6c71a15914551245146004081e28d2ba6854d3d454d799518
ae3419b6580460d416285b1e7a43d95cca9a9f18b5b575dacdde88155592760b
af3e53ba239afaf52cd9039fff2045b9907b860a90ff469c7c22eeb3be9bf74c
b0419faf03242236e04c1c062d52b7f011bf5f0222342fc4006f51cec7dd6ba0
b0dd093347ac25a6a0bf5eb0b9cc132b69f3c812e54033577a7b0208623fcf8f
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2a52d596663e8cddbaf9d0c136e1154fe3e73860f01d001004b35dab61f6f3d
b4d961b75ebfd23625074af97d27353f622eebba5624c0cc65ec709c78ed7d81
b64f53bf69d080d62a915b32b4c7c8a2b31a787b3ccf64c4a63aeba170355c22
b6ce71d7d51123a34fe9289dc467f1209b939c38504b2af9ec0f70144fa4d01c
b79ad2538704c60b7166e9bde51a2e479d32eab9445755230ccbd8681e3d9611
b9b2f6da614e3dd5239bc0293fcbf7b3e964b5a1db4f2038ce62a64d97363ac9
bb4530c4f52ef0d7e5046a73bee148da83a31d8f6518d145670c6268fbd54c52
bb79fff632114803a2bb9f4cea18961e9ab777c47ba611ac32e208d7509b268d
bebe9e8010dc2b783623b7b3c79bfdfa26fc34b15f0813bb88e540f4c8e153fb
beec1f82a77a9df0d7ca8c234f10f11e89593d7568fc16927ad1899e0bb6f3fb
c1245f395ad5cfc6fd537fea235890a4d98b591e06a42a343ea19844d5242596
c52e89074cb0440a6db05393e4b9641f39325b0585a580914cd400dc42ea206e
c889e380f8c3bf53e987c697fe63ea8fcd5bb1853775e070b8637897dc1a95b6
c92cab84b44ac37925a00450873a018ac601883a2d6e7a760ea38fdde7671004
cbdb7e3c01d55adb8dc359bf16c0d1b8708d7c9ddd024bd66a9861fc04745b7a
cc21d5a9e609b2997b4f9c3a5b520216e5ef6522c656b81b6105c9b62a8fcc5b
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d1e93ecdf4f3797c36b6fae30baf399c44db6dfa0db44a7462844423eee831fb
d3eb67b57e26d8850555439a7223bf269277fbe945da55fb22b8ffa49328f1d8
d43062b29c5092ee5ebc084b0a21fc3068a55440a7f2a68fb103561d56216d21
d5b83174b14c8fb07a6cfc17abbc860e726a23b84f724c468049c73e1e8d7cba
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d6e9f0db5fce6c47f4837d4662dd60968185b6fe819ae1a8d4961d639ae51e11
d8e6f82292b7572298880ef024f38ed1cf762d5f5a56b05cd285d7acc288de17
d8ff49a6085ede2aeac2193dd88d8f3c1069f0c261f3e327c50d8f9547ddae77
db886cf78b7d69146ef807e080f2e42c686b64d2bf880724c33897bcb5c653ef
dbe2ca01c41f45dc2d2be94da6df455d514077766377318330aa62ee04a5880e
dbfede1e21d71d7f8e156372bf95614e055ae5297e43449564c52495f6190fac
ddebdef52889c9d97ed0cbc94f5535a649c42a5f5c84aa35b13a45e606666c52
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
def24fa0fffd908d60ace6dd4300f25ab734f7a222d076bfcd1ff5e34b1c4719
df660fd3ad4168b7c32eadc3b588ee90334003a7ea1af3299536be4e6697fcd9
e0ff4032cc37ee30c83692ea623e669426e79ed74d670bcd54104938c397aacc
e2c28f3e8b6a2e5170859e67cff3e8240e6b888d02005306ef3d2129f5cbd74c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3f6b0cd3e5f9865a5b4167d24214879859d917c71a4ad238057d2c8dcfaac2d
e6340844af1c0a02b8150c4bc93d54d679f716452d6a97cd99ed45786e97ed8f
e77911a44cb8f18ba723b2306ae051f2e6cc49f8f696cbcf98bd01cc24d7ac46
e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770
e974ca99fff4530963e3bae2fde432adfd844bb2848cfca84799b98d2b1e4ab3
e979f50a44b9fa8b7c7fb5c4019a69735edb324968229cc3750a33a80469131b
e9a306515f73fd3f4a863163748535891638b6ef3be4c6ac89870142800e8094
eaaa6059ef4c9ca12e78fcc03ae77ad4cbf05dc73c1fedf64b28a632868bd829
eb9f4a149613f755fabb5847e72597aa631102023d74383cbd3b31a11900cb59
ec12520cbefe8332b188d556ed950022b283fe115e8fbbe6d92f0a035973ec7c
ec2430e51815d80a1fd1fc0bfaa71cfacf79ee348bbe4d0eb74d46a1431f9ce3
ef069beedf6275e263638b3c69c0458a3da10557339d56c3d3ec56d31c24eb55
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f02700e472d70dbda59a8f619b6422cdf90fd27cc6dd4b0745ef2806c04627fc
f375deaeadd1b99d6c9cb9e64ae6fa01d17869a577906d5477532d656dc08a2e
f477ec458156070a4b9b3faf62c86c2a4a19314035ba7ef1cac8d6fc058e2465
f4ffdfba4d1c4abb63316f09560cd722967e7fde15942a6134591c32a2b8dc46
f65917eebc1429714fdb9e29c086e8bc3e40feb6067eedaa13f32dd27fa6f344
fb9268e99659f17a183de7aa0d4e27453f96c159a7ba99d6482522f8f72d1009
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
fd3ef805cf9ba4d9437699263f2146b36dec9486f8a562f2045e5890020c27fb
fe6f0b2a8d837906138c2f10bf709e3662dae8799b43af37d92bf390a2a7e274
fff80c5594a973009511bce802768d6e3a03d2ce1a760c3e93bb5982c6def302

www.elheraldo.co Open in urlscan Pro 169.48.223.140 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

261 Requests

93 %HTTPS

0 %IPv6

35 Domains

63 Subdomains

50 IPs

7 Countries

3209 kBTransfer

6693 kBSize

50 Cookies

17 Outgoing links

Page URL History

Redirected requests

261 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.elheraldo.co Open in urlscan Pro
169.48.223.140 Public Scan

Screenshot
Live screenshot

Full Image

261
Requests

93 %
HTTPS

0 %
IPv6

35
Domains

63
Subdomains

50
IPs

7
Countries

3209 kB
Transfer

6693 kB
Size

50
Cookies

261 HTTP transactions
5 data transactions