themorningtribune.com Open in urlscan Pro
2606:4700:3035::ac43:b3cd Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://xpshort.com/https12344
Effective URL:
https://themorningtribune.com/
Submission: On August 31 via manual (August 31st 2022, 2:39:49 pm UTC) from US — Scanned from DE

Summary HTTP 212 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 73 IPs in 10 countries across 54 domains to perform 212 HTTP transactions. The main IP is 2606:4700:3035::ac43:b3cd, located in United States and belongs to CLOUDFLARENET, US. The main domain is themorningtribune.com.
TLS certificate: Issued by E1 on August 18th 2022. Valid for: 3 months.

This is the only time themorningtribune.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3037::6815:50b2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	139.162.27.15 139.162.27.15	63949 (LINODE-AP...) (LINODE-AP Linode)
7	2606:4700:303... 2606:4700:3035::ac43:b3cd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400a:800::200a	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1	2600:9000:21f... 2600:9000:21f3:200:10:3422:3f00:21	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
2	2600:9000:20e... 2600:9000:20eb:a600:1:4a30:d840:21	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:21f... 2600:9000:21f3:d600:3:f434:dfc0:21	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
1	192.0.77.48 192.0.77.48	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a02:26f0:350... 2a02:26f0:3500:c::5c7b:6837	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	52.0.187.152 52.0.187.152	14618 (AMAZON-AES) (AMAZON-AES)
4	23.205.241.117 23.205.241.117	16625 (AKAMAI-AS) (AKAMAI-AS)
1	18.213.182.17 18.213.182.17	14618 (AMAZON-AES) (AMAZON-AES)
2	151.101.65.194 151.101.65.194	54113 (FASTLY) (FASTLY)
2	2600:9000:21f... 2600:9000:21f3:600:9:78a:e540:93a1	16509 (AMAZON-02) (AMAZON-02)
4	35.172.84.50 35.172.84.50	14618 (AMAZON-AES) (AMAZON-AES)
1 6	2606:4700:303... 2606:4700:3036::ac43:c951	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
1 2	147.75.85.234 147.75.85.234	54825 (PACKET) (PACKET)
5	34.149.20.76 34.149.20.76	15169 (GOOGLE) (GOOGLE)
7	37.252.173.27 37.252.173.27	29990 (ASN-APPNEX) (ASN-APPNEX)
3	216.52.2.39 216.52.2.39	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
1	2602:803:c003... 2602:803:c003:200::21	26667 (RUBICONPR...) (RUBICONPROJECT)
1	52.217.173.145 52.217.173.145	16509 (AMAZON-02) (AMAZON-02)
9	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
6	2a02:26f0:350... 2a02:26f0:3500:595::2c79	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
1	23.205.239.15 23.205.239.15	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	35.173.107.90 35.173.107.90	14618 (AMAZON-AES) (AMAZON-AES)
6	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
1	3.224.43.174 3.224.43.174	14618 (AMAZON-AES) (AMAZON-AES)
3	23.35.236.201 23.35.236.201	16625 (AKAMAI-AS) (AKAMAI-AS)
1	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
3	3.226.147.34 3.226.147.34	14618 (AMAZON-AES) (AMAZON-AES)
2	67.202.105.21 67.202.105.21	32748 (STEADFAST) (STEADFAST)
2 2	23.75.240.210 23.75.240.210	16625 (AKAMAI-AS) (AKAMAI-AS)
8	23.205.235.133 23.205.235.133	16625 (AKAMAI-AS) (AKAMAI-AS)
1	132.226.63.138 132.226.63.138	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
2 2	54.246.199.99 54.246.199.99	16509 (AMAZON-02) (AMAZON-02)
1 1	198.148.27.139 198.148.27.139	19189 (PULSEPOINT) (PULSEPOINT)
1	54.224.154.15 54.224.154.15	14618 (AMAZON-AES) (AMAZON-AES)
1	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
5	52.57.28.111 52.57.28.111	16509 (AMAZON-02) (AMAZON-02)
2	89.149.192.64 89.149.192.64	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1	54.173.119.97 54.173.119.97	14618 (AMAZON-AES) (AMAZON-AES)
3	162.210.196.208 162.210.196.208	30633 (LEASEWEB-...) (LEASEWEB-USA-WDC)
7 9	8.39.36.141 8.39.36.141	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	2a05:d018:d29... 2a05:d018:d29:3601:3da7:f1c9:3bff:e9e0	16509 (AMAZON-02) (AMAZON-02)
2 5	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
2 3	52.95.122.74 52.95.122.74	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1288:80:... 2a00:1288:80:807::2	203220 (YAHOO-DEB) (YAHOO-DEB)
1	2620:1ec:22::14 2620:1ec:22::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3 5	209.54.182.161 209.54.182.161	16509 (AMAZON-02) (AMAZON-02)
1	23.35.228.23 23.35.228.23	16625 (AKAMAI-AS) (AKAMAI-AS)
11	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:1::2 2a02:2638:1::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:1::4 2a02:2638:1::4	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
7	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.2.148 178.250.2.148	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	178.250.0.139 178.250.0.139	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.2.150 178.250.2.150	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2606:4700:20:... 2606:4700:20::ac43:47fe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	23.35.236.188 23.35.236.188	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	141.95.98.64 141.95.98.64	16276 (OVH) (OVH)
1	54.77.31.182 54.77.31.182	16509 (AMAZON-02) (AMAZON-02)
4	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
2 2	213.19.147.44 213.19.147.44	3356 (LEVEL3) (LEVEL3)
2 2	188.42.191.196 188.42.191.196	7979 (SERVERS-COM) (SERVERS-COM)
1 1	104.18.18.126 104.18.18.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 6	104.18.19.126 104.18.19.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	69.173.151.100 69.173.151.100	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	2606:4700::68... 2606:4700::6813:ad6c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 3	23.75.246.168 23.75.246.168	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	3.217.129.2 3.217.129.2	14618 (AMAZON-AES) (AMAZON-AES)
2 2	151.101.194.49 151.101.194.49	54113 (FASTLY) (FASTLY)
212	73

1 2606:4700:3037::6815:50b2 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

xpshort.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.162.27.15 (Singapore, Singapore) 1 redirects

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: 139-162-27-15.ip.linodeusercontent.com

techymozo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:3035::ac43:b3cd (United States)

ASN13335 (CLOUDFLARENET, US)

themorningtribune.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400a:800::200a (Zurich, Switzerland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:200:10:3422:3f00:21 (United States)

ASN16509 (AMAZON-02, US)

df80k0z3fi8zg.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:20eb:a600:1:4a30:d840:21 (United States)

ASN16509 (AMAZON-02, US)

d2nr2jos5slco1.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:d600:3:f434:dfc0:21 (United States)

ASN16509 (AMAZON-02, US)

d2f0uviei09pxb.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.48 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: s.w.org

s.w.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:c::5c7b:6837 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

player.avplayer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.0.187.152 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-0-187-152.compute-1.amazonaws.com

track1.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.205.241.117 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-241-117.deploy.static.akamaitechnologies.com

c.aaxads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
l3.aaxads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.213.182.17 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-213-182-17.compute-1.amazonaws.com

geoip.insticator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.65.194 (United States)

ASN54113 (FASTLY, US)

confiant-integrations.global.ssl.fastly.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:21f3:600:9:78a:e540:93a1 (United States)

ASN16509 (AMAZON-02, US)

auth.instiengage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.172.84.50 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-172-84-50.compute-1.amazonaws.com

event.insticator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:3036::ac43:c951 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

ex.ingage.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

insticator-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 147.75.85.234 (Schiphol, Netherlands) 1 redirects

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.149.20.76 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 76.20.149.34.bc.googleusercontent.com

ssc.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 37.252.173.27 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.52.2.39 (United States)

ASN30282 (AS-INAPCDN-OCY, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2602:803:c003:200::21 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.217.173.145 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

embedproduction.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a02:26f0:3500:595::2c79 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

player.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.205.239.15 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-239-15.deploy.static.akamaitechnologies.com

www.aaxdetect.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.173.107.90 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-173-107-90.compute-1.amazonaws.com

eua.instiengage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.224.43.174 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-224-43-174.compute-1.amazonaws.com

go1.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.35.236.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-201.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.126.56.137 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.226.147.34 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-226-147-34.compute-1.amazonaws.com

sync.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 67.202.105.21 (United States)

ASN32748 (STEADFAST, US)
PTR: ip21.67-202-105.static.steadfastdns.net

ssc-cms.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.75.240.210 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-75-240-210.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 23.205.235.133 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-235-133.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
video-ads.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 132.226.63.138 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)

sync.technoratimedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.246.199.99 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-246-199-99.eu-west-1.compute.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.148.27.139 (New York, United States) 1 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.224.154.15 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-224-154-15.compute-1.amazonaws.com

s2s.aniview.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.57.28.111 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-28-111.eu-central-1.compute.amazonaws.com

prebid-server.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 89.149.192.64 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

prg.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.173.119.97 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-173-119-97.compute-1.amazonaws.com

hb.yellowblue.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 162.210.196.208 (Washington, United States)

ASN30633 (LEASEWEB-USA-WDC, US)

hb.aralego.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.aralego.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 8.39.36.141 (Los Angeles, United States) 7 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3601:3da7:f1c9:3bff:e9e0 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.185.194 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.95.122.74 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:807::2 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:22::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 209.54.182.161 (Ashburn, United States) 3 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.228.23 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-228-23.deploy.static.akamaitechnologies.com

c21lg-d.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::4 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.148 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.250.0.139 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: pix.par.vip.prod.criteo.com

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.150 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:47fe (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.aralego.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.35.236.188 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-188.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::1c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.95.98.64 (France)

ASN16276 (OVH, FR)
PTR: ns3216658.ip-141-95-98.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.77.31.182 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-77-31-182.eu-west-1.compute.amazonaws.com

id.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.19.147.44 (Beverwijk, Netherlands) 2 redirects

ASN3356 (LEVEL3, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 188.42.191.196 (Luxembourg) 2 redirects

ASN7979 (SERVERS-COM, US)

ads.betweendigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.18.126 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.18.19.126 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

r.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.151.100 (United States)

ASN26667 (RUBICONPROJECT, US)

pixel-us-east.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:ad6c (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.75.246.168 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-75-246-168.deploy.static.akamaitechnologies.com

px.owneriq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.217.129.2 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-217-129-2.compute-1.amazonaws.com

nep.advangelists.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.194.49 (United States) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	rubiconproject.com 9 redirects fastlane.rubiconproject.com — Cisco Umbrella Rank: 476 secure-assets.rubiconproject.com — Cisco Umbrella Rank: 922 eus.rubiconproject.com — Cisco Umbrella Rank: 551 video-ads.rubiconproject.com — Cisco Umbrella Rank: 8293 prebid-server.rubiconproject.com — Cisco Umbrella Rank: 993 token.rubiconproject.com — Cisco Umbrella Rank: 686 pixel.rubiconproject.com — Cisco Umbrella Rank: 319 pixel-us-east.rubiconproject.com — Cisco Umbrella Rank: 844	61 KB
19	googlesyndication.com 6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 112 tpc.googlesyndication.com — Cisco Umbrella Rank: 145	107 KB
19	doubleclick.net 2 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 184 cm.g.doubleclick.net — Cisco Umbrella Rank: 210	226 KB
16	aniview.com track1.aniview.com — Cisco Umbrella Rank: 1917 player.aniview.com — Cisco Umbrella Rank: 1720 go1.aniview.com — Cisco Umbrella Rank: 5038 sync.aniview.com — Cisco Umbrella Rank: 2438 s2s.aniview.com — Cisco Umbrella Rank: 2836	258 KB
12	criteo.net static.criteo.net — Cisco Umbrella Rank: 658 pix.eu.criteo.net — Cisco Umbrella Rank: 8769 csm.eu.criteo.net — Cisco Umbrella Rank: 8942	130 KB
11	gstatic.com fonts.gstatic.com www.gstatic.com	582 KB
9	adnxs.com ib.adnxs.com — Cisco Umbrella Rank: 225 acdn.adnxs.com — Cisco Umbrella Rank: 594	58 KB
9	google.com www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 78	27 KB
8	amazon-adsystem.com 5 redirects aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1254 s.amazon-adsystem.com — Cisco Umbrella Rank: 269	6 KB
7	casalemedia.com 2 redirects ssum-sec.casalemedia.com — Cisco Umbrella Rank: 430 r.casalemedia.com — Cisco Umbrella Rank: 813 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 515	6 KB
7	criteo.com 1 redirects rtb.nl.eu.criteo.com — Cisco Umbrella Rank: 12889 ads.eu.criteo.com — Cisco Umbrella Rank: 8809 cat.nl.eu.criteo.com — Cisco Umbrella Rank: 11061 gum.criteo.com — Cisco Umbrella Rank: 387 mug.criteo.com — Cisco Umbrella Rank: 2794	54 KB
7	33across.com ssc.33across.com — Cisco Umbrella Rank: 1547 ssc-cms.33across.com — Cisco Umbrella Rank: 941	1 KB
7	themorningtribune.com themorningtribune.com	49 KB
6	ingage.tech 1 redirects ex.ingage.tech — Cisco Umbrella Rank: 8206	3 KB
5	insticator.com geoip.insticator.com — Cisco Umbrella Rank: 23620 event.insticator.com — Cisco Umbrella Rank: 17622	681 B
4	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 336	1 KB
4	pubmatic.com ads.pubmatic.com — Cisco Umbrella Rank: 448 image6.pubmatic.com — Cisco Umbrella Rank: 606	77 KB
4	openx.net insticator-d.openx.net — Cisco Umbrella Rank: 19598 u.openx.net — Cisco Umbrella Rank: 655	634 B
4	instiengage.com auth.instiengage.com — Cisco Umbrella Rank: 17460 eua.instiengage.com — Cisco Umbrella Rank: 28826	23 KB
4	aaxads.com c.aaxads.com — Cisco Umbrella Rank: 2819 l3.aaxads.com — Cisco Umbrella Rank: 4102	136 KB
4	cloudfront.net df80k0z3fi8zg.cloudfront.net d2nr2jos5slco1.cloudfront.net d2f0uviei09pxb.cloudfront.net	121 KB
3	owneriq.net 2 redirects px.owneriq.net — Cisco Umbrella Rank: 949	1 KB
3	aralego.com hb.aralego.com — Cisco Umbrella Rank: 20053 sync.aralego.com — Cisco Umbrella Rank: 2822	862 B
3	yahoo.com 1 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 270 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 468 ads.yahoo.com — Cisco Umbrella Rank: 2202	1 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 37 region1.google-analytics.com — Cisco Umbrella Rank: 3463	20 KB
3	lijit.com ap.lijit.com — Cisco Umbrella Rank: 619	757 B
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 66	185 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 43	3 KB
2	everesttech.net 2 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 566	647 B
2	betweendigital.com 2 redirects ads.betweendigital.com — Cisco Umbrella Rank: 2043	1 KB
2	1rx.io 2 redirects sync.1rx.io — Cisco Umbrella Rank: 538	1 KB
2	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 471	1 KB
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 192	88 KB
2	smartadserver.com prg.smartadserver.com — Cisco Umbrella Rank: 1411	686 B
2	360yield.com 2 redirects ad.360yield.com — Cisco Umbrella Rank: 670	724 B
2	google.de adservice.google.de — Cisco Umbrella Rank: 9270	914 B
2	a-mo.net 1 redirects prebid.a-mo.net — Cisco Umbrella Rank: 1035	483 B
2	fastly.net confiant-integrations.global.ssl.fastly.net — Cisco Umbrella Rank: 1303	86 KB
1	advangelists.com 1 redirects nep.advangelists.com — Cisco Umbrella Rank: 2306	233 B
1	loopme.me 1 redirects csync.loopme.me — Cisco Umbrella Rank: 889	359 B
1	crwdcntrl.net id.crwdcntrl.net — Cisco Umbrella Rank: 1446	342 B
1	aralego.net cdn.aralego.net — Cisco Umbrella Rank: 8370	1 KB
1	media.net c21lg-d.media.net — Cisco Umbrella Rank: 1718	329 B
1	linkedin.com px.ads.linkedin.com — Cisco Umbrella Rank: 370	709 B
1	yellowblue.io hb.yellowblue.io — Cisco Umbrella Rank: 6425	437 B
1	contextweb.com 1 redirects bh.contextweb.com — Cisco Umbrella Rank: 519	509 B
1	technoratimedia.com sync.technoratimedia.com — Cisco Umbrella Rank: 1078
1	aaxdetect.com www.aaxdetect.com — Cisco Umbrella Rank: 5583	342 B
1	amazonaws.com embedproduction.s3.amazonaws.com — Cisco Umbrella Rank: 215234	1000 B
1	avplayer.com player.avplayer.com — Cisco Umbrella Rank: 10716	60 KB
1	w.org s.w.org — Cisco Umbrella Rank: 714	472 B
1	techymozo.com 1 redirects techymozo.com	402 B
1	xpshort.com 1 redirects xpshort.com	859 B
0	rlcdn.com Failed api.rlcdn.com Failed
212	54

	Domain	Requested by
14	securepubads.g.doubleclick.net	themorningtribune.com securepubads.g.doubleclick.net
11	tpc.googlesyndication.com	securepubads.g.doubleclick.net 6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com tpc.googlesyndication.com
9	www.gstatic.com	www.google.com www.gstatic.com 6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com
7	static.criteo.net	ads.eu.criteo.com
7	ib.adnxs.com	df80k0z3fi8zg.cloudfront.net player.aniview.com acdn.adnxs.com
7	www.google.com	themorningtribune.com www.gstatic.com www.google.com 6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com tpc.googlesyndication.com
7	themorningtribune.com	www.google.com themorningtribune.com
6	eus.rubiconproject.com	player.aniview.com eus.rubiconproject.com df80k0z3fi8zg.cloudfront.net ex.ingage.tech
6	player.aniview.com	player.avplayer.com player.aniview.com
6	ex.ingage.tech	1 redirects df80k0z3fi8zg.cloudfront.net r.casalemedia.com
5	dsum-sec.casalemedia.com	1 redirects r.casalemedia.com
5	pagead2.googlesyndication.com	securepubads.g.doubleclick.net themorningtribune.com tpc.googlesyndication.com
5	s.amazon-adsystem.com	3 redirects r.casalemedia.com
5	cm.g.doubleclick.net	2 redirects r.casalemedia.com
5	token.rubiconproject.com	5 redirects
5	prebid-server.rubiconproject.com	player.aniview.com
5	ssc.33across.com	df80k0z3fi8zg.cloudfront.net
5	track1.aniview.com	themorningtribune.com player.aniview.com
4	match.adsrvr.org	ads.pubmatic.com df80k0z3fi8zg.cloudfront.net r.casalemedia.com
4	pix.eu.criteo.net	ads.eu.criteo.com
4	pixel.rubiconproject.com	2 redirects themorningtribune.com
4	event.insticator.com	d2f0uviei09pxb.cloudfront.net
3	px.owneriq.net	2 redirects r.casalemedia.com
3	aax-eu.amazon-adsystem.com	2 redirects
3	sync.aniview.com	player.aniview.com
3	ads.pubmatic.com	player.aniview.com df80k0z3fi8zg.cloudfront.net
3	6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com	securepubads.g.doubleclick.net confiant-integrations.global.ssl.fastly.net
3	ap.lijit.com	df80k0z3fi8zg.cloudfront.net player.aniview.com
3	c.aaxads.com	d2f0uviei09pxb.cloudfront.net themorningtribune.com c.aaxads.com
3	www.googletagmanager.com	themorningtribune.com www.googletagmanager.com
3	fonts.googleapis.com	themorningtribune.com 6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com
2	sync-tm.everesttech.net	2 redirects
2	ads.betweendigital.com	2 redirects
2	sync.1rx.io	2 redirects
2	id5-sync.com	ads.pubmatic.com df80k0z3fi8zg.cloudfront.net
2	mug.criteo.com
2	gum.criteo.com	1 redirects
2	sync.aralego.com	cdn.aralego.net df80k0z3fi8zg.cloudfront.net
2	acdn.adnxs.com	player.aniview.com df80k0z3fi8zg.cloudfront.net
2	u.openx.net	player.aniview.com df80k0z3fi8zg.cloudfront.net
2	www.googletagservices.com	6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com
2	prg.smartadserver.com	player.aniview.com
2	video-ads.rubiconproject.com	player.aniview.com
2	ad.360yield.com	2 redirects
2	secure-assets.rubiconproject.com	2 redirects
2	ssc-cms.33across.com	player.aniview.com df80k0z3fi8zg.cloudfront.net
2	adservice.google.com	securepubads.g.doubleclick.net
2	adservice.google.de	securepubads.g.doubleclick.net
2	eua.instiengage.com	auth.instiengage.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	prebid.a-mo.net	1 redirects df80k0z3fi8zg.cloudfront.net
2	insticator-d.openx.net	df80k0z3fi8zg.cloudfront.net player.aniview.com
2	auth.instiengage.com	d2f0uviei09pxb.cloudfront.net auth.instiengage.com
2	confiant-integrations.global.ssl.fastly.net	d2f0uviei09pxb.cloudfront.net confiant-integrations.global.ssl.fastly.net
2	fonts.gstatic.com	fonts.googleapis.com www.google.com
2	d2nr2jos5slco1.cloudfront.net	themorningtribune.com
1	nep.advangelists.com	1 redirects
1	csync.loopme.me	1 redirects
1	pixel-us-east.rubiconproject.com	eus.rubiconproject.com
1	r.casalemedia.com	df80k0z3fi8zg.cloudfront.net
1	ssum-sec.casalemedia.com	1 redirects
1	id.crwdcntrl.net	ads.pubmatic.com
1	cdn.aralego.net	player.aniview.com
1	csm.eu.criteo.net	ads.eu.criteo.com
1	cat.nl.eu.criteo.com	ads.eu.criteo.com
1	ads.eu.criteo.com	6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com
1	rtb.nl.eu.criteo.com	themorningtribune.com
1	c21lg-d.media.net	c.aaxads.com
1	px.ads.linkedin.com
1	ads.yahoo.com
1	pr-bh.ybp.yahoo.com	1 redirects
1	hb.aralego.com	player.aniview.com
1	hb.yellowblue.io	player.aniview.com
1	image6.pubmatic.com	ads.pubmatic.com
1	s2s.aniview.com	player.aniview.com
1	bh.contextweb.com	1 redirects
1	sync.technoratimedia.com	player.aniview.com
1	ups.analytics.yahoo.com	player.aniview.com
1	go1.aniview.com	player.aniview.com
1	l3.aaxads.com	themorningtribune.com
1	region1.google-analytics.com	www.googletagmanager.com
1	www.aaxdetect.com	themorningtribune.com
1	embedproduction.s3.amazonaws.com	themorningtribune.com
1	fastlane.rubiconproject.com	df80k0z3fi8zg.cloudfront.net
1	geoip.insticator.com	d2f0uviei09pxb.cloudfront.net
1	player.avplayer.com	d2nr2jos5slco1.cloudfront.net
1	s.w.org	themorningtribune.com
1	d2f0uviei09pxb.cloudfront.net	themorningtribune.com
1	df80k0z3fi8zg.cloudfront.net	themorningtribune.com
1	techymozo.com	1 redirects
1	xpshort.com	1 redirects
0	api.rlcdn.com Failed	ads.pubmatic.com
212	92

This site contains links to these domains. Also see Links.

Domain
r3adyt0download.com
rebrand.ly
wordpress.org
www.idtheme.com

Subject Issuer	Validity	Valid
*.themorningtribune.com E1	`2022-08-18` - `2022-11-16`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
*.w.org Sectigo RSA Domain Validation Secure Server CA	`2021-11-24` - `2022-12-25`	a year	crt.sh
outstreamedia.com R3	`2022-07-17` - `2022-10-15`	3 months	crt.sh
*.aniview.com Amazon	`2022-01-05` - `2023-02-03`	a year	crt.sh
*.aaxads.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-11` - `2023-03-15`	a year	crt.sh
*.insticator.com Sectigo RSA Organization Validation Secure Server CA	`2022-07-27` - `2023-08-26`	a year	crt.sh
*.freetls.fastly.net GlobalSign Atlas R3 DV TLS CA 2022 Q2	`2022-05-04` - `2023-06-05`	a year	crt.sh
*.instiengage.com Sectigo RSA Organization Validation Secure Server CA	`2022-05-24` - `2023-05-24`	a year	crt.sh
*.ingage.tech Sectigo RSA Organization Validation Secure Server CA	`2022-07-13` - `2023-08-11`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.a-mo.net R3	`2022-07-04` - `2022-10-02`	3 months	crt.sh
ssc.33across.com GTS CA 1D4	`2022-07-17` - `2022-10-15`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2022-06-27` - `2023-06-05`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
*.s3.amazonaws.com Amazon	`2021-12-15` - `2022-12-03`	a year	crt.sh
*.aaxdetect.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-11` - `2023-03-15`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2022-02-04` - `2023-02-03`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-08-24` - `2023-02-15`	6 months	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
*.technoratimedia.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-09-17` - `2022-10-05`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-25` - `2023-01-25`	a year	crt.sh
*.yellowblue.io Amazon	`2022-04-23` - `2023-05-22`	a year	crt.sh
*.aralego.com Sectigo RSA Domain Validation Secure Server CA	`2021-10-21` - `2022-11-20`	a year	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2022-02-20` - `2023-02-22`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
*.nl.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-08-02` - `2022-11-01`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-08-03` - `2022-11-05`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-06-21` - `2022-09-23`	3 months	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-08-21` - `2022-11-23`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-18` - `2023-05-18`	a year	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2021-12-10` - `2022-12-09`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-08-27` - `2022-11-22`	3 months	crt.sh
*.id5-sync.com R3	`2022-08-18` - `2022-11-16`	3 months	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2022-05-01` - `2023-06-02`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh

This page contains 38 frames:

Primary Page: https://themorningtribune.com/
Frame ID: 195F853C29D11E0B5B0F357294FD7EE0
Requests: 103 HTTP requests in this frame

Frame: https://auth.instiengage.com/auth/index.html
Frame ID: 7C778797CDA3022D9FDDE1786A706149
Requests: 3 HTTP requests in this frame

Frame: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5d8ccec528a0617cae5a0755
Frame ID: C1DEC1288310F4C3421DCF27B23281DA
Requests: 7 HTTP requests in this frame

Frame: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 998C23B185B991D413ACDF4D38EA5FBF
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfrFKQUAAAAAMzFobDZ7ZWy982lDxeps8cd1I2i&co=aHR0cHM6Ly90aGVtb3JuaW5ndHJpYnVuZS5jb206NDQz&hl=de&v=3TZgZIog-UsaFDv31vC4L9R_&size=normal&cb=4ozof0k10p1y
Frame ID: 66849439878F4077100D4B9BD7499661
Requests: 8 HTTP requests in this frame

Frame: https://ups.analytics.yahoo.com/ups/58543/occ?gdpr=1&gdpr_consent=
Frame ID: A859CD966B7647BF181EFB45D1450D9E
Requests: 1 HTTP requests in this frame

Frame: https://sync.aniview.com/cookiesyncendpoint?auid=1661956781852-998052144916-006105-003-006292&biddername=105&pid=5d8ccec528a0617cae5a0755&key=6255699c-afc3-48bb-8e2f-e1a7355ec7f6&gdpr=1&gdpr_consent=&us_privacy=
Frame ID: B13A3AC7E3E95E0E30DEF7BE587CB412
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/pixel?us_privacy=1---&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1661956781852-998052144916-006105-003-006292%26biddername%3D18%26key%3D%24UID
Frame ID: 9400897F83C50A2E328700A5C729BBBB
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0010b00001rrPUnAAM&us_privacy=1---&ru=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1661956781852-998052144916-006105-003-006292%26biddername%3D104%26pid%3D5d8ccec528a0617cae5a0755%26key%3D33XUSERID33X
Frame ID: D2071A4D069AD9CD8FB757B2126F9B12
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=&endpoint=us-east
Frame ID: A5127F7669B3467AFF5065B29FFB3F0C
Requests: 10 HTTP requests in this frame

Frame: https://sync.technoratimedia.com/services?srv=cs&pid=70&uid=1661956781852-998052144916-006105-003-006292&cb=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1661956781852-998052144916-006105-003-006292%26biddername%3D3%26key%3D%5BUSER_ID%5D
Frame ID: 7DA2AEF1760B1A1B3983E2D1406FF13F
Requests: 1 HTTP requests in this frame

Frame: https://sync.aniview.com/cookiesyncendpoint?auid=1661956781852-998052144916-006105-003-006292&biddername=22&key=984d0369-2afa-4669-a200-a86267db506a
Frame ID: 649C2C33B259EDE5C5039FD6538ECC1E
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=160993&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1661956781852-998052144916-006105-003-006292%26biddername%3D1%26key%3D
Frame ID: 0CB4F2B51A9FCF65830AFCFB5AC66792
Requests: 2 HTTP requests in this frame

Frame: https://sync.aniview.com/cookiesyncendpoint?auid=1661956781852-998052144916-006105-003-006292&biddername=10&pid=59c9148628a0612da3689288&key=SuN65qZRSzan&ev=1&us_privacy=${us_privacy}&pid=562704
Frame ID: 29CB8A69D3B6BC5F4C26C171E89A2712
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=de&v=3TZgZIog-UsaFDv31vC4L9R_&k=6LfrFKQUAAAAAMzFobDZ7ZWy982lDxeps8cd1I2i
Frame ID: 3FB153318F4F7F3C0D0D026D628C23DC
Requests: 3 HTTP requests in this frame

Frame: https://c.aaxads.com/aacxs.php?flg=AAXJ0S45T&fv=1&fy=37&ke=1&suylg=213%2C241%2C178%2C229%2C306%2C291%2C310%2C97%2C263%2C366%2C272%2C175%2C274%2C159%2C267%2C89%2C251%2C325%2C292%2C264%2C265%2C209%2C356%2C203&yvVbqf=1&uhiXuo=https%3A%2F%2Fwww.google.com%2F&gdpr=1&gdprconsent=2&gdprstring=&usp_status=0&usp_consent=1&coppa=0
Frame ID: 3FCCBFE242313AA4105521B92CFBC03C
Requests: 2 HTTP requests in this frame

Frame: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 1B6716ACDBC2BBD73737DBF8BB99A2CF
Requests: 5 HTTP requests in this frame

Frame: https://video-ads.rubiconproject.com/video/bridge-31047.js
Frame ID: B5C4D44C4B144A2650B5B2D158C3AD5B
Requests: 1 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 7683AE40E6CE4700557D3091E093C75B
Requests: 7 HTTP requests in this frame

Frame: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: CB110E7C660038A3CC0ABDB7A13F753F
Requests: 9 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yw9yrgAEiDMH_YuFAAYuZZ36yFBczps1wsgNUQ&u=%7C6kXEdkeVyfSsT1RzFTFqS51DO7B3YqYCPavonIfEqoE%3D%7C&c1=TEbw32HdmhlTb08vzaRE05Nor-kWNW37N_IRw2GZaxAfrTwL4yR1DQg7NFNPSptE4fExhVxGY0-oZWqNsMdrCYDZ5Fuu6-FsAC0lRMWZShK8IkMLX9eLvc2OAKMcBrm7Jsa3wI0D0FACJCGN24T3PoGet0rTd-EVum2rtyfV5MYmlXwDbGgJBkZpbSPU8Bbr9vIzAZxlZD_iUG21J-JntIbUa6duclDIvSkGLtBu2L3yAgrvVFCX4MtychNtHsKrJ7k_Y-KZW4MmFSh09YD_cE7uTvranljCxscP49dNpM158BaCjFNi4_IvHJ0sYjFpwVsshvNSDT6SW4Nx4f3ugejlLmSYWUgfCvmkhXgIS8l_nASAMMVwuWG6Ub0b8z7DixP9URHeujJRmzzN230JbDq-2SWd1RvOkkWGP1HJpJM52ekfA4NyBESglurTYnsZJ5SvPu4w8TaErm8oaoWJG2b78BmpwcF4KGNUiTOtvd4s_ky7bGlLn0kVh2m0jQkcOTyCXFMYRdt-MJO6IPbexFghOe07niGpZPGnZmU7KwPRJVyg768D0Q6s1K5g5lyK6cVqLEM-KkznKESUhLEK_GQslJeV1TredIkb3aoTO0LHQKum8Stpl9tKhTviqzM1&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC4FfDrnIPY7OQEoWX9u8P5dyY2A7JntKxXNX24taTAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0xMDY3Mzc0Njc5MjUyNTM3oAHVttLqA8gBCakCUKN8PS6-sD7gAgCoAwGqBK4CT9AtSpm4ZPriKfrv-jyyjPLX8VDx5zcuTgqEBI6eZ8Y6bffWaUXDJzesmVbNpc63yzSxv0kOLfw1DhJuVB3910Nw6yIq6-_Rv_NJQMW0n-D2X1CTakPju1zmyEfEmrsnDCK3kpLV1bzXt-ARZ17Z8T_MtxU_2_AbYFY__wzaAJq2urWvD3w7fuDuFAGjDLoGgqmS33MlGdPoCVkMOcx10j0uMyTO7dK0omwHJep1sq7rlC6kuEU22HEEmZ9fv8zTczLiMbWFMDNoBD3OeFDqHgy3uCTw1DzQQz4uesVWFaHn5V-O0C7Cv3jDI2ifDuyE4Qn4UaTepJNwWojJ0CsvBlZiGhtfnEnZxJum0kWRFBMJpNUAisGdLJHojrTOMTLpDa_mn8w6N18bPROC9QbgBAGABvTV55GM7ev3Q6AGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBAIiOGAcBABMgPrggE6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_06MSMcfhvOfU_v-c_FcyV1iQOPxw%26client%3Dca-pub-1067374679252537%26adurl%3D
Frame ID: F64F913C6AE89599F92FC11FB567FAB2
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 08843E0EF74B77DE6BCCEA99A08B9A31
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 7358EC0B4C40CFF135E430875C57FA4F
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/ppzs-o_oDTLysEGEkZroIB51IgxzANAUgUjK_Y8VX9I.js
Frame ID: C9019C6138F1121EF4EBC768103C5795
Requests: 1 HTTP requests in this frame

Frame: https://cdn.aralego.net/ucfad/cookie/sync.html
Frame ID: 4B2D1A1B5904FDED3C2B7000347E3C6A
Requests: 2 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 129FB9FDF29E50590F25E13F066F2102
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 0E266578690B33C78D7F98FA2272E41C
Requests: 3 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7139620707
Frame ID: 7CA08524AA611F4BA94F28A14A42662C
Requests: 1 HTTP requests in this frame

Frame: https://sync.aralego.com/idSync/?ucf_nid=par-BE7E7ADB8D34EE2BF7BBD2899BB62A77&gdpr=0&redirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fucfunnel%2F7c7a48ef-42dc-4131-96ee-e4e8fcaa1267%3Fuid%3DUCFUID
Frame ID: E07C85CB32A6EDEE832C1C522BE180C6
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 08C6CF310EA8BF7E9E99BBABCEB2556D
Requests: 2 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: B99D2A753E7C640DF4AEC81C48846827
Requests: 3 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13406715
Frame ID: 30A9C2D3BCB8739A6EA2E8150160FFF4
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=atx4xsU7Or6R0PaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Frame ID: 783B8499A9CE127C6EF07F4EFC9C5A1A
Requests: 1 HTTP requests in this frame

Frame: https://ex.ingage.tech/v1/sync/betweenx/7c7a48ef-42dc-4131-96ee-e4e8fcaa1267?uid=268f28e9-68d7-52f3-ab1a-68dfc8151a6f
Frame ID: 605FAADED1F8E738641258EF8B0FC878
Requests: 1 HTTP requests in this frame

Frame: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2F7c7a48ef-42dc-4131-96ee-e4e8fcaa1267%3Fuid%3D&s=192379&C=1
Frame ID: 0C52856932BB0DDDE3ECF844921DCF05
Requests: 10 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=95054&userIdMacro=PM_UID&gdpr=0&predirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fpubmatic%2F7c7a48ef-42dc-4131-96ee-e4e8fcaa1267%3Fuid%3DPM_UID
Frame ID: E43445AA5A0365940C94675C17ADD2F9
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
Frame ID: C84F51F9082CB8F0B319D0DC50ABB1A3
Requests: 4 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 92763D1341644EDF41B528F8A80947E5
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Insurance : Importance, Types And Benefits

Page URL History Show full URLs

https://xpshort.com/https12344 HTTP 302
https://techymozo.com//https12344 HTTP 302
https://themorningtribune.com/verify/?https12344 Page URL
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwjY9PiRsrf4AhUP8XMBHUIECS0... Page URL
https://themorningtribune.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

212
Requests

92 %
HTTPS

38 %
IPv6

54
Domains

92
Subdomains

73
IPs

10
Countries

2371 kB
Transfer

10863 kB
Size

65
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://r3adyt0download.com/CkrqG32fda08e97d78fa3b70972e74ef52149820e4a09?q={KEYWORD}
Title: Download NOW

Search URL Search Domain Scan URL

URL: https://rebrand.ly/yuidea/
Title: Dev by yuidea

Search URL Search Domain Scan URL

URL: https://wordpress.org/
Title: Proudly powered by WordPress

Search URL Search Domain Scan URL

URL: https://www.idtheme.com/superfast/
Title: Theme: Superfast

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://xpshort.com/https12344 HTTP 302
https://techymozo.com//https12344 HTTP 302
https://themorningtribune.com/verify/?https12344 Page URL
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwjY9PiRsrf4AhUP8XMBHUIECS0QFnoECAUQAQ&url=https://themorningtribune.com/&usg=AOvVaw0xky7o0NJ5Iud-8QEcze-a Page URL
https://themorningtribune.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://xpshort.com/https12344 HTTP 302
https://techymozo.com//https12344 HTTP 302
https://themorningtribune.com/verify/?https12344

Request Chain 93

https://prebid.a-mo.net/cchain/0?gdpr=1&gdpr_consent=&cb=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1661956781852-998052144916-006105-003-006292%26biddername%3D105%26pid%3D5d8ccec528a0617cae5a0755%26key%3D HTTP 302
https://sync.aniview.com/cookiesyncendpoint?auid=1661956781852-998052144916-006105-003-006292&biddername=105&pid=5d8ccec528a0617cae5a0755&key=6255699c-afc3-48bb-8e2f-e1a7355ec7f6&gdpr=1&gdpr_consent=&us_privacy=

Request Chain 96

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=&endpoint=us-east HTTP 301
https://eus.rubiconproject.com/usync.html?p=&endpoint=us-east

Request Chain 98

https://ad.360yield.com/server_match?partner_id=1581&r=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1661956781852-998052144916-006105-003-006292%26biddername%3D22%26key%3D%7BPUB_USER_ID%7D HTTP 302
https://ad.360yield.com/ul_cb/server_match?partner_id=1581&r=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1661956781852-998052144916-006105-003-006292%26biddername%3D22%26key%3D%7BPUB_USER_ID%7D HTTP 302
https://sync.aniview.com/cookiesyncendpoint?auid=1661956781852-998052144916-006105-003-006292&biddername=22&key=984d0369-2afa-4669-a200-a86267db506a

Request Chain 100

https://bh.contextweb.com/bh/rtset?pid=562704&ev=1&us_privacy=${us_privacy}&rurl=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1661956781852-998052144916-006105-003-006292%26biddername%3D10%26pid%3D59c9148628a0612da3689288%26key%3D%25%25VGUID%25%25 HTTP 302
https://sync.aniview.com/cookiesyncendpoint?auid=1661956781852-998052144916-006105-003-006292&biddername=10&pid=59c9148628a0612da3689288&key=SuN65qZRSzan&ev=1&us_privacy=${us_privacy}&pid=562704

Request Chain 127

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/Y4hfHJgYY4x-c_R1TOpllMn5EUdSAgOZEtemQ7w0kco?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=6714459553664716980

Request Chain 128

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZDQ3NjE5ZWYzNDg4YjFkZDRiMDJkNWQxMTBhYjJlZjEzNzViNTI4Zg

Request Chain 129

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDdIUTVOTTMtMVUtSTlHTg==

Request Chain 130

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=-nSB59P_SrWKZn6RY5ra-Q&rk=usync-other HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=-nSB59P_SrWKZn6RY5ra-Q

Request Chain 131

https://token.rubiconproject.com/token?pid=26594 HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L7HQ5NM3-1U-I9GN&sigv=1&esig=2~36e8415eecb09c7be84864320b0a005d6fc8c613

Request Chain 132

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEBEHmfmz2ANjIUUDwv0iBmI&google_cver=1

Request Chain 133

https://token.rubiconproject.com/token?pid=36584 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L7HQ5NM3-1U-I9GN

Request Chain 134

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=YsfA6EePTiC_V098kXd3Ew&rk=usync-na HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=YsfA6EePTiC_V098kXd3Ew

Request Chain 189

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthemorningtribune.com%2F&domain=themorningtribune.com&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=DhBhU3xJZXFBWklrblBnYkdkT1I4b2dKM3JxZzNEOUF2eFYzQ25OUk9CVlJzRXNYYmVrWERCQXo3cmdiamVtUVdMVUtHRExpNzVkaENGczFzZWNRTnlTTVFQUjJ4MEplamQ1T3JLZmxDci9heEhCaU1LUU45cmpOaG5uZ1F1RGdpaXdSeFpqRGk3RndMZ29JaTUySjFjUXltVWZHU09EbFVkelFaSnE1V3NuUWpZdGJuOWZKaTBqRk9PdnJSbmxETkx3WlYwNUxGOThMcERTYWNJL3B4VzdTNVlxUXNjZE15cmNwNFIyQythYVRkRGZyNm5JRmJhRm1XWVp5RmtvSDNRTEdafA&cppv=2

Request Chain 198

https://ex.ingage.tech/v1/syncPage/unruly?userId=7c7a48ef-42dc-4131-96ee-e4e8fcaa1267&to=https%3A%2F%2Fsync.1rx.io%2Fusersync2%2Frmpssp%3Fsub%3Dinsticator HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=insticator HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=insticator&zcc=1&cb=1661956784898 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7139620707

Request Chain 204

https://ads.betweendigital.com/match?bidder_id=43907&gdpr=0&callback_url=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fbetweenx%2F7c7a48ef-42dc-4131-96ee-e4e8fcaa1267%3Fuid%3D%24%7BUSER_ID%7D HTTP 302
https://ads.betweendigital.com/match?bidder_id=43907&gdpr=0&callback_url=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fbetweenx%2F7c7a48ef-42dc-4131-96ee-e4e8fcaa1267%3Fuid%3D%24%7BUSER_ID%7D&crf=1 HTTP 302
https://ex.ingage.tech/v1/sync/betweenx/7c7a48ef-42dc-4131-96ee-e4e8fcaa1267?uid=268f28e9-68d7-52f3-ab1a-68dfc8151a6f

Request Chain 205

https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2F7c7a48ef-42dc-4131-96ee-e4e8fcaa1267%3Fuid%3D HTTP 302
https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2F7c7a48ef-42dc-4131-96ee-e4e8fcaa1267%3Fuid%3D&s=192379&C=1

Request Chain 211

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?endpoint=us-east&p=insticator HTTP 301
https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator

Request Chain 216

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=Yw9ysB01WjRbYigf2qycNwAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEPz5v2QeJ-y07ZgYhMoINrw&google_cver=1&gdpr=1

Request Chain 217

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yw9ysB01WjRbYigf2qycNwAABIMAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yw9ysB01WjRbYigf2qycNwAABIMAAAAB&dcc=t

Request Chain 218

https://csync.loopme.me/?redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D24%26external_user_id%3D%7Bviewer_token%7D&us_privacy=&gdpr=1&gdpr_consent= HTTP 307
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=47164669-87aa-4ce8-8bd7-ae18ce5bdd45&us_privacy=null&gdpr_consent=null&gdpr=1

Request Chain 219

https://px.owneriq.net/eucm/p/cc?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D31%26external_user_id%3D(OIQ_UUID) HTTP 302
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdsum-sec.casalemedia.com%2fcrum%3fcm_dsp_id%3d31%26external_user_id%3dQ7152431841213752021&uid=Q7152431841213752021&ref=%2Feucm%2Fp%2Fcc HTTP 302
https://px.owneriq.net/noop?ct=image%2Fgif

Request Chain 220

https://nep.advangelists.com/xp/user-sync?acctid=405&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D195%26external_user_id%3D%7BPARTNER_VISITOR_ID%7D%0A HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-c94f66a0-7caa-43ef-b257-1ba867af8fef

Request Chain 221

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1 HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1&_test=Yw9ysQAKfCg5zwAK HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yw9ysQAKfCg5zwAK&gdpr=1&_test=Yw9ysQAKfCg5zwAK

212 HTTP transactions
14 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/
themorningtribune.com/verify/
Redirect Chain

https://xpshort.com/https12344
https://techymozo.com//https12344
https://themorningtribune.com/verify/?https12344

6 KB
3 KB

352ms
267ms

Document
text/html

2606:4700:3035::ac43:b3cd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://themorningtribune.com/verify/?https12344

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:b3cd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 743684527e0e8ffe-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 31 Aug 2022 14:39:40 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer no-referrer
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z%2BlcEpfDkf%2FeLsK5y2zhwXvqcNX7pU6E5rPa3wNfIdv%2FyBP%2FAQcm5QaVkUXch3%2B6mFQ1c8fB90DdePHg28VaCpPXsQjHZDmd%2B13tmut4umo%2B1I0IPwoxyGIFhhiDXkEC5bjGDh3OsVlyU7f0o8BkBzjfi%2FA%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 683
Content-Type: text/html
Date: Wed, 31 Aug 2022 14:39:39 GMT
Location: https://themorningtribune.com/verify/?https12344
Server: nginx
Vary: User-Agent,User-Agent
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN,SAMEORIGIN
X-XSS-Protection: 1; mode=block

GET
H2 200 url
www.google.com/ 932 B
1 KB 185ms
73ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwjY9PiRsrf4AhUP8XMBHUIECS0QFnoECAUQAQ&url=https://themorningtribune.com/&usg=AOvVaw0xky7o0NJ5Iud-8QEcze-a

Requested by

Host: themorningtribune.com
URL: https://themorningtribune.com/verify/?https12344

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Platform Sec-CH-UA-Platform-Version Sec-CH-UA-Full-Version Sec-CH-UA-Arch Sec-CH-UA-Model Sec-CH-UA-Bitness Sec-CH-UA-Full-Version-List Sec-CH-UA-WoW64
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
bfcache-opt-in: unload
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 469
content-type: text/html; charset=UTF-8
date: Wed, 31 Aug 2022 14:39:40 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
pragma: no-cache
server: gws
strict-transport-security: max-age=31536000
x-xss-protection: 0

GET
H2 200 Primary Request / Show response
themorningtribune.com/ 55 KB
14 KB 407ms
406ms Document
text/html 2606:4700:3035::ac43:b3cd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://themorningtribune.com/

Requested by

Host: www.google.com
URL: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwjY9PiRsrf4AhUP8XMBHUIECS0QFnoECAUQAQ&url=https://themorningtribune.com/&usg=AOvVaw0xky7o0NJ5Iud-8QEcze-a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:b3cd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4298e414cf31f98f6a599464c98e17dfd8681b3b89498e39a359975e62aa44e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 74368455fbc68ffe-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 31 Aug 2022 14:39:40 GMT
link: <https://themorningtribune.com/wp-json/>; rel="https://api.w.org/", <https://themorningtribune.com/wp-json/wp/v2/pages/432>; rel="alternate"; type="application/json", <https://themorningtribune.com/>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1siHc%2BcoyWOjpQRAAjgnQWFr0%2FbDka1SMJXipQj%2F24EsHE7g08Sda7xrmdWLp9OqUgUUCCDG6Fo9%2B9bpFody1Pmo8Vbbq8QsGssSNX2S9vlXmyOhHYze9m2u%2B%2BJqwpUXvR76KRuZ6Oj7KHqNw5IEkCI9tNo%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H3 200 style.min.css
themorningtribune.com/wp-includes/css/dist/block-library/ 87 KB
12 KB 29ms
26ms Stylesheet
text/css 2606:4700:3035::ac43:b3cd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://themorningtribune.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2

Requested by

Host: themorningtribune.com
URL: https://themorningtribune.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::ac43:b3cd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:40 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 26638
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 12 Jul 2022 18:20:17 GMT
server: cloudflare
etag: W/"62cdbb61-15b64"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r3yMLKCAizRoZpvQRY63atDlNs3CbQfLN1tsfq5%2BFXJZEok3Ql8NMzo9uUaE4tv6S7sn7huCV%2Bbv%2FBHIE9yZ3j3NUkXHmtW29qVT87%2FDAOl57NICkzFU7HvVOMjyQAyYZvrnyUNVGbaNsdqXifsd9BpaoYs%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
vary: Accept-Encoding
cache-control: max-age=2592000
cf-ray: 74368458a8839042-FRA
expires: Fri, 30 Sep 2022 06:20:18 GMT

GET
H3 200 idblog-core.css
themorningtribune.com/wp-content/plugins/idblog-core/css/ 6 KB
2 KB 36ms
32ms Stylesheet
text/css 2606:4700:3035::ac43:b3cd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://themorningtribune.com/wp-content/plugins/idblog-core/css/idblog-core.css?ver=1.0.0

Requested by

Host: themorningtribune.com
URL: https://themorningtribune.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::ac43:b3cd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44c5d1c14f1685bd38adfe9a418c800339ea356687ba6e1da9514be0a7df9955

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:40 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2315369
cf-polished: origSize=6775
cf-ray: 74368458a88b9042-FRA
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 20 Jun 2022 15:15:36 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"62b08f18-1a77"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AKUy8zUDROt78j8qRStAqcVB0LNlOaOrM2MpvM7YbUoKuFL7lGHM64PMVk%2BoPj0is4tfW4vw6jPhAM0k5mlPRer5%2FJa62kozIQRDOikiVwZx2zXpubKvKDicU%2FI3RzzEMFC%2BRKqOjNpMyImm0yDzU7YETo0%3D"}],"group":"cf-nel","max_age":604800}
x-runcache-type: native
cache-control: max-age=2592000
content-type: text/css
expires: Fri, 19 Aug 2022 15:17:23 GMT

GET
H2 200 css
fonts.googleapis.com/ 6 KB
1 KB 170ms
56ms Stylesheet
text/css 2a00:1450:400a:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Nunito%3Aregular%2C700%2C600%2C300%26subset%3Dlatin%2C&ver=2.0.9

Requested by

Host: themorningtribune.com
URL: https://themorningtribune.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400a:800::200a Zurich, Switzerland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6d6b4e3715b628457d40f2bf6e62b661d2bb36d85296d08a0bca4858dd617f7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 31 Aug 2022 14:39:41 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 31 Aug 2022 14:39:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 31 Aug 2022 14:39:41 GMT

GET
H3 200 style.css
themorningtribune.com/wp-content/themes/superfast/ 34 KB
8 KB 33ms
30ms Stylesheet
text/css 2606:4700:3035::ac43:b3cd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://themorningtribune.com/wp-content/themes/superfast/style.css?ver=6.0.2

Requested by

Host: themorningtribune.com
URL: https://themorningtribune.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::ac43:b3cd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

75accb62acfb84c7df1e0e2f1b9909e4ed8f15c6756cb9efa675cecae85da09e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:40 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 26638
cf-polished: origSize=45483
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 20 Jun 2022 15:14:07 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"62b08ebf-b1ab"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tmujWXdpH8uQjyUe7ee7973G3iDbBCmgdRwLEQPmlSSoMAD3m84KWCv937xo8AobDFdRfXMwKtJ2OJ5U94DYIYx0RXu2ujqw3oLL0PI2dzg7cYoWC8vzK87RQjXIwiFXb99EQWPzv5skRDIb63QcZiitl3k%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 74368458a88f9042-FRA
expires: Fri, 30 Sep 2022 06:20:18 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 83 KB
28 KB 145ms
51ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: themorningtribune.com
URL: https://themorningtribune.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1acc33d91129adec432db09da6e1c2239c89e702c732cd5d8310d9e6f17fe0e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28568
x-xss-protection: 0
server: sffe
etag: "1319 / 175 of 1000 / last-modified: 1661944034"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 31 Aug 2022 14:39:41 GMT

GET
H2 200 f9918f7e-cf87-41a8-8cb0-dc1814248f26.js Show response
df80k0z3fi8zg.cloudfront.net/files/instibid/ 269 KB
80 KB 53ms
8ms Script
application/javascript 2600:9000:21f3:200:10:3422:3f00:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js
Requested by: Host: themorningtribune.com
URL: https://themorningtribune.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:200:10:3422:3f00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d5486bd604ac6d924dd969a196ef9b9439b6d0e274befcf8dd4f1375fca99541

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

x-amz-version-id: ofk_mowctqGVBR8A9_onl80LL4kCfOfe
content-encoding: gzip
last-modified: Tue, 23 Aug 2022 12:01:26 GMT
server: AmazonS3
age: 3546
etag: W/"690c0a6b7faac366e8b89f09b0ddd9d1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 32e3b86ae254a231182567c0124af892.cloudfront.net (CloudFront)
date: Wed, 31 Aug 2022 14:02:03 GMT
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: PliA5KKDccexqfkil1pkljK-91prPNDOk5_N7O4fRRoNYKcNVNfZ0w==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 105 KB
41 KB 129ms
48ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-135892861-1

Requested by

Host: themorningtribune.com
URL: https://themorningtribune.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

67e02df6a77557209df8a645a492d5c45661453ad77e4469657d159a7648506b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:41 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41984
x-xss-protection: 0
last-modified: Wed, 31 Aug 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 31 Aug 2022 14:39:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 201 KB
72 KB 176ms
96ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-1WV9GB5460

Requested by

Host: themorningtribune.com
URL: https://themorningtribune.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a466e14b169930d0990451efcc0d03c0e9b17597f7f078df99347a78cc9c026e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:41 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 73585
x-xss-protection: 0
expires: Wed, 31 Aug 2022 14:39:41 GMT

GET
H2 200 themorningtribune.com_instream_floating.js Show response
d2nr2jos5slco1.cloudfront.net/aniview-script/ 23 KB
6 KB 54ms
8ms Script
application/javascript 2600:9000:20eb:a600:1:4a30:d840:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2nr2jos5slco1.cloudfront.net/aniview-script/themorningtribune.com_instream_floating.js
Requested by: Host: themorningtribune.com
URL: https://themorningtribune.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:a600:1:4a30:d840:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 36a65f58c51aeb98905d2508e11b2a5c6b5ce8f8eb5c3aca23d4f2f95b52c34a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

x-amz-version-id: nRen66l3imZhG6Zn5ScEE0ib41VNkqlS
content-encoding: br
last-modified: Wed, 03 Aug 2022 13:53:19 GMT
server: AmazonS3
age: 78840
etag: W/"9611f58feacb43c18f98ce2bc9d0dfd8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 29051585a13addd312c8ac9d527433c6.cloudfront.net (CloudFront)
date: Tue, 30 Aug 2022 16:45:42 GMT
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: 4X0miezlJR-qS7M0JLDFkqi3va7zea2UWtY8uI3qeyUP0t0jVKJ4XA==

GET
H3 200 api.js Show response
www.google.com/recaptcha/ 850 B
577 B 127ms
47ms Script
text/javascript 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: themorningtribune.com
URL: https://themorningtribune.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7a7dcb207863b588dd58e49adb2dc0fca02fae2bd10571e7ccd087067ae09f12

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 556
x-xss-protection: 1; mode=block
expires: Wed, 31 Aug 2022 14:39:41 GMT

GET
H3 200 customscript.js Show response
themorningtribune.com/wp-content/themes/superfast/js/ 12 KB
5 KB 33ms
31ms Script
application/javascript 2606:4700:3035::ac43:b3cd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://themorningtribune.com/wp-content/themes/superfast/js/customscript.js?ver=2.0.9

Requested by

Host: themorningtribune.com
URL: https://themorningtribune.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::ac43:b3cd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7b2df62536f84a85e2812da8b375b62724a66472b91144ddbacbeee52a6722f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:40 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2315368
cf-polished: origSize=13929
cf-ray: 74368458a8909042-FRA
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 20 Jun 2022 15:14:07 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"62b08ebf-3669"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UowDKv9RDwLd%2BTuc1WqFGrmMhenJ9KkIDZ7jeBHofrn5fu3ScQs085bgkMUkYf9zIy3Q9wXISnFnx5qTUUpB9nUTPdsGpnrGp40QkKs0DUWYRo%2Boff4FpVx7O8ZAHnA9c9rGNzkrWVSBGDHJMHe9mSfr1pI%3D"}],"group":"cf-nel","max_age":604800}
x-runcache-type: native
cache-control: max-age=2592000
content-type: application/javascript
expires: Fri, 19 Aug 2022 15:17:24 GMT

GET
H3 200 wp-emoji-release.min.js Show response
themorningtribune.com/wp-includes/js/ 18 KB
5 KB 16ms
16ms Script
application/javascript 2606:4700:3035::ac43:b3cd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://themorningtribune.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2

Requested by

Host: themorningtribune.com
URL: https://themorningtribune.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::ac43:b3cd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 26638
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 20 Jun 2022 03:45:57 GMT
server: cloudflare
etag: W/"62afed75-48b9"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3MEQ7FiO6ubdwZ%2FHVXC2a35efNSXUcoQTx%2BkSNwrEc%2Brei9aQl%2B%2FMGHbi2VeLN5yFwBGIKHlX4MYsvzwKEBzWmQ0pEgQyMJfwiEnuM4g3HoIpmCIBGuUdVTNeLbThuaR0%2B%2FE5HgNZCjT0%2BAY0HafikDY73I%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=2592000
cf-ray: 74368459ba999042-FRA
expires: Fri, 30 Sep 2022 06:20:19 GMT

GET
H2 200 f9918f7e-cf87-41a8-8cb0-dc1814248f26.js Show response
d2f0uviei09pxb.cloudfront.net/ads-code/ 183 KB
36 KB 50ms
11ms Script
application/javascript 2600:9000:21f3:d600:3:f434:dfc0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2f0uviei09pxb.cloudfront.net/ads-code/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js
Requested by: Host: themorningtribune.com
URL: https://themorningtribune.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:d600:3:f434:dfc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 86ed211288153a7341345e96ee534a8f19f125d2f068670c4a2dbdae7506beb0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

x-amz-version-id: CYLZk4ZtP9ueSk3a3_BbySJiJ2hYz4.f
content-encoding: br
last-modified: Tue, 23 Aug 2022 12:01:40 GMT
server: AmazonS3
age: 26
etag: W/"d6f32655c34be67560b4da48cd69bdab"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 91ba7c34719cd9c69e0357c149b94b90.cloudfront.net (CloudFront)
cache-control: max-age=60
date: Wed, 31 Aug 2022 14:39:41 GMT
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: fkfzn0ccLobHMQqSxj_OOQbio4mJlnx6ZCjyd3fXFN4VnnM75hhXzQ==

GET
H2 200 XRXV3I6Li01BKofINeaB.woff2
fonts.gstatic.com/s/nunito/v25/ 35 KB
36 KB 119ms
40ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunito/v25/XRXV3I6Li01BKofINeaB.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Nunito%3Aregular%2C700%2C600%2C300%26subset%3Dlatin%2C&ver=2.0.9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96217f1d27fb909f92b4a6b35a0d3d6775f2f0b4d136d27aee88547d3ed87357

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://themorningtribune.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Mon, 29 Aug 2022 21:06:30 GMT
x-content-type-options: nosniff
age: 149591
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35904
x-xss-protection: 0
last-modified: Mon, 18 Jul 2022 19:34:47 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Aug 2023 21:06:30 GMT

GET
H2 200 2b07.svg
s.w.org/images/core/emoji/14.0.0/svg/ 240 B
472 B 28ms
6ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/14.0.0/svg/2b07.svg

Requested by

Host: themorningtribune.com
URL: https://themorningtribune.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

f534b7b1961a07619a8e1466ee3ac41144e416a276b521ba453ed7b5416ca53e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Wed, 31 Aug 2022 14:39:41 GMT
x-content-type-options: nosniff
last-modified: Tue, 12 Apr 2022 03:47:26 GMT
server: nginx
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, HEAD
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 240
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avcplayer.js Show response
player.avplayer.com/script/2/v/ 251 KB
60 KB 51ms
7ms Script
application/javascript 2a02:26f0:3500:c::5c7b:6837
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.avplayer.com/script/2/v/avcplayer.js
Requested by: Host: d2nr2jos5slco1.cloudfront.net
URL: https://d2nr2jos5slco1.cloudfront.net/aniview-script/themorningtribune.com_instream_floating.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:c::5c7b:6837 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 4fb80b7bf623f709e8773d63406d7d20cbb8dda584d2259f86b7cc94050923d1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:41 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycduGB2AlLYWO9z1o9MZw3py8-TiNXy0xSw8Y-H7jVVYgkTfXYOmbJIkYFFscMkPtM6TY0pxalGwhD7xlrfFFZLZYF7lWag
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
content-length: 61326
last-modified: Thu, 03 Mar 2022 17:18:44 GMT
server: UploadServer
etag: "9dff0335699f04080269947f40c366ae"
vary: Accept-Encoding
x-goog-hash: crc32c=DITkQg==
content-language: en
x-goog-generation: 1646327924579580
cache-control: public, max-age=300
x-goog-stored-content-length: 61326
accept-ranges: bytes
content-type: application/javascript
expires: Wed, 31 Aug 2022 14:44:41 GMT

GET
H2 200 track
track1.aniview.com/ 0
71 B 311ms
99ms Image
text/plain 52.0.187.152
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?pid=5d8ccec528a0617cae5a0755&cid=62e9f831047b15547d6d6c55&cb=1661956781129&r=themorningtribune.com&stagid=62ea643a05e77f1a0c00c9b4&stplid=62ea5e3167828879e326ddc8&d35=&e=playerLoaded
Requested by: Host: themorningtribune.com
URL: https://themorningtribune.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.0.187.152 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-0-187-152.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:41 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 aax.js Show response
c.aaxads.com/ 448 KB
126 KB 116ms
85ms Script
text/javascript 23.205.241.117
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://c.aaxads.com/aax.js?pub=AAXJ0S45T&hst=themorningtribune.com&ver=1.2

Requested by

Host: d2f0uviei09pxb.cloudfront.net
URL: https://d2f0uviei09pxb.cloudfront.net/ads-code/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.241.117 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-241-117.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

a2de9cba2a361435724689ece2edf762d15ff0df98adffa5f96e331d2a006766

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
server: Apache
date: Wed, 31 Aug 2022 14:39:41 GMT
vary: Accept-Encoding
x-mnet-h: E
content-type: text/javascript; charset=utf-8
cache-control: max-age=1800
expires: Wed, 31 Aug 2022 15:09:41 GMT

GET
H2 200 / Show response
geoip.insticator.com/json/ 243 B
433 B 320ms
99ms XHR
application/json 18.213.182.17
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://geoip.insticator.com/json/
Requested by: Host: d2f0uviei09pxb.cloudfront.net
URL: https://d2f0uviei09pxb.cloudfront.net/ads-code/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.213.182.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-213-182-17.compute-1.amazonaws.com
Software: /
Resource Hash: 6a46bb8d295f421b26a8562ae74a573d973d2a8c3b6083b9e2b35ee31bb24354

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

access-control-allow-origin: https://themorningtribune.com
date: Wed, 31 Aug 2022 14:39:41 GMT
access-control-allow-credentials: true
x-database-date: Tue, 30 Aug 2022 23:35:19 GMT
content-length: 243
vary: Origin
content-type: application/json

GET
H/1.1 200
OK config.js Show response
confiant-integrations.global.ssl.fastly.net/Fseez_-nDyWQXIJsbnoKkKTHXC4/gpt_and_prebid/ 89 KB
21 KB 28ms
6ms Script
text/javascript 151.101.65.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/Fseez_-nDyWQXIJsbnoKkKTHXC4/gpt_and_prebid/config.js
Requested by: Host: d2f0uviei09pxb.cloudfront.net
URL: https://d2f0uviei09pxb.cloudfront.net/ads-code/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 301a865a949445a5f99ef07d197940b6d5abd3c32bd1fb0f63e50ad3e746198e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 14:39:41 GMT
Content-Encoding: gzip
Age: 714
X-Cache: HIT
Connection: keep-alive
Content-Length: 20965
x-amz-id-2: +8INHMGt+MmWfCrwh0IDpd6aV68uvJPbPvVnt3+W7uKUGi+bcvhBRzuhfMgf9TJ0OfKursXV9H0=
X-Served-By: cache-hhn4064-HHN
Last-Modified: Wed, 31 Aug 2022 14:21:05 GMT
Server: AmazonS3
X-Timer: S1661956781.176317,VS0,VE0
ETag: "f897e1fc370b837682194f5c1abb2b39"
x-amz-request-id: 0PNZ1Q1C9M1MMQSJ
Via: 1.1 varnish
Cache-Control: public, max-age=900, stale-while-revalidate=3600
Accept-Ranges: bytes
Content-Type: text/javascript
X-Cache-Hits: 27

GET
H2 200 index.html Show response
auth.instiengage.com/auth/ Frame 7C77 75 B
466 B 63ms
7ms Document
text/html 2600:9000:21f3:600:9:78a:e540:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://auth.instiengage.com/auth/index.html
Requested by: Host: d2f0uviei09pxb.cloudfront.net
URL: https://d2f0uviei09pxb.cloudfront.net/ads-code/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:600:9:78a:e540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 32dcb7b5d0e79583353a56225e4d8097e004103102d584e245d1b96547f9948d

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 233
cache-control: max-age=300
content-length: 75
content-type: text/html
date: Wed, 31 Aug 2022 14:35:49 GMT
etag: "2e3d17ce9023be2c1313c02113f5c568"
last-modified: Tue, 16 Aug 2022 12:46:45 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 a32f966fc5896281eb3de44fd8f57d40.cloudfront.net (CloudFront)
x-amz-cf-id: bpw7PZ89Z-orwq2GAUeXCVKfHziahD6fNHirTXc-19Ta8Gy6WmbhsQ==
x-amz-cf-pop: FRA2-C2
x-amz-version-id: wwuA1teHfpxnNE1op.J6Ishi5Ug48nVr
x-cache: Hit from cloudfront

POST
H2 201 event Show response
event.insticator.com/v1/ 0
124 B 113ms
112ms XHR
text/plain 35.172.84.50
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://event.insticator.com/v1/event?event_name=event_pageview
Requested by: Host: d2f0uviei09pxb.cloudfront.net
URL: https://d2f0uviei09pxb.cloudfront.net/ads-code/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.172.84.50 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-172-84-50.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Allow-Origin: *
Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-type: application/json

Response headers

access-control-allow-origin: https://themorningtribune.com
date: Wed, 31 Aug 2022 14:39:41 GMT
access-control-allow-credentials: true
content-length: 0
vary: Origin

OPTIONS
H2 200 event
event.insticator.com/v1/ Frame 0
0 325ms
102ms Preflight 35.172.84.50
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://event.insticator.com/v1/event?event_name=event_pageview
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.172.84.50 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-172-84-50.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: access-control-allow-origin,content-type
Access-Control-Request-Method: POST
Origin: https://themorningtribune.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: access-control-allow-origin,content-type
access-control-allow-methods: POST
access-control-allow-origin: https://themorningtribune.com
access-control-max-age: 3600
content-length: 0
date: Wed, 31 Aug 2022 14:39:41 GMT
vary: Origin

OPTIONS
H2 204 openrtb
ex.ingage.tech/v1/ Frame 0
0 159ms
127ms Preflight 2606:4700:3036::ac43:c951
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ex.ingage.tech/v1/openrtb
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:c951 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://themorningtribune.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://themorningtribune.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7436845abea56903-FRA
content-length: 0
date: Wed, 31 Aug 2022 14:39:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8bMq9sL6IU4saw0pAVVHnZ%2FQNX97Bt1ncV8Eys38UHhqyg0WXNxmsfi0MY8TdUgPFC59PqYGn9mSd5996N8JfQKf3Q%2FDKUXbwK0gKKo47DQuAmgZa2ft1sCCASaNPAYkRbrqQxTQmf%2FDZc6nWw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin, Access-Control-Request-Headers

GET
H2 200 arj Show response
insticator-d.openx.net/w/1.0/ 73 B
382 B 72ms
26ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://insticator-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fthemorningtribune.com%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=8e81a122-be3f-4ce9-ae70-dda920aa4a32%2C0386fc26-beca-4c8c-81b3-8bb2233c3385%2Cfce54e08-1762-498c-910b-96d4a00314b5%2Caa0dff19-3ae0-4e1b-bc82-14a9527f0b35%2C72929a3d-fe95-4e14-89db-7e25b7d6debe&nocache=1661956781190&pubcid=9021085b-2113-4092-87c5-406188258e97&schain=1.0%2C1!insticator.com%2C4e60cb86-2850-46fb-bfca-bc9b7ff86475%2C1%2C%2C%2C&aus=320x50%2C336x280%2C300x250%7C320x50%2C336x280%2C300x250%7C320x50%2C336x280%2C300x250%7C320x50%2C336x280%2C300x250%7C728x90&divids=div-insticator-ad-3%2Cdiv-insticator-ad-1%2Cdiv-insticator-ad-4%2Cdiv-insticator-ad-5%2Cdiv-insticator-ad-anchor&aucs=themorningtribune.com-div-insticator-ad-3%2Cthemorningtribune.com-div-insticator-ad-1%2Cthemorningtribune.com-div-insticator-ad-4%2Cthemorningtribune.com-div-insticator-ad-5%2Cthemorningtribune.com-anchor-div-insticator-ad-anchor&auid=557552916%2C557552916%2C557552916%2C557552916%2C557552916
Requested by: Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 59d1d9cca32502b391dd729f4c9bc9e658e9830e5ce034cd484c93ca413afd45

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 14:39:41 GMT
content-encoding: gzip
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://themorningtribune.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
281 B 107ms
59ms XHR
text/plain 147.75.85.234
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.85.234 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://themorningtribune.com
date: Wed, 31 Aug 2022 14:39:40 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 44
vary: origin, Accept-Encoding

POST
H3 200 openrtb Show response
ex.ingage.tech/v1/ 2 KB
1 KB 354ms
321ms XHR
application/json 2606:4700:3036::ac43:c951
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ex.ingage.tech/v1/openrtb
Requested by: Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:c951 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9d68ceee21c0df35405890501baed037a1d0aaa6aef2caf6870ee76234380e6f

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 31 Aug 2022 14:39:41 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=szD4kaR6C7u9jmjTDjQVAE6Yf4ueCSc05rrzP4zx2aNW9HZ8jJhRtn9Xsxma9E%2FbfzPpm5RF4gIXlUMAJkxWqfF5br9nFnHoNrJmpncU3nuEF1ncoC1dGtHq0fx2gq%2FmPNf3Yq7SLtRh%2FnF7Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://themorningtribune.com
access-control-allow-credentials: true
cf-ray: 7436845ba84c90a8-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 87 B
179 B 155ms
112ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=atx4xsU7Or6R0PaKlId8sQ
Requested by: Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 4271f184f952c541bd8e3ef1e0109de04443a448dd16796a1e0cb1fc7c233c53

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 31 Aug 2022 14:39:41 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://themorningtribune.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 87 B
355 B 153ms
110ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=atx4xsU7Or6R0PaKlId8sQ
Requested by: Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 4271f184f952c541bd8e3ef1e0109de04443a448dd16796a1e0cb1fc7c233c53

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 31 Aug 2022 14:39:41 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://themorningtribune.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 87 B
170 B 153ms
110ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=atx4xsU7Or6R0PaKlId8sQ
Requested by: Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 4271f184f952c541bd8e3ef1e0109de04443a448dd16796a1e0cb1fc7c233c53

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 31 Aug 2022 14:39:41 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://themorningtribune.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 87 B
179 B 161ms
118ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=atx4xsU7Or6R0PaKlId8sQ
Requested by: Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 4271f184f952c541bd8e3ef1e0109de04443a448dd16796a1e0cb1fc7c233c53

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 31 Aug 2022 14:39:41 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://themorningtribune.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 87 B
179 B 164ms
122ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=atx4xsU7Or6R0PaKlId8sQ
Requested by: Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 4271f184f952c541bd8e3ef1e0109de04443a448dd16796a1e0cb1fc7c233c53

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 31 Aug 2022 14:39:41 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://themorningtribune.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 81 KB
19 KB 273ms
252ms XHR
application/json 37.252.173.27
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4163fd9c759dad994a7d4d0ea5d81b05cc763b7d2303e8967be6920fa30e5fc0

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 31 Aug 2022 14:39:41 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.213.155.168; 185.213.155.168; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 0dfedb56-53f0-4697-b82d-a4fa5d05093c
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://themorningtribune.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 94 B
757 B 97ms
52ms XHR
application/json 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.15.0
Requested by: Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: /
Resource Hash: e71c82a822557134a21db65490eb51efbf933eaa9e42655912fd2527ebeb8828

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 31 Aug 2022 14:39:41 GMT
content-encoding: gzip
pod: X-Sovrn-Pod: ad_ap7ams1
vary: Accept-Encoding, User-Agent
access-control-allow-methods: GET, POST, DELETE, PUT
content-type: application/json
access-control-allow-origin: https://themorningtribune.com
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
content-length: 99

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 765 B
3 KB 201ms
154ms XHR
application/json 2602:803:c003:200::21
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17062&site_id=153530&zone_id=771356%3B771360%3B771358%3B771360%3B771356&size_id=15%3B15%3B15%3B15%3B2&alt_size_ids=16%2C43%3B16%2C43%3B16%2C43%3B16%2C43%3B1&rp_schain=1.0,1!insticator.com,4e60cb86-2850-46fb-bfca-bc9b7ff86475,1,1335ab6c0087146,,&rf=https%3A%2F%2Fthemorningtribune.com%2F&tg_i.pbadslot=themorningtribune.com-div-insticator-ad-3%3Bthemorningtribune.com-div-insticator-ad-1%3Bthemorningtribune.com-div-insticator-ad-4%3Bthemorningtribune.com-div-insticator-ad-5%3Bthemorningtribune.com-anchor-div-insticator-ad-anchor&tk_flint=pbjs_lite_v6.15.0&x_source.tid=5bf70782-605a-4185-ab65-a80655a00814%3Bf50f172f-8382-447c-8dbb-b88bd1d6f940%3Bdc21070b-89b1-401c-869f-5160c3b70c82%3Bf381dcfe-a8e9-4990-acfc-b3cd4edfdbb3%3Ba6069351-855f-4c62-bb4e-692946e30b07&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=themorningtribune.com-div-insticator-ad-3%3Bthemorningtribune.com-div-insticator-ad-1%3Bthemorningtribune.com-div-insticator-ad-4%3Bthemorningtribune.com-div-insticator-ad-5%3Bthemorningtribune.com-anchor-div-insticator-ad-anchor&slots=5&rand=0.8557737111917203
Requested by: Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 1f2cfcdf35174d9fd9f4ff017e8f5557af5cfccaffa742a03958b5fba518d4ad

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 31 Aug 2022 14:39:41 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://themorningtribune.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 765
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK close-btn.png
embedproduction.s3.amazonaws.com/files/images/ 592 B
1000 B 342ms
125ms Image
image/png 52.217.173.145
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://embedproduction.s3.amazonaws.com/files/images/close-btn.png
Requested by: Host: themorningtribune.com
URL: https://themorningtribune.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.173.145 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: a7b9f24a8dec9b21915215bc54d458cd8ff7f0b501f17c2e32f2de8e0cd82f81

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 14:39:42 GMT
Last-Modified: Tue, 26 Nov 2019 16:29:04 GMT
Server: AmazonS3
x-amz-request-id: PCVFY5Z2D8BSC642
ETag: "2298668a0d4b08e7d3e9726cf42696e9"
Content-Type: image/png
x-amz-version-id: .AkIXgBEyCWDe8DX4oIvcL6LAIAooFgY
Accept-Ranges: bytes
Content-Length: 592
x-amz-id-2: Yg/POvCFYJWLvd0geVPiRiZmCFjGexfJpBTxfK+FtpP5bRL1NnLJU8ed/BBxYBYaX8gh9RPsFu8=

GET
H3 200 pubads_impl_2022083001.js Show response
securepubads.g.doubleclick.net/gpt/ 379 KB
129 KB 115ms
41ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083001.js?cb=31069258

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4baa280c316f80216c7d9dcb64f308726f23cfe4fd4ada8d36aee7c3ea101108

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:31:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 506
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131975
x-xss-protection: 0
last-modified: Tue, 30 Aug 2022 08:35:16 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 31 Aug 2023 14:31:15 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 135 B
125 B 161ms
82ms XHR
application/json 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=themorningtribune.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e97b9a3507465f95823d6d4c08dc0303a90a40b5f80f5a2f9b292e82e965f84f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 31 Aug 2022 14:39:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0
expires: Wed, 31 Aug 2022 14:39:41 GMT

GET
H2 200 authIframe.js Show response
auth.instiengage.com/auth/ Frame 7C77 65 KB
22 KB 11ms
10ms Script
application/javascript 2600:9000:21f3:600:9:78a:e540:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://auth.instiengage.com/auth/authIframe.js?v=1
Requested by: Host: auth.instiengage.com
URL: https://auth.instiengage.com/auth/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:600:9:78a:e540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d1d05642e23866a6d7fb1b165615355e7c01fffaf89c61e9c14c0beecb96ae23

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.instiengage.com/auth/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

x-amz-version-id: bjKlbjl1idrb07_BYuQLp8gSlZzXUS_r
content-encoding: br
last-modified: Tue, 16 Aug 2022 12:46:41 GMT
server: AmazonS3
age: 1
etag: W/"e0bffec4a3929b23d4347f914449f5cb"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
via: 1.1 a32f966fc5896281eb3de44fd8f57d40.cloudfront.net (CloudFront)
cache-control: max-age=300
date: Wed, 31 Aug 2022 14:39:40 GMT
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: DQJ0fShFR1MIgpglf0b6dx0k-STQekfwe9OoM7MiwxmYcM_jiKdY0Q==

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/3TZgZIog-UsaFDv31vC4L9R_/ 391 KB
156 KB 133ms
48ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/3TZgZIog-UsaFDv31vC4L9R_/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30a31bd4c38a2400b0e4aeb83da4f028cca84568378d1deedc236406792f1baf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://themorningtribune.com/
Origin: https://themorningtribune.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:23:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 966
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 159350
x-xss-protection: 0
last-modified: Sun, 21 Aug 2022 22:02:06 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 31 Aug 2023 14:23:35 GMT

GET
H/1.1 200
OK wrap.js Show response
confiant-integrations.global.ssl.fastly.net/gptprebidnative/202208101343/ 203 KB
65 KB 9ms
9ms Script
application/javascript 151.101.65.194
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202208101343/wrap.js
Requested by: Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/Fseez_-nDyWQXIJsbnoKkKTHXC4/gpt_and_prebid/config.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.194 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f83dccda0f23005e073046554fcb6f70e6cc5c6d5a31482d8cbf00c3cae72a69

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 14:39:41 GMT
Content-Encoding: gzip
Age: 483302
X-Cache: HIT
Connection: keep-alive
Content-Length: 66315
x-amz-id-2: tn9m/RJ+1Nqpr3MtD2Y1tL/tOZmzJYxGk6sdCOaSEQX8FdjVodEnZg+U+fqqgJTyKkRkriyrqrA=
X-Served-By: cache-hhn4064-HHN
Last-Modified: Thu, 11 Aug 2022 23:13:41 GMT
Server: AmazonS3
X-Timer: S1661956781.257096,VS0,VE0
ETag: "6dc02234ec68d77d35e4d6a9fe8b646f"
x-amz-request-id: VQD62AH5JPVQA99D
Via: 1.1 varnish
Cache-Control: public, max-age=864000
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
X-Cache-Hits: 1502126

GET
DATA 200
OK truncated
/ 216 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 41c8460c9c718fb0e8c275b7baa9083f5477ec0919bab552ef952ecee74c567b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 256 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7bb3c50cc5b07cea81e62a53039ec4aa49cd718058cbf799eef27bbdb5b958c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 251 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a288f6d8bed5da66244881b97b6355d945f6ca755c1fc09b750724745cceae03

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 385 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 82df16c2b9566862302bf45688a07667a9e658325d3fb54e5dcf9482306a39fa

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 273 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1f1c0e9e76f5baa28c2453d0d02b97d42e5f66283f0d3058a4ccc366e7f2411a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 411 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fbfd3438e10ab28f28f2e1a1fb2ab3bfa431336af08a72f597c0d4d73bfb046e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 240 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eaa3d12c6890efadb732d28d679f37a9d9f513ac686e7de453e82000612a7536

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 237 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e4446065ebfb65a302d17b88e2c7ed326d8402769eab0843833dea049a65c992

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 238 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1b26c04ff19851d0780ba6dbc37d4920b48f3eeb54963c9ea1667941e01bb7ed

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 480 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ee9a49aae5d1fc7602361ae5c6d69fc8eb128d007b4dee67d42ce19bbf2c87e0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 AVmanager.js Show response
player.aniview.com/script/6.1/ Frame C1DE 388 KB
110 KB 47ms
8ms Script
application/javascript 2a02:26f0:3500:595::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5d8ccec528a0617cae5a0755
Requested by: Host: player.avplayer.com
URL: https://player.avplayer.com/script/2/v/avcplayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:595::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 5968deed67db36c17098f115d0fd4318e4ef3616b6c3541da921599e64689040

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:41 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdv9k9cVq92mzNjQVAEk3nvYbWP81vYa42IhLQcO_UqBEfQrr1FitHi7LAqfkL5AI4NrQPmuuFWEDYlCVibPbBi9eG6ZuaDm
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 111996
last-modified: Tue, 30 Aug 2022 07:41:05 GMT
server: UploadServer
etag: "39abf610a1c41bfb1963220128a9136d"
vary: Accept-Encoding
x-goog-hash: crc32c=ixGcvg==, md5=Oav2EKHEG/sZYyIBKKkTbQ==
x-goog-generation: 1661845265455307
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: max-age=300
x-goog-stored-content-length: 111996
accept-ranges: bytes
content-type: application/javascript
expires: Wed, 31 Aug 2022 14:44:41 GMT

GET
H2 206 video_themorningtribune.com_1.mp4
d2nr2jos5slco1.cloudfront.net/Aniview-Content/ 4 MB
0 9ms
8ms Media
video/mp4 2600:9000:20eb:a600:1:4a30:d840:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2nr2jos5slco1.cloudfront.net/Aniview-Content/video_themorningtribune.com_1.mp4
Requested by: Host: themorningtribune.com
URL: https://themorningtribune.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:a600:1:4a30:d840:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://themorningtribune.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Range: bytes=0-

Response headers

x-amz-version-id: 7aJcgh0hF4fRbuz6.ymCgtWOBbd77uGj
via: 1.1 29051585a13addd312c8ac9d527433c6.cloudfront.net (CloudFront)
last-modified: Thu, 04 Aug 2022 10:14:46 GMT
server: AmazonS3
age: 39698
etag: "adcbb7b04b219e91567ce4c42128d202"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: video/mp4
Content-Range: bytes 0-5891463/5891464
date: Wed, 31 Aug 2022 03:38:04 GMT
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
Content-Length: 5891464
x-amz-cf-id: buy7Ok56i_s6dQm-eVXrftpRCdA3BoLvO74SlztHqnv1RNuOIBj0SA==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 128ms
35ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-135892861-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 5624
date: Wed, 31 Aug 2022 13:05:57 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 31 Aug 2022 15:05:57 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 201 KB
72 KB 136ms
49ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-1WV9GB5460&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-135892861-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2e783d0696fef803e1b623b19af6d6d744872b31c70cdbecd7a42770822226fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:41 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 73562
x-xss-protection: 0
expires: Wed, 31 Aug 2022 14:39:41 GMT

GET
H2 200 pxusr.gif
c.aaxads.com/ 43 B
220 B 15ms
15ms Image
image/gif 23.205.241.117
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.aaxads.com/pxusr.gif

Requested by

Host: themorningtribune.com
URL: https://themorningtribune.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.241.117 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-241-117.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

unused62: 8096267
date: Wed, 31 Aug 2022 14:39:41 GMT
last-modified: Mon, 26 Feb 2018 13:29:58 GMT
server: Apache
strict-transport-security: max-age=604800
content-type: image/gif
cache-control: max-age=589441
accept-ranges: bytes
content-length: 43
expires: Wed, 07 Sep 2022 10:23:42 GMT

GET
H/1.1 200
OK pxext.gif
www.aaxdetect.com/ 43 B
342 B 55ms
6ms Image
image/gif 23.205.239.15
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.aaxdetect.com/pxext.gif
Requested by: Host: themorningtribune.com
URL: https://themorningtribune.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.239.15 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-239-15.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Unused62: 8096267
Date: Wed, 31 Aug 2022 14:39:41 GMT
Last-Modified: Mon, 26 Feb 2018 13:29:58 GMT
Server: Apache
Content-Type: image/gif
Cache-Control: max-age=589509
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
Expires: Wed, 07 Sep 2022 10:24:50 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
351 B 112ms
36ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-1WV9GB5460&gtm=2oe8t0&_p=1621336062&cid=1582523878.1661956781&ul=en-us&sr=1600x1200&_z=ccd.v9B&_s=1&sid=1661956781&sct=1&seg=0&dl=https%3A%2F%2Fthemorningtribune.com%2F&dr=https%3A%2F%2Fwww.google.com%2F&dt=Insurance%20%3A%20Importance%2C%20Types%20And%20Benefits&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-1WV9GB5460
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 14:39:41 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://themorningtribune.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 token
eua.instiengage.com/v1/auth/ Frame 0
0 337ms
106ms Preflight 35.173.107.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://eua.instiengage.com/v1/auth/token
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.107.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-107-90.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://auth.instiengage.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://auth.instiengage.com
access-control-max-age: 3600
content-length: 0
date: Wed, 31 Aug 2022 14:39:41 GMT
vary: Origin

POST
H2 200 token Show response
eua.instiengage.com/v1/auth/ Frame 7C77 864 B
1016 B 119ms
119ms Fetch
application/json 35.173.107.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://eua.instiengage.com/v1/auth/token
Requested by: Host: auth.instiengage.com
URL: https://auth.instiengage.com/auth/authIframe.js?v=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.173.107.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-173-107-90.compute-1.amazonaws.com
Software: /
Resource Hash: ac8991d315736b1e100b0125d51fac2f21f1d43b83b76398480dbeebac8004ab

Request headers

Referer: https://auth.instiengage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://auth.instiengage.com
date: Wed, 31 Aug 2022 14:39:41 GMT
access-control-allow-credentials: true
content-length: 864
vary: Origin
content-type: application/json

GET
H2 200 track
track1.aniview.com/ 0
70 B 99ms
99ms Image
text/plain 52.0.187.152
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?r=themorningtribune.com&sn=&ic=0&tgt=0&app=&wi=640&he=361&test=&d36=6.2.52&apppkg=&fv=1&proto=https&clsid=ec25592b-5390-4ef8-a6de-4321146cbeae&rando=89&pid=5d8ccec528a0617cae5a0755&cid=62e9f831047b15547d6d6c55&stagid=62ea643a05e77f1a0c00c9b4&stplid=62ea5e3167828879e326ddc8&e=inventory&vi=100&cb=1661956781486
Requested by: Host: themorningtribune.com
URL: https://themorningtribune.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.0.187.152 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-0-187-152.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:41 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H2 200 log
l3.aaxads.com/ 35 B
194 B 15ms
7ms Image
image/gif 23.205.241.117
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l3.aaxads.com/log?___stu13p=aveoaamactga5dnnuee25ti2rm86bcrodqacb&lwbsh=AAX&wHos=147&dgw=desktop&flg=AAXJ0S45T&fw=FRANKFURT&ff=DE&xjg=4&dss=0&skw=1200&slg=8PR6YK195&gq=themorningtribune.com&vhuyqdph=ssp-serving-757987f55f-rg5b7&vyu=083012_436_083012_388_ssp&vf=HE&yhuvlrq=4&yk=1200&yz=1600&yvlg=&ylg=00001661956781362031177838088625&vvsDeExfnhw=CONTROL&oz=1&gdss=green&lwbshlg=6&vg=1&dgeg=0&qsd=0&jgsu_hqi=1&fvha=0&jgivwu=Y-N&jgsu=1&fvvwu=&wfi_fps=&wfi_vwdwxv=&wfi_sus=&vxf=0&wfi_dsl=0&xvs_hqi=1&xvs_vwdwxv=0&xvs_ogi=&xvs_vwulqj=&xifd=-1&frssd_vwdwxv=&frssd_dssolhg=&lg_ghwdlov=&dewh=SSP_CLIENT_gcp_w&deg=2&fdeg=0&gdeg=2&ghqg=145&fhqg=22&hqg=91&gvwduw=23&fvwduw=22&vwduw=22&uhtxuo=https%3A%2F%2Fthemorningtribune.com%2F&nzui=https%3A%2F%2Fwww.google.com%2F%3F%26
Requested by: Host: themorningtribune.com
URL: https://themorningtribune.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.241.117 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-241-117.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.35.v20201120) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 14:39:41 GMT
server: Jetty(9.4.35.v20201120)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Wed, 31 Aug 2022 14:39:41 GMT

GET
DATA 200
OK truncated
/ 552 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 058bc5e95f1b17f0af263e284d3801d683cb0ab79cee4bd2d5265ba0e2d6b336

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 132ms
46ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=themorningtribune.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083001.js?cb=31069258

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 31 Aug 2022 14:39:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 126ms
47ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=themorningtribune.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083001.js?cb=31069258

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 31 Aug 2022 14:39:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 23 KB
10 KB 1163ms
1163ms XHR
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=831475634392767&correlator=1786951462193036&eid=31068458%2C31069258&output=ldjh&gdfp_req=1&vrg=2022083001&ptt=17&impl=fif&iu_parts=22387492205%3A22741543808%2Cthemorningtribune.com.Banner0.1659520629&enc_prev_ius=%2F0%2F1&prev_iu_szs=250x250%7C300x250%7C336x280%7C320x280%7C360x300&ifi=1&adks=3122680410&sfv=1-0-38&fsapi=false&eri=4&sc=1&cookie_enabled=1&cdm=themorningtribune.com&abxe=1&dt=1661956781552&dlt=1661956780890&idt=625&adxs=320&adys=1592&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=themorningtribune.com&loc=https%3A%2F%2Fthemorningtribune.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&frm=20&vis=1&psz=630x0&msz=630x0&fws=0&ohw=0&ga_vid=1582523878.1661956781&ga_sid=1661956782&ga_hid=1621336062&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083001.js?cb=31069258

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7e2f92fc821a0c30f9586203f47ac6e64d4fed9e6ae42f84973272bcfbccdab5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:42 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10103
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://themorningtribune.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 501 B
287 B 439ms
438ms XHR
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=831475634392767&correlator=1786951462193036&eid=31068458%2C31069258&output=ldjh&gdfp_req=1&vrg=2022083001&ptt=17&impl=fif&iu_parts=22387492205%3A22741543808%2Cthemorningtribune.com.Banner0.1659520691&enc_prev_ius=%2F0%2F1&prev_iu_szs=250x250%7C300x250%7C320x280%7C336x280%7C360x300&ifi=2&adks=1444370278&sfv=1-0-38&fsapi=false&eri=4&sc=1&cookie_enabled=1&cdm=themorningtribune.com&abxe=1&dt=1661956781557&dlt=1661956780890&idt=625&adxs=320&adys=2074&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=2&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=themorningtribune.com&loc=https%3A%2F%2Fthemorningtribune.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&frm=20&vis=1&psz=630x0&msz=630x0&fws=0&ohw=0&ga_vid=1582523878.1661956781&ga_sid=1661956782&ga_hid=1621336062&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083001.js?cb=31069258

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

97a5a832fe62077aae129046a769c97dcecc31f935d64bff410148c98d988edd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:41 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 257
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://themorningtribune.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 501 B
290 B 765ms
764ms XHR
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=831475634392767&correlator=1786951462193036&eid=31068458%2C31069258&output=ldjh&gdfp_req=1&vrg=2022083001&ptt=17&impl=fif&iu_parts=22387492205%3A22741543808%2Cthemorningtribune.com.Banner0.1659520661&enc_prev_ius=%2F0%2F1&prev_iu_szs=250x250%7C300x250%7C320x280%7C336x280%7C360x300&ifi=3&adks=3460338177&sfv=1-0-38&fsapi=false&eri=4&sc=1&cookie_enabled=1&cdm=themorningtribune.com&abxe=1&dt=1661956781559&dlt=1661956780890&idt=625&adxs=320&adys=2576&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=3&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=themorningtribune.com&loc=https%3A%2F%2Fthemorningtribune.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&frm=20&vis=1&psz=630x0&msz=630x0&fws=0&ohw=0&ga_vid=1582523878.1661956781&ga_sid=1661956782&ga_hid=1621336062&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083001.js?cb=31069258

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

74d59f64d6d9d876d731c78986819a45732517ea6fe8f7044b4381a7028c8cba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:42 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 260
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://themorningtribune.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 998C 6 KB
4 KB 142ms
45ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083001.js?cb=31069258

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 31 Aug 2022 14:39:41 GMT
expires: Thu, 31 Aug 2023 14:39:41 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 / Show response
go1.aniview.com/api/adserver/tag/ 27 KB
5 KB 378ms
154ms XHR
application/json 3.224.43.174
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://go1.aniview.com/api/adserver/tag/?AV_VIDEOURL=https%3A%2F%2Fd2nr2jos5slco1.cloudfront.net%2FAniview-Content%2Fvideo_themorningtribune.com_1.mp4&AV_SLOTT=-2&AV_SECURED=1&AV_LANGUAGE=en&AV_URL=https%3A%2F%2Fthemorningtribune.com%2F&AV_PUBLISHERID=5d8ccec528a0617cae5a0755&AV_CHANNELID=62e9f831047b15547d6d6c55&tgt=0&AV_SUBID=&AV_CDIM1=&AV_CDIM2=&AV_CDIM3=&AV_ABT=&pce=1&npx=1&AV_DETDOMAIN=themorningtribune.com&AV_DADPOS=1&AV_TAG=62ea643a05e77f1a0c00c9b4&AV_TEMPLATE=62ea5e3167828879e326ddc8&d36=6.2.52&responsive=1&sver=2&avtoken=781485&omv=1.0.1&clsid=ec25592b-5390-4ef8-a6de-4321146cbeae&rando=89&AV_WIDTH=640&AV_HEIGHT=361&AV_DNT=0&cb=1661956781568&wfc=1
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5d8ccec528a0617cae5a0755
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.224.43.174 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-224-43-174.compute-1.amazonaws.com
Software: /
Resource Hash: 440b5c51b81918a0e8d9cf4b5a53ce6abd807225a9e7d3591dc61ae8f71f3058

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:41 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://themorningtribune.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Sat, 20 Aug 2022 00:53:01 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 123ms
45ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1621336062&t=pageview&_s=1&dl=https%3A%2F%2Fthemorningtribune.com%2F&dr=https%3A%2F%2Fwww.google.com%2F&ul=en-us&de=UTF-8&dt=Insurance%20%3A%20Importance%2C%20Types%20And%20Benefits&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAAC~&jid=1222025232&gjid=1303489487&cid=1582523878.1661956781&tid=UA-135892861-1&_gid=1717711695.1661956782&_r=1&gtm=2ou8t0&z=897365482

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 14:39:41 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://themorningtribune.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 6684 43 KB
22 KB 60ms
60ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfrFKQUAAAAAMzFobDZ7ZWy982lDxeps8cd1I2i&co=aHR0cHM6Ly90aGVtb3JuaW5ndHJpYnVuZS5jb206NDQz&hl=de&v=3TZgZIog-UsaFDv31vC4L9R_&size=normal&cb=4ozof0k10p1y

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/3TZgZIog-UsaFDv31vC4L9R_/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ae3dffa9e5205045f5a4971a91fbae7b77e63bbf93c57f5b1cde25836c203e23

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-RPoIUcN8lqfN8jUAb75Lnw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 22812
content-security-policy: script-src 'report-sample' 'nonce-RPoIUcN8lqfN8jUAb75Lnw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 31 Aug 2022 14:39:41 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/3TZgZIog-UsaFDv31vC4L9R_/ Frame 6684 52 KB
24 KB 111ms
37ms Stylesheet
text/css 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/3TZgZIog-UsaFDv31vC4L9R_/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfrFKQUAAAAAMzFobDZ7ZWy982lDxeps8cd1I2i&co=aHR0cHM6Ly90aGVtb3JuaW5ndHJpYnVuZS5jb206NDQz&hl=de&v=3TZgZIog-UsaFDv31vC4L9R_&size=normal&cb=4ozof0k10p1y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

caf2650aa985d277b2dd131a6261888bc64e6c9bc15e5564bfb9b380bcf82a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:01:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2302
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24251
x-xss-protection: 0
last-modified: Sun, 21 Aug 2022 22:02:06 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 31 Aug 2023 14:01:19 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/3TZgZIog-UsaFDv31vC4L9R_/ Frame 6684 391 KB
156 KB 130ms
57ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/3TZgZIog-UsaFDv31vC4L9R_/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30a31bd4c38a2400b0e4aeb83da4f028cca84568378d1deedc236406792f1baf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:23:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 966
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 159350
x-xss-protection: 0
last-modified: Sun, 21 Aug 2022 22:02:06 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 31 Aug 2023 14:23:35 GMT

OPTIONS
H2 200 event
event.insticator.com/v1/ Frame 0
0 102ms
102ms Preflight 35.172.84.50
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://event.insticator.com/v1/event?event_name=event_adunit-load
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.172.84.50 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-172-84-50.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://themorningtribune.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://themorningtribune.com
access-control-max-age: 3600
content-length: 0
date: Wed, 31 Aug 2022 14:39:41 GMT
vary: Origin

POST
H2 201 event Show response
event.insticator.com/v1/ 0
124 B 102ms
102ms XHR
text/plain 35.172.84.50
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://event.insticator.com/v1/event?event_name=event_adunit-load
Requested by: Host: d2f0uviei09pxb.cloudfront.net
URL: https://d2f0uviei09pxb.cloudfront.net/ads-code/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.172.84.50 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-172-84-50.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-type: application/json

Response headers

access-control-allow-origin: https://themorningtribune.com
date: Wed, 31 Aug 2022 14:39:41 GMT
access-control-allow-credentials: true
content-length: 0
vary: Origin

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 131ms
50ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=themorningtribune.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083001.js?cb=31069258

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 31 Aug 2022 14:39:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 126ms
48ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=themorningtribune.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083001.js?cb=31069258

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 31 Aug 2022 14:39:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 461 B
265 B 1408ms
1408ms XHR
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=831475634392767&correlator=1786951462193036&eid=31068458%2C31069258&output=ldjh&gdfp_req=1&vrg=2022083001&ptt=17&impl=fif&iu_parts=2507246%3A22741543808%2Cthemorningtribune.com_Web_300x250_5&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x100%7C300x250%7C250x250%7C336x280%7C320x50&ifi=4&adks=3237781918&sfv=1-0-38&fsapi=false&prev_scp=h%3D14%26shb%3D1%26tg%3D0%26p%3DBTF%26at%3D1%26hostname%3Dthemorningtribune.com%26consent%3D0%26Exclude_Adx%3DN%26ib%3Dnofill%26iba%3D0%26iaid%3Dnofill%26it%3Dil&eri=4&cust_params=ip%3D0%26he%3D0&ppid=9021085b-2113-4092-87c5-406188258e97&sc=1&cookie_enabled=1&cdm=themorningtribune.com&abxe=1&dt=1661956781745&dlt=1661956780890&idt=625&adxs=550&adys=423&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=themorningtribune.com&loc=https%3A%2F%2Fthemorningtribune.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&frm=20&vis=1&psz=730x280&msz=336x-1&fws=0&ohw=0&ga_vid=1582523878.1661956781&ga_sid=1661956782&ga_hid=1621336062&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083001.js?cb=31069258

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

468fb6c5848226f0e15f6cc0f1bac25efeb51e95eed896438df4dcfc4b3f6646

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:43 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 235
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://themorningtribune.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 461 B
265 B 1139ms
1137ms XHR
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=831475634392767&correlator=1786951462193036&eid=31068458%2C31069258&output=ldjh&gdfp_req=1&vrg=2022083001&ptt=17&impl=fif&iu_parts=2507246%3A22741543808%2Cthemorningtribune.com_Web_300x250_3&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x100%7C300x250%7C250x250%7C336x280%7C320x50&ifi=5&adks=110789225&sfv=1-0-38&fsapi=false&prev_scp=h%3D14%26shb%3D1%26tg%3D0%26p%3DBTF%26at%3D1%26hostname%3Dthemorningtribune.com%26consent%3D0%26Exclude_Adx%3DN%26ib%3Dnofill%26iba%3D0%26iaid%3Dnofill%26it%3Dil&eri=4&cust_params=ip%3D0%26he%3D0&ppid=9021085b-2113-4092-87c5-406188258e97&sc=1&cookie_enabled=1&cdm=themorningtribune.com&abxe=1&dt=1661956781748&dlt=1661956780890&idt=625&adxs=320&adys=793&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=themorningtribune.com&loc=https%3A%2F%2Fthemorningtribune.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&frm=20&vis=1&psz=960x280&msz=336x-1&fws=0&ohw=0&ga_vid=1582523878.1661956781&ga_sid=1661956782&ga_hid=1621336062&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083001.js?cb=31069258

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

52e5363f331ef57a92dc23d84fdb3f950f7c25d67c1ad2d5192917bec045b9d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:42 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 235
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://themorningtribune.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 461 B
265 B 2154ms
2153ms XHR
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=831475634392767&correlator=1786951462193036&eid=31068458%2C31069258&output=ldjh&gdfp_req=1&vrg=2022083001&ptt=17&impl=fif&iu_parts=2507246%3A22741543808%2Cthemorningtribune.com_Web_300x250_6&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x100%7C300x250%7C250x250%7C336x280%7C320x50&ifi=6&adks=3801146092&sfv=1-0-38&fsapi=false&prev_scp=h%3D14%26shb%3D1%26tg%3D0%26p%3DBTF%26at%3D1%26hostname%3Dthemorningtribune.com%26consent%3D0%26Exclude_Adx%3DN%26ib%3Dnofill%26iba%3D0%26iaid%3Dnofill%26it%3Dil&eri=4&cust_params=ip%3D0%26he%3D0&ppid=9021085b-2113-4092-87c5-406188258e97&sc=1&cookie_enabled=1&cdm=themorningtribune.com&abxe=1&dt=1661956781753&dlt=1661956780890&idt=625&adxs=320&adys=2869&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=4&ucis=6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=themorningtribune.com&loc=https%3A%2F%2Fthemorningtribune.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&frm=20&vis=1&psz=630x280&msz=336x-1&fws=0&ohw=0&ga_vid=1582523878.1661956781&ga_sid=1661956782&ga_hid=1621336062&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083001.js?cb=31069258

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ec93c7ca896b5021842e5cdd33a9c0e7c0d9c374328601e6a9b90b153fe5a256

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:43 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 235
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://themorningtribune.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 461 B
266 B 1852ms
1851ms XHR
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=831475634392767&correlator=1786951462193036&eid=31068458%2C31069258&output=ldjh&gdfp_req=1&vrg=2022083001&ptt=17&impl=fif&iu_parts=2507246%3A22741543808%2Cthemorningtribune.com_Web_300x250_7&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x100%7C300x250%7C250x250%7C336x280%7C320x50&ifi=7&adks=3607993194&sfv=1-0-38&fsapi=false&prev_scp=h%3D14%26shb%3D1%26tg%3D0%26p%3DBTF%26at%3D1%26hostname%3Dthemorningtribune.com%26consent%3D0%26Exclude_Adx%3DN%26ib%3Dnofill%26iba%3D0%26iaid%3Dnofill%26it%3Dil&eri=4&cust_params=ip%3D0%26he%3D0&ppid=9021085b-2113-4092-87c5-406188258e97&sc=1&cookie_enabled=1&cdm=themorningtribune.com&abxe=1&dt=1661956781756&dlt=1661956780890&idt=625&adxs=320&adys=3211&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=5&ucis=7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=themorningtribune.com&loc=https%3A%2F%2Fthemorningtribune.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&frm=20&vis=1&psz=960x280&msz=336x-1&fws=0&ohw=0&ga_vid=1582523878.1661956781&ga_sid=1661956782&ga_hid=1621336062&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083001.js?cb=31069258

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cdf46ca79829262520e3acbb1de71abbe886c7cdf82485c1c5bdf600a95af8bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:43 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 236
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://themorningtribune.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 453 B
252 B 394ms
393ms XHR
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=831475634392767&correlator=1786951462193036&eid=31068458%2C31069258&output=ldjh&gdfp_req=1&vrg=2022083001&ptt=17&impl=fif&iu_parts=2507246%3A22741543808%2Cthemorningtribune.com-anchor&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=8&adks=1176239122&sfv=1-0-38&fsapi=false&prev_scp=h%3D14%26shb%3D1%26tg%3D0%26p%3DBTF%26at%3D1%26hostname%3Dthemorningtribune.com%26consent%3D0%26Exclude_Adx%3DN%26ib%3Dnofill%26iba%3D0%26iaid%3Dnofill%26it%3Dil&eri=4&cust_params=ip%3D0%26he%3D0&ppid=9021085b-2113-4092-87c5-406188258e97&sc=1&cookie_enabled=1&cdm=themorningtribune.com&abxe=1&dt=1661956781759&dlt=1661956780890&idt=625&adxs=-12245933&adys=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=themorningtribune.com&loc=https%3A%2F%2Fthemorningtribune.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&frm=20&vis=1&psz=0x-1&msz=0x-1&fws=640&ohw=0&ga_vid=1582523878.1661956781&ga_sid=1661956782&ga_hid=1621336062&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083001.js?cb=31069258

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e92301483f59a4dfbf8227bc559b3b3cdf3816516dafae4b808a4c9236688d5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:42 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 222
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://themorningtribune.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 150 KB
42 KB 761ms
761ms XHR
text/plain 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=831475634392767&correlator=1786951462193036&eid=31068458%2C31069258&output=ldjh&gdfp_req=1&vrg=2022083001&ptt=17&impl=fif&iu_parts=2507246%3A22741543808%2Cthemorningtribune.com-interstitial&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ifi=9&adks=2839294087&sfv=1-0-38&ists=1&fas=8&fsapi=false&eri=4&cust_params=ip%3D0%26he%3D0&ppid=9021085b-2113-4092-87c5-406188258e97&sc=1&cookie_enabled=1&cdm=themorningtribune.com&abxe=1&dt=1661956781762&dlt=1661956780890&idt=625&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=9&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=themorningtribune.com&loc=https%3A%2F%2Fthemorningtribune.com%2F&ref=https%3A%2F%2Fwww.google.com%2F&frm=20&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=1582523878.1661956781&ga_sid=1661956782&ga_hid=1621336062&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083001.js?cb=31069258

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

51a3199e36112423d2c812e8374ebbdd14856a5bd5a963d60b3609321f224864

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:42 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42701
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://themorningtribune.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pubads_impl_page_level_ads_2022083001.js Show response
securepubads.g.doubleclick.net/gpt/ 36 KB
13 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022083001.js?cb=31069258

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083001.js?cb=31069258

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e452e427426a73874dc18f54731b508406883dd902393dc5e393625ab22fd574

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 11:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 99209
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13587
x-xss-protection: 0
last-modified: Tue, 30 Aug 2022 08:35:16 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 30 Aug 2023 11:06:12 GMT

GET
DATA 200
OK truncated
/ Frame 6684 14 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 6684 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 6684 2 KB
2 KB 38ms
37ms Image
image/png 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/3TZgZIog-UsaFDv31vC4L9R_/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/3TZgZIog-UsaFDv31vC4L9R_/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 19:40:09 GMT
x-content-type-options: nosniff
age: 500372
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Thu, 01 Sep 2022 19:40:09 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6684 15 KB
15 KB 113ms
36ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 11:18:05 GMT
x-content-type-options: nosniff
age: 98497
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 30 Aug 2023 11:18:05 GMT

GET
H2 200 pwt.js Show response
ads.pubmatic.com/AdServer/js/pwt/95054/6114/ Frame C1DE 212 KB
65 KB 26ms
9ms Script
application/javascript 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/pwt/95054/6114/pwt.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5d8ccec528a0617cae5a0755
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 19224a7a57346c84e045ffa4d33ace67e09b9369b22f26c5521b3fe1f9623800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:42 GMT
content-encoding: gzip
last-modified: Fri, 05 Aug 2022 22:22:21 GMT
server: Apache
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=165045
accept-ranges: bytes
content-type: application/javascript
content-length: 66266
expires: Fri, 02 Sep 2022 12:30:27 GMT

GET
H2 204 occ
ups.analytics.yahoo.com/ups/58543/ Frame A859 0
0 44ms
11ms Document
text/plain 3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ups.analytics.yahoo.com/ups/58543/occ?gdpr=1&gdpr_consent=

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5d8ccec528a0617cae5a0755

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.25 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 0
date: Wed, 31 Aug 2022 14:39:42 GMT
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
server: ATS/9.1.10.25
strict-transport-security: max-age=31536000

GET
H2

200

cookiesyncendpoint Show response
sync.aniview.com/ Frame B13A
Redirect Chain

https://prebid.a-mo.net/cchain/0?gdpr=1&gdpr_consent=&cb=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1661956781852-998052144916-006105-003-006292%26biddername%3D105%26pid%3D5d8ccec...
https://sync.aniview.com/cookiesyncendpoint?auid=1661956781852-998052144916-006105-003-006292&biddername=105&pid=5d8ccec528a0617cae5a0755&key=6255699c-afc3-48bb-8e2f-e1a7355ec7f6&gdpr=1&gdpr_consen...

0
38 B

311ms
99ms

Document
text/plain

3.226.147.34
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aniview.com/cookiesyncendpoint?auid=1661956781852-998052144916-006105-003-006292&biddername=105&pid=5d8ccec528a0617cae5a0755&key=6255699c-afc3-48bb-8e2f-e1a7355ec7f6&gdpr=1&gdpr_consent=&us_privacy=
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5d8ccec528a0617cae5a0755
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.226.147.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-226-147-34.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 0
date: Wed, 31 Aug 2022 14:39:42 GMT

Redirect headers

cache-control: max-age=0, private, must-revalidate
content-length: 0
date: Wed, 31 Aug 2022 14:39:41 GMT
location: https://sync.aniview.com/cookiesyncendpoint?auid=1661956781852-998052144916-006105-003-006292&biddername=105&pid=5d8ccec528a0617cae5a0755&key=6255699c-afc3-48bb-8e2f-e1a7355ec7f6&gdpr=1&gdpr_consent=&us_privacy=
server: envoy
x-envoy-upstream-service-time: 1

GET
H/1.1 204
No Content pixel
ap.lijit.com/ Frame 9400 0
0 24ms
21ms Document
text/plain 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/pixel?us_privacy=1---&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1661956781852-998052144916-006105-003-006292%26biddername%3D18%26key%3D%24UID
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5d8ccec528a0617cae5a0755
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
access-control-allow-methods: GET, POST, DELETE, PUT
access-control-allow-origin: *
date: Wed, 31 Aug 2022 14:39:41 GMT
pod: X-Sovrn-Pod: ad_ap7ams1

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame D207 0
0 345ms
111ms Document
text/plain 67.202.105.21
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0010b00001rrPUnAAM&us_privacy=1---&ru=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1661956781852-998052144916-006105-003-006292%26biddername%3D104%26pid%3D5d8ccec528a0617cae5a0755%26key%3D33XUSERID33X
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5d8ccec528a0617cae5a0755
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.21 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip21.67-202-105.static.steadfastdns.net
Software: 33XP003 /
Resource Hash

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

date: Wed, 31 Aug 2022 14:39:42 GMT
server: 33XP003
x-33x-status: 2000208

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame A512
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=&endpoint=us-east
https://eus.rubiconproject.com/usync.html?p=&endpoint=us-east

281 B
554 B

29ms
7ms

Document
text/html

23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=&endpoint=us-east
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5d8ccec528a0617cae5a0755
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 31 Aug 2022 14:39:42 GMT
ETag: "40014-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Wed, 31 Aug 2022 14:39:42 GMT
location: https://eus.rubiconproject.com/usync.html?p=&endpoint=us-east
server: AkamaiGHost

GET
H2 204 services
sync.technoratimedia.com/ Frame 7DA2 0
0 323ms
102ms Document
text/plain 132.226.63.138
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=70&uid=1661956781852-998052144916-006105-003-006292&cb=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1661956781852-998052144916-006105-003-006292%26biddername%3D3%26key%3D%5BUSER_ID%5D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5d8ccec528a0617cae5a0755
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 132.226.63.138 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-methods: POST,GET,HEAD,OPTIONS
access-control-allow-origin: https://themorningtribune.com/
age: 0
date: Wed, 31 Aug 2022 14:39:42 GMT
server: nginx
via: 1.1 varnish
x-varnish: 1025910611

GET
H2

200

cookiesyncendpoint Show response
sync.aniview.com/ Frame 649C
Redirect Chain

https://ad.360yield.com/server_match?partner_id=1581&r=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1661956781852-998052144916-006105-003-006292%26biddername%3D22%26key%3D%7BPUB_USE...
https://ad.360yield.com/ul_cb/server_match?partner_id=1581&r=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1661956781852-998052144916-006105-003-006292%26biddername%3D22%26key%3D%7BP...
https://sync.aniview.com/cookiesyncendpoint?auid=1661956781852-998052144916-006105-003-006292&biddername=22&key=984d0369-2afa-4669-a200-a86267db506a

0
37 B

191ms
100ms

Document
text/plain

3.226.147.34
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aniview.com/cookiesyncendpoint?auid=1661956781852-998052144916-006105-003-006292&biddername=22&key=984d0369-2afa-4669-a200-a86267db506a
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5d8ccec528a0617cae5a0755
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.226.147.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-226-147-34.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 0
date: Wed, 31 Aug 2022 14:39:42 GMT

Redirect headers

access-control-allow-origin: *
content-length: 0
content-type: text/plain
date: Wed, 31 Aug 2022 14:39:42 GMT
location: https://sync.aniview.com/cookiesyncendpoint?auid=1661956781852-998052144916-006105-003-006292&biddername=22&key=984d0369-2afa-4669-a200-a86267db506a
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 0CB4 15 KB
6 KB 14ms
7ms Document
text/html 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=160993&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1661956781852-998052144916-006105-003-006292%26biddername%3D1%26key%3D
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5d8ccec528a0617cae5a0755
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=37856
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Wed, 31 Aug 2022 14:39:42 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Thu, 01 Sep 2022 01:10:38 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

GET
H2

200

cookiesyncendpoint Show response
sync.aniview.com/ Frame 29CB
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=562704&ev=1&us_privacy=${us_privacy}&rurl=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1661956781852-998052144916-006105-003-006292%26bidderna...
https://sync.aniview.com/cookiesyncendpoint?auid=1661956781852-998052144916-006105-003-006292&biddername=10&pid=59c9148628a0612da3689288&key=SuN65qZRSzan&ev=1&us_privacy=${us_privacy}&pid=562704

0
37 B

103ms
103ms

Document
text/plain

3.226.147.34
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aniview.com/cookiesyncendpoint?auid=1661956781852-998052144916-006105-003-006292&biddername=10&pid=59c9148628a0612da3689288&key=SuN65qZRSzan&ev=1&us_privacy=${us_privacy}&pid=562704
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5d8ccec528a0617cae5a0755
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.226.147.34 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-226-147-34.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 0
date: Wed, 31 Aug 2022 14:39:42 GMT

Redirect headers

cache-control: private, max-age=0, no-cache, no-store
content-language: de-DE
cw-server: bh-deployment-dd6bdcf45-zmlrl
expires: -1
location: https://sync.aniview.com/cookiesyncendpoint?auid=1661956781852-998052144916-006105-003-006292&biddername=10&pid=59c9148628a0612da3689288&key=SuN65qZRSzan&ev=1&us_privacy=${us_privacy}&pid=562704
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
server: Jetty(9.4.14.v20181114)
strict-transport-security: max-age=15768000

GET
H2 200 avpb6.27.0.js Show response
player.aniview.com/script/6.1/libs/prebid/ Frame C1DE 178 KB
54 KB 9ms
8ms Script
application/javascript 2a02:26f0:3500:595::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/libs/prebid/avpb6.27.0.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5d8ccec528a0617cae5a0755
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:595::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 3c94d07090acdd3c44fa5f23a2c957c961c7413129f068acecf17f1402102c4d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:42 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdvKvmWiVVXqMOFMSLysgndQnGEPDx0nqD6Zcajt4xV4bEb04CJXMqNHUIs2942eutasnP2Bj9JZdFOkzhuVmtgALSFXnhsL
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 54791
last-modified: Tue, 30 Aug 2022 07:41:06 GMT
server: UploadServer
etag: "f119bcda7895dcafdf1afb9e057db96a"
vary: Accept-Encoding
x-goog-hash: crc32c=g/uFjQ==, md5=8Rm82niV3K/fGvueBX25ag==
x-goog-generation: 1661845265993220
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 54791
accept-ranges: bytes
content-type: application/javascript
expires: Wed, 31 Aug 2022 14:44:42 GMT

GET
H2 200 avpb6.27.0a1.js Show response
player.aniview.com/script/6.1/libs/prebid/ Frame C1DE 71 KB
22 KB 11ms
10ms Script
application/javascript 2a02:26f0:3500:595::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/libs/prebid/avpb6.27.0a1.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5d8ccec528a0617cae5a0755
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:595::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 9ff07ed2c891ed887a0e9eb61461ca9c00277a27fd98d73e40d60b91b2eb86f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:42 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdurohrl6uDs0_vddVf0UC67b2ByCU3sLBDWKIQzXDaZzT3JRf128I5yVA0gf9FSYAxo08WoIKuacg_hqwq_mL5Mjg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 22126
last-modified: Tue, 30 Aug 2022 07:41:06 GMT
server: UploadServer
etag: "5c353f7870f0b95d052916a0d375be59"
vary: Accept-Encoding
x-goog-hash: crc32c=xmKZqQ==, md5=XDU/eHDwuV0FKRag03W+WQ==
x-goog-generation: 1661845266168810
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 22126
accept-ranges: bytes
content-type: application/javascript
expires: Wed, 31 Aug 2022 14:44:42 GMT

GET
H2 200 avpb6.27.0a0.js Show response
player.aniview.com/script/6.1/libs/prebid/ Frame C1DE 73 KB
25 KB 12ms
12ms Script
application/javascript 2a02:26f0:3500:595::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/libs/prebid/avpb6.27.0a0.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5d8ccec528a0617cae5a0755
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:595::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 57a18b6c18cc1cb382fc80abd6302ee9c092d472b15d257fd911d942e6def986

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:42 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdtYvuvgdH0dvr3lYthE4-z56WhdGsx3Lhx58OIb-kR1-FhmFa_o7Tky_VENmRGteyhQR7-NSeDeZM9e-G9kxC9J3h43ums2
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 24663
last-modified: Tue, 30 Aug 2022 07:41:06 GMT
server: UploadServer
etag: "d58c8aa0ae95a47cd8d2b96d1378a627"
vary: Accept-Encoding
x-goog-hash: crc32c=zBdP+A==, md5=1YyKoK6VpHzY0rltE3imJw==
x-goog-generation: 1661845266160999
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 24663
accept-ranges: bytes
content-type: application/javascript
expires: Wed, 31 Aug 2022 14:44:42 GMT

GET
H2 200 avpb6.27.0a3.js Show response
player.aniview.com/script/6.1/libs/prebid/ Frame C1DE 66 KB
20 KB 13ms
11ms Script
application/javascript 2a02:26f0:3500:595::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/libs/prebid/avpb6.27.0a3.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5d8ccec528a0617cae5a0755
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:595::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 737ecccfd5058eeb7a46e5ea9616822be78a60668342b22f2fcfae3130f7d8c1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:42 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdv3uiVaM4yh7eB2c3bRObq1_Y7lUF0NYkfM1QG0ESzbxhYqneFkcZuWyPt9wG6JIW0x2G2uLoI0TwKLe7duHYDT8w
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 20155
last-modified: Tue, 30 Aug 2022 07:41:06 GMT
server: UploadServer
etag: "395e7c9c54f101472de0d326d39eee5e"
vary: Accept-Encoding
x-goog-hash: crc32c=MDfEzg==, md5=OV58nFTxAUct4NMm057uXg==
x-goog-generation: 1661845266183553
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 20155
accept-ranges: bytes
content-type: application/javascript
expires: Wed, 31 Aug 2022 14:44:42 GMT

GET
H2 200 avpb6.27.0a2.js Show response
player.aniview.com/script/6.1/libs/prebid/ Frame C1DE 68 KB
21 KB 14ms
13ms Script
application/javascript 2a02:26f0:3500:595::2c79
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://player.aniview.com/script/6.1/libs/prebid/avpb6.27.0a2.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5d8ccec528a0617cae5a0755
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:595::2c79 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 3d339d8964a7cbfedf6d7bede292d224a5fe885ee37ffc9ee1a9220851a1ee4e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:42 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycds7vll2nLwMPrAVI9OJTFck4mqioo2L0oa_bxdtth-zhiNXNh4Q8iOIK5T83cCVQVKqM-ZUyifUKjx3LZEdnowaruZ5M-oZ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 20618
last-modified: Tue, 30 Aug 2022 07:41:06 GMT
server: UploadServer
etag: "24bb351cb8f18365caa0e3a69b1f7fc6"
vary: Accept-Encoding
x-goog-hash: crc32c=kbG7rQ==, md5=JLs1HLjxg2XKoOOmmx9/xg==
x-goog-generation: 1661845266155242
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=300
x-goog-stored-content-length: 20618
accept-ranges: bytes
content-type: application/javascript
expires: Wed, 31 Aug 2022 14:44:42 GMT

POST
H2 200 s2s Show response
s2s.aniview.com/api/adserver/ 1 B
368 B 375ms
150ms Fetch
text/plain 54.224.154.15
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://s2s.aniview.com/api/adserver/s2s?auc_id=5df78a39b1c4382fb7d8d8754a0a1ba9_1723154255&wpm=&ssrtb=&pbjs=&tms=&AV_C_USER_ID=1661956781852-998052144916-006105-003-006292&AV_VIDEOURL=https%3A%2F%2Fd2nr2jos5slco1.cloudfront.net%2FAniview-Content%2Fvideo_themorningtribune.com_1.mp4&AV_SLOTT=-2&AV_SECURED=1&AV_LANGUAGE=en&AV_URL=https%3A%2F%2Fthemorningtribune.com%2F&AV_PUBLISHERID=5d8ccec528a0617cae5a0755&AV_CHANNELID=62e9f831047b15547d6d6c55&tgt=0&AV_SUBID=&AV_CDIM1=&AV_CDIM2=&AV_CDIM3=&AV_ABT=&pce=1&npx=1&AV_DETDOMAIN=themorningtribune.com&AV_DADPOS=1&AV_TAG=62ea643a05e77f1a0c00c9b4&AV_TEMPLATE=62ea5e3167828879e326ddc8&d36=6.2.52&responsive=1&sver=2&avtoken=781485&omv=1.0.1&clsid=ec25592b-5390-4ef8-a6de-4321146cbeae&rando=89&AV_WIDTH=640&AV_HEIGHT=361&AV_DNT=0&cb=1956781995&wfc=1&tgt=0&&AV_VI=100&AV_VID=0&d4=1&d5=0
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5d8ccec528a0617cae5a0755
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.224.154.15 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-224-154-15.compute-1.amazonaws.com
Software: /
Resource Hash: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 31 Aug 2022 14:39:42 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: https://themorningtribune.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Sat, 20 Aug 2022 00:53:02 GMT

GET
H/1.1 200
OK vast.xml Show response
video-ads.rubiconproject.com/video/17062/153310/1184988/201/ 2 KB
1 KB 46ms
9ms Fetch
text/xml 23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://video-ads.rubiconproject.com/video/17062/153310/1184988/201/vast.xml?tg_i.site=https%3A%2F%2Fthemorningtribune.com%2F
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5d8ccec528a0617cae5a0755
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.4.6 (CentOS) PHP/5.4.16 / PHP/5.4.16
Resource Hash: c47df50197bbea54bd1b45e57b47ec224ceaedd4d5b69b033654e996b947f3a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 31 Aug 2022 14:39:42 GMT
Content-Encoding: gzip
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
X-Powered-By: PHP/5.4.16
Vary: Accept-Encoding
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
Content-Type: text/xml
Access-Control-Allow-Origin: https://themorningtribune.com
Cache-Control: public, must-revalidate, max-age=0, s-maxage=600
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type
Content-Length: 903
Expires: Wed, 31 Aug 2022 14:39:42 GMT

GET
H2 200 track
track1.aniview.com/ 0
70 B 106ms
101ms Image
text/plain 52.0.187.152
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=DE&cos=Windows&r=themorningtribune.com&rs=themorningtribune.com&sid=30375&t=1661956781&cip=185.213.155.168&sn=&tgt=0&osv=10&bv=105.0&brn=Chrome&wi=640&he=361&app=&AV_PUBLISHERID=5d8ccec528a0617cae5a0755&test=&aafaid=&proto=https&uid=1661956781852-998052144916-006105-003-006292&cha=0.7&stagid=62ea643a05e77f1a0c00c9b4&stplid=62ea5e3167828879e326ddc8&d35=&d36=6.2.52&cb=18597780075&d39=&d65=&apppkg=&d9=1000&d37=realtime&AV_WIDTH=640&AV_HEIGHT=361&nid=5d8ccec528a0617cae5a0755&ncid=62e9f831047b15547d6d6c55&e=request&cb=1661956781998&asid=5dfd219928a0611cc67aa480%2C5e1c4da728a0617f290fdd80%2C62ea12f3571e5e3ad6404c84%2C6155e016102aed613d5a078a%2C5e20b7d528a06138860d91d1%2C6304f48af8eb8561aa529e06%2C5e20b88f28a0611a7d37f3d6%2C5e1c4dd728a061275b5ac94a%2C62ea138c9daccc1c2350329c%2C602ed2dd55e2fb369f165814%2C5dfd226628a061298153b3b0%2C5defa4e328a0611122433595%2C60ae9fb1302c8b408a6b0367%2C60414ba6ade1b701b92fca87&ofpr=1.15%2C0.99%2C1.15%2C1.15%2C1%2C%2C2.4%2C0.95%2C1.15%2C1.15%2C1.15%2C%2C0.99%2C1.15&fpo=%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C
Requested by: Host: themorningtribune.com
URL: https://themorningtribune.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.0.187.152 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-0-187-152.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:42 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 6684 102 B
134 B 48ms
47ms Other
text/javascript 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=3TZgZIog-UsaFDv31vC4L9R_

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

5f431019dbc02c29358a84d7071317fa5c496bf3f934e5f0bcc65a3ae68a5620

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfrFKQUAAAAAMzFobDZ7ZWy982lDxeps8cd1I2i&co=aHR0cHM6Ly90aGVtb3JuaW5ndHJpYnVuZS5jb206NDQz&hl=de&v=3TZgZIog-UsaFDv31vC4L9R_&size=normal&cb=4ozof0k10p1y
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Wed, 31 Aug 2022 14:39:42 GMT

GET
H3 200 bframe Show response
www.google.com/recaptcha/api2/ Frame 3FB1 7 KB
1 KB 49ms
49ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=de&v=3TZgZIog-UsaFDv31vC4L9R_&k=6LfrFKQUAAAAAMzFobDZ7ZWy982lDxeps8cd1I2i

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/3TZgZIog-UsaFDv31vC4L9R_/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

4297c9dadadabea28c7c2f984393392c1a1fb7e5c1be5e63fe9569a878d8e4ee

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-bYSeP5tN7wSqpMIzkpkhVg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 1115
content-security-policy: script-src 'report-sample' 'nonce-bYSeP5tN7wSqpMIzkpkhVg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 31 Aug 2022 14:39:42 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 0CB4 0
42 B 53ms
15ms Script
text/plain 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=62744703&p=160993&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=160993&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Fsync.aniview.com%2Fcookiesyncendpoint%3Fauid%3D1661956781852-998052144916-006105-003-006292%26biddername%3D1%26key%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:40 GMT
content-length: 0

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame A512 31 KB
10 KB 7ms
7ms Script
text/html 23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=&endpoint=us-east
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: c65209840749be7df4eb7f2c6d291d39d51594aa86afaf30e550d2cb2b3d1368

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=&endpoint=us-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 14:39:42 GMT
Content-Encoding: gzip
Last-Modified: Wed, 24 Aug 2022 20:46:19 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=43010
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9378
Expires: Thu, 01 Sep 2022 02:36:32 GMT

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 186 B
415 B 110ms
10ms XHR
application/json 52.57.28.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb6.27.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.28.111 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-28-111.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: f5d65b09dad411d0e8fa57d22febceecb1e85c05e35c0c3912e5df269cc92e6d

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 14:39:42 GMT
content-encoding: gzip
x-prebid: pbs-java/1.97.0
content-type: application/json
access-control-allow-origin: https://themorningtribune.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 176
expires: 0

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 187 B
414 B 156ms
57ms XHR
application/json 52.57.28.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb6.27.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.28.111 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-28-111.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: b3458b5afab122bc8de34bbdfec77f16c1e369239c5d0b90b357a933443ad07d

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 14:39:42 GMT
content-encoding: gzip
x-prebid: pbs-java/1.97.0
content-type: application/json
access-control-allow-origin: https://themorningtribune.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 176
expires: 0

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 187 B
415 B 151ms
53ms XHR
application/json 52.57.28.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb6.27.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.28.111 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-28-111.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: cf324da95d7fed8f5b7c1390901d7c8ec0c23d7bc05e2d5fcda9de484d5c2d06

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 14:39:42 GMT
content-encoding: gzip
x-prebid: pbs-java/1.97.0
content-type: application/json
access-control-allow-origin: https://themorningtribune.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 177
expires: 0

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 0
343 B 51ms
15ms XHR
application/json 89.149.192.64
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb6.27.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 89.149.192.64 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 14:39:42 GMT
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://themorningtribune.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 185 B
413 B 164ms
67ms XHR
application/json 52.57.28.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb6.27.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.28.111 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-28-111.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: bce1a928e7cf4b354a5ac8b1662adea12ebe6c7c460cb08e73e3c0850e1816ff

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 14:39:42 GMT
content-encoding: gzip
x-prebid: pbs-java/1.97.0
content-type: application/json
access-control-allow-origin: https://themorningtribune.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 175
expires: 0

POST
H2 200 auction Show response
prebid-server.rubiconproject.com/openrtb2/ 187 B
414 B 153ms
57ms XHR
application/json 52.57.28.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb6.27.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.28.111 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-28-111.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 4c4e1c74a6c0218405025700a7dc3b10552d48af27cd3510f7bf3f42f7f5c01a

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 14:39:42 GMT
content-encoding: gzip
x-prebid: pbs-java/1.97.0
content-type: application/json
access-control-allow-origin: https://themorningtribune.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 176
expires: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 144 B
1 KB 119ms
119ms XHR
application/json 37.252.173.27
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb6.27.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

6c2832f250818d6162065feb922d3f4263772faa1a1487c3247a00973a0368f3

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 31 Aug 2022 14:39:42 GMT
X-Proxy-Origin: 185.213.155.168; 185.213.155.168; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: acbdfed5-331e-4245-96ac-44c45436d2fc
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://themorningtribune.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 hb Show response
hb.yellowblue.io/ 129 B
437 B 326ms
108ms XHR
application/json 54.173.119.97
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.yellowblue.io/hb?auction_start=1661956782144&ad_unit_code=6155e016102aed613d5a078a&tmax=8000&width=640&height=361&publisher_id=6124caed9c7adb0001c028d8&floor_price=1.15&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F105.0.5195.52%20Safari%2F537.36&bid_id=161a184780e26dd&bidder_request_id=15ed7be2117980d&transaction_id=7802c4a5-be19-4a4c-82cb-3ac51c78b305&session_id=41af6273-36f2-4bea-9f98-28980e3a6cf8&is_wrapper=false&publisher_name=themorningtribune.com&site_domain=themorningtribune.com&bidder_version=4.0.0&cs_method=iframe&schain=1.0%2C1!insticator.com%2C4e60cb86-2850-46fb-bfca-bc9b7ff86475%2C%2C%2C%2C&referrer=https%3A%2F%2Fthemorningtribune.com%2F&page_url=https%3A%2F%2Fthemorningtribune.com%2F
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb6.27.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.173.119.97 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-173-119-97.compute-1.amazonaws.com
Software: /
Resource Hash: 6b280b1f2dabf6729159c00c6d50709a44bca258a531aaf6bbd662ef5a00a000

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 31 Aug 2022 14:39:42 GMT
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: https://themorningtribune.com
x-reason: maxmind anonymous vpn
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length: 129

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 143 B
1 KB 102ms
88ms XHR
application/json 37.252.173.27
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb6.27.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

de45dbc6617a7dcf2e26880fedd67939142882a1729c43d166c0c66a4cb7d9ab

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 31 Aug 2022 14:39:42 GMT
X-Proxy-Origin: 185.213.155.168; 185.213.155.168; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 6d13dcb9-9126-44fd-b4d3-94bf3aa9b9a5
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://themorningtribune.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 143
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 0
343 B 46ms
15ms XHR
application/json 89.149.192.64
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb6.27.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 89.149.192.64 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 14:39:41 GMT
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://themorningtribune.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

GET
H/1.1 204
No Content header Show response
hb.aralego.com/ 0
183 B 450ms
137ms XHR
text/plain 162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.aralego.com/header?ver=ADGENT_PREBID-2018011501&ifr=0&bl=en-US&je=1&dnt=0&adid=ad-9A2664AD8DA9946EF4A4747E967E47ED&tdid=&schain=1.0%2C1!insticator.com%2C4e60cb86-2850-46fb-bfca-bc9b7ff86475%2C1%2C%2C%2C&fp=1.15&eids=&host=themorningtribune.com&u=themorningtribune.com&xr=0&ao=https%3A%2F%2Fthemorningtribune.com&ucfUid=83eaf626-e606-435e-8493-1e8741a0edaf&w=640&h=361&atype=0
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb6.27.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 Washington, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://themorningtribune.com
date: Wed, 31 Aug 2022 14:39:42 GMT
access-control-allow-credentials: true
connection: close

GET
H3 200 avjp Show response
insticator-d.openx.net/v/1.0/ 106 B
126 B 42ms
26ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://insticator-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fthemorningtribune.com%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=04928cff-6132-459e-a1a5-9cedae824108&nocache=1661956782147&schain=1.0%2C1!insticator.com%2C4e60cb86-2850-46fb-bfca-bc9b7ff86475%2C1%2C%2C%2C&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22w%22%3A640%2C%22h%22%3A361%2C%22mimes%22%3A%5B%22video%2Fx-ms-wmv%22%2C%22video%2Fmp4%22%2C%22application%2Fjavascript%22%5D%7D%7D%5D%7D&auid=557890320&vwd=640&vht=361&aumfs=1150
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb6.27.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 14:39:42 GMT
via: 1.1 google
server: OXGW/0.0.0
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://themorningtribune.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 106
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/3TZgZIog-UsaFDv31vC4L9R_/ Frame 3FB1 52 KB
24 KB 36ms
36ms Stylesheet
text/css 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/3TZgZIog-UsaFDv31vC4L9R_/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=3TZgZIog-UsaFDv31vC4L9R_&k=6LfrFKQUAAAAAMzFobDZ7ZWy982lDxeps8cd1I2i

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

caf2650aa985d277b2dd131a6261888bc64e6c9bc15e5564bfb9b380bcf82a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:01:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2303
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24251
x-xss-protection: 0
last-modified: Sun, 21 Aug 2022 22:02:06 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 31 Aug 2023 14:01:19 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/3TZgZIog-UsaFDv31vC4L9R_/ Frame 3FB1 391 KB
156 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/3TZgZIog-UsaFDv31vC4L9R_/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=3TZgZIog-UsaFDv31vC4L9R_&k=6LfrFKQUAAAAAMzFobDZ7ZWy982lDxeps8cd1I2i

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30a31bd4c38a2400b0e4aeb83da4f028cca84568378d1deedc236406792f1baf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:23:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 967
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 159350
x-xss-protection: 0
last-modified: Sun, 21 Aug 2022 22:02:06 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 31 Aug 2023 14:23:35 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame A512
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/Y4hfHJgYY4x-c_R1TOpllMn5EUdSAgOZEtemQ7w0kco?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=6714459553664716980

0
239 B

310ms
158ms

Image
image/gif

8.39.36.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=6714459553664716980
Protocol: HTTP/1.1
Server: 8.39.36.141 Los Angeles, United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: dbbc2dbf689859fb5870b364473d5441
Content-Type: image/gif

Redirect headers

date: Wed, 31 Aug 2022 14:39:43 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=6714459553664716980
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
strict-transport-security: max-age=31536000
content-length: 0
x-content-type-options: nosniff

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A512
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZDQ3NjE5ZWYzNDg4YjFkZDRiMDJkNWQxMTBhYjJlZjEzNzViNTI4Zg

170 B
188 B

99ms
39ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZDQ3NjE5ZWYzNDg4YjFkZDRiMDJkNWQxMTBhYjJlZjEzNzViNTI4Zg

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 14:39:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZDQ3NjE5ZWYzNDg4YjFkZDRiMDJkNWQxMTBhYjJlZjEzNzViNTI4Zg
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 5daa34953a867809056448757b76591b
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A512
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDdIUTVOTTMtMVUtSTlHTg==

170 B
188 B

100ms
42ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDdIUTVOTTMtMVUtSTlHTg==

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 14:39:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDdIUTVOTTMtMVUtSTlHTg==
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: dbbc2dbf689859fb5870b364473d5441
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
aax-eu.amazon-adsystem.com/s/ Frame A512
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=-nSB59P_SrWKZn6RY5ra-Q&rk=usync-other
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=-nSB59P_SrWKZn6RY5ra-Q

43 B
556 B

105ms
104ms

Image
image/gif

52.95.122.74
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=-nSB59P_SrWKZn6RY5ra-Q

Protocol

HTTP/1.1

Server

52.95.122.74 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 31 Aug 2022 14:39:43 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: HTYAHVB1Y62FNRX8BKE2
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=-nSB59P_SrWKZn6RY5ra-Q
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: dbbc2dbf689859fb5870b364473d5441
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

204

v1
ads.yahoo.com/cms/ Frame A512
Redirect Chain

https://token.rubiconproject.com/token?pid=26594
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L7HQ5NM3-1U-I9GN&sigv=1&esig=2~36e8415eecb09c7be84864320b0a005d6fc8c613

0
194 B

81ms
20ms

Image
text/plain

2a00:1288:80:807::2
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L7HQ5NM3-1U-I9GN&sigv=1&esig=2~36e8415eecb09c7be84864320b0a005d6fc8c613

Protocol

Server

2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:43 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

Location: https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L7HQ5NM3-1U-I9GN&sigv=1&esig=2~36e8415eecb09c7be84864320b0a005d6fc8c613
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 5daa34953a867809056448757b76591b
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame A512
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEBEHmfmz2ANjIUUDwv0iBmI&google_cver=1

0
239 B

632ms
156ms

Image
image/gif

8.39.36.141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEBEHmfmz2ANjIUUDwv0iBmI&google_cver=1
Requested by: Host: themorningtribune.com
URL: https://themorningtribune.com/
Protocol: HTTP/1.1
Server: 8.39.36.141 Los Angeles, United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: dbbc2dbf689859fb5870b364473d5441
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 31 Aug 2022 14:39:42 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEBEHmfmz2ANjIUUDwv0iBmI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
px.ads.linkedin.com/ Frame A512
Redirect Chain

https://token.rubiconproject.com/token?pid=36584
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L7HQ5NM3-1U-I9GN

0
709 B

173ms
133ms

Image
text/plain

2620:1ec:22::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L7HQ5NM3-1U-I9GN
Protocol: H2
Server: 2620:1ec:22::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:43 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 063420EAD794484E9A151BCE418B3BD2 Ref B: VIEEDGE2915 Ref C: 2022-08-31T14:39:42Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXninevPUp28+SQOqDQKg==

Redirect headers

Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L7HQ5NM3-1U-I9GN
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: dbbc2dbf689859fb5870b364473d5441
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame A512
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=YsfA6EePTiC_V098kXd3Ew&rk=usync-na
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=YsfA6EePTiC_V098kXd3Ew

43 B
556 B

104ms
104ms

Image
image/gif

209.54.182.161
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=YsfA6EePTiC_V098kXd3Ew

Protocol

HTTP/1.1

Server

209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 31 Aug 2022 14:39:43 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: C2FCVEZ0AYXMRTM61Y2H
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=YsfA6EePTiC_V098kXd3Ew
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: dbbc2dbf689859fb5870b364473d5441
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 aacxs.php Show response
c.aaxads.com/ Frame 3FCC 22 KB
9 KB 44ms
42ms Document
text/html 23.205.241.117
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://c.aaxads.com/aacxs.php?flg=AAXJ0S45T&fv=1&fy=37&ke=1&suylg=213%2C241%2C178%2C229%2C306%2C291%2C310%2C97%2C263%2C366%2C272%2C175%2C274%2C159%2C267%2C89%2C251%2C325%2C292%2C264%2C265%2C209%2C356%2C203&yvVbqf=1&uhiXuo=https%3A%2F%2Fwww.google.com%2F&gdpr=1&gdprconsent=2&gdprstring=&usp_status=0&usp_consent=1&coppa=0

Requested by

Host: c.aaxads.com
URL: https://c.aaxads.com/aax.js?pub=AAXJ0S45T&hst=themorningtribune.com&ver=1.2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.241.117 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-205-241-117.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e4fb3257e76f2bf8f814f02f1d4ddf97a627b44f811ccce5eed4a81282080df2

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=156421
content-encoding: gzip
content-length: 8656
content-type: text/html; charset=UTF-8
date: Wed, 31 Aug 2022 14:39:42 GMT
expires: Fri, 02 Sep 2022 10:06:43 GMT
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
server: Apache
strict-transport-security: max-age=604800
vary: Accept-Encoding
x-mnet-hl2: E

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 178ms
87ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022083001&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083001.js?cb=31069258

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

556cdb3b9dab7b6e680c38b3009caf93878316fa03fb861643690547ac038ccd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 31 Aug 2022 14:39:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11011
x-xss-protection: 0

GET
H/1.1 200
OK log
c21lg-d.media.net/ Frame 3FCC 35 B
329 B 184ms
154ms Image
image/gif 23.35.228.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c21lg-d.media.net/log?___stu13p=5idgihgb3r73nr56xnl0ch00yxnzunr&gho=1&yvlg=3049583828397609000V10&ruljlq=1&iow=0&syjlg[]=028AAX&syjlg[]=041AAX&syjlg[]=054AAX&syjlg[]=076AAX&syjlg[]=080AAX&syjlg[]=097AAX&syjlg[]=109AAX
Requested by: Host: c.aaxads.com
URL: https://c.aaxads.com/aacxs.php?flg=AAXJ0S45T&fv=1&fy=37&ke=1&suylg=213%2C241%2C178%2C229%2C306%2C291%2C310%2C97%2C263%2C366%2C272%2C175%2C274%2C159%2C267%2C89%2C251%2C325%2C292%2C264%2C265%2C209%2C356%2C203&yvVbqf=1&uhiXuo=https%3A%2F%2Fwww.google.com%2F&gdpr=1&gdprconsent=2&gdprstring=&usp_status=0&usp_consent=1&coppa=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-228-23.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.35.v20201120) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.aaxads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 31 Aug 2022 14:39:42 GMT
Server: Jetty(9.4.35.v20201120)
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Wed, 31 Aug 2022 14:39:42 GMT

GET
H3 200 container.html Show response
6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 1B67 6 KB
3 KB 118ms
43ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083001.js?cb=31069258

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 31 Aug 2022 14:39:42 GMT
expires: Thu, 31 Aug 2023 14:39:42 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 track
track1.aniview.com/ 0
70 B 99ms
99ms Image
text/plain 52.0.187.152
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track1.aniview.com/track?d=Chrome&cou=DE&cos=Windows&r=themorningtribune.com&rs=themorningtribune.com&sid=30375&t=1661956781&cip=185.213.155.168&sn=&tgt=0&osv=10&bv=105.0&brn=Chrome&wi=640&he=361&app=&AV_PUBLISHERID=5d8ccec528a0617cae5a0755&test=&aafaid=&proto=https&uid=1661956781852-998052144916-006105-003-006292&cha=0.7&stagid=62ea643a05e77f1a0c00c9b4&stplid=62ea5e3167828879e326ddc8&d35=&d36=6.2.52&cb=18597780075&d39=&d65=&apppkg=&d9=1000&d37=realtime&AV_WIDTH=640&AV_HEIGHT=361&nid=5d8ccec528a0617cae5a0755&ncid=62e9f831047b15547d6d6c55&e=bid&cb=1661956782603&asid=6304f48af8eb8561aa529e06%2C5defa4e328a0611122433595&ofpr=%2C&fpo=%2C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.0.187.152 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-0-187-152.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:42 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

GET
H/1.1 200
OK bridge-31047.js Show response
video-ads.rubiconproject.com/video/ Frame B5C4 65 KB
20 KB 8ms
7ms Script
application/javascript 23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://video-ads.rubiconproject.com/video/bridge-31047.js
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5d8ccec528a0617cae5a0755
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.4.6 (CentOS) PHP/5.4.16 /
Resource Hash: f5ac6348585afe084ad84bb4b456717fd946101219e1f3c16f266745dc80b0d4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 14:39:42 GMT
Content-Encoding: gzip
Last-Modified: Mon, 20 Jun 2022 14:26:23 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
ETag: "1021f-5e1e1e36cc1c0-gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
Content-Type: application/javascript
Access-Control-Allow-Origin
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type
Content-Length: 20215

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 168ms
81ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083001.js?cb=31069258

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 31 Aug 2022 14:39:42 GMT

GET
H3 200 css2
fonts.googleapis.com/ Frame 1B67 4 KB
636 B 139ms
57ms Stylesheet
text/css 2a00:1450:400a:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: 6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com
URL: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400a:800::200a Zurich, Switzerland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 31 Aug 2022 13:59:20 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 31 Aug 2022 14:39:42 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 31 Aug 2022 14:39:42 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 7683 8 KB
893 B 125ms
55ms Stylesheet
text/css 2a00:1450:400a:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: 6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com
URL: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400a:800::200a Zurich, Switzerland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 31 Aug 2022 14:05:29 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 31 Aug 2022 14:39:42 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 31 Aug 2022 14:39:42 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame 7683 2 KB
983 B 95ms
79ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: 6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com
URL: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:30:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 570
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 14:30:12 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/ Frame 7683 23 KB
10 KB 54ms
40ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/abg_lite_fy2021.js

Requested by

Host: 6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com
URL: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f63e08b18115b72e6d2cbe9db5f7527d2731545d38beae54317e10cfe0f58fc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:37:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 155
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9615
x-xss-protection: 0
server: cafe
etag: 5965352936607719246
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 14:37:07 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame 7683 3 KB
1 KB 93ms
80ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/window_focus_fy2021.js

Requested by

Host: 6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com
URL: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:27:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 708
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 14:27:54 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame 7683 17 KB
8 KB 58ms
45ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com
URL: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:34:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 293
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 14:34:49 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7683 141 KB
44 KB 134ms
52ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com
URL: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d94a91612f816c172c583d17bb06e140969a22fae663e7b8cae7d18d55eb2c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44757
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1661773661488070"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 31 Aug 2022 14:39:42 GMT

GET
H3 200 e3ca5db921b3b46420ba257a4c2f6b26.js Show response
www.gstatic.com/mysidia/ Frame 7683 33 KB
13 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e3ca5db921b3b46420ba257a4c2f6b26.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com
URL: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24302eeb5b736bcc9f610299a37ac5dcf7e5b4c11591489fe9ad89f1533bd09b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 22:39:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 576020
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13683
x-xss-protection: 0
last-modified: Mon, 22 Aug 2022 19:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 22 Nov 2022 22:39:22 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/elements/html/ Frame 1B67 19 KB
8 KB 61ms
52ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: 6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com
URL: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b3d58bcf272258d6dde92e0123d8bd16f3caf1c4a025147c5964fe778e064e6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 13:39:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3584
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8311
x-xss-protection: 0
server: cafe
etag: 13410161823615325117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 13:39:58 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 1B67 205 B
229 B 36ms
36ms Image
image/png 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: 6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com
URL: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:17:34 GMT
x-content-type-options: nosniff
age: 1328
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 31 Aug 2023 14:17:34 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 1B67 604 B
628 B 37ms
36ms Image
image/png 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: 6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com
URL: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:35:58 GMT
x-content-type-options: nosniff
age: 224
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 31 Aug 2023 14:35:58 GMT

GET
H3 200 container.html Show response
6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame CB11 6 KB
3 KB 37ms
36ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/gptprebidnative/202208101343/wrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 31 Aug 2022 14:39:42 GMT
expires: Thu, 31 Aug 2023 14:39:42 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame CB11 0
0 78ms
77ms Fetch
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CsZJarnIPY7OQEoWX9u8P5dyY2A7JntKxXNX24taTAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0xMDY3Mzc0Njc5MjUyNTM3oAHVttLqA8gBCakCUKN8PS6-sD7gAgCoAwGqBKsCT9AtSpm4ZPriKfrv-jyyjPLX8VDx5zcuTgqEBI6eZ8Y6bffWaUXDJzesmVbNpc63yzSxv0kOLfw1DhJuVB3910Nw6yIq6-_Rv_NJQMW0n-D2X1CTakPju1zmyEfEmrsnDCK3kpLV1bzXt-ARZ17Z8T_MtxU_2_AbYFY__wzaAJq2urWvD3w7fuDuFAGjDLoGgqmS33MlGdPoCVkMOcx10j0uMyTO7dK0omwHJep1sq7rlC6kuEU22HEEmZ9fv8zTczLiMbWFMDNoBD3OeFDqHgy3uCTw1DzQQz4uesVWFaHn5V-O0C7Cv3jDI2ifDuyE4Qn4UaTepJNwWojJ0CsvBlZiGhtf3kv4VhwpTlYuiAeqdOimcsiJJifioKxMhfrUq11ZgeAisvWfLqzgBAGABvTV55GM7ev3Q6AGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBAIiOGAcBABMgPrggE6AoBAgAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTEwNjczNzQ2NzkyNTI1MzcYk6J7&sigh=-yP1fHw5RAE&uach_m=[UACH]&cid=CAQSPgCsnQUxxuZyi-oymxJhnpPHXUU0E_faDuYnfRLYH5JBACJuNYQgbu7OwWQHfK1csqjVivSZjRiqsOBmhShhGAE
Requested by: Host: themorningtribune.com
URL: https://themorningtribune.com/verify/?https12344
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

GET
H2 200 notify
rtb.nl.eu.criteo.com/google/auction/ Frame CB11 0
0 62ms
16ms Fetch 2a02:2638:1::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.nl.eu.criteo.com/google/auction/notify?profile=14&payload=kNPzE4SmE-gCrAKdg2ICAgAAAA3_mdxX6v-LEK1yD2ON83V3uQuy9_dovAASAAA&wp=Yw9yrgAEiDMH_YuFAAYuZZ36yFBczps1wsgNUQ

Requested by

Host: themorningtribune.com
URL: https://themorningtribune.com/verify/?https12344

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:42 GMT
server: Kestrel
server-processing-duration-in-ticks: 322467
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame F64F 181 KB
53 KB 194ms
140ms Document
text/html 2a02:2638:1::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Yw9yrgAEiDMH_YuFAAYuZZ36yFBczps1wsgNUQ&u=%7C6kXEdkeVyfSsT1RzFTFqS51DO7B3YqYCPavonIfEqoE%3D%7C&c1=TEbw32HdmhlTb08vzaRE05Nor-kWNW37N_IRw2GZaxAfrTwL4yR1DQg7NFNPSptE4fExhVxGY0-oZWqNsMdrCYDZ5Fuu6-FsAC0lRMWZShK8IkMLX9eLvc2OAKMcBrm7Jsa3wI0D0FACJCGN24T3PoGet0rTd-EVum2rtyfV5MYmlXwDbGgJBkZpbSPU8Bbr9vIzAZxlZD_iUG21J-JntIbUa6duclDIvSkGLtBu2L3yAgrvVFCX4MtychNtHsKrJ7k_Y-KZW4MmFSh09YD_cE7uTvranljCxscP49dNpM158BaCjFNi4_IvHJ0sYjFpwVsshvNSDT6SW4Nx4f3ugejlLmSYWUgfCvmkhXgIS8l_nASAMMVwuWG6Ub0b8z7DixP9URHeujJRmzzN230JbDq-2SWd1RvOkkWGP1HJpJM52ekfA4NyBESglurTYnsZJ5SvPu4w8TaErm8oaoWJG2b78BmpwcF4KGNUiTOtvd4s_ky7bGlLn0kVh2m0jQkcOTyCXFMYRdt-MJO6IPbexFghOe07niGpZPGnZmU7KwPRJVyg768D0Q6s1K5g5lyK6cVqLEM-KkznKESUhLEK_GQslJeV1TredIkb3aoTO0LHQKum8Stpl9tKhTviqzM1&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC4FfDrnIPY7OQEoWX9u8P5dyY2A7JntKxXNX24taTAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0xMDY3Mzc0Njc5MjUyNTM3oAHVttLqA8gBCakCUKN8PS6-sD7gAgCoAwGqBK4CT9AtSpm4ZPriKfrv-jyyjPLX8VDx5zcuTgqEBI6eZ8Y6bffWaUXDJzesmVbNpc63yzSxv0kOLfw1DhJuVB3910Nw6yIq6-_Rv_NJQMW0n-D2X1CTakPju1zmyEfEmrsnDCK3kpLV1bzXt-ARZ17Z8T_MtxU_2_AbYFY__wzaAJq2urWvD3w7fuDuFAGjDLoGgqmS33MlGdPoCVkMOcx10j0uMyTO7dK0omwHJep1sq7rlC6kuEU22HEEmZ9fv8zTczLiMbWFMDNoBD3OeFDqHgy3uCTw1DzQQz4uesVWFaHn5V-O0C7Cv3jDI2ifDuyE4Qn4UaTepJNwWojJ0CsvBlZiGhtfnEnZxJum0kWRFBMJpNUAisGdLJHojrTOMTLpDa_mn8w6N18bPROC9QbgBAGABvTV55GM7ev3Q6AGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBAIiOGAcBABMgPrggE6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_06MSMcfhvOfU_v-c_FcyV1iQOPxw%26client%3Dca-pub-1067374679252537%26adurl%3D

Requested by

Host: 6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com
URL: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

c124233feba2f68492c94350fa6371c36f5fb95b652aa7e9d5a4e48b41ffed9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Wed, 31 Aug 2022 14:39:42 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=xSecueIl-6X1wawsW8Lh6ZFL6jDWtKhcASwAN7iBFU0zjZq51zI-BZdH3tVTAuKWBm4UcfNlTesCdVIvMZlVl2rJ3w7pmsvhVVXBxSy1dWVPAc-5iMYVg_V8EtH5onNY-GzbTnpc9vS6r1ecANnibQ5hrNF6z3fR3pl1hqIwDhUbW-VtG0y3u7Y5VFfq3gP48Fp3wGMl8PPsSfczRuYHfYcOWk4D98SEx4zc4vu5aYfGbJPJD6WD-PtdziU"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 123912748
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame CB11 3 KB
1 KB 141ms
53ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/window_focus_fy2021.js

Requested by

Host: 6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com
URL: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:27:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 708
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 14:27:54 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/ Frame CB11 17 KB
7 KB 125ms
39ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220829/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com
URL: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:30:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 539
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 14 Sep 2022 14:30:43 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame CB11 0
0 47ms
47ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTRkJvl4-XyNsHUh6dZNMK7ky057ta78sbW6F8vN-oKrjZoAIr09T0xGv43LWwzioKx2jRS
Requested by: Host: 6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com
URL: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame CB11 22 KB
7 KB 129ms
45ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com
URL: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 25 Aug 2022 09:18:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 537645
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 25 Aug 2023 09:18:57 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CB11 141 KB
44 KB 85ms
85ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com
URL: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d94a91612f816c172c583d17bb06e140969a22fae663e7b8cae7d18d55eb2c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44757
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1661773661488070"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 31 Aug 2022 14:39:42 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 0884 13 KB
5 KB 113ms
39ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 3561
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 31 Aug 2022 13:40:21 GMT
expires: Thu, 31 Aug 2023 13:40:21 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 7358 783 B
536 B 51ms
51ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

59d87c38a370c0ed04aacc10693f99808e369be9aa6aef14bb8c6de7c7f01ad3

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-77afcReBSI8q1_KVPQfPZA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-77afcReBSI8q1_KVPQfPZA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 31 Aug 2022 14:39:42 GMT
expires: Wed, 31 Aug 2022 14:39:42 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 7358 0
0 154ms
74ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022083001&jk=831475634392767&rc=null
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

GET
H3 200 ppzs-o_oDTLysEGEkZroIB51IgxzANAUgUjK_Y8VX9I.js Show response
pagead2.googlesyndication.com/bg/ Frame C901 36 KB
16 KB 119ms
42ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ppzs-o_oDTLysEGEkZroIB51IgxzANAUgUjK_Y8VX9I.js

Requested by

Host: themorningtribune.com
URL: https://themorningtribune.com/verify/?https12344

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a69cecfa8fe80d32f2b04184919ae8201e75220c7300d0148148cafd8f155fd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 11:57:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9748
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15877
x-xss-protection: 0
last-modified: Mon, 22 Aug 2022 11:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 31 Aug 2023 11:57:15 GMT

GET
DATA 200
OK truncated
/ Frame CB11 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6175537f00c5e772426c7fdd70b7b4f282b7003167509a7d7c54ca9aa653d271

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 ppzs-o_oDTLysEGEkZroIB51IgxzANAUgUjK_Y8VX9I.js Show response
pagead2.googlesyndication.com/bg/ Frame 0884 36 KB
16 KB 86ms
39ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ppzs-o_oDTLysEGEkZroIB51IgxzANAUgUjK_Y8VX9I.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a69cecfa8fe80d32f2b04184919ae8201e75220c7300d0148148cafd8f155fd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 11:57:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9748
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15877
x-xss-protection: 0
last-modified: Mon, 22 Aug 2022 11:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 31 Aug 2023 11:57:15 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame F64F 2 KB
1 KB 46ms
15ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yw9yrgAEiDMH_YuFAAYuZZ36yFBczps1wsgNUQ&u=%7C6kXEdkeVyfSsT1RzFTFqS51DO7B3YqYCPavonIfEqoE%3D%7C&c1=TEbw32HdmhlTb08vzaRE05Nor-kWNW37N_IRw2GZaxAfrTwL4yR1DQg7NFNPSptE4fExhVxGY0-oZWqNsMdrCYDZ5Fuu6-FsAC0lRMWZShK8IkMLX9eLvc2OAKMcBrm7Jsa3wI0D0FACJCGN24T3PoGet0rTd-EVum2rtyfV5MYmlXwDbGgJBkZpbSPU8Bbr9vIzAZxlZD_iUG21J-JntIbUa6duclDIvSkGLtBu2L3yAgrvVFCX4MtychNtHsKrJ7k_Y-KZW4MmFSh09YD_cE7uTvranljCxscP49dNpM158BaCjFNi4_IvHJ0sYjFpwVsshvNSDT6SW4Nx4f3ugejlLmSYWUgfCvmkhXgIS8l_nASAMMVwuWG6Ub0b8z7DixP9URHeujJRmzzN230JbDq-2SWd1RvOkkWGP1HJpJM52ekfA4NyBESglurTYnsZJ5SvPu4w8TaErm8oaoWJG2b78BmpwcF4KGNUiTOtvd4s_ky7bGlLn0kVh2m0jQkcOTyCXFMYRdt-MJO6IPbexFghOe07niGpZPGnZmU7KwPRJVyg768D0Q6s1K5g5lyK6cVqLEM-KkznKESUhLEK_GQslJeV1TredIkb3aoTO0LHQKum8Stpl9tKhTviqzM1&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC4FfDrnIPY7OQEoWX9u8P5dyY2A7JntKxXNX24taTAcCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0xMDY3Mzc0Njc5MjUyNTM3oAHVttLqA8gBCakCUKN8PS6-sD7gAgCoAwGqBK4CT9AtSpm4ZPriKfrv-jyyjPLX8VDx5zcuTgqEBI6eZ8Y6bffWaUXDJzesmVbNpc63yzSxv0kOLfw1DhJuVB3910Nw6yIq6-_Rv_NJQMW0n-D2X1CTakPju1zmyEfEmrsnDCK3kpLV1bzXt-ARZ17Z8T_MtxU_2_AbYFY__wzaAJq2urWvD3w7fuDuFAGjDLoGgqmS33MlGdPoCVkMOcx10j0uMyTO7dK0omwHJep1sq7rlC6kuEU22HEEmZ9fv8zTczLiMbWFMDNoBD3OeFDqHgy3uCTw1DzQQz4uesVWFaHn5V-O0C7Cv3jDI2ifDuyE4Qn4UaTepJNwWojJ0CsvBlZiGhtfnEnZxJum0kWRFBMJpNUAisGdLJHojrTOMTLpDa_mn8w6N18bPROC9QbgBAGABvTV55GM7ev3Q6AGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBAIiOGAcBABMgPrggE6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_06MSMcfhvOfU_v-c_FcyV1iQOPxw%26client%3Dca-pub-1067374679252537%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:43 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 26 Aug 2023 14:39:43 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame F64F 2 KB
1 KB 46ms
15ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:43 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 26 Aug 2023 14:39:43 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame F64F 308 B
637 B 45ms
14ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:43 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sat, 26 Aug 2023 14:39:43 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame F64F 293 B
621 B 46ms
16ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:43 GMT
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sat, 26 Aug 2023 14:39:43 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/delivery/ Frame F64F 43 B
348 B 72ms
18ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/delivery/lg.php?cppv=3&cpp=AWFh7pVD9VdX9pA_DfO57SyHU_hTE51e4abwWzbpI2a8NfwsjFhijOMwinbNjBbE-Z6DsDvdxLwxakGI71Ca5sxGdajmUUrJFNkDntZfatEzE9YxXdlkxx4Osp7nQwI6Ta3mh-AyKYiZFPPV0ewtFqfmvnaKQgzMA5LEXsduXWEzLKMVXUR_dZTvj0Iaq6fCV17porDgnROo2pCVEVc6J6abGgQX_eMTXpx-GL-a1E9vfm4CE4axVkz4T4KyGkWmxZYXZWq5faXr33QjsTl10TOAPdjBMklhVJrheIH0BrkPKrgPYYsgOZm81A3TbMxNjkU_9LoRlIoZr5y86UNSaYCrVmr4oaFhsOuTFXtU9SDmWkoYQn0glu7NqYwLFU8GDhDWalEuM1o7QvStJhAeufyLZnRZ7m1vpWcTK1-MQH8LBmfq

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 14:39:42 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3624744
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame F64F 12 KB
6 KB 26ms
16ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:43 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 26 Aug 2023 14:39:43 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame F64F 29 KB
29 KB 74ms
29ms Image
image/png 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=116&m=0&partner=70357&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F70357%2F210118%2F3e8ffbe803544beca5b212cf0a092c0f_tp_logo_rgb_2015_print_ut_nr1.png&v=3&w=716&s=z47CZcaD5r8yFPy6jjmn0IY4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

597b2bd8fc45b24019c148f167966281673378bd2f1549b7fad6f16d41e53004

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:42 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=28290285
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 29851
expires: Tue, 25 Jul 2023 01:04:29 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame F64F 30 KB
30 KB 97ms
52ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=70357&q=80&r=0&u=https%3A%2F%2Fmedia.traktorpool.com%2F6373%2F6656373%2F40434958%2F6656373-40434958.jpg&v=3&w=400&s=OBl0EpPTVFFIrDf7BpdLTkUe&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

09e8cc0396880f11921c995ffe2ae7a045381ba5bdd050aa3738bdfa9181f7c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:42 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=30254259
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 30878
expires: Wed, 16 Aug 2023 18:37:22 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame F64F 29 KB
29 KB 100ms
56ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=70357&q=80&r=0&u=https%3A%2F%2Fmedia.traktorpool.com%2F3846%2F6803846%2F41260383%2F6803846-41260383.jpg&v=3&w=400&s=Oq2n259mBhF21dYMWku1HP9G&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

26f7097473a3de1ac810d4c2b1bb0c7efef050dd9f02347b10e10d6e9ac00dce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:42 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=30500203
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 29544
expires: Sat, 19 Aug 2023 14:56:26 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame F64F 29 KB
29 KB 88ms
43ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=70357&q=80&r=0&u=https%3A%2F%2Fmedia.traktorpool.com%2F0301%2F6440301%2F38776256%2F6440301-38776256.jpg&v=3&w=400&s=12kynodI3neO6a8b0oqP6O-9&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

06676f7936fae35516e7dd5b6e6d92589db2a2cb0fbf7981765c17d6a35276f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:42 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=30255690
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 29228
expires: Wed, 16 Aug 2023 19:01:13 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame F64F 0
128 B 52ms
15ms Ping
text/plain 178.250.2.150
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=xSecueIl-6X1wawsW8Lh6ZFL6jDWtKhcASwAN7iBFU0zjZq51zI-BZdH3tVTAuKWBm4UcfNlTesCdVIvMZlVl2rJ3w7pmsvhVVXBxSy1dWVPAc-5iMYVg_V8EtH5onNY-GzbTnpc9vS6r1ecANnibQ5hrNF6z3fR3pl1hqIwDhUbW-VtG0y3u7Y5VFfq3gP48Fp3wGMl8PPsSfczRuYHfYcOWk4D98SEx4zc4vu5aYfGbJPJD6WD-PtdziU&sds=2&rev=82604.2&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.150 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 31 Aug 2022 14:39:42 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame F64F 2 KB
1 KB 15ms
15ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:43 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 26 Aug 2023 14:39:43 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame F64F 2 KB
1 KB 16ms
16ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:43 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 26 Aug 2023 14:39:43 GMT

GET
H2 200 sync.html Show response
cdn.aralego.net/ucfad/cookie/ Frame 4B2D 2 KB
1 KB 53ms
15ms Document
text/html 2606:4700:20::ac43:47fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.aralego.net/ucfad/cookie/sync.html
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb6.27.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24f3dba78c31c5d70638101d559216361f0a1b8e2ce168a784a57bafdc971f86

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
age: 31
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 74368466dd3a9b74-FRA
content-encoding: br
content-type: text/html
date: Wed, 31 Aug 2022 14:39:43 GMT
last-modified: Wed, 16 Dec 2020 08:30:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=21ros%2B81f1Z%2FfsTfNcIWxGSkH6DVDxPnMfQGYRMGZebzaXb5jr%2ByZrIxtLEBkxhnd8FnQcIthQTLtjlkClTJjnriDOMl%2B1E6Yf4rtO6zJacwC1cjT%2FfYN%2BDF5YNPB0GBm6NHcA4ozhG3iyZLeA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame 129F 0
91 B 27ms
21ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb6.27.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Wed, 31 Aug 2022 14:39:43 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 0E26 52 KB
17 KB 33ms
7ms Document
text/html 23.35.236.188
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/libs/prebid/avpb6.27.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.188 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-188.deploy.static.akamaitechnologies.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Wed, 31 Aug 2022 14:39:43 GMT
ETag: "623de86a-cf34"
Expires: Thu, 01 Sep 2022 14:39:45 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Unused62: 8096267
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 0E26 0
747 B 20ms
20ms Script
text/html 37.252.173.27
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 31 Aug 2022 14:39:43 GMT
X-Proxy-Origin: 185.213.155.168; 185.213.155.168; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 23fedf1b-86a8-4663-acfb-5844830da5e4
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK idsync
sync.aralego.com/ Frame 4B2D 35 B
413 B 432ms
103ms Image
image/gif 162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.aralego.com/idsync?
Requested by: Host: cdn.aralego.net
URL: https://cdn.aralego.net/ucfad/cookie/sync.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 Washington, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.aralego.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:43 GMT
connection: close
content-length: 35
content-type: image/gif

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 0884 0
10 B 39ms
38ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?t6A4kg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:43 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 76ms
75ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022083001&jk=831475634392767&bg=!xcalxoLNAAaXrHhMt6w7ACkAdvg8Wqy7NuU3S7ds0_QUkVfAHnKGJt1iMDR1bUPSqoGNvilF9MGo1AIAAACGUgAAAAFoAQeZAq1a-Kn-17cj04mqRo-f4OFyuP74O5rOw-Ptswm_8j_lmhZU_RTirH6hQbttoeIKG91edr9qKkkOxsX5-iwzvCbffEEPAiHmP1Es9C-ckKHvCEojCqSCcUsFzdTZUy_A0Txlgb3XICK7Fq1endXmC_Vk7HWmzpE0tYlqYAxRBS7fTIPjVfjImxTJTnQjaySmtF5UIe5QiYf2pSS-knlTPqIV0n2wHccl6UkxJZLETIYArbq8NPb6kOI2WUvnF2KxfiDsUKZqk8u2KTvKwblcVV_cc1L3yk_f273iYZDhaAjouYylmbitvUHAJm_w0Sxx5Io0qFMhrFg83jjwWCGfEBnSaHW-EYTVoMrmXKiDbRslFqBVlk2MQgQgtuDO4gqfqMD_rNoZWfzVjbpVtvxfwMaHhVzkrk5oWv_oDovdGZjffYF0SWOrcsdZuboTo87S6_NgPfKU1VVxsbYIqOwPrzqTEDZBHPwTFcCfpUNYDiFwIypYvAMVCZfMBh_LB4E-xlrzrHmjHSEDYQsEwN5xm7WHhCUvFNlCICzJR7OeY9Oze0lJsVc3G4L0bkq8szPiPM235rV7gcU8__em-vZDnIIsypr-bc8nBzKSsxHyCPjwYdUskF35VNjXBSsITDqVmr4ewfxXiCxbFEWYcF2rZ5MNErzBp5O8UCbTqwNOLvWOU8whJFh_5Z-avhbiIpdpoamVVx7564AAe_DY5kzSjWH5abzT2oUppE-vhbk6WanfzjqwQ2cPJMl0KUv8_ol6FrINZ3nzHftP-fnRoP7uiVvf1n-J54L1_IvEryytdN3MUjPAxblWO-BlqoOHZVOAsSs_slXkjPegPctKQ-NNwGRngWlPHcEk56yKZ2MYmJpFC_dqd60VhJMNzPUnhe2HkzMnS1nR8lb7FMS6FWZT
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 50ms
16ms Preflight
application/json 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthemorningtribune.com%2F&domain=themorningtribune.com&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://themorningtribune.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://themorningtribune.com
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Wed, 31 Aug 2022 14:39:44 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 469755
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fthemorningtribune.com%2F&domain=themorningtribune.com&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=DhBhU3xJZXFBWklrblBnYkdkT1I4b2dKM3JxZzNEOUF2eFYzQ25OUk9CVlJzRXNYYmVrWERCQXo3cmdiamVtUVdMVUtHRExpNzVkaENGczFzZWNRTnlTTVFQUjJ4MEplamQ1T3JLZmxDci9heEhCaU1LUU45cmpOaG5uZ1...

366 B
653 B

54ms
20ms

XHR
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=DhBhU3xJZXFBWklrblBnYkdkT1I4b2dKM3JxZzNEOUF2eFYzQ25OUk9CVlJzRXNYYmVrWERCQXo3cmdiamVtUVdMVUtHRExpNzVkaENGczFzZWNRTnlTTVFQUjJ4MEplamQ1T3JLZmxDci9heEhCaU1LUU45cmpOaG5uZ1F1RGdpaXdSeFpqRGk3RndMZ29JaTUySjFjUXltVWZHU09EbFVkelFaSnE1V3NuUWpZdGJuOWZKaTBqRk9PdnJSbmxETkx3WlYwNUxGOThMcERTYWNJL3B4VzdTNVlxUXNjZE15cmNwNFIyQythYVRkRGZyNm5JRmJhRm1XWVp5RmtvSDNRTEdafA&cppv=2

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

218633ac11b7c897c3ba9c9b85d3a6a826cefc6c79398b6b80e135d565813534

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://themorningtribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 14:39:43 GMT
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1661694
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 31 Aug 2022 14:39:44 GMT
server: Kestrel
location: https://mug.criteo.com/sid?cpp=DhBhU3xJZXFBWklrblBnYkdkT1I4b2dKM3JxZzNEOUF2eFYzQ25OUk9CVlJzRXNYYmVrWERCQXo3cmdiamVtUVdMVUtHRExpNzVkaENGczFzZWNRTnlTTVFQUjJ4MEplamQ1T3JLZmxDci9heEhCaU1LUU45cmpOaG5uZ1F1RGdpaXdSeFpqRGk3RndMZ29JaTUySjFjUXltVWZHU09EbFVkelFaSnE1V3NuUWpZdGJuOWZKaTBqRk9PdnJSbmxETkx3WlYwNUxGOThMcERTYWNJL3B4VzdTNVlxUXNjZE15cmNwNFIyQythYVRkRGZyNm5JRmJhRm1XWVp5RmtvSDNRTEdafA&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
access-control-allow-origin: https://themorningtribune.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 561304
content-length: 0
expires: 0

POST
H/1.1 200 369.json Show response
id5-sync.com/g/v2/ 216 B
631 B 32ms
10ms XHR
application/json 141.95.98.64
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/369.json

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/95054/6114/pwt.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.64 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3216658.ip-141-95-98.eu

Software

Resource Hash

c0b254d45247904257710edeb9539334e694c9422fa5646615d4d5f669e884b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://themorningtribune.com
date: Wed, 31 Aug 2022 14:39:43 GMT
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json;charset=UTF-8

GET envelope
api.rlcdn.com/api/identity/ 0
0

GET
H2 200 id Show response
id.crwdcntrl.net/ 63 B
342 B 155ms
69ms XHR
application/json 54.77.31.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://id.crwdcntrl.net/id
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/95054/6114/pwt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.31.182 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-31-182.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: b2cd2f7bf7a1bad230ae7f5bfa622a2bfd51317257085eef222f94c4faeaedb4

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 14:39:44 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://themorningtribune.com
cache-control: no-cache
x-server: 10.45.23.206
access-control-allow-credentials: true
content-type: application/json;charset=utf-8
content-length: 63
expires: 0

GET
H2 200 rid Show response
match.adsrvr.org/track/ 63 B
394 B 116ms
33ms XHR
application/json 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=mp4hjl8&fmt=json
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/95054/6114/pwt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 74e893eb5484ce3a070f85f8d68842428ff28763c59ce42e332c2e587f548f21

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 31 Aug 2022 14:39:44 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://themorningtribune.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 63
expires: Fri, 30 Sep 2022 14:39:44 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 0E26 0
747 B 37ms
36ms Script
text/html 37.252.173.27
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 31 Aug 2022 14:39:44 GMT
X-Proxy-Origin: 185.213.155.168; 185.213.155.168; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 4da0bc68-6789-4b56-9181-c1eb063d2a17
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 52ms
14ms Preflight
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Wed, 31 Aug 2022 14:39:43 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 582127
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

POST
H/1.1 200 369.json Show response
id5-sync.com/g/v2/ 216 B
631 B 8ms
8ms XHR
application/json 141.95.98.64
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/369.json

Requested by

Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.64 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3216658.ip-141-95-98.eu

Software

Resource Hash

775abdb779f3b1630a90bff18d05fd450499268c1088bdb804d586fd487b8905

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://themorningtribune.com
date: Wed, 31 Aug 2022 14:39:43 GMT
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json;charset=UTF-8

GET
H2 200 rid Show response
match.adsrvr.org/track/ 63 B
393 B 51ms
51ms XHR
application/json 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=mp4hjl8&fmt=json
Requested by: Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 74e893eb5484ce3a070f85f8d68842428ff28763c59ce42e332c2e587f548f21

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 31 Aug 2022 14:39:44 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://themorningtribune.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 63
expires: Fri, 30 Sep 2022 14:39:44 GMT

GET
H2

200

generic Show response
match.adsrvr.org/track/cmf/ Frame 7CA0
Redirect Chain

https://ex.ingage.tech/v1/syncPage/unruly?userId=7c7a48ef-42dc-4131-96ee-e4e8fcaa1267&to=https%3A%2F%2Fsync.1rx.io%2Fusersync2%2Frmpssp%3Fsub%3Dinsticator
https://sync.1rx.io/usersync2/rmpssp?sub=insticator
https://sync.1rx.io/usersync2/rmpssp?sub=insticator&zcc=1&cb=1661956784898
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7139620707

70 B
264 B

32ms
32ms

Document
image/gif

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7139620707
Requested by: Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-length: 70
content-type: image/gif
date: Wed, 31 Aug 2022 14:39:44 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-type: text/html
date: Wed, 31 Aug 2022 14:39:44 GMT
etag: RXa4e3b825731e48c4b632d0a734b382a5003
expires: 0
location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7139620707
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
pragma: no-cache

GET
H/1.1 200
OK / Show response
sync.aralego.com/idSync/ Frame E07C 35 B
266 B 312ms
108ms Document
image/gif 162.210.196.208
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.aralego.com/idSync/?ucf_nid=par-BE7E7ADB8D34EE2BF7BBD2899BB62A77&gdpr=0&redirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fucfunnel%2F7c7a48ef-42dc-4131-96ee-e4e8fcaa1267%3Fuid%3DUCFUID
Requested by: Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 162.210.196.208 Washington, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

connection: close
content-length: 35
content-type: image/gif
date: Wed, 31 Aug 2022 14:39:44 GMT

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 08C6 281 B
554 B 8ms
7ms Document
text/html 23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 31 Aug 2022 14:39:44 GMT
ETag: "40014-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame B99D 52 KB
17 KB 8ms
8ms Document
text/html 23.35.236.188
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.188 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-188.deploy.static.akamaitechnologies.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Wed, 31 Aug 2022 14:39:44 GMT
ETag: "623de86a-cf34"
Expires: Thu, 01 Sep 2022 14:39:46 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Unused62: 8096267
Vary: Accept-Encoding

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame 30A9 0
0 19ms
19ms Document
text/plain 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13406715
Requested by: Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
date: Wed, 31 Aug 2022 14:39:44 GMT
expires: Fri, 20 Mar 2009 00:00:00 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
pod: X-Sovrn-Pod: ad_ap7ams1
pragma: no-cache

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame 783B 0
0 110ms
110ms Document
text/plain 67.202.105.21
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=atx4xsU7Or6R0PaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Requested by: Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.21 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip21.67-202-105.static.steadfastdns.net
Software: 33XP005 /
Resource Hash

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

date: Wed, 31 Aug 2022 14:39:44 GMT
server: 33XP005
x-33x-status: 2000208

GET
H3

204

7c7a48ef-42dc-4131-96ee-e4e8fcaa1267
ex.ingage.tech/v1/sync/betweenx/ Frame 605F
Redirect Chain

https://ads.betweendigital.com/match?bidder_id=43907&gdpr=0&callback_url=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fbetweenx%2F7c7a48ef-42dc-4131-96ee-e4e8fcaa1267%3Fuid%3D%24%7BUSER_ID%7D
https://ads.betweendigital.com/match?bidder_id=43907&gdpr=0&callback_url=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fbetweenx%2F7c7a48ef-42dc-4131-96ee-e4e8fcaa1267%3Fuid%3D%24%7BUSER_ID%7D&crf=1
https://ex.ingage.tech/v1/sync/betweenx/7c7a48ef-42dc-4131-96ee-e4e8fcaa1267?uid=268f28e9-68d7-52f3-ab1a-68dfc8151a6f

0
0

119ms
119ms

Document
text/plain

2606:4700:3036::ac43:c951
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ex.ingage.tech/v1/sync/betweenx/7c7a48ef-42dc-4131-96ee-e4e8fcaa1267?uid=268f28e9-68d7-52f3-ab1a-68dfc8151a6f
Requested by: Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:c951 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, max-age=1296000
cf-cache-status: DYNAMIC
cf-ray: 74368470fe7390a8-FRA
date: Wed, 31 Aug 2022 14:39:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eBLwreQDizSmZ73IENkWGvuf9zTEMbC8ltrz2SwQnaWHohcj%2BsXBgi5SHBrePrkuWYtACsMLJyDv%2FRKzjP8PpRmbk8RI94zqY8qdTZIcGKAc6VluHBiGCNYqe8JYDzw17BhKjiOfo%2BdjVb2Q8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin

Redirect headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
location: https://ex.ingage.tech/v1/sync/betweenx/7c7a48ef-42dc-4131-96ee-e4e8fcaa1267?uid=268f28e9-68d7-52f3-ab1a-68dfc8151a6f

GET
H2

200

usermatch Show response
r.casalemedia.com/ Frame 0C52
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2F7c7a48ef-42dc-4131-96ee-e4e8fcaa1267%3Fuid%3D
https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2F7c7a48ef-42dc-4131-96ee-e4e8fcaa1267%3Fuid%3D&s=192379&C=1

2 KB
2 KB

89ms
48ms

Document
text/html

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2F7c7a48ef-42dc-4131-96ee-e4e8fcaa1267%3Fuid%3D&s=192379&C=1
Requested by: Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d62f2af42e91a8599999281db4a9261b015f318da6263c88682f8c976dbfaf4e

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 743684717dc0693a-FRA
content-encoding: br
content-type: text/html
date: Wed, 31 Aug 2022 14:39:44 GMT
dropped-udsids: 230|39|45|241|24|31|195|88
expires: 0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9yJXpAHqxGv8ybNXHGg8kjIcZn%2BY%2FEZ16OljCDnhqICvX9PaUovcnHy1hwaXXu4Rjb0Wou3ldj5%2F91Um38mnSkGlk9RdxoQ6IfiZcaHUDp51zd8dpM6UWV0g9zXJFnTWjQ4B"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Is-Traffic-Usersync, Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 74368470ff506987-FRA
content-type: text/html; charset=iso-8859-1
date: Wed, 31 Aug 2022 14:39:44 GMT
expires: 0
location: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2F7c7a48ef-42dc-4131-96ee-e4e8fcaa1267%3Fuid%3D&s=192379&C=1
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9we%2BCYk%2BIvgf%2BMH3TZM7zuipG2k23hKNnsW5mMr7%2BpoxXvYFk%2FrD3kBl%2FXSAYlm6Otvm5x65I1M4AiXI3vEzoVoX71DDsLPAfzdWZhDPvRMtgfSuyw8wM8finX2%2Bdb7fHlXB8OSfrK6ocA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame E434 15 KB
6 KB 7ms
7ms Document
text/html 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=95054&userIdMacro=PM_UID&gdpr=0&predirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fpubmatic%2F7c7a48ef-42dc-4131-96ee-e4e8fcaa1267%3Fuid%3DPM_UID
Requested by: Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=37854
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Wed, 31 Aug 2022 14:39:44 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Thu, 01 Sep 2022 01:10:38 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

GET
H3 200 rubicon Show response
ex.ingage.tech/v1/syncPage/ Frame C84F 951 B
866 B 108ms
107ms Document
text/html 2606:4700:3036::ac43:c951
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ex.ingage.tech/v1/syncPage/rubicon?userId=7c7a48ef-42dc-4131-96ee-e4e8fcaa1267&to=https%3A%2F%2Fsecure-assets.rubiconproject.com%2Futils%2Fxapi%2Fmulti-sync.html%3Fendpoint%3Dus-east%26p%3Dinsticator
Requested by: Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:c951 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d048d1ba1fb1f78e38c3e0cc432db86fb8138d98d4b61242b1b7951f62208b1

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 74368470ae1590a8-FRA
content-encoding: br
content-type: text/html
date: Wed, 31 Aug 2022 14:39:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IaN671jUSBxsiG9qlmTPTdDiO3SxBpiQEDveVAiNm3GKyTSUcuz3SuUZ%2FneGOLzfcJovP9nfpRwir2S3ou3lrNXFJk0eEAYhOO6McXzrPz1YLJiCQOAeF9RGPayKrnLlaYzQNUMtYmV6wlLBVg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin

GET
H3 200 pd Show response
u.openx.net/w/1.0/ Frame 9276 0
35 B 21ms
20ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/f9918f7e-cf87-41a8-8cb0-dc1814248f26.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://themorningtribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Wed, 31 Aug 2022 14:39:44 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 08C6 31 KB
10 KB 7ms
7ms Script
text/html 23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: c65209840749be7df4eb7f2c6d291d39d51594aa86afaf30e550d2cb2b3d1368

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 14:39:44 GMT
Content-Encoding: gzip
Last-Modified: Wed, 24 Aug 2022 20:46:19 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=43008
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9378
Expires: Thu, 01 Sep 2022 02:36:32 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame B99D 0
747 B 8ms
8ms Script
text/html 37.252.173.27
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 31 Aug 2022 14:39:44 GMT
X-Proxy-Origin: 185.213.155.168; 185.213.155.168; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 35f07726-7fc2-4d6d-9fd1-e596ff8b7423
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame C84F
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?endpoint=us-east&p=insticator
https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator

281 B
554 B

7ms
7ms

Document
text/html

23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
Requested by: Host: ex.ingage.tech
URL: https://ex.ingage.tech/v1/syncPage/rubicon?userId=7c7a48ef-42dc-4131-96ee-e4e8fcaa1267&to=https%3A%2F%2Fsecure-assets.rubiconproject.com%2Futils%2Fxapi%2Fmulti-sync.html%3Fendpoint%3Dus-east%26p%3Dinsticator
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://ex.ingage.tech/v1/syncPage/rubicon?userId=7c7a48ef-42dc-4131-96ee-e4e8fcaa1267&to=https%3A%2F%2Fsecure-assets.rubiconproject.com%2Futils%2Fxapi%2Fmulti-sync.html%3Fendpoint%3Dus-east%26p%3Dinsticator
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 31 Aug 2022 14:39:44 GMT
ETag: "40014-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Wed, 31 Aug 2022 14:39:44 GMT
location: https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
server: AkamaiGHost

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame C84F 31 KB
10 KB 9ms
8ms Script
text/html 23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: c65209840749be7df4eb7f2c6d291d39d51594aa86afaf30e550d2cb2b3d1368

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 14:39:44 GMT
Content-Encoding: gzip
Last-Modified: Wed, 24 Aug 2022 20:46:19 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=43008
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9378
Expires: Thu, 01 Sep 2022 02:36:32 GMT

GET
H/1.1 204
No Content sync.php
pixel-us-east.rubiconproject.com/exchange/ Frame C84F 0
239 B 507ms
94ms Image
image/gif 69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=insticator&khaos=L7HQ5NM3-1U-I9GN
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: e1bddfc34a927e97bda010c0d8a62b62
Content-Type: image/gif

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 0C52 170 B
188 B 40ms
40ms Image
image/png 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Yw9ysB01WjRbYigf2qycNwAABIMAAAAB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2F7c7a48ef-42dc-4131-96ee-e4e8fcaa1267%3Fuid%3D&s=192379&C=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 14:39:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 0C52 70 B
264 B 32ms
30ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2F7c7a48ef-42dc-4131-96ee-e4e8fcaa1267%3Fuid%3D&s=192379&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 14:39:44 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame 0C52
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=Yw9ysB01WjRbYigf2qycNwAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEPz5v2QeJ-y07ZgYhMoINrw&google_cver=1&gdpr=1

43 B
841 B

176ms
55ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEPz5v2QeJ-y07ZgYhMoINrw&google_cver=1&gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2F7c7a48ef-42dc-4131-96ee-e4e8fcaa1267%3Fuid%3D&s=192379&C=1
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

cf-ray: 74368473cd439bcb-FRA
pragma: no-cache
date: Wed, 31 Aug 2022 14:39:45 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F41b17r51eRLDFjikq%2FshiwbA8iY21wAO8e8SpVUN5kSVjDuD8%2BQwzlz4ccpwwM42EnG21FK5vLGmZEqeJN2cDBsNn5OPCj2xje2d1inhjK5cqqG32CGtN7oG9TDgOcj%2FPFwIy7bqFo5vA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 31 Aug 2022 14:39:45 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEPz5v2QeJ-y07ZgYhMoINrw&google_cver=1&gdpr=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 325
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 0C52
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yw9ysB01WjRbYigf2qycNwAABIMAAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yw9ysB01WjRbYigf2qycNwAABIMAAAAB&dcc=t

43 B
645 B

105ms
104ms

Image
image/gif

209.54.182.161
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yw9ysB01WjRbYigf2qycNwAABIMAAAAB&dcc=t

Requested by

Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2F7c7a48ef-42dc-4131-96ee-e4e8fcaa1267%3Fuid%3D&s=192379&C=1

Protocol

HTTP/1.1

Server

209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 31 Aug 2022 14:39:45 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: EY30WGTSTCQNKWJVFD9F
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 31 Aug 2022 14:39:44 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: KZ2JJD99ZKWKDE4SPBEG
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=Yw9ysB01WjRbYigf2qycNwAABIMAAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 0C52
Redirect Chain

https://csync.loopme.me/?redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D24%26external_user_id%3D%7Bviewer_token%7D&us_privacy=&gdpr=1&gdpr_consent=
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=47164669-87aa-4ce8-8bd7-ae18ce5bdd45&us_privacy=null&gdpr_consent=null&gdpr=1

43 B
532 B

43ms
42ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=47164669-87aa-4ce8-8bd7-ae18ce5bdd45&us_privacy=null&gdpr_consent=null&gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2F7c7a48ef-42dc-4131-96ee-e4e8fcaa1267%3Fuid%3D&s=192379&C=1
Protocol: H2
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 31 Aug 2022 14:39:45 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LTjFZaJu8M1lg%2FFTeptW%2FEO2e9X2MFSF07SKnveBFqT57DdXaZmOS1SVSpGQbHQg%2BK%2FL3jdUPjHtSgwlgqgQGijjp367idOtqyQ28bgwPHcZt8kuyKZvvNMKE2AuPaPvlFsqJGXNol8wVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache
cf-ray: 74368472597c929f-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=47164669-87aa-4ce8-8bd7-ae18ce5bdd45&us_privacy=null&gdpr_consent=null&gdpr=1
date: Wed, 31 Aug 2022 14:39:44 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 743684721b479be8-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0

GET
H/1.1

200
OK

noop
px.owneriq.net/ Frame 0C52
Redirect Chain

https://px.owneriq.net/eucm/p/cc?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D31%26external_user_id%3D(OIQ_UUID)
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdsum-sec.casalemedia.com%2fcrum%3fcm_dsp_id%3d31%26external_user_id%3dQ7152431841213752021&uid=Q7152431841213752021&ref=%2Feucm%2Fp%2Fcc
https://px.owneriq.net/noop?ct=image%2Fgif

0
287 B

9ms
9ms

Image
image/gif

23.75.246.168
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.owneriq.net/noop?ct=image%2Fgif
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2F7c7a48ef-42dc-4131-96ee-e4e8fcaa1267%3Fuid%3D&s=192379&C=1
Protocol: HTTP/1.1
Server: 23.75.246.168 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-75-246-168.deploy.static.akamaitechnologies.com
Software: Apache/2.4.6 (CentOS) / PHP/7.3.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Wed, 31 Aug 2022 14:39:45 GMT
Server: Apache/2.4.6 (CentOS)
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-Powered-By: PHP/7.3.33
Content-Length: 0
Content-Type: image/gif

Redirect headers

Location: https://px.owneriq.net/noop?ct=image%2Fgif
Date: Wed, 31 Aug 2022 14:39:44 GMT
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame 0C52
Redirect Chain

https://nep.advangelists.com/xp/user-sync?acctid=405&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D195%26external_user_id%3D%7BPARTNER_VISITOR_ID%7D%0A
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-c94f66a0-7caa-43ef-b257-1ba867af8fef

43 B
847 B

35ms
34ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-c94f66a0-7caa-43ef-b257-1ba867af8fef
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2F7c7a48ef-42dc-4131-96ee-e4e8fcaa1267%3Fuid%3D&s=192379&C=1
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

cf-ray: 743684746e779bcb-FRA
pragma: no-cache
date: Wed, 31 Aug 2022 14:39:45 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O8hjgh02o%2Bw1FLcT%2BKA4MLXKpe%2FpiOyL%2Fx9RRJod3vB2wq2XJh2fA1Q%2F4fcrpN2Kos15l0xJgbjB8mufb7zXUl4z8jwHFCObsxYU%2BkzdnttYvvL%2BrXy9bb9ZAj90ciTKVMp0dLoCUpdcKA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-c94f66a0-7caa-43ef-b257-1ba867af8fef
date: Wed, 31 Aug 2022 14:39:45 GMT
server: Apache-Coyote/1.1
content-length: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 0C52
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1
https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1&_test=Yw9ysQAKfCg5zwAK
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yw9ysQAKfCg5zwAK&gdpr=1&_test=Yw9ysQAKfCg5zwAK

43 B
881 B

125ms
51ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yw9ysQAKfCg5zwAK&gdpr=1&_test=Yw9ysQAKfCg5zwAK
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2F7c7a48ef-42dc-4131-96ee-e4e8fcaa1267%3Fuid%3D&s=192379&C=1
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

cf-ray: 74368473cd409bcb-FRA
pragma: no-cache
date: Wed, 31 Aug 2022 14:39:45 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vu%2Fr7oZZ7PECxQBykDHQ7l7cnv4GeIGIYK64G1xEJ9L5ThQA2kB0zufHE8DGVrjjZPHYmiTKHO1PPgSK%2FG%2BJJUoOiMGNa3dRV8R2kjKH0fjwZ0WtM1aido%2BOPi9MI6x3TtvfZhi3TVS8zA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 31 Aug 2022 14:39:45 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1661956785.165648,VS0,VE0
x-served-by: cache-hhn4076-HHN
x-cache: HIT
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yw9ysQAKfCg5zwAK&gdpr=1&_test=Yw9ysQAKfCg5zwAK
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H3 204 7c7a48ef-42dc-4131-96ee-e4e8fcaa1267
ex.ingage.tech/v1/sync/ix/ Frame 0C52 0
507 B 118ms
116ms Image
text/plain 2606:4700:3036::ac43:c951
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ex.ingage.tech/v1/sync/ix/7c7a48ef-42dc-4131-96ee-e4e8fcaa1267?uid=Yw9ysB01WjRbYigf2qycNwAABIMAAAAB
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2F7c7a48ef-42dc-4131-96ee-e4e8fcaa1267%3Fuid%3D&s=192379&C=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:c951 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 14:39:45 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MTdciSEXCPwf475a7%2BnjPPfKQiZjvnmFjEM69xIoGKUwQCSQrLKZ%2FGCeqqTQcsxcgy5Df8L5LGyAfrHa03%2F8%2Fdr%2B0YDWfPwmuP%2B6ulya3jawlQPsyV8kEVG%2BqRFU%2F6FuJrPp39YVcTqljTIf%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: private, max-age=604800
access-control-allow-credentials: true
cf-ray: 74368471ef5390a8-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame B99D 0
747 B 14ms
14ms Script
text/html 37.252.173.27
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 31 Aug 2022 14:39:45 GMT
X-Proxy-Origin: 185.213.155.168; 185.213.155.168; 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: e95c05af-dc9e-47a8-9440-da296343259f
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 track Show response
track1.aniview.com/ 0
94 B 297ms
99ms XHR
text/plain 52.0.187.152
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://track1.aniview.com/track?d=Chrome&cou=DE&cos=Windows&r=themorningtribune.com&rs=themorningtribune.com&sid=30375&t=1661956781&cip=185.213.155.168&sn=&tgt=0&osv=10&bv=105.0&brn=Chrome&wi=640&he=361&app=&AV_PUBLISHERID=5d8ccec528a0617cae5a0755&test=&aafaid=&proto=https&uid=1661956781852-998052144916-006105-003-006292&cha=0.7&stagid=62ea643a05e77f1a0c00c9b4&stplid=62ea5e3167828879e326ddc8&d35=&d36=6.2.52&cb=18597780075&d39=&d65=&apppkg=&d9=1000&d37=realtime&AV_WIDTH=640&AV_HEIGHT=361
Requested by: Host: player.aniview.com
URL: https://player.aniview.com/script/6.1/AVmanager.js?v=1.0&type=s&pid=5d8ccec528a0617cae5a0755
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.0.187.152 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-0-187-152.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://themorningtribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 31 Aug 2022 14:39:46 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: api.rlcdn.com
URL: https://api.rlcdn.com/api/identity/envelope?pid=88

Verdicts & Comments Add Verdict or Comment

91 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

65 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
xpshort.com/	1969-12-31 23:59:59	Name: AppSession Value: c918fb1f2ddeecdc3ab1bea88ab8ce73
xpshort.com/	1970-01-20 05:39:17	Name: refhttps12344 Value: ODdiMzBjY2RjMDU3Nzk5MjQxNzIxY2U4MWM3Y2VmZDhjYjQ0YTQ1YjhkYWM2MmU3NmQxNjIyZGMxMzhjNDVkZOeo2929Kzg5e%2FlVEYC9wKvDvSNyo67%2FejeVLb9qsuqU
themorningtribune.com/	1969-12-31 23:59:59	Name: cap_y Value: 10
themorningtribune.com/	1970-01-20 05:39:17	Name: JSON_fetch Value: https12344
.google.com/	1970-01-20 15:09:03	Name: __Secure-ENID Value: 6.SE=V7BB-50mCPPcWrkpJEreUpXMb-aAKl-rXvNxySseagR4cGiiqTTE5FxeyC3YiUr0deueVDJlh70c54sbb4Jp9LBJX6JIWFd1aTctvIzMt7L0CdWCWE4aDWzqAQ7c-ET1xXds4E6T0DZ3BV2f02ZS3dFtQMyPV6C1rXIhQnUIvrM
.google.com/	1970-01-20 15:15:16	Name: CONSENT Value: PENDING+451
.themorningtribune.com/	1970-01-20 05:39:18	Name: InstiSession Value: eyJpZCI6Ijk2YWJhY2Y0LTI0NTktNDZmNS05NTZjLTkwOTg2NjE2YzFjOSIsInJlZmVycmVyIjoid3d3Lmdvb2dsZS5jb20iLCJjYW1wYWlnbiI6eyJzb3VyY2UiOm51bGwsIm1lZGl1bSI6bnVsbCwiY2FtcGFpZ24iOm51bGwsInRlcm0iOm51bGwsImNvbnRlbnQiOm51bGx9fQ==
themorningtribune.com/	1970-01-20 06:22:28	Name: _pbjs_userid_consent_data Value: 3524755945110770
themorningtribune.com/	1969-12-31 23:59:59	Name: hb_insticator_uid Value: 7c7a48ef-42dc-4131-96ee-e4e8fcaa1267
.prebid.a-mo.net/	1970-01-20 14:24:52	Name: __amc Value: 1_1661956781_1661956781
themorningtribune.com/	1969-12-31 23:59:59	Name: aasd Value: 1%7C1661956781363
.themorningtribune.com/	1970-01-20 15:15:16	Name: _ga_1WV9GB5460 Value: GS1.1.1661956781.1.0.1661956781.0.0.0
.rubiconproject.com/	1970-01-20 14:24:52	Name: khaos Value: L7HQ5NM3-1U-I9GN
.rubiconproject.com/	1970-01-20 14:24:52	Name: audit Value: 1\|naVuGyos1qpNvlYNemoNcz5APvdogVCbaTd6KyMQnavCRi4Lg8bJK9cnu0Mg79AkBab9xyG2X/dg/n2RdwQtHiI+cGIyUGm/MfhabQi3+kqAroY7gk7/cg==
.adnxs.com/	1970-01-20 07:48:52	Name: uuid2 Value: 2071190690897870988
themorningtribune.com/	1969-12-31 23:59:59	Name: __aaxsc Value: 2
themorningtribune.com/	1970-01-20 05:40:43	Name: visitorGeo Value: DE
themorningtribune.com/	1970-01-20 05:40:43	Name: visitorCity Value: Frankfurt am Main
themorningtribune.com/	1970-01-20 05:40:43	Name: visitorIP Value: 185.213.155.168
.themorningtribune.com/	1970-01-20 15:15:16	Name: _ga Value: GA1.2.1582523878.1661956781
.themorningtribune.com/	1970-01-20 05:40:43	Name: _gid Value: GA1.2.1717711695.1661956782
.themorningtribune.com/	1970-01-20 05:39:16	Name: _gat_gtag_UA_135892861_1 Value: 1
.360yield.com/	1970-01-20 07:48:52	Name: tuuid Value: 984d0369-2afa-4669-a200-a86267db506a
.360yield.com/	1970-01-20 07:48:52	Name: tuuid_lu Value: 1661956782
.themorningtribune.com/	1970-01-20 09:58:28	Name: _pubcid Value: abff911b-9953-4dd7-8bff-78c4f2b1c89e
themorningtribune.com/	1969-12-31 23:59:59	Name: ucf_uid Value: 83eaf626-e606-435e-8493-1e8741a0edaf
.adnxs.com/	1970-01-20 07:48:52	Name: icu Value: ChgIr-x4EAoYASABKAEwruW9mAY4AUABSAEKGQjck4QBEAoYASABKAEwreW9mAY4AUABSAEQruW9mAYYAQ..
bh.contextweb.com/	1969-12-31 23:59:59	Name: INGRESSCOOKIE Value: 9bfe55942548eb5c
.technoratimedia.com/	1970-01-20 15:15:16	Name: tads_uid Value: GDPR
.aniview.com/	1970-01-20 06:08:04	Name: aniC Value: 1661956781852-998052144916-006105-003-006292
.doubleclick.net/	1970-01-20 15:00:52	Name: IDE Value: AHWqTUl-nhT7CVSITDE9k7Dno1gie7pR6rnYs-UQfJ51oVHW7GceOVjGJoBaAhaezO8
.aaxads.com/	1970-01-20 14:24:52	Name: aax-vsid Value: 3049583828397609000V10
.doubleclick.net/	1970-01-20 05:39:17	Name: test_cookie Value: CheckForPermission
.amazon-adsystem.com/	1970-01-20 15:15:16	Name: ad-privacy Value: 0
.amazon-adsystem.com/	1970-01-20 10:45:59	Name: ad-id Value: A4TjcUbrs01FinFkxwQzMXM
.yahoo.com/	1970-01-20 14:25:14	Name: A3 Value: d=AQABBK9yD2MCEOh1K8bWy74YYsw5iKxmFtQFEgEBAQHEEGMZYwAAAAAA_eMAAA&S=AQAAAnIAJ7d18x4mvG3-Xcrljic
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 14:24:52	Name: bcookie Value: "v=2&753f48c6-4bca-4f93-83ae-e59f39bf95a9"
.linkedin.com/	1970-01-20 09:58:28	Name: li_gc Value: MTswOzE2NjE5NTY3ODM7MjswMjFnm/EZBV7CVSlPwYlajnAAZ0gUAz1cHpFovvxTQQIr4A==
.linkedin.com/	1970-01-20 05:40:43	Name: lidc Value: "b=VGST09:s=V:r=V:a=V:p=V:g=2369:u=1:x=1:i=1661956783:t=1662043183:v=2:sig=AQEuGL-dcfIkFEjZjEEI9WHoSVmmoxFc"
.aralego.com/	1970-01-20 14:24:52	Name: gdpr Value: 1
.aralego.com/	1970-01-20 14:24:52	Name: sspid Value: 70ec07df-70c7-3bed-9335-9093d49302b3
.themorningtribune.com/	1970-01-20 15:00:52	Name: __gads Value: ID=da784a8d218d70fb:T=1661956781:S=ALNI_MYKVOmW0xRKzIYfk_lbHCfjLdgSYg
themorningtribune.com/	1970-01-20 05:39:20	Name: _lr_retry_request Value: true
themorningtribune.com/	1970-01-20 06:22:28	Name: _lr_env_src_ats Value: false
themorningtribune.com/	1970-01-20 07:05:40	Name: pbjs-unifiedid Value: %7B%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222022-08-31T14%3A39%3A44%22%7D
.themorningtribune.com/	1969-12-31 23:59:59	Name: panoramaId_expiry Value: 1662043184232
.themorningtribune.com/	1970-01-20 15:00:52	Name: cto_bundle Value: lvFWvl9VUTlPcWF3TkJINXNsZ1U4NEVMVExla0hkb0hlSkZ6dWFDTUhSRkpiaDMzQUclMkJlR3pCbGdIS2praUNNOHVtWnRxUmxtZDNCRWRLUTl0TCUyRm8yR1c5OVhCMmg1VWl5b1ZMTFM4bTY2MXdiMjhRVkxWZjdNVmY0cHMxcEJQaSUyQjNFMg
.themorningtribune.com/	1970-01-20 15:00:52	Name: cto_bidid Value: csJ7fl8wS0xUQkhBUzNUZjQwRkxwdzZwR0ZzbmRqZ2tLRUV3dkJWNlh0V1psQ0IzTjJDWE5pN3pnSUV2VGlNck1XVHFOdiUyRktRVzdqamE4ZVBXUEg4VVRuRFJSSmJ5ZDh1NXk3cTgzMDBPYnlhVXprJTNE
.betweendigital.com/	1970-01-20 14:24:52	Name: dc Value: lux1
.betweendigital.com/	1970-01-20 14:24:52	Name: tuuid Value: 268f28e9-68d7-52f3-ab1a-68dfc8151a6f
.betweendigital.com/	1970-01-20 14:24:52	Name: ss Value: 1
.betweendigital.com/	1970-01-20 14:24:52	Name: ut Value: Yw9ysAAMBiDHpy8wFiTr_-oYI-lV-er7_pl1Sw==
.casalemedia.com/	1970-01-20 14:24:52	Name: CMID Value: Yw9ysB01WjRbYigf2qycNwAA
.casalemedia.com/	1970-01-20 07:48:52	Name: CMPS Value: 1188
ex.ingage.tech/	1969-12-31 23:59:59	Name: instUid Value: 7c7a48ef-42dc-4131-96ee-e4e8fcaa1267
.1rx.io/	1970-01-20 14:24:52	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-a4e3b825-731e-48c4-b632-d0a734b382a5-003%22%2C%22zdxidn%22%3A%222069.50%22%2C%22nxtrdr%22%3Afalse%7D
.casalemedia.com/	1970-01-20 07:48:52	Name: CMPRO Value: 1155
.casalemedia.com/	1970-01-20 05:40:43	Name: CMST Value: Yw9ysGMPcrAA
.casalemedia.com/	1970-01-20 14:24:52	Name: CMRUM3 Value: e6630f72b02760&1f630f72b005a00&f1630f72b005a0&c3630f72b005a00&27630f72b00b40&58630f72b005a0&18630f72b005a0&2d630f72b005a0
.owneriq.net/	1970-01-20 15:15:16	Name: si Value: Q7152431841213752021
.owneriq.net/	1970-01-20 05:53:40	Name: p2 Value: cc
.csync.loopme.me/	1970-01-20 07:50:19	Name: viewer_token Value: 47164669-87aa-4ce8-8bd7-ae18ce5bdd45
.everesttech.net/	1970-01-20 14:24:52	Name: everest_g_v2 Value: g_surferid~Yw9ysQAKfCg5zwAK
.casalemedia.com/	1970-01-20 07:48:52	Name: CMTS Value: 5151

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html(Line 11) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
javascript	error	URL: https://themorningtribune.com/ Message: Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=88' from origin 'https://themorningtribune.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://api.rlcdn.com/api/identity/envelope?pid=88 Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6f68fe6d90db4c9f407bfe7fddd5098b.safeframe.googlesyndication.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad.360yield.com
ads.betweendigital.com
ads.eu.criteo.com
ads.pubmatic.com
ads.yahoo.com
adservice.google.com
adservice.google.de
ap.lijit.com
api.rlcdn.com
auth.instiengage.com
bh.contextweb.com
c.aaxads.com
c21lg-d.media.net
cat.nl.eu.criteo.com
cdn.aralego.net
cm.g.doubleclick.net
confiant-integrations.global.ssl.fastly.net
csm.eu.criteo.net
csync.loopme.me
d2f0uviei09pxb.cloudfront.net
d2nr2jos5slco1.cloudfront.net
df80k0z3fi8zg.cloudfront.net
dsum-sec.casalemedia.com
embedproduction.s3.amazonaws.com
eua.instiengage.com
eus.rubiconproject.com
event.insticator.com
ex.ingage.tech
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
geoip.insticator.com
go1.aniview.com
gum.criteo.com
hb.aralego.com
hb.yellowblue.io
ib.adnxs.com
id.crwdcntrl.net
id5-sync.com
image6.pubmatic.com
insticator-d.openx.net
l3.aaxads.com
match.adsrvr.org
mug.criteo.com
nep.advangelists.com
pagead2.googlesyndication.com
pix.eu.criteo.net
pixel-us-east.rubiconproject.com
pixel.rubiconproject.com
player.aniview.com
player.avplayer.com
pr-bh.ybp.yahoo.com
prebid-server.rubiconproject.com
prebid.a-mo.net
prg.smartadserver.com
px.ads.linkedin.com
px.owneriq.net
r.casalemedia.com
region1.google-analytics.com
rtb.nl.eu.criteo.com
s.amazon-adsystem.com
s.w.org
s2s.aniview.com
secure-assets.rubiconproject.com
securepubads.g.doubleclick.net
ssc-cms.33across.com
ssc.33across.com
ssum-sec.casalemedia.com
static.criteo.net
sync-tm.everesttech.net
sync.1rx.io
sync.aniview.com
sync.aralego.com
sync.technoratimedia.com
techymozo.com
themorningtribune.com
token.rubiconproject.com
tpc.googlesyndication.com
track1.aniview.com
u.openx.net
ups.analytics.yahoo.com
video-ads.rubiconproject.com
www.aaxdetect.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
xpshort.com
api.rlcdn.com
104.18.18.126
104.18.19.126
132.226.63.138
139.162.27.15
141.95.98.64
142.250.185.194
147.75.85.234
151.101.194.49
151.101.65.194
162.210.196.208
178.250.0.139
178.250.2.146
178.250.2.148
178.250.2.150
18.213.182.17
185.64.190.78
188.42.191.196
192.0.77.48
198.148.27.139
2001:4860:4802:34::36
209.54.182.161
213.19.147.44
216.52.2.39
23.205.235.133
23.205.239.15
23.205.241.117
23.35.228.23
23.35.236.188
23.35.236.201
23.75.240.210
23.75.246.168
2600:9000:20eb:a600:1:4a30:d840:21
2600:9000:21f3:200:10:3422:3f00:21
2600:9000:21f3:600:9:78a:e540:93a1
2600:9000:21f3:d600:3:f434:dfc0:21
2602:803:c003:200::21
2606:4700:20::ac43:47fe
2606:4700:3035::ac43:b3cd
2606:4700:3036::ac43:c951
2606:4700:3037::6815:50b2
2606:4700::6813:ad6c
2620:1ec:22::14
2a00:1288:80:807::2
2a00:1450:4001:801::2003
2a00:1450:4001:808::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:811::2002
2a00:1450:4001:828::2003
2a00:1450:4001:829::2004
2a00:1450:4001:829::2008
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::200e
2a00:1450:4001:82f::2001
2a00:1450:4001:830::2002
2a00:1450:400a:800::200a
2a02:2638:1::2
2a02:2638:1::3
2a02:2638:1::4
2a02:2638::1c
2a02:26f0:3500:595::2c79
2a02:26f0:3500:c::5c7b:6837
2a05:d018:d29:3601:3da7:f1c9:3bff:e9e0
3.126.56.137
3.217.129.2
3.224.43.174
3.226.147.34
34.149.20.76
34.98.64.218
35.172.84.50
35.173.107.90
35.71.131.137
37.252.173.27
52.0.187.152
52.217.173.145
52.57.28.111
52.95.122.74
54.173.119.97
54.224.154.15
54.246.199.99
54.77.31.182
67.202.105.21
69.173.151.100
8.39.36.141
89.149.192.64
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
058bc5e95f1b17f0af263e284d3801d683cb0ab79cee4bd2d5265ba0e2d6b336
06676f7936fae35516e7dd5b6e6d92589db2a2cb0fbf7981765c17d6a35276f8
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e
09e8cc0396880f11921c995ffe2ae7a045381ba5bdd050aa3738bdfa9181f7c7
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
19224a7a57346c84e045ffa4d33ace67e09b9369b22f26c5521b3fe1f9623800
1acc33d91129adec432db09da6e1c2239c89e702c732cd5d8310d9e6f17fe0e0
1b26c04ff19851d0780ba6dbc37d4920b48f3eeb54963c9ea1667941e01bb7ed
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1f1c0e9e76f5baa28c2453d0d02b97d42e5f66283f0d3058a4ccc366e7f2411a
1f2cfcdf35174d9fd9f4ff017e8f5557af5cfccaffa742a03958b5fba518d4ad
218633ac11b7c897c3ba9c9b85d3a6a826cefc6c79398b6b80e135d565813534
24302eeb5b736bcc9f610299a37ac5dcf7e5b4c11591489fe9ad89f1533bd09b
24f3dba78c31c5d70638101d559216361f0a1b8e2ce168a784a57bafdc971f86
26f7097473a3de1ac810d4c2b1bb0c7efef050dd9f02347b10e10d6e9ac00dce
2e783d0696fef803e1b623b19af6d6d744872b31c70cdbecd7a42770822226fd
301a865a949445a5f99ef07d197940b6d5abd3c32bd1fb0f63e50ad3e746198e
30a31bd4c38a2400b0e4aeb83da4f028cca84568378d1deedc236406792f1baf
32dcb7b5d0e79583353a56225e4d8097e004103102d584e245d1b96547f9948d
36a65f58c51aeb98905d2508e11b2a5c6b5ce8f8eb5c3aca23d4f2f95b52c34a
3c94d07090acdd3c44fa5f23a2c957c961c7413129f068acecf17f1402102c4d
3d339d8964a7cbfedf6d7bede292d224a5fe885ee37ffc9ee1a9220851a1ee4e
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3d94a91612f816c172c583d17bb06e140969a22fae663e7b8cae7d18d55eb2c6
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
4163fd9c759dad994a7d4d0ea5d81b05cc763b7d2303e8967be6920fa30e5fc0
41c8460c9c718fb0e8c275b7baa9083f5477ec0919bab552ef952ecee74c567b
4271f184f952c541bd8e3ef1e0109de04443a448dd16796a1e0cb1fc7c233c53
4297c9dadadabea28c7c2f984393392c1a1fb7e5c1be5e63fe9569a878d8e4ee
4298e414cf31f98f6a599464c98e17dfd8681b3b89498e39a359975e62aa44e3
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27
440b5c51b81918a0e8d9cf4b5a53ce6abd807225a9e7d3591dc61ae8f71f3058
44c5d1c14f1685bd38adfe9a418c800339ea356687ba6e1da9514be0a7df9955
468fb6c5848226f0e15f6cc0f1bac25efeb51e95eed896438df4dcfc4b3f6646
4baa280c316f80216c7d9dcb64f308726f23cfe4fd4ada8d36aee7c3ea101108
4c4e1c74a6c0218405025700a7dc3b10552d48af27cd3510f7bf3f42f7f5c01a
4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fb80b7bf623f709e8773d63406d7d20cbb8dda584d2259f86b7cc94050923d1
51a3199e36112423d2c812e8374ebbdd14856a5bd5a963d60b3609321f224864
52e5363f331ef57a92dc23d84fdb3f950f7c25d67c1ad2d5192917bec045b9d5
556cdb3b9dab7b6e680c38b3009caf93878316fa03fb861643690547ac038ccd
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
57a18b6c18cc1cb382fc80abd6302ee9c092d472b15d257fd911d942e6def986
5968deed67db36c17098f115d0fd4318e4ef3616b6c3541da921599e64689040
597b2bd8fc45b24019c148f167966281673378bd2f1549b7fad6f16d41e53004
59d1d9cca32502b391dd729f4c9bc9e658e9830e5ce034cd484c93ca413afd45
59d87c38a370c0ed04aacc10693f99808e369be9aa6aef14bb8c6de7c7f01ad3
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5d048d1ba1fb1f78e38c3e0cc432db86fb8138d98d4b61242b1b7951f62208b1
5f431019dbc02c29358a84d7071317fa5c496bf3f934e5f0bcc65a3ae68a5620
6175537f00c5e772426c7fdd70b7b4f282b7003167509a7d7c54ca9aa653d271
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
67e02df6a77557209df8a645a492d5c45661453ad77e4469657d159a7648506b
6a46bb8d295f421b26a8562ae74a573d973d2a8c3b6083b9e2b35ee31bb24354
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b280b1f2dabf6729159c00c6d50709a44bca258a531aaf6bbd662ef5a00a000
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c2832f250818d6162065feb922d3f4263772faa1a1487c3247a00973a0368f3
6d6b4e3715b628457d40f2bf6e62b661d2bb36d85296d08a0bca4858dd617f7d
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658
737ecccfd5058eeb7a46e5ea9616822be78a60668342b22f2fcfae3130f7d8c1
74d59f64d6d9d876d731c78986819a45732517ea6fe8f7044b4381a7028c8cba
74e893eb5484ce3a070f85f8d68842428ff28763c59ce42e332c2e587f548f21
75accb62acfb84c7df1e0e2f1b9909e4ed8f15c6756cb9efa675cecae85da09e
775abdb779f3b1630a90bff18d05fd450499268c1088bdb804d586fd487b8905
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
7a7dcb207863b588dd58e49adb2dc0fca02fae2bd10571e7ccd087067ae09f12
7e2f92fc821a0c30f9586203f47ac6e64d4fed9e6ae42f84973272bcfbccdab5
82df16c2b9566862302bf45688a07667a9e658325d3fb54e5dcf9482306a39fa
86ed211288153a7341345e96ee534a8f19f125d2f068670c4a2dbdae7506beb0
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
96217f1d27fb909f92b4a6b35a0d3d6775f2f0b4d136d27aee88547d3ed87357
97a5a832fe62077aae129046a769c97dcecc31f935d64bff410148c98d988edd
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
9d68ceee21c0df35405890501baed037a1d0aaa6aef2caf6870ee76234380e6f
9ff07ed2c891ed887a0e9eb61461ca9c00277a27fd98d73e40d60b91b2eb86f0
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a288f6d8bed5da66244881b97b6355d945f6ca755c1fc09b750724745cceae03
a2de9cba2a361435724689ece2edf762d15ff0df98adffa5f96e331d2a006766
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a466e14b169930d0990451efcc0d03c0e9b17597f7f078df99347a78cc9c026e
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a69cecfa8fe80d32f2b04184919ae8201e75220c7300d0148148cafd8f155fd2
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7b9f24a8dec9b21915215bc54d458cd8ff7f0b501f17c2e32f2de8e0cd82f81
ac8991d315736b1e100b0125d51fac2f21f1d43b83b76398480dbeebac8004ab
ae3dffa9e5205045f5a4971a91fbae7b77e63bbf93c57f5b1cde25836c203e23
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2cd2f7bf7a1bad230ae7f5bfa622a2bfd51317257085eef222f94c4faeaedb4
b3458b5afab122bc8de34bbdfec77f16c1e369239c5d0b90b357a933443ad07d
b3d58bcf272258d6dde92e0123d8bd16f3caf1c4a025147c5964fe778e064e6a
b7b2df62536f84a85e2812da8b375b62724a66472b91144ddbacbeee52a6722f
bce1a928e7cf4b354a5ac8b1662adea12ebe6c7c460cb08e73e3c0850e1816ff
c0b254d45247904257710edeb9539334e694c9422fa5646615d4d5f669e884b1
c124233feba2f68492c94350fa6371c36f5fb95b652aa7e9d5a4e48b41ffed9d
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c47df50197bbea54bd1b45e57b47ec224ceaedd4d5b69b033654e996b947f3a4
c65209840749be7df4eb7f2c6d291d39d51594aa86afaf30e550d2cb2b3d1368
caf2650aa985d277b2dd131a6261888bc64e6c9bc15e5564bfb9b380bcf82a10
cdf46ca79829262520e3acbb1de71abbe886c7cdf82485c1c5bdf600a95af8bb
cf324da95d7fed8f5b7c1390901d7c8ec0c23d7bc05e2d5fcda9de484d5c2d06
d1d05642e23866a6d7fb1b165615355e7c01fffaf89c61e9c14c0beecb96ae23
d5486bd604ac6d924dd969a196ef9b9439b6d0e274befcf8dd4f1375fca99541
d62f2af42e91a8599999281db4a9261b015f318da6263c88682f8c976dbfaf4e
d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51
d7bb3c50cc5b07cea81e62a53039ec4aa49cd718058cbf799eef27bbdb5b958c
de45dbc6617a7dcf2e26880fedd67939142882a1729c43d166c0c66a4cb7d9ab
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4446065ebfb65a302d17b88e2c7ed326d8402769eab0843833dea049a65c992
e452e427426a73874dc18f54731b508406883dd902393dc5e393625ab22fd574
e4fb3257e76f2bf8f814f02f1d4ddf97a627b44f811ccce5eed4a81282080df2
e71c82a822557134a21db65490eb51efbf933eaa9e42655912fd2527ebeb8828
e92301483f59a4dfbf8227bc559b3b3cdf3816516dafae4b808a4c9236688d5a
e97b9a3507465f95823d6d4c08dc0303a90a40b5f80f5a2f9b292e82e965f84f
eaa3d12c6890efadb732d28d679f37a9d9f513ac686e7de453e82000612a7536
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ec93c7ca896b5021842e5cdd33a9c0e7c0d9c374328601e6a9b90b153fe5a256
ee9a49aae5d1fc7602361ae5c6d69fc8eb128d007b4dee67d42ce19bbf2c87e0
f534b7b1961a07619a8e1466ee3ac41144e416a276b521ba453ed7b5416ca53e
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f5ac6348585afe084ad84bb4b456717fd946101219e1f3c16f266745dc80b0d4
f5d65b09dad411d0e8fa57d22febceecb1e85c05e35c0c3912e5df269cc92e6d
f63e08b18115b72e6d2cbe9db5f7527d2731545d38beae54317e10cfe0f58fc6
f83dccda0f23005e073046554fcb6f70e6cc5c6d5a31482d8cbf00c3cae72a69
fbfd3438e10ab28f28f2e1a1fb2ab3bfa431336af08a72f597c0d4d73bfb046e

themorningtribune.com Open in urlscan Pro 2606:4700:3035::ac43:b3cd Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

212 Requests

92 %HTTPS

38 %IPv6

54 Domains

92 Subdomains

73 IPs

10 Countries

2371 kBTransfer

10863 kBSize

65 Cookies

4 Outgoing links

Page URL History

Redirected requests

212 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 14 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

themorningtribune.com Open in urlscan Pro
2606:4700:3035::ac43:b3cd Public Scan

Screenshot
Live screenshot

Full Image

212
Requests

92 %
HTTPS

38 %
IPv6

54
Domains

92
Subdomains

73
IPs

10
Countries

2371 kB
Transfer

10863 kB
Size

65
Cookies

212 HTTP transactions
14 data transactions