www.spokesman.com Open in urlscan Pro
2600:9000:223c:fa00:0:b5fb:e6c0:93a1 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.pyplusersafe.com/
Effective URL:
https://www.spokesman.com/
Submission: On October 05 via automatic, source certstream-suspicious (October 5th 2022, 5:26:51 pm UTC) — Scanned from DE

Summary HTTP 207 Redirects Links 31 Behaviour Indicators

Summary

This website contacted 50 IPs in 8 countries across 36 domains to perform 207 HTTP transactions. The main IP is 2600:9000:223c:fa00:0:b5fb:e6c0:93a1, located in United States and belongs to AMAZON-02, US. The main domain is www.spokesman.com. The Cisco Umbrella rank of the primary domain is 285193.
TLS certificate: Issued by Amazon on July 20th 2022. Valid for: a year.

This is the only time www.spokesman.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	199.188.205.64 199.188.205.64	22612 (NAMECHEAP...) (NAMECHEAP-NET)
1 1	2600:9000:225... 2600:9000:2250:4a00:13:3ce1:5800:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:223... 2600:9000:223c:fa00:0:b5fb:e6c0:93a1	16509 (AMAZON-02) (AMAZON-02)
5	2600:9000:223... 2600:9000:223e:7600:2:4597:5e80:93a1	16509 (AMAZON-02) (AMAZON-02)
8	2600:9000:223... 2600:9000:223e:ae00:1e:dc88:cb00:93a1	16509 (AMAZON-02) (AMAZON-02)
2	54.218.91.113 54.218.91.113	16509 (AMAZON-02) (AMAZON-02)
9	2a00:1450:400... 2a00:1450:400d:807::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
4	2600:9000:225... 2600:9000:2250:9400:18:730a:3f00:93a1	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
1 2	107.178.250.234 107.178.250.234	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
8	3.219.38.131 3.219.38.131	14618 (AMAZON-AES) (AMAZON-AES)
7	2a00:1450:400... 2a00:1450:400d:80a::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
9	2606:2800:233... 2606:2800:233:1cb7:261b:1f9c:2074:3c	15133 (EDGECAST) (EDGECAST)
1	2a00:1450:400... 2a00:1450:400d:80e::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:400d:807::2001	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:a00... 2a04:4e42:a00::282	54113 (FASTLY) (FASTLY)
25	2a00:1450:400... 2a00:1450:400d:806::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:400d:80c::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:400d:80a::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2	2606:2800:133... 2606:2800:133:206e:1315:22a5:2006:24fd	15133 (EDGECAST) (EDGECAST)
12 16	142.251.39.66 142.251.39.66	15169 (GOOGLE) (GOOGLE)
11 19	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
8 12	185.89.210.46 185.89.210.46	29990 (ASN-APPNEX) (ASN-APPNEX)
10	138.201.63.117 138.201.63.117	24940 (HETZNER-AS) (HETZNER-AS)
1	104.26.5.15 104.26.5.15	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 4	144.76.91.199 144.76.91.199	24940 (HETZNER-AS) (HETZNER-AS)
1 4	88.99.165.19 88.99.165.19	24940 (HETZNER-AS) (HETZNER-AS)
1 4	94.130.102.164 94.130.102.164	24940 (HETZNER-AS) (HETZNER-AS)
1 4	138.201.63.149 138.201.63.149	24940 (HETZNER-AS) (HETZNER-AS)
2 6	92.123.17.141 92.123.17.141	16625 (AKAMAI-AS) (AKAMAI-AS)
4 8	172.217.18.6 172.217.18.6	15169 (GOOGLE) (GOOGLE)
1	54.231.133.137 54.231.133.137	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
2 2	95.101.23.184 95.101.23.184	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	52.222.139.41 52.222.139.41	16509 (AMAZON-02) (AMAZON-02)
1 2	2a01:4f8:d0a:... 2a01:4f8:d0a:2321::2	24940 (HETZNER-AS) (HETZNER-AS)
1	49.12.22.42 49.12.22.42	24940 (HETZNER-AS) (HETZNER-AS)
1	2a0b:4d07:102::1 2a0b:4d07:102::1	44239 (PROINITY ...) (PROINITY PROINITY)
1	3.11.195.34 3.11.195.34	16509 (AMAZON-02) (AMAZON-02)
1	85.14.248.91 85.14.248.91	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	18.66.147.98 18.66.147.98	16509 (AMAZON-02) (AMAZON-02)
1	18.66.147.44 18.66.147.44	16509 (AMAZON-02) (AMAZON-02)
2	18.135.86.50 18.135.86.50	() ()
207	50

1 199.188.205.64 (United States) 1 redirects

ASN22612 (NAMECHEAP-NET, US)
PTR: host71.registrar-servers.com

www.pyplusersafe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:4a00:13:3ce1:5800:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

spokesman.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:fa00:0:b5fb:e6c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

www.spokesman.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:223e:7600:2:4597:5e80:93a1 (United States)

ASN16509 (AMAZON-02, US)

thumb.spokesman.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:9000:223e:ae00:1e:dc88:cb00:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.spokesman.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.218.91.113 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-218-91-113.us-west-2.compute.amazonaws.com

h.cloudengage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:400d:807::2002 (Ireland)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2250:9400:18:730a:3f00:93a1 (United States)

ASN16509 (AMAZON-02, US)

media.spokesman.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.178.250.234 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 234.250.178.107.bc.googleusercontent.com

js.matheranalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 3.219.38.131 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-219-38-131.compute-1.amazonaws.com

www.i.matheranalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:400d:80a::2004 (Ireland)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:2800:233:1cb7:261b:1f9c:2074:3c (United States)

ASN15133 (EDGECAST, US)

loader-cdn.azureedge.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.sbgsodufuosmmvsdf.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fp-cdn.azureedge.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
g2insights-cdn.azureedge.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.ayc0zsm69431gfebd.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.czx5eyk0exbhwp43ya.biz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:80e::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:400d:807::2001 (Ireland)

ASN15169 (GOOGLE, US)

f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:a00::282 (United States)

ASN54113 (FASTLY, US)

polyfill.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:400d:806::2001 (Ireland)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:400d:80c::2002 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:400d:80a::2001 (Ireland)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:133:206e:1315:22a5:2006:24fd (United States)

ASN15133 (EDGECAST, US)

az416426.vo.msecnd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 142.251.39.66 (United States) 12 redirects

ASN15169 (GOOGLE, US)
PTR: bud02s39-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 185.80.39.216 (Canada) 11 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 185.89.210.46 (Frankfurt am Main, Germany) 8 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 138.201.63.117 (Nagold, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.117.63.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.5.15 (United States)

ASN13335 (CLOUDFLARENET, US)

api-mg2.db-ip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 144.76.91.199 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.199.91.76.144.clients.your-server.de

hal900018.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 88.99.165.19 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.19.165.99.88.clients.your-server.de

hal900028.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 94.130.102.164 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.164.102.130.94.clients.your-server.de

hal900012.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.63.149 (Nagold, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.149.63.201.138.clients.your-server.de

hal90009.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 92.123.17.141 (Vienna, Austria) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-17-141.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 172.217.18.6 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f6.1e100.net

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
8019191.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.231.133.137 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

paywall-ad-bucket.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.101.23.184 (Vienna, Austria) 2 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-101-23-184.deploy.static.akamaitechnologies.com

ui2.awin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.222.139.41 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-139-41.ams50.r.cloudfront.net

a1.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a01:4f8:d0a:2321::2 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)

cdn.retailads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 49.12.22.42 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: lb-3.futalis.de

futalis.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0b:4d07:102::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.11.195.34 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-11-195-34.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.14.248.91 (Kamp-Lintfort, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.147.98 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-98.fra60.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.147.44 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-44.fra60.r.cloudfront.net

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.135.86.50 (None, )

ASN- ()

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	googlesyndication.com f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 170 pagead2.googlesyndication.com — Cisco Umbrella Rank: 131	573 KB
43	doubleclick.net 16 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 215 stats.g.doubleclick.net — Cisco Umbrella Rank: 171 googleads.g.doubleclick.net — Cisco Umbrella Rank: 68 cm.g.doubleclick.net — Cisco Umbrella Rank: 304 5994599.fls.doubleclick.net — Cisco Umbrella Rank: 64431 8019191.fls.doubleclick.net — Cisco Umbrella Rank: 347441	258 KB
26	redintelligence.net 4 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 34122 hal900018.redintelligence.net — Cisco Umbrella Rank: 251137 hal900028.redintelligence.net — Cisco Umbrella Rank: 266346 hal900012.redintelligence.net — Cisco Umbrella Rank: 259853 hal90009.redintelligence.net — Cisco Umbrella Rank: 340268	140 KB
19	casalemedia.com 11 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 908	15 KB
19	spokesman.com 1 redirects spokesman.com — Cisco Umbrella Rank: 193978 www.spokesman.com — Cisco Umbrella Rank: 285193 thumb.spokesman.com — Cisco Umbrella Rank: 325760 static.spokesman.com — Cisco Umbrella Rank: 442879 media.spokesman.com — Cisco Umbrella Rank: 451005	6 MB
12	adnxs.com 8 redirects ib.adnxs.com — Cisco Umbrella Rank: 334	11 KB
12	google.com www.google.com — Cisco Umbrella Rank: 19 adservice.google.com — Cisco Umbrella Rank: 136	1 KB
10	matheranalytics.com 1 redirects js.matheranalytics.com — Cisco Umbrella Rank: 16596 www.i.matheranalytics.com — Cisco Umbrella Rank: 17361	45 KB
8	awin1.com 2 redirects www.awin1.com — Cisco Umbrella Rank: 15064 a1.awin1.com — Cisco Umbrella Rank: 66563	116 KB
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 228	264 KB
6	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 94 region1.google-analytics.com — Cisco Umbrella Rank: 2144	40 KB
5	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 311	109 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 118 ajax.googleapis.com — Cisco Umbrella Rank: 485	34 KB
3	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 20711 api.webgains.io	31 KB
3	ayc0zsm69431gfebd.xyz cdn.ayc0zsm69431gfebd.xyz — Cisco Umbrella Rank: 44539	2 MB
3	azureedge.net loader-cdn.azureedge.net — Cisco Umbrella Rank: 42494 fp-cdn.azureedge.net — Cisco Umbrella Rank: 50674 g2insights-cdn.azureedge.net — Cisco Umbrella Rank: 49331	108 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 129	175 KB
2	retailads.net 1 redirects cdn.retailads.net — Cisco Umbrella Rank: 143839	6 KB
2	awin.com 2 redirects ui2.awin.com — Cisco Umbrella Rank: 70713	198 B
2	czx5eyk0exbhwp43ya.biz cdn.czx5eyk0exbhwp43ya.biz — Cisco Umbrella Rank: 52503	5 KB
2	msecnd.net az416426.vo.msecnd.net — Cisco Umbrella Rank: 3825	44 KB
2	gstatic.com fonts.gstatic.com	32 KB
2	google.de www.google.de — Cisco Umbrella Rank: 3460 adservice.google.de — Cisco Umbrella Rank: 5221	1 KB
2	cloudengage.com h.cloudengage.com — Cisco Umbrella Rank: 498200	2 KB
1	webgains.team cdn.track.production.webgains.team — Cisco Umbrella Rank: 55047	3 KB
1	exactag.com m.exactag.com — Cisco Umbrella Rank: 10542	1 KB
1	webgains.com track.webgains.com — Cisco Umbrella Rank: 39142	2 KB
1	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 309802	728 B
1	futalis.de futalis.de — Cisco Umbrella Rank: 176379	409 B
1	amazonaws.com paywall-ad-bucket.s3.amazonaws.com — Cisco Umbrella Rank: 61912	1 KB
1	db-ip.com api-mg2.db-ip.com — Cisco Umbrella Rank: 38385	763 B
1	sbgsodufuosmmvsdf.info cdn.sbgsodufuosmmvsdf.info — Cisco Umbrella Rank: 60382	2 KB
1	polyfill.io polyfill.io — Cisco Umbrella Rank: 2114	578 B
1	pyplusersafe.com 1 redirects www.pyplusersafe.com	267 B
0	azurewebsites.net Failed prod-spokesman-proxy-connext.azurewebsites.net Failed
0	medialead.de Failed pv.medialead.de Failed
207	36

	Domain	Requested by
25	tpc.googlesyndication.com	securepubads.g.doubleclick.net www.spokesman.com f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
19	dsum-sec.casalemedia.com	11 redirects googleads.g.doubleclick.net
16	cm.g.doubleclick.net	12 redirects googleads.g.doubleclick.net
14	pagead2.googlesyndication.com	f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com tpc.googlesyndication.com www.googletagservices.com
12	ib.adnxs.com	8 redirects googleads.g.doubleclick.net
10	hal9000.redintelligence.net	f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com hal900028.redintelligence.net hal90009.redintelligence.net
9	securepubads.g.doubleclick.net	www.spokesman.com securepubads.g.doubleclick.net www.googletagservices.com
8	googleads.g.doubleclick.net	f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com www.spokesman.com
8	www.i.matheranalytics.com	www.spokesman.com
8	static.spokesman.com	www.spokesman.com static.spokesman.com
7	www.google.com	www.spokesman.com securepubads.g.doubleclick.net f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
6	5994599.fls.doubleclick.net	3 redirects www.spokesman.com
6	www.awin1.com	2 redirects hal900012.redintelligence.net hal900018.redintelligence.net f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
6	www.googletagservices.com	securepubads.g.doubleclick.net f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
5	adservice.google.com	securepubads.g.doubleclick.net 5994599.fls.doubleclick.net 8019191.fls.doubleclick.net
5	www.google-analytics.com	www.googletagmanager.com www.spokesman.com www.google-analytics.com
5	thumb.spokesman.com	www.spokesman.com
4	hal90009.redintelligence.net	1 redirects f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com hal90009.redintelligence.net
4	hal900012.redintelligence.net	1 redirects f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com hal900012.redintelligence.net
4	hal900028.redintelligence.net	1 redirects f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com hal900028.redintelligence.net
4	hal900018.redintelligence.net	1 redirects f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com hal900018.redintelligence.net
4	media.spokesman.com	www.spokesman.com
3	cdn.ayc0zsm69431gfebd.xyz	loader-cdn.azureedge.net cdn.ayc0zsm69431gfebd.xyz
3	fonts.googleapis.com	securepubads.g.doubleclick.net hal900028.redintelligence.net hal90009.redintelligence.net
3	www.googletagmanager.com	www.spokesman.com www.googletagmanager.com g2insights-cdn.azureedge.net
2	api.webgains.io	analytics.webgains.io
2	8019191.fls.doubleclick.net	1 redirects www.spokesman.com
2	cdn.retailads.net	1 redirects futalis.de
2	a1.awin1.com	hal900012.redintelligence.net hal900018.redintelligence.net
2	ui2.awin.com	2 redirects
2	cdn.czx5eyk0exbhwp43ya.biz	cdn.ayc0zsm69431gfebd.xyz
2	az416426.vo.msecnd.net	loader-cdn.azureedge.net cdn.ayc0zsm69431gfebd.xyz
2	fonts.gstatic.com	fonts.googleapis.com
2	stats.g.doubleclick.net	www.google-analytics.com az416426.vo.msecnd.net
2	js.matheranalytics.com	1 redirects www.spokesman.com
2	h.cloudengage.com	www.spokesman.com h.cloudengage.com
1	cdn.track.production.webgains.team	f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
1	analytics.webgains.io	track.webgains.com
1	m.exactag.com	f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
1	track.webgains.com	www.spokesman.com
1	adv.office-partner.de	hal90009.redintelligence.net
1	futalis.de	hal90009.redintelligence.net
1	ajax.googleapis.com	hal900012.redintelligence.net
1	paywall-ad-bucket.s3.amazonaws.com	www.spokesman.com
1	api-mg2.db-ip.com	fp-cdn.azureedge.net
1	g2insights-cdn.azureedge.net	loader-cdn.azureedge.net
1	fp-cdn.azureedge.net	loader-cdn.azureedge.net
1	cdn.sbgsodufuosmmvsdf.info	loader-cdn.azureedge.net
1	polyfill.io	loader-cdn.azureedge.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	loader-cdn.azureedge.net	static.spokesman.com
1	www.google.de	www.spokesman.com
1	region1.google-analytics.com	www.googletagmanager.com
1	www.spokesman.com
1	spokesman.com	1 redirects
1	www.pyplusersafe.com	1 redirects
0	prod-spokesman-proxy-connext.azurewebsites.net Failed	cdn.ayc0zsm69431gfebd.xyz
0	pv.medialead.de Failed	hal900028.redintelligence.net f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
207	60

This site contains links to these domains. Also see Links.

Domain
checkout.spokesman.com
myaccount.spokesman.com
spokesmanreview-wa.newsmemory.com
podcasts.google.com
itunes.apple.com
open.spotify.com
www.myavista.com
www.numericacu.com
innovia.org
triple9digital.com
www.latahcreek.com
www.gordonphysicaltherapy.com
medicine.wsu.edu
www.mcmanusplays.com
www.snapwa.org
www.spokanelibrary.org
www.affinityforliving.com
www.shannonhelm.com
www.sylvanlearning.com
big-table.com
umispokane.com
www.huckleberrysnaturalmarket.com
www.spokane7.com
www.facebook.com
twitter.com
www.legacy.com
pics.spokesman.com

Subject Issuer	Validity	Valid
spokesman.com Amazon	`2022-07-20` - `2023-08-18`	a year	crt.sh
*.cloudengage.com Amazon	`2022-06-27` - `2023-07-26`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
www.i.matheranalytics.com Amazon	`2022-01-13` - `2023-02-11`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.vo.msecnd.net DigiCert SHA2 Secure Server CA	`2022-02-04` - `2023-02-04`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
polyfill.io GlobalSign Atlas R3 DV TLS CA 2022 Q1	`2022-03-08` - `2023-04-09`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
sni22a5egl.wpc.edgecastcdn.net DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
sni9642gl.wpc.edgecastcdn.net DigiCert TLS RSA SHA256 2020 CA1	`2022-01-22` - `2023-02-22`	a year	crt.sh
redintelligence.net R3	`2022-10-04` - `2023-01-02`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-17` - `2023-05-17`	a year	crt.sh
www.awin1.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-18` - `2023-04-19`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
snibe7egl.wpc.edgecastcdn.net DigiCert TLS RSA SHA256 2020 CA1	`2022-01-31` - `2023-03-03`	a year	crt.sh
*.s3.amazonaws.com Amazon	`2021-12-15` - `2022-12-03`	a year	crt.sh
*.futalis.de R3	`2022-08-20` - `2022-11-18`	3 months	crt.sh
adv.office-partner.de R3	`2022-09-03` - `2022-12-02`	3 months	crt.sh
*.webgains.com Amazon	`2022-06-14` - `2023-07-13`	a year	crt.sh
*.exactag.com Sectigo RSA Organization Validation Secure Server CA	`2022-04-01` - `2023-05-02`	a year	crt.sh
*.webgains.io Amazon	`2022-08-23` - `2023-09-21`	a year	crt.sh
cdn.track.production.webgains.team Amazon	`2022-09-29` - `2023-10-28`	a year	crt.sh
cdn.retailads.net Encryption Everywhere DV TLS CA - G1	`2022-06-17` - `2023-06-18`	a year	crt.sh

This page contains 30 frames:

Primary Page: https://www.spokesman.com/
Frame ID: 6CFC574D28D4D3CE89D8EDFDDCA33771
Requests: 65 HTTP requests in this frame

Frame: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: CA267B3F6C7FB7D7B8BDEA66EC71A265
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssEmS9AJh11bOE4D35VFhvh3srrX07V3kFSmj_Z9OMqyVT9Pw-YYYYQKsd7u6Vfw61FppUIgQP6d9RTzmyo71RwrVFqivI4Oz9Dibm5-ZYlO_uJrkUbU9kf_t9oCVbqxmnk3OD2CCTHGeBnfJmHh7rXQDWS4EJoUNbm6V2-hXECxI_DjUZWotRUuFsFbHrh2p3vr25Yfl3jZ_0oNBovwn6OnHZrGY7gmkffWrOoeSR8CnYB9pGSYllXDCXy805ol4z51PC219LSPR_j_gHNmJ-QweTyQxWaur_8oz1swAezg-ehBDfOe4pW5iWkdol-YpXgWjAkR2BoO8weWwkp-8_IB9LYCu2FnCHGRX9MpAr01f6lqiiUYi43Tw&sai=AMfl-YRFx5AA9AnX_b7hVemhNKFKl-aYjNjMSNvGP7m0xwPF0v3aQ2k1n-2o_7lHRukO4q0qasdLGWTkZ6VeAl3u40LMCGhyHlclxwvbRHmt9RFNy_OqYXS6MuP6uu-whHNaqaM9&sig=Cg0ArKJSzC5u4cnF5ySyEAE&uach_m=[UACH]&adurl=
Frame ID: 7639AC7C002611F9DCD1722E8EA7FFA7
Requests: 9 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012209142312000/amp4ads-v0.mjs
Frame ID: E14302A0195277CB20D8ED1632A06718
Requests: 14 HTTP requests in this frame

Frame: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: B791A24A88540E7F6FEE7C4A80B5C2A1
Requests: 11 HTTP requests in this frame

Frame: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 4807DC5F23C31EFD4B4EEE5EC4EAC1CC
Requests: 11 HTTP requests in this frame

Frame: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: D59DDE346FAA1AF48E0C7B023B88045E
Requests: 14 HTTP requests in this frame

Frame: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 74A29B56D10B661205CEE79D60FC215E
Requests: 16 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv64Fbn61RfY-bGCNcOBLZt3x5fXADr_ifIuh5ca2NJYa09VDG1AXvPraa5Z1DnSzcsBchkf7er4buoZBor1A-awpfSSf9u_CCIHo-g8DKxOQ7Pk0OcmmqsXJwBy-rG0MzNpLF3xZ6e99YliSfIXn2T6W4NB59eQS2YAQRtX4qgZWiT2z0nkbHI4OvCy3Y2QT8bFdD64krmmK6Kw792WQomwoCBdfydj8mBbxum-1cdt-82xyW4hnpitR5jw1p87s3G14kNESb5iXWv49Dj2QG2ELSNqPyTwc6qOE4aEOvpIbQODkvVwJCDtzLxrOLUZJMClIJDTdmqpPI1rGtgLbSCYXss6w&sai=AMfl-YR8F5LBzaBpCHSUXcy4OUyne4yZOfvcXSxZkLBRhpolDeufW6wciaR2Bv6lEK7HfHRbEJSgxXZwh3JMAaTc_oLdCHF7L5cE15UFXUtyHC7DM5vTMslEQltEaLjub9TvAAmX&sig=Cg0ArKJSzNulqpmZoimkEAE&uach_m=[UACH]&adurl=
Frame ID: 5B7CA30C5490554149AA3D1760372211
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNWH1tWhmFGuPzP2RrkmnOQXmhyNP3f4pBp3jjvhP--MwF53G-zeuP4bi62nR03Vnj4tn8VN9ZKi1Wpi1Cxv-CAeB7meV2jrQjtSQ1K5ZXcSAxmXQmV2-uFvIud3YEcsXUVlr_GuV84fhQ2hLo9BIoG2L02V8akIrl8P2dflsVLWSuTCrfQ
Frame ID: A070A07AC55A07C0C7FE687C6877B426
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXX9tqFJ9tb84iX0eFQJUFRhuQrBfTIBY9pk0n-MGRY54_CCitQdmVBElPkG7DAhB21cRRHK2DR19jPgVyAGzSVCBATdAZVEY3rAdYmcnMj4UFHRjB_LVwvbkoNx93CwlH7efdkDHO53sTacX9laQpti6RR1qs7Wp2EwFNLfMykOjP3-Tc
Frame ID: EF0E9BF395C8CA2D28EFF575D4D0D258
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj5yrvGATAB&v=APEucNUQmv-5ZQiOlyzvWkznuNCWqPb0qq35UeHYdnmAIn-OIoNprGwPS2l_WR-vn6n4cR2a8w6WOJxMI-y8GDRqth55OifTQMpdsuR0dDz4ZNqEBhtvUdPldSTUmY7TtTNGsOVmKx7UaB9lmlPWMIAcyxibWg0YeukRyRebi8gvCB3WnYicu5Q
Frame ID: 540E5B878775C08051BBA3CAE6066FF1
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj5yrvGATAB&v=APEucNVhRQq8qqsci4p_gfsjx1ovlc6l-FLMtGCUu4C7GTaGDOXt3yaLvM0J0MjFzqF06_PFxvwATUVRzYMI-_d7c16nqoa90m_TGGp4ByBLw_20mR-tROAcrzKKrnS9cYaxXemdcAIKAmUNbcafl3A1TqLWAmivtLf--lHdL66vdmmn0TI9PGM
Frame ID: FBF5D5B839A238AFB1101E3A489D0E71
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 172C8AD5B0036DE2C4AE88528B0F5175
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 2E2751395C98B202D466105BFD651C7E
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 76377A5E1B49D357924438A90474E10E
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: BFA64D6BAC2F5BB1ED11F3E8D66B1574
Requests: 3 HTTP requests in this frame

Frame: https://www.awin1.com/cshow.php?s=3202027&v=11601&q=357526&r=113440&pref1=21285700095016004444550012103012&pv=1
Frame ID: EEC0C60621EEA9137C1704CE125E1210
Requests: 1 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CMqinI3OyfoCFQ5rFQgdtX0IuA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=867838597139.0768
Frame ID: 399794050768DC293D02FAF2E0D64D34
Requests: 2 HTTP requests in this frame

Frame: https://hal900012.redintelligence.net/request_content.php?s=21285700095016004444550012103012&a=96cc4dae
Frame ID: 4A49B1D2695A5C52C98454C195311904
Requests: 5 HTTP requests in this frame

Frame: https://www.awin1.com/cshow.php?s=3202027&v=11601&q=357526&r=113440&pref1=18400000093881204444550012103018&pv=1
Frame ID: 852BEE0556383C2FBE529D60F4BCB674
Requests: 1 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CIuonI3OyfoCFT9EFQgdNAMFrg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7679962268217.612
Frame ID: F650CF67CAD5D36FF4D4923E08BD3128
Requests: 2 HTTP requests in this frame

Frame: https://hal900018.redintelligence.net/request_content.php?s=18400000093881204444550012103018&a=784e42c2
Frame ID: DA79B64F58C5C37A6B9E1E3C568F241F
Requests: 4 HTTP requests in this frame

Frame: https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=10246800099425704444640012103028&t=htlp
Frame ID: FF38F6F3EBBBF880157B3CB60CA63D05
Requests: 1 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CPypnI3OyfoCFZlWFQgdmcwJfA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6295717159827.03
Frame ID: 297E1582EB012373C11A89E3F03E192E
Requests: 2 HTTP requests in this frame

Frame: https://hal900028.redintelligence.net/request_content.php?s=10246800099425704444640012103028&a=47fc22c8
Frame ID: 0BA4208F8D2627C710664F840659A5E3
Requests: 6 HTTP requests in this frame

Frame: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1622406773
Frame ID: AA42A2E6EA8D8F21DCDE5BDCDA857217
Requests: 2 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 984250DFC737FD1B7E13BFB66D6FF07C
Requests: 1 HTTP requests in this frame

Frame: https://8019191.fls.doubleclick.net/activityi;dc_pre=COvFp43OyfoCFUXE5godkIICmQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6921589444593.454
Frame ID: F93EF4BB5A69F3431D2805917C7DF3E0
Requests: 2 HTTP requests in this frame

Frame: https://hal90009.redintelligence.net/request_content.php?s=89355200088708204444640012103009&a=bac1c318
Frame ID: 978D5FB9BE2F46977DCE102343EF4E36
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

The Spokesman-Review | Local News, Business, Entertainment, Sports & Weather for Eastern WashingtonArrow-rightCameraThe Spokesman-Review NewspaperThe Spokesman-Review NewspaperThe Spokesman-Review

Page URL History Show full URLs

https://www.pyplusersafe.com/ HTTP 307
https://spokesman.com/ HTTP 301
https://www.spokesman.com/ Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Polyfill (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/polyfill\.min\.js

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

207
Requests

87 %
HTTPS

54 %
IPv6

36
Domains

60
Subdomains

50
IPs

8
Countries

9919 kB
Transfer

15056 kB
Size

30
Cookies

31 Outgoing links

These are links going to different origins than the main page.

URL: https://checkout.spokesman.com/?g2i_source=spokesman&g2i_medium=header&g2i_campaign=header
Title: Subscribe

Search URL Search Domain Scan URL

URL: https://myaccount.spokesman.com/Home?SiteCode=SR
Title: My account

Search URL Search Domain Scan URL

URL: https://myaccount.spokesman.com/
Title: Log in

Search URL Search Domain Scan URL

URL: https://checkout.spokesman.com/?g2i_source=spokesman&g2i_medium=header&g2i_campaign=default
Title: Subscribe

Search URL Search Domain Scan URL

URL: https://checkout.spokesman.com/
Title: Subscribe now

Search URL Search Domain Scan URL

URL: https://spokesmanreview-wa.newsmemory.com/?editionStart=Spokane+Daily+Chronicle
Title: Chronicle

Search URL Search Domain Scan URL

URL: https://podcasts.google.com/feed/aHR0cHM6Ly93d3cuc3ByZWFrZXIuY29tL3Nob3cvMzA4MTU5NS9lcGlzb2Rlcy9mZWVk

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/us/podcast/the-morning-review/id1417560040?mt=2

Search URL Search Domain Scan URL

URL: https://open.spotify.com/show/4rCqkhhshDZQVXBs04qrGB?si=7LrC97F8RaaxO5-Dwc_2fQ&nd=1

Search URL Search Domain Scan URL

URL: https://www.myavista.com/

Search URL Search Domain Scan URL

URL: https://www.numericacu.com/

Search URL Search Domain Scan URL

URL: https://innovia.org/

Search URL Search Domain Scan URL

URL: https://triple9digital.com/

Search URL Search Domain Scan URL

URL: https://www.latahcreek.com/

Search URL Search Domain Scan URL

URL: https://www.gordonphysicaltherapy.com/

Search URL Search Domain Scan URL

URL: https://medicine.wsu.edu/

Search URL Search Domain Scan URL

URL: http://www.mcmanusplays.com/

Search URL Search Domain Scan URL

URL: https://www.snapwa.org/

Search URL Search Domain Scan URL

URL: https://www.spokanelibrary.org/

Search URL Search Domain Scan URL

URL: https://www.affinityforliving.com/

Search URL Search Domain Scan URL

URL: https://www.shannonhelm.com/

Search URL Search Domain Scan URL

URL: https://www.sylvanlearning.com/locations/center-finder?postalCode=99201

Search URL Search Domain Scan URL

URL: https://big-table.com/

Search URL Search Domain Scan URL

URL: https://umispokane.com/

Search URL Search Domain Scan URL

URL: https://www.huckleberrysnaturalmarket.com/

Search URL Search Domain Scan URL

URL: https://www.spokane7.com/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/spokesmanreview/
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/SpokesmanReview
Title: Twitter

Search URL Search Domain Scan URL

URL: https://checkout.spokesman.com/?stateInfo=&source=external
Title: Print edition home delivery

Search URL Search Domain Scan URL

URL: https://www.legacy.com/obituaries/spokesman/
Title: Obituaries

Search URL Search Domain Scan URL

URL: https://pics.spokesman.com/
Title: Buy photo reprints

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.pyplusersafe.com/ HTTP 307
https://spokesman.com/ HTTP 301
https://www.spokesman.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 17

https://js.matheranalytics.com/s/ma20153/575681700/ml.js?cb3=1606 HTTP 301
https://js.matheranalytics.com/static/ltm/ma20153/575681700/20/ml.br.js

Request Chain 108

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1&C=1

Request Chain 109

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yz2.Vx.QEXTgafgTu6zb.wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1&google_hm=2

Request Chain 110

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEPIc7Fvkw54WMRpVbtCqbMQ&google_cver=1

Request Chain 111

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE5NDA5MTYyNzIyNTAwNDk4MQ%3D%3D

Request Chain 112

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1

Request Chain 113

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yz2.Vx.QEXTgafgTu6zb.wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1&google_hm=2

Request Chain 114

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEPIc7Fvkw54WMRpVbtCqbMQ&google_cver=1

Request Chain 115

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE5NDA5MTYyNzIyNTAwNDk4MQ%3D%3D

Request Chain 116

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1&C=1

Request Chain 117

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yz2.Vx.QEXTgafgTu6zb.wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1&google_hm=2

Request Chain 118

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEPIc7Fvkw54WMRpVbtCqbMQ&google_cver=1

Request Chain 119

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE5NDA5MTYyNzIyNTAwNDk4MQ%3D%3D

Request Chain 120

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1&C=1

Request Chain 121

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yz2.Vx.QEXTgafgTu6zb.wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1&google_hm=2

Request Chain 122

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEPIc7Fvkw54WMRpVbtCqbMQ&google_cver=1

Request Chain 123

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE5NDA5MTYyNzIyNTAwNDk4MQ%3D%3D

Request Chain 138

https://hal900018.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=553823f321&subid=&uid=60f081687295c436&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCaEDzVb49Y6GNKIql6wSmnpKoBqblvaBphZWcp8kP8C4QASDDoPwBYJXSrIK0B8gBCakCFWYpWrahsD6oAwGqBJgCT9Ddk5hBnlTsys039HDlfSAEQrHzFXrU7c1yd-8jvaB6XUVjW-7wGJkbi1TDoe239LtZc7PZ-4SsJTPBRa1TR6oDT0-bDiQNawvL-EsQl1RJb4zv-momT6o4p6GYrEmf92hS0p8SxMnu1L53WJfwH3-qRPe9-r91GnD-mLlEuUcUSusj4sChKbhSeUtfbuMwh6xixN8Z3GCiUasvUarw-Mi2VvXZtyyJw_r6ObsNIQ_yKdaAcOuMSwxTDWxfYe04gt7RnIpDXlWyCwz9_KJ7llaxyJg5sv1KgHAH3S4hRN-s-CLpA2dc3CdxvUfPsX-xFyAdylgKxX4ydOap2Q4rYHsOJLD4fMA-3zPt6Pc0by29K3cbTAMgs8AE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgGYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoaV9WdBcS4RNT3XF_raxIyj-qF73AY3bEFP1Y4xfyLMldCoK9gg%26sig%3DAOD64_36FlgpOQlv-N2TrTGUIJA5mOHPWw%26client%3Dca-pub-9779652122014728%26dbm_c%3DAKAmf-Aaf3Cuh2UJkMCk23DSUZgMbJhYoapck1ASTYy9nZqqT58X-dcQlhi3Ubra1xEyNBHxf286KWypRm1g_d8vbZ13SqyE7zIteIrUCecV9c5PkpxwZ9MwsFcXenGaOu-6I9lHMnvY9g2FzNrH0ktEt1CiQLkE0mvYd0ga5kemTVGG24vlHpM%26cry%3D1%26dbm_d%3DAKAmf-CRXrg3zFGlMk-SKGbGiV2_oVWJE7uixKOlr8bIbgob1mVDYOYASQN1xAj6x6E2WK_qWoe6-v2oNkLZoDb0BPWiDWcAW2jiCsnGEbkA6EZ32mhwn2qHfg4MakTFxcCqaVqYetOpFCMOsKqbbc9jUsyRu4x58lAmdUNxBDNIpFxZnEtCIo7EC2EN8drZ-uAkWASnT0Bx3H8lnBzJYwQbckVvtsbKs3G8vdl072c0KZoVwIvQ_1FNUkrPnesmLqDfo2FmOk8Hkbmr9W4HeKrYvw5vmHZIU2KHyL2pbWKuhLC4N1igruGA0N7c484i0XInIGkBGzADUYcWxu3XOzVjwrHSMUONA7DY6w428c_xlSYsreYbEgjhSqRvVNJ031UnWva1wp9N912jMi5iCjQX9vJYoxu0e0k4CSScQfZnpBUfeaE6dgB7UdcLw6nWuCi-2z0_nzu7y4d-Ct0n5GW1qaOylY_8FGUMokqegsaoSI5zswh5OIRgVdJNgqx0jqsvgz3AbNq-s299NP5aCB75LYxwPzTo4Q-HRn-7YDwnI-qf-JSiSgY%26adurl%3D&documentReferer=https%3A%2F%2Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fwww.spokesman.com&random=1301926900008&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900018.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=553823f321&subid=&uid=60f081687295c436&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCaEDzVb49Y6GNKIql6wSmnpKoBqblvaBphZWcp8kP8C4QASDDoPwBYJXSrIK0B8gBCakCFWYpWrahsD6oAwGqBJgCT9Ddk5hBnlTsys039HDlfSAEQrHzFXrU7c1yd-8jvaB6XUVjW-7wGJkbi1TDoe239LtZc7PZ-4SsJTPBRa1TR6oDT0-bDiQNawvL-EsQl1RJb4zv-momT6o4p6GYrEmf92hS0p8SxMnu1L53WJfwH3-qRPe9-r91GnD-mLlEuUcUSusj4sChKbhSeUtfbuMwh6xixN8Z3GCiUasvUarw-Mi2VvXZtyyJw_r6ObsNIQ_yKdaAcOuMSwxTDWxfYe04gt7RnIpDXlWyCwz9_KJ7llaxyJg5sv1KgHAH3S4hRN-s-CLpA2dc3CdxvUfPsX-xFyAdylgKxX4ydOap2Q4rYHsOJLD4fMA-3zPt6Pc0by29K3cbTAMgs8AE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgGYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoaV9WdBcS4RNT3XF_raxIyj-qF73AY3bEFP1Y4xfyLMldCoK9gg%26sig%3DAOD64_36FlgpOQlv-N2TrTGUIJA5mOHPWw%26client%3Dca-pub-9779652122014728%26dbm_c%3DAKAmf-Aaf3Cuh2UJkMCk23DSUZgMbJhYoapck1ASTYy9nZqqT58X-dcQlhi3Ubra1xEyNBHxf286KWypRm1g_d8vbZ13SqyE7zIteIrUCecV9c5PkpxwZ9MwsFcXenGaOu-6I9lHMnvY9g2FzNrH0ktEt1CiQLkE0mvYd0ga5kemTVGG24vlHpM%26cry%3D1%26dbm_d%3DAKAmf-CRXrg3zFGlMk-SKGbGiV2_oVWJE7uixKOlr8bIbgob1mVDYOYASQN1xAj6x6E2WK_qWoe6-v2oNkLZoDb0BPWiDWcAW2jiCsnGEbkA6EZ32mhwn2qHfg4MakTFxcCqaVqYetOpFCMOsKqbbc9jUsyRu4x58lAmdUNxBDNIpFxZnEtCIo7EC2EN8drZ-uAkWASnT0Bx3H8lnBzJYwQbckVvtsbKs3G8vdl072c0KZoVwIvQ_1FNUkrPnesmLqDfo2FmOk8Hkbmr9W4HeKrYvw5vmHZIU2KHyL2pbWKuhLC4N1igruGA0N7c484i0XInIGkBGzADUYcWxu3XOzVjwrHSMUONA7DY6w428c_xlSYsreYbEgjhSqRvVNJ031UnWva1wp9N912jMi5iCjQX9vJYoxu0e0k4CSScQfZnpBUfeaE6dgB7UdcLw6nWuCi-2z0_nzu7y4d-Ct0n5GW1qaOylY_8FGUMokqegsaoSI5zswh5OIRgVdJNgqx0jqsvgz3AbNq-s299NP5aCB75LYxwPzTo4Q-HRn-7YDwnI-qf-JSiSgY%26adurl%3D&documentReferer=https%3A%2F%2Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fwww.spokesman.com&random=1301926900008&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 139

https://hal900028.redintelligence.net/request.php?zone=encwumjulb0v&nw=20&renderingType=javascript&namespace=9bed4930a3&subid=&uid=929da6ebac121ae3&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCSFqSVb49Y6ONKIql6wSmnpKoBpumgKJp1ZLqi84P8C4QASDDoPwBYJXSrIK0B8gBCakCFWYpWrahsD6oAwGqBJgCT9DUl2Auzqi1Ls4Z8fTVoVX14c9TB24qVt4DNNH2-B2ZTIGO_uvqB4tXmzg84dDPlOOiAGVWJeN-JJuK1Gay-RKYjOk3il0o0ZWfOoc1CTOXJR9PV928MHzVj9wxXbVWnHQE1pTTrgPqxk_8a2LGAsviwo7FGNWsrS7vlhnLs-_RhORbOCVuDMIG_FWSYD0xlQRUKLofzZm69dOrmkqRJM7oQY_XokJIrvV8Ttm5IgCGfhgiGOnouRFRpME7NKRLSFIgHIrj8qdgUs9CtwwJZ3GKuApBVDpGuW3vVp9f9UdLxLCkmi7ZT5XbIYvmyfS3KUG8Tudbgw06XPMy9iFmsAeotW2jETaMCAMxeK-DOoLCNKOdkG6azMAE0aLP1IAE4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgGYCwHICwGADAGwE5Go0Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-Roue-oXw2VK9Z5LH8wCA-0EW9wfIUnGWl9gsIGGOVgaTP6N-WXfQ%26sig%3DAOD64_1gaDwoyfOoX9nzEPmrIx_zXsBY0Q%26client%3Dca-pub-9779652122014728%26dbm_c%3DAKAmf-BBnbBjUTH5JvEDXh3UoK0rMS1iC7T_DPfzN7EC4fxiTe0tdxMEwxh50Ern32WUItsybcjDU2dW72KUb5Kmnaj3cDAlxPAbTJ-lrAGB2doOer0P9ivqhppAzqJhqSKWN0AnXYHWiOHKqSk4oV04XRRzmSqbHMgOqytEw9AbfeeUNaediyI%26cry%3D1%26dbm_d%3DAKAmf-DJy44eZ-9vNq2dNAfBTIgW1P3swjcax0jcmU2CJ8vUo4JbzRQBhdn_kNTrBdUmkXQKN-S8ZWHHdCXanDIlDg4P5XCnhB9bJpt2MGGEeExGDhssoz35_S9Q4wtn4q71reutYPzCzXzCO5UaquxvAxdHbTFAaKFgpyJ296GLBqFXJyuwQqkFpCD2ihvKsXmVwciLf738DCv0OKZSBEYLDaiaLwcVViV0FA9f_t0OcoMSUXbwJwV0wy4vGoObZH36oy0FZpnQtSR_-iTSETL6XVgBFp5xwfWEJT2N1yqIXAHSDIR8Pt4bNfiMk4Zydxl6Vjgqvkeq82wqovgNQgXHPXaVNVz51S9bMAKDYkN5fB9ohvcu-Z3Q0yZQeMtQAVqFzSpsUxzYs5QoqeoI5jQ-NJOIhmjnSq4Qs65mY3HeKAo6aooD2kfvi6YNmbr3LzsGRMx3126a1VMYRmyUNL95yZ4d-neQ2z5l-0pTOuZkg3vRtbAX0J9RHo0ZNkVLbXUftD1WxAd8eTk_AJ9uGVnYkfKqH_hvHIiwNwAKSjGvdSDULmDfEkU%26adurl%3D&documentReferer=https%3A%2F%2Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fwww.spokesman.com&random=5312428883050&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900028.redintelligence.net/request.php?zone=encwumjulb0v&nw=20&renderingType=javascript&namespace=9bed4930a3&subid=&uid=929da6ebac121ae3&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCSFqSVb49Y6ONKIql6wSmnpKoBpumgKJp1ZLqi84P8C4QASDDoPwBYJXSrIK0B8gBCakCFWYpWrahsD6oAwGqBJgCT9DUl2Auzqi1Ls4Z8fTVoVX14c9TB24qVt4DNNH2-B2ZTIGO_uvqB4tXmzg84dDPlOOiAGVWJeN-JJuK1Gay-RKYjOk3il0o0ZWfOoc1CTOXJR9PV928MHzVj9wxXbVWnHQE1pTTrgPqxk_8a2LGAsviwo7FGNWsrS7vlhnLs-_RhORbOCVuDMIG_FWSYD0xlQRUKLofzZm69dOrmkqRJM7oQY_XokJIrvV8Ttm5IgCGfhgiGOnouRFRpME7NKRLSFIgHIrj8qdgUs9CtwwJZ3GKuApBVDpGuW3vVp9f9UdLxLCkmi7ZT5XbIYvmyfS3KUG8Tudbgw06XPMy9iFmsAeotW2jETaMCAMxeK-DOoLCNKOdkG6azMAE0aLP1IAE4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgGYCwHICwGADAGwE5Go0Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-Roue-oXw2VK9Z5LH8wCA-0EW9wfIUnGWl9gsIGGOVgaTP6N-WXfQ%26sig%3DAOD64_1gaDwoyfOoX9nzEPmrIx_zXsBY0Q%26client%3Dca-pub-9779652122014728%26dbm_c%3DAKAmf-BBnbBjUTH5JvEDXh3UoK0rMS1iC7T_DPfzN7EC4fxiTe0tdxMEwxh50Ern32WUItsybcjDU2dW72KUb5Kmnaj3cDAlxPAbTJ-lrAGB2doOer0P9ivqhppAzqJhqSKWN0AnXYHWiOHKqSk4oV04XRRzmSqbHMgOqytEw9AbfeeUNaediyI%26cry%3D1%26dbm_d%3DAKAmf-DJy44eZ-9vNq2dNAfBTIgW1P3swjcax0jcmU2CJ8vUo4JbzRQBhdn_kNTrBdUmkXQKN-S8ZWHHdCXanDIlDg4P5XCnhB9bJpt2MGGEeExGDhssoz35_S9Q4wtn4q71reutYPzCzXzCO5UaquxvAxdHbTFAaKFgpyJ296GLBqFXJyuwQqkFpCD2ihvKsXmVwciLf738DCv0OKZSBEYLDaiaLwcVViV0FA9f_t0OcoMSUXbwJwV0wy4vGoObZH36oy0FZpnQtSR_-iTSETL6XVgBFp5xwfWEJT2N1yqIXAHSDIR8Pt4bNfiMk4Zydxl6Vjgqvkeq82wqovgNQgXHPXaVNVz51S9bMAKDYkN5fB9ohvcu-Z3Q0yZQeMtQAVqFzSpsUxzYs5QoqeoI5jQ-NJOIhmjnSq4Qs65mY3HeKAo6aooD2kfvi6YNmbr3LzsGRMx3126a1VMYRmyUNL95yZ4d-neQ2z5l-0pTOuZkg3vRtbAX0J9RHo0ZNkVLbXUftD1WxAd8eTk_AJ9uGVnYkfKqH_hvHIiwNwAKSjGvdSDULmDfEkU%26adurl%3D&documentReferer=https%3A%2F%2Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fwww.spokesman.com&random=5312428883050&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 140

https://hal900012.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=37821aae2f&subid=&uid=401ba4250938a6c6&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCp03jVb49Y6KNKIql6wSmnpKoBqblvaBphZWcp8kP8C4QASDDoPwBYJXSrIK0B8gBCakCFWYpWrahsD6oAwGqBJgCT9As6Ugkb754LpuylAQz2EBqWRiCzXNJn4w0d5_l4JC6SB9x_7efvz6_DyuSxTD2eTaUZa2xhco78XBc22ktCi27aBqxnc-1W1F3XWp6Dnp31Bs1WqxlECVVz-ro_KAnXlHcO8Fva45FizmOdzausY3iPqYE3DxrCcWYX6TcqB0HFv2xTdFIY6Glnu1lM3k2e6M-E8MsktJ944lC9QLJgiSAAab8ubxfapk6W7Um43uAdFg96vOIHiOVs509GQGXymw5Zf0hyN0oh-A18Oxajc9tUmtWxXN0p5NhyaydNOimhYQ1SuH1Z0zqzXRVZvtHbll0IeJzsCG504yYFbH8FJGuI2MdHF7eWox5ZLA6ICV83CTBJZ9fWcAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgGYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoOaCvLnHkAdzNSxChlQs0J__pngqv9GC7Vyzvz_DNhfLvZ6Yazg%26sig%3DAOD64_2xSlP29NQcuycbjNB4kNLftg2-MA%26client%3Dca-pub-9779652122014728%26dbm_c%3DAKAmf-DYe33dKbz1vrt7RmtIKqpzO8tEURjZ8QnSjd_yjV5EWBkRb9-JonZWoqktiM-DNhubLlBDjAfqejgriYOGg2nGOaz99Ova17Fx5Eo6Dvgbb2rPqhqtjg_OrC-3zmMID5gl5dLGcpEOfFflIGNA5dCkClr7u2HVvnHlOEMo5hwn-ZzXPMg%26cry%3D1%26dbm_d%3DAKAmf-AbAgrjXTxYUt5xnm4Jx4vFCDfYVZCZ0vwGEgmcXwyJuiqyDBdrPUHEqVJlZm8qpWLet8JuP867M5ATb3VFHSIIiQmnbP5oAdzISkbBjRlJ4MvamRe3E4qxWsmZw-hZd9kpwEK8Gplhm7CitAHcY6otvPRwaGu2-pprnEhcFZH6tGTpLNbk9O5usZMPPgMXaXEUEOkhBIE7Y6GiFiKl43_zq78uwNvg9h_mNpEgzlZkHIbdPRFOI_tWD9hz7WXmBLAZIpgJMAtyFmmfPq_FNgqQ9YpNsrw3td99FI-TkJjDRCj28G4vivPdAliGOGl71FytFnCYfZ8wX7tHplkQrcTg9-99uEiE6dDh1AtTf7BaVp95uIIvs2T0leLNHoTrE7UlY3lL1cezxOb49KV3XqVvzVQ2xIjjdPSxrZCCQjjTGOzVI_NXQL7oVRSn3ztbII3LW9ScxY0pLcpklgrCCZrpqT3pKQe5I38OM29NWjreDMWduii_apQE4LaIK0k9F1lgTkfz6dOOVczMGVH9yVk0a-iPLxzSx4-k92psblmjthMx7EA%26adurl%3D&documentReferer=https%3A%2F%2Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fwww.spokesman.com&random=5927973057915&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900012.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=37821aae2f&subid=&uid=401ba4250938a6c6&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCp03jVb49Y6KNKIql6wSmnpKoBqblvaBphZWcp8kP8C4QASDDoPwBYJXSrIK0B8gBCakCFWYpWrahsD6oAwGqBJgCT9As6Ugkb754LpuylAQz2EBqWRiCzXNJn4w0d5_l4JC6SB9x_7efvz6_DyuSxTD2eTaUZa2xhco78XBc22ktCi27aBqxnc-1W1F3XWp6Dnp31Bs1WqxlECVVz-ro_KAnXlHcO8Fva45FizmOdzausY3iPqYE3DxrCcWYX6TcqB0HFv2xTdFIY6Glnu1lM3k2e6M-E8MsktJ944lC9QLJgiSAAab8ubxfapk6W7Um43uAdFg96vOIHiOVs509GQGXymw5Zf0hyN0oh-A18Oxajc9tUmtWxXN0p5NhyaydNOimhYQ1SuH1Z0zqzXRVZvtHbll0IeJzsCG504yYFbH8FJGuI2MdHF7eWox5ZLA6ICV83CTBJZ9fWcAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgGYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoOaCvLnHkAdzNSxChlQs0J__pngqv9GC7Vyzvz_DNhfLvZ6Yazg%26sig%3DAOD64_2xSlP29NQcuycbjNB4kNLftg2-MA%26client%3Dca-pub-9779652122014728%26dbm_c%3DAKAmf-DYe33dKbz1vrt7RmtIKqpzO8tEURjZ8QnSjd_yjV5EWBkRb9-JonZWoqktiM-DNhubLlBDjAfqejgriYOGg2nGOaz99Ova17Fx5Eo6Dvgbb2rPqhqtjg_OrC-3zmMID5gl5dLGcpEOfFflIGNA5dCkClr7u2HVvnHlOEMo5hwn-ZzXPMg%26cry%3D1%26dbm_d%3DAKAmf-AbAgrjXTxYUt5xnm4Jx4vFCDfYVZCZ0vwGEgmcXwyJuiqyDBdrPUHEqVJlZm8qpWLet8JuP867M5ATb3VFHSIIiQmnbP5oAdzISkbBjRlJ4MvamRe3E4qxWsmZw-hZd9kpwEK8Gplhm7CitAHcY6otvPRwaGu2-pprnEhcFZH6tGTpLNbk9O5usZMPPgMXaXEUEOkhBIE7Y6GiFiKl43_zq78uwNvg9h_mNpEgzlZkHIbdPRFOI_tWD9hz7WXmBLAZIpgJMAtyFmmfPq_FNgqQ9YpNsrw3td99FI-TkJjDRCj28G4vivPdAliGOGl71FytFnCYfZ8wX7tHplkQrcTg9-99uEiE6dDh1AtTf7BaVp95uIIvs2T0leLNHoTrE7UlY3lL1cezxOb49KV3XqVvzVQ2xIjjdPSxrZCCQjjTGOzVI_NXQL7oVRSn3ztbII3LW9ScxY0pLcpklgrCCZrpqT3pKQe5I38OM29NWjreDMWduii_apQE4LaIK0k9F1lgTkfz6dOOVczMGVH9yVk0a-iPLxzSx4-k92psblmjthMx7EA%26adurl%3D&documentReferer=https%3A%2F%2Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fwww.spokesman.com&random=5927973057915&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 148

https://hal90009.redintelligence.net/request.php?zone=encwumjulb0v&nw=20&renderingType=javascript&namespace=1318f269a2&subid=&uid=e0296ce1c2bdb8d7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC8IqfVb49Y6SNKIql6wSmnpKoBpumgKJp1ZLqi84P8C4QASDDoPwBYJXSrIK0B8gBCakCFWYpWrahsD6oAwGqBJgCT9C9qSqu9RQpgSDo8MrnsQ0SJB4pBXUPSCgxKUncKX9Dv-wpkDS6f5DtcknEu1jxPb4tjiT6GZDQ11xWttAiyse6BNYrzEwkSM7JcxxlxU3axTWbT_Eu3WGxvWxvwXi8GueBMp54YeruJq_fC0zmYK9M7pI2x9YUZwFHMuVFihONfWhve7diLKEQxfN8rVNzxplz-G1RuqcR907Y7geM35Vnhh-CsLcPhI6ifpKqpzEQrmkTYFF0b5eoQ2jrW4lt4FOoaQfeiuYpBfLtChSrtfT4r0ukPJEvxzbqV54rcL3wfCmrxF92Uh8Z9DS5-Gv6b2RrUfOyIIMmtst-4ih94fXfayeQXF2H0sKVr5vugPf6Upv2cLBgeMAE0aLP1IAE4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgGYCwHICwGADAGwE5Go0Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoztSVctY6nukEGOwNbnke81Edjc4TdBWxQh1TyTU1eMSUETZKiQ%26sig%3DAOD64_0Y7c1ExoqRc9-WwDMa1wh_TA-2pw%26client%3Dca-pub-9779652122014728%26dbm_c%3DAKAmf-A3hH11qucAFQMO39rNy8sq0b5N38FObZ_bv4l4jl4AjjDlsY3vuw6vkIbQ67phnoRWf2YN6F-2F6iaIjtKUD-GIlURHIyZALbXbitY4QaQfOt7qm-n27YT_hwHPQFu8QZVZrhw0INH3OCNPNkBv52ajP4cFKekv_y0jMttpMXuQyzZln4%26cry%3D1%26dbm_d%3DAKAmf-CuTJCeGarzit_1-jwJZfxAxA_U0LcxjEpN1D4HZ8XHzvjB-h1MSbKMjFBDF6Jt9G6tHiPRVKXLcfwqaa95iB8aLEKL6qIQnpp1umzltmTNPn8DEk2qb_nN3ZX_s0vNoG9UPO4mu8zsavcYYPPc6jbFDcW6T9gZBn6wJl1lbh0O8z3Zu9c3M8n4kcNGmgtlPO-plMRcONOIEqrQuZg0mIJ7KqYJqUBPjLO9aVt9JwLl-cQY-Lc3VjfTEsaYuCbSvfhwTYDjJ0hk0IhHr1RjrEKgvi-1anM8_X__n7F-sxCmHABI-UaFg4RHdw1eVt11pqPIMrV98CPQUTTdL6E7CdFaof1BOOJD8uQ_olclg8kmbM4Rv4OPvzW_I-e2qqeoJn22-fx-AjzHh0tJyKAeX6INENiHPWAV73rZNGoVSBzH1NESwTYuGgYQWDQKYqmYEj_pc-FBNbQ1BmjL1kIsBYPhalQQ-K1ssOnEKIkvWgmJwHhYIfD2HzE_ZIeXzou_6RiCZVWvPoQCSWrgvhDpX7B8cAj9ARxBpVxugKDvPwRghVbUuI0%26adurl%3D&documentReferer=https%3A%2F%2Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fwww.spokesman.com&random=8439432972346&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal90009.redintelligence.net/request.php?zone=encwumjulb0v&nw=20&renderingType=javascript&namespace=1318f269a2&subid=&uid=e0296ce1c2bdb8d7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC8IqfVb49Y6SNKIql6wSmnpKoBpumgKJp1ZLqi84P8C4QASDDoPwBYJXSrIK0B8gBCakCFWYpWrahsD6oAwGqBJgCT9C9qSqu9RQpgSDo8MrnsQ0SJB4pBXUPSCgxKUncKX9Dv-wpkDS6f5DtcknEu1jxPb4tjiT6GZDQ11xWttAiyse6BNYrzEwkSM7JcxxlxU3axTWbT_Eu3WGxvWxvwXi8GueBMp54YeruJq_fC0zmYK9M7pI2x9YUZwFHMuVFihONfWhve7diLKEQxfN8rVNzxplz-G1RuqcR907Y7geM35Vnhh-CsLcPhI6ifpKqpzEQrmkTYFF0b5eoQ2jrW4lt4FOoaQfeiuYpBfLtChSrtfT4r0ukPJEvxzbqV54rcL3wfCmrxF92Uh8Z9DS5-Gv6b2RrUfOyIIMmtst-4ih94fXfayeQXF2H0sKVr5vugPf6Upv2cLBgeMAE0aLP1IAE4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgGYCwHICwGADAGwE5Go0Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoztSVctY6nukEGOwNbnke81Edjc4TdBWxQh1TyTU1eMSUETZKiQ%26sig%3DAOD64_0Y7c1ExoqRc9-WwDMa1wh_TA-2pw%26client%3Dca-pub-9779652122014728%26dbm_c%3DAKAmf-A3hH11qucAFQMO39rNy8sq0b5N38FObZ_bv4l4jl4AjjDlsY3vuw6vkIbQ67phnoRWf2YN6F-2F6iaIjtKUD-GIlURHIyZALbXbitY4QaQfOt7qm-n27YT_hwHPQFu8QZVZrhw0INH3OCNPNkBv52ajP4cFKekv_y0jMttpMXuQyzZln4%26cry%3D1%26dbm_d%3DAKAmf-CuTJCeGarzit_1-jwJZfxAxA_U0LcxjEpN1D4HZ8XHzvjB-h1MSbKMjFBDF6Jt9G6tHiPRVKXLcfwqaa95iB8aLEKL6qIQnpp1umzltmTNPn8DEk2qb_nN3ZX_s0vNoG9UPO4mu8zsavcYYPPc6jbFDcW6T9gZBn6wJl1lbh0O8z3Zu9c3M8n4kcNGmgtlPO-plMRcONOIEqrQuZg0mIJ7KqYJqUBPjLO9aVt9JwLl-cQY-Lc3VjfTEsaYuCbSvfhwTYDjJ0hk0IhHr1RjrEKgvi-1anM8_X__n7F-sxCmHABI-UaFg4RHdw1eVt11pqPIMrV98CPQUTTdL6E7CdFaof1BOOJD8uQ_olclg8kmbM4Rv4OPvzW_I-e2qqeoJn22-fx-AjzHh0tJyKAeX6INENiHPWAV73rZNGoVSBzH1NESwTYuGgYQWDQKYqmYEj_pc-FBNbQ1BmjL1kIsBYPhalQQ-K1ssOnEKIkvWgmJwHhYIfD2HzE_ZIeXzou_6RiCZVWvPoQCSWrgvhDpX7B8cAj9ARxBpVxugKDvPwRghVbUuI0%26adurl%3D&documentReferer=https%3A%2F%2Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fwww.spokesman.com&random=8439432972346&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 153

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=867838597139.0768 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CMqinI3OyfoCFQ5rFQgdtX0IuA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=867838597139.0768

Request Chain 156

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7679962268217.612 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CIuonI3OyfoCFT9EFQgdNAMFrg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7679962268217.612

Request Chain 159

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6295717159827.03 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CPypnI3OyfoCFZlWFQgdmcwJfA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6295717159827.03

Request Chain 173

https://www.awin1.com/cshow.php?s=3202027&v=11601&q=357526&r=113440&pref1=21285700095016004444550012103012&pv=0 HTTP 302
https://ui2.awin.com/ads/awin/11601/imgbanneraktion-728x90-1661866463961.jpg HTTP 301
https://a1.awin1.com/ads/awin/11601/imgbanneraktion-728x90-1661866463961.jpg

Request Chain 174

https://www.awin1.com/cshow.php?s=3202027&v=11601&q=357526&r=113440&pref1=18400000093881204444550012103018&pv=0 HTTP 302
https://ui2.awin.com/ads/awin/11601/imgbanneraktion-728x90-1661866463961.jpg HTTP 301
https://a1.awin1.com/ads/awin/11601/imgbanneraktion-728x90-1661866463961.jpg

Request Chain 179

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=89355200088708204444640012103009&ra_cnt_active=1&ra_cnt=1 HTTP 302
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1622406773

Request Chain 182

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6921589444593.454 HTTP 302
https://8019191.fls.doubleclick.net/activityi;dc_pre=COvFp43OyfoCFUXE5godkIICmQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6921589444593.454

207 HTTP transactions
12 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.spokesman.com/
Redirect Chain

https://www.pyplusersafe.com/
https://spokesman.com/
https://www.spokesman.com/

237 KB
48 KB

167ms
49ms

Document
text/html

2600:9000:223c:fa00:0:b5fb:e6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.spokesman.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223c:fa00:0:b5fb:e6c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx/1.22.0 /

Resource Hash

32c86d3116e89cb6ec9b89c61273bc15611e11e21f3cdf503ee49baaa6a775c4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 231
cache-control: max-age=300
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=utf-8
date: Wed, 05 Oct 2022 17:22:52 GMT
referrer-policy: same-origin
server: nginx/1.22.0
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding,Cookie
via: 1.1 80a51c83bb9479e2a3aa1ea59b366458.cloudfront.net (CloudFront)
x-amz-cf-id: iLUA4XZ0AYJTrSgjKNTkq8OiHYl812s7wlEBeiUcvBFAjKrRUkb5jg==
x-amz-cf-pop: FRA56-P2
x-amzn-trace-id: Root=1-633dbd6c-4a4598b90810462c53d88d6c
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-frame-options: DENY
x-robots-tag: noarchive

Redirect headers

age: 1191
content-length: 0
date: Wed, 05 Oct 2022 17:06:53 GMT
location: https://www.spokesman.com/
server: AmazonS3
via: 1.1 1aa52a2a71a599aaf6b3df3a9c53b268.cloudfront.net (CloudFront)
x-amz-cf-id: cZXdOahHhcJiFBhA_bzun8f0F0_dc5pm_r-AhvAQY5BFJzOgEgLZyQ==
x-amz-cf-pop: FRA60-P2
x-cache: Hit from cloudfront

GET
H2 200 sr-loader.png
thumb.spokesman.com/uO6q6eDqVn9RLDznlEJuDvMVKgE=/600x0/media.spokesman.com/graphics/2018/07/ 11 KB
12 KB 237ms
45ms Image
image/webp 2600:9000:223e:7600:2:4597:5e80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thumb.spokesman.com/uO6q6eDqVn9RLDznlEJuDvMVKgE=/600x0/media.spokesman.com/graphics/2018/07/sr-loader.png
Requested by: Host: www.spokesman.com
URL: https://www.spokesman.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:7600:2:4597:5e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Thumbor/6.7.5 /
Resource Hash: ab2e65cd767ab27b65e3bd2f97ffa0163af196c8a0eceb292f5d57527c9adce8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Sun, 29 May 2022 09:38:11 GMT
via: 1.1 9987fa8ab620895e83d1d8f10c40f6d2.cloudfront.net (CloudFront)
server: Thumbor/6.7.5
x-amz-cf-pop: FRA56-P4
age: 11173712
etag: "7b6592542ec6d8d4377eb143251c2f5b7d76aad9"
vary: Accept
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=31104000,public
content-length: 11662
x-amz-cf-id: YM_-hHJjUd4-l-CfOM4CKD3fox9mS-92taYUE1UZFEmz3SMY7hIoJQ==
expires: Wed, 24 May 2023 09:38:11 GMT

GET
H2 200 style.min.de6003a5e938.css
static.spokesman.com/sv3/css/ 318 KB
46 KB 213ms
46ms Stylesheet
text/css 2600:9000:223e:ae00:1e:dc88:cb00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.spokesman.com/sv3/css/style.min.de6003a5e938.css
Requested by: Host: www.spokesman.com
URL: https://www.spokesman.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:ae00:1e:dc88:cb00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6bd2129efbd578f51e47df2c54bd1ff73c84d6457ea02dc652632ad3a207533d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 21:11:47 GMT
content-encoding: gzip
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
last-modified: Mon, 26 Sep 2022 21:09:24 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 764098
etag: W/"de6003a5e9389cda9116c43b797c2cff"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
cache-control: max-age=31536000,public
x-amz-cf-id: kn9DHtjlUcPkaXHwu-l1H7w1YOxtN-x3b_nNIk0nUIQ1mfMgE_j9fA==

GET
H2 200 jquery.min.12b69d0ae6c6.js Show response
static.spokesman.com/js/ 87 KB
31 KB 264ms
96ms Script
application/javascript 2600:9000:223e:ae00:1e:dc88:cb00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.spokesman.com/js/jquery.min.12b69d0ae6c6.js
Requested by: Host: www.spokesman.com
URL: https://www.spokesman.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:ae00:1e:dc88:cb00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Mon, 09 May 2022 02:56:42 GMT
content-encoding: gzip
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
last-modified: Sun, 08 May 2022 00:37:20 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 12925803
etag: W/"12b69d0ae6c6f0c42942ae6da2896e84"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000,public
x-amz-cf-id: 0Z2ND5BlVaYbgYHTaaFP2lWqgBy3i-Ce4KO-ICKy2aafBKTseDgQZA==

GET
H2 200 critical.min.7f719ef7842f.js Show response
static.spokesman.com/sv3/js/ 21 KB
7 KB 39ms
38ms Script
application/javascript 2600:9000:223e:ae00:1e:dc88:cb00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.spokesman.com/sv3/js/critical.min.7f719ef7842f.js
Requested by: Host: www.spokesman.com
URL: https://www.spokesman.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:ae00:1e:dc88:cb00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5ba65148259568967389d182b434f97e0da7b6cd83abf926a602433a340ca9d0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Sun, 05 Jun 2022 08:24:25 GMT
content-encoding: gzip
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
last-modified: Wed, 25 May 2022 22:55:16 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 10573340
etag: W/"7f719ef7842f474e36e669c95955f7b0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000,public
x-amz-cf-id: j8X5uMijb6_JIdYDAiNVfElU8XIlo84Hs0VoYT_uk7Cp1x_vtWumPw==

GET
H2 200 get-ce.min.js Show response
h.cloudengage.com/ 2 KB
2 KB 831ms
209ms Script
application/javascript 54.218.91.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://h.cloudengage.com/get-ce.min.js
Requested by: Host: www.spokesman.com
URL: https://www.spokesman.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.91.113 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-91-113.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 0888431df272a1593635c4157066af8273ff10d89aa6d50c723463f7dd72902a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

expires: Wed, 05 Oct 2022 17:26:44 GMT
date: Wed, 05 Oct 2022 17:26:45 GMT
content-encoding: gzip
last-modified: Thu, 30 Jun 2022 15:17:26 GMT
server: nginx
etag: W/"62bdbe86-6b1"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: no-cache, public
x-ua-compatible: IE=Edge

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 80 KB
28 KB 282ms
107ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.spokesman.com
URL: https://www.spokesman.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7dce527399393dc3ad9b311a552545d55d6be11c3b553968ae40a67b7837d6c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 17:26:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27675
x-xss-protection: 0
server: sffe
etag: "1354 / 654 of 1000 / last-modified: 1664967889"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 05 Oct 2022 17:26:44 GMT

GET
H2 200 base_ads.b6d5845dec51.js Show response
static.spokesman.com/ads/spokesman/ 10 KB
4 KB 40ms
38ms Script
application/javascript 2600:9000:223e:ae00:1e:dc88:cb00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.spokesman.com/ads/spokesman/base_ads.b6d5845dec51.js
Requested by: Host: www.spokesman.com
URL: https://www.spokesman.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:ae00:1e:dc88:cb00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e93c85341a48fbccd80f6d316b0d45b3b951169f4390adfb5cf81609f4160d45

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 00:31:06 GMT
content-encoding: gzip
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
last-modified: Tue, 23 Aug 2022 00:24:44 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 3776139
etag: W/"b6d5845dec51d4391b512b6bb304766d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000,public
x-amz-cf-id: OoQ8DrLqCprT9oMpN9zQTbzD44nBUPsYBlz450ejVKujsiCyf-DZiA==

GET
H2 200 0-partly-cloudy-day.3148ca6be1dd.png
static.spokesman.com/sv3/img/weather/header-icons/ 12 KB
12 KB 42ms
40ms Image
image/png 2600:9000:223e:ae00:1e:dc88:cb00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.spokesman.com/sv3/img/weather/header-icons/0-partly-cloudy-day.3148ca6be1dd.png
Requested by: Host: www.spokesman.com
URL: https://www.spokesman.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:ae00:1e:dc88:cb00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 103336c754fde9c2c7fc565bc5385b94409c0d5480cd8564c25f18f6cced5a85

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 09 Feb 2022 04:05:41 GMT
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
last-modified: Mon, 07 Feb 2022 20:21:55 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 20611264
etag: "3148ca6be1dd30f49fe8c5a64b9f5781"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000,public
accept-ranges: bytes
content-length: 12254
x-amz-cf-id: cPEfHeJLb-fJ2Z4ylb8G51d7M793tR3vHA_7uT8OYV0fTkXnB_PLFg==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 132 KB
49 KB 139ms
55ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5P9SH6

Requested by

Host: www.spokesman.com
URL: https://www.spokesman.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ddcaf590d0e68d2011304a4e99f5bb6e3b1651ce9b106d49d0d514ac0cc83251

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 17:26:44 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49774
x-xss-protection: 0
last-modified: Wed, 05 Oct 2022 16:18:07 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 05 Oct 2022 17:26:44 GMT

GET
DATA 200
OK truncated
/ 157 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d4890a3c7a6d70985e71fb7178c58b8c3ff183e6edbb3f07a41affe5b897d3ae

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 633b48daa279b.hires.jpg
media.spokesman.com/photos/2022/10/03/ 1009 KB
1010 KB 162ms
47ms Image
image/jpeg 2600:9000:2250:9400:18:730a:3f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.spokesman.com/photos/2022/10/03/633b48daa279b.hires.jpg
Requested by: Host: www.spokesman.com
URL: https://www.spokesman.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:9400:18:730a:3f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ba5f531e9092034a7dc4b3b0fa2b0175e16e4e0b073cd0ee4d93bbb8347b1e45

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spokesman.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-amz-version-id: OKJ0jDeQd0jRxdPRZt2Cu3X4_nqy1F6C
date: Wed, 05 Oct 2022 16:56:11 GMT
via: 1.1 3fd7afcdda21f0b562dfcbf7920c44a0.cloudfront.net (CloudFront)
last-modified: Tue, 04 Oct 2022 01:21:26 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 3585
etag: "bb2ec482456a06b53438e63a21c3e392"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/jpeg
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 1032901
x-amz-cf-id: 6qW93uVvcL1kz4sTZTIHu7wWjg0rhww7TqSQZUK_UO03G2lTf2dEIQ==

GET
H2 200 633a14ab622af.hires.jpg
media.spokesman.com/photos/2022/10/02/ 2 MB
2 MB 162ms
47ms Image
image/jpeg 2600:9000:2250:9400:18:730a:3f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.spokesman.com/photos/2022/10/02/633a14ab622af.hires.jpg
Requested by: Host: www.spokesman.com
URL: https://www.spokesman.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:9400:18:730a:3f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 567b1dd8dad42894a9af59a5a830c252357caefb211cecc8813b646cf9cdb4ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spokesman.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-amz-version-id: elnvsLjcE9NnLkv8APCfu1FdXJQveGZT
date: Wed, 05 Oct 2022 16:56:11 GMT
via: 1.1 3fd7afcdda21f0b562dfcbf7920c44a0.cloudfront.net (CloudFront)
last-modified: Sun, 02 Oct 2022 22:47:46 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 3585
etag: "f54a2054b127b645137e1e075d0ba3df"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/jpeg
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 2232748
x-amz-cf-id: TFd7x8oBrO8xV7ttGunJCy2HZIOsPKPB1MXVtR2BdoxQRtdmheLOGA==

GET
H2 200 6338f7fe0316c.hires.jpg
media.spokesman.com/photos/2022/10/01/ 969 KB
970 KB 162ms
47ms Image
image/jpeg 2600:9000:2250:9400:18:730a:3f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.spokesman.com/photos/2022/10/01/6338f7fe0316c.hires.jpg
Requested by: Host: www.spokesman.com
URL: https://www.spokesman.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:9400:18:730a:3f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 909dcbc0fbce9d65c02162604422a2b6d6dba5898bd668b2ed375c29ee195271

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spokesman.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-amz-version-id: SrewUI8XyqaQrq_lNzSuvQdZaPRkA78H
date: Wed, 05 Oct 2022 16:56:11 GMT
via: 1.1 3fd7afcdda21f0b562dfcbf7920c44a0.cloudfront.net (CloudFront)
last-modified: Sun, 02 Oct 2022 03:24:07 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 3584
etag: "b327c1e64848649b50027f006157f600"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/jpeg
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 991756
x-amz-cf-id: cxMmpeE9m9re7p9Noz9J9G9880xagfbykJ3FnDoS8S4SfS7kxhPhjw==

GET
H2 200 6337c1d2e8cb0.hires.jpg
media.spokesman.com/photos/2022/09/30/ 1 MB
1 MB 163ms
49ms Image
image/jpeg 2600:9000:2250:9400:18:730a:3f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.spokesman.com/photos/2022/09/30/6337c1d2e8cb0.hires.jpg
Requested by: Host: www.spokesman.com
URL: https://www.spokesman.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:9400:18:730a:3f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f4dc42a6b195c6e3d2a4955142c46343982f6b195e281e73487298d5ecd6bde3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spokesman.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-amz-version-id: uXfMY38MzKJ86NJzF6EDnI2wa85Q2583
date: Wed, 05 Oct 2022 16:56:11 GMT
via: 1.1 3fd7afcdda21f0b562dfcbf7920c44a0.cloudfront.net (CloudFront)
last-modified: Sat, 01 Oct 2022 05:30:38 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 3585
etag: "6a81964319750596023c2ebaee3915ba"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/jpeg
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 1219076
x-amz-cf-id: F3WIzkmzGnrXcAyXsMbN2YwdlY6YYSb5Qh7ZGuCK4l9dqdNC9_B-ww==

GET
DATA 200
OK truncated
/ 172 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44c448205f15c4f82a4dfe267d5a2efac45224543d44a7c073b167813d449fce

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 MercuryTextG3-Italic-Pro.edfe4723e09e.otf
static.spokesman.com/sv3/fonts/mercury/ 97 KB
97 KB 129ms
49ms Font
binary/octet-stream 2600:9000:223e:ae00:1e:dc88:cb00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.spokesman.com/sv3/fonts/mercury/MercuryTextG3-Italic-Pro.edfe4723e09e.otf
Requested by: Host: static.spokesman.com
URL: https://static.spokesman.com/sv3/css/style.min.de6003a5e938.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:ae00:1e:dc88:cb00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6dfc02a8e6f295102871d721f23120a13077e491345a93614fcbb43867de3301

Request headers

Referer: https://static.spokesman.com/sv3/css/style.min.de6003a5e938.css
Origin: https://www.spokesman.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 07 Jul 2022 21:29:44 GMT
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 7761421
x-cache: Hit from cloudfront
content-length: 98936
last-modified: Thu, 07 Jul 2022 21:24:29 GMT
server: AmazonS3
etag: "edfe4723e09ee8d5e8b042a82c5a2ef2"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: binary/octet-stream
access-control-allow-origin: https://www.spokesman.com
cache-control: max-age=31536000,public
access-control-allow-credentials: true
vary: Origin
accept-ranges: bytes
x-amz-cf-id: MD2hr-o_mcG8PtJSqPDD-Iazlk3ehtDyd1_kdJoR43oFmpvZ3loI6w==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 125ms
37ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5P9SH6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 05 Oct 2022 17:15:57 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 647
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Wed, 05 Oct 2022 19:15:57 GMT

GET
H3

200

ml.br.js Show response
js.matheranalytics.com/static/ltm/ma20153/575681700/20/
Redirect Chain

https://js.matheranalytics.com/s/ma20153/575681700/ml.js?cb3=1606
https://js.matheranalytics.com/static/ltm/ma20153/575681700/20/ml.br.js

148 KB
43 KB

255ms
172ms

Script
application/x-javascript

107.178.250.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://js.matheranalytics.com/static/ltm/ma20153/575681700/20/ml.br.js
Requested by: Host: www.spokesman.com
URL: https://www.spokesman.com/
Protocol: H3
Server: 107.178.250.234 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 234.250.178.107.bc.googleusercontent.com
Software: nginx /
Resource Hash: a77ccf47a61b8eb1d83a4101826726c3b2b0e5b34eb9f2601785b4d1e513932c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 14:19:24 GMT
content-encoding: br
via: 1.1 google
last-modified: Fri, 05 Aug 2022 08:39:28 GMT
server: nginx
age: 11240
etag: "0033e6720ea8d009cad21d1cffea7a41"
vary: Accept-Encoding
x-cache: HIT Fri, 05 Aug 2022 08:49:46 GMT
content-type: application/x-javascript
cache-control: public,max-age=3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43903

Redirect headers

date: Wed, 05 Oct 2022 17:26:44 GMT
via: 1.1 google
server: nginx
vary: Accept-Encoding
location: https://js.matheranalytics.com/static/ltm/ma20153/575681700/20/ml.br.js
cache-control: public, max-age=269200
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-served-by: 1-gc-euw1-10921

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 212 KB
74 KB 57ms
57ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-G3BY0LGVDL&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5P9SH6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

52f2de276addcda9caef66a9b142d93cc1766e3a6a62fdc40490ee4bafa2dd43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 17:26:44 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 75622
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 05 Oct 2022 17:26:44 GMT

GET
H2 200 633a14ab622af.hires.jpg
thumb.spokesman.com/3I2m4wfrBnZk8pNiwGLn5dSoPEk=/1170x658/smart/media.spokesman.com/photos/2022/10/04/ 196 KB
196 KB 49ms
48ms Image
image/webp 2600:9000:223e:7600:2:4597:5e80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thumb.spokesman.com/3I2m4wfrBnZk8pNiwGLn5dSoPEk=/1170x658/smart/media.spokesman.com/photos/2022/10/04/633a14ab622af.hires.jpg
Requested by: Host: www.spokesman.com
URL: https://www.spokesman.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:7600:2:4597:5e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Thumbor/6.7.5 /
Resource Hash: a454e96b225aff308d324ffb298f2eb4dc27c84346cc5e95e45ac02292010b6f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 03:49:41 GMT
via: 1.1 9987fa8ab620895e83d1d8f10c40f6d2.cloudfront.net (CloudFront)
server: Thumbor/6.7.5
x-amz-cf-pop: FRA56-P4
age: 49022
etag: "0b630335c1bff9afa48e0662a55fc067788219de"
vary: Accept
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=31104000,public
content-length: 200504
x-amz-cf-id: xDgjpuvSZoIM3-TFRiEUWOZ5dw9cJMeV3-XRT5OGpkg52TW5qnZb6A==
expires: Sat, 30 Sep 2023 03:49:41 GMT

GET
H2 200 6019b63b4739c.hires.jpg
thumb.spokesman.com/QabuFhjsw7FYk5pE9CpeVUI9s90=/530x298/smart/media.spokesman.com/photos/2022/10/04/ 47 KB
47 KB 49ms
48ms Image
image/webp 2600:9000:223e:7600:2:4597:5e80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thumb.spokesman.com/QabuFhjsw7FYk5pE9CpeVUI9s90=/530x298/smart/media.spokesman.com/photos/2022/10/04/6019b63b4739c.hires.jpg
Requested by: Host: www.spokesman.com
URL: https://www.spokesman.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:7600:2:4597:5e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Thumbor/6.7.5 /
Resource Hash: 88bbe9fd3846136c4a172ccff8b1cd6d3b1c707d3bb92a3d93370a64ac49f95b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 02:42:45 GMT
via: 1.1 9987fa8ab620895e83d1d8f10c40f6d2.cloudfront.net (CloudFront)
server: Thumbor/6.7.5
x-amz-cf-pop: FRA56-P4
age: 53039
etag: "da216b41aafb0e297a6df04e45d11b7476371776"
vary: Accept
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=31104000,public
content-length: 47938
x-amz-cf-id: ZxS6GpnOuhixmcLiu2FRGLLxVDhVNh8mx6KRr1AEHc01NhyI8O1lTA==
expires: Sat, 30 Sep 2023 02:42:45 GMT

GET
H2 200 6322518259c4a.hires.jpg
thumb.spokesman.com/LN8lWHgFczD7jW4AplH7jPTP7OQ=/530x298/smart/media.spokesman.com/photos/2022/10/04/ 27 KB
27 KB 49ms
48ms Image
image/webp 2600:9000:223e:7600:2:4597:5e80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thumb.spokesman.com/LN8lWHgFczD7jW4AplH7jPTP7OQ=/530x298/smart/media.spokesman.com/photos/2022/10/04/6322518259c4a.hires.jpg
Requested by: Host: www.spokesman.com
URL: https://www.spokesman.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:7600:2:4597:5e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Thumbor/6.7.5 /
Resource Hash: 7e8a2df0a2bfa41c3f84eea48a42a970f0aa9cee858c5625c1122ddcca646ef3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 09:16:51 GMT
via: 1.1 9987fa8ab620895e83d1d8f10c40f6d2.cloudfront.net (CloudFront)
server: Thumbor/6.7.5
x-amz-cf-pop: FRA56-P4
age: 29393
etag: "4e0c0a6683203e0634f5a6e51d0607424481a20d"
vary: Accept
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=31104000,public
content-length: 27542
x-amz-cf-id: ttYOkytF-UrIenHZ5FEsB29TvIViF4RiJmhH_pvQOtc5-W7nKKIySA==
expires: Sat, 30 Sep 2023 09:16:51 GMT

GET
H2 200 633c8f3251c64.hires.jpg
thumb.spokesman.com/2UikrhJwgMbzWsFN05iuApU_bxA=/530x298/smart/media.spokesman.com/photos/2022/10/04/ 7 KB
7 KB 153ms
153ms Image
image/webp 2600:9000:223e:7600:2:4597:5e80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thumb.spokesman.com/2UikrhJwgMbzWsFN05iuApU_bxA=/530x298/smart/media.spokesman.com/photos/2022/10/04/633c8f3251c64.hires.jpg
Requested by: Host: www.spokesman.com
URL: https://www.spokesman.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:7600:2:4597:5e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Thumbor/6.7.5 /
Resource Hash: 5d1cdb667208a5acc5f27477b0ee54c3a99d57f25f342826cf90e5a74189f375

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 00:43:42 GMT
via: 1.1 9987fa8ab620895e83d1d8f10c40f6d2.cloudfront.net (CloudFront)
server: Thumbor/6.7.5
x-amz-cf-pop: FRA56-P4
age: 60182
etag: "ee497bd89bb28eb997e3985e09dae6e45632a0e6"
vary: Accept
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=31104000,public
content-length: 6814
x-amz-cf-id: C9JXQYVp5WoL6WTo3csq88aYlL9kXGa3XfTRRahR09SIIpNf1wM3Eg==
expires: Sat, 30 Sep 2023 00:43:42 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
349 B 265ms
166ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-G3BY0LGVDL&gtm=2oea30&_p=1524495148&cid=1564646249.1664990805&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_z=ccd.v9B&_s=1&dt=The%20Spokesman-Review%20%7C%20Local%20News%2C%20Business%2C%20Entertainment%2C%20Sports%20%26%20Weather%20for%20Eastern%20Washington&sid=1664990804&sct=1&seg=0&dl=https%3A%2F%2Fwww.spokesman.com%2F&en=page_view&_fv=1&_nsi=1&_ss=1&ep.content_type=homepage
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-G3BY0LGVDL&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:44 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.spokesman.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
444 B 506ms
404ms XHR
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-230256-14&cid=1564646249.1664990805&jid=666054464&gjid=1579827017&_gid=1399729544.1664990805&_u=YCDAiEABBAAAAEACI~&z=1551125835

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 05 Oct 2022 17:26:45 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.spokesman.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 209ms
45ms Image
image/gif 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=1524495148&t=pageview&_s=1&dl=https%3A%2F%2Fwww.spokesman.com%2F&ul=en-us&de=UTF-8&dt=The%20Spokesman-Review%20%7C%20Local%20News%2C%20Business%2C%20Entertainment%2C%20Sports%20%26%20Weather%20for%20Eastern%20Washington&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDAiEABBAAAAAACI~&jid=666054464&gjid=1579827017&cid=1564646249.1664990805&tid=UA-230256-14&_gid=1399729544.1664990805&gtm=2wga305P9SH6&cd7=Homepage&cd9=homepage&z=944609688

Requested by

Host: www.spokesman.com
URL: https://www.spokesman.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 14:47:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 9548
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK i
www.i.matheranalytics.com/ 43 B
245 B 532ms
129ms Image
image/gif 3.219.38.131
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.i.matheranalytics.com/i?e=pv&page=The%20Spokesman-Review%20%7C%20Local%20News%2C%20Business%2C%20Entertainment%2C%20Sports%20%26%20Weather%20for%20Eastern%20Washington&hier=Homepage&ptype=homepage&pubname=The%20Spokesman-Review&sec=Homepage&tv=js-3.0.155&tna=Mather&aid=v1&p=web&tz=Etc%2FUnknown&tzoff=0&lang=en-US&cs=UTF-8&navt=link&f_pdf=1&res=1600x1200&cd=24&cookie=1&f_jquery=1&f_es6=1&f_gears=2&tvltm=20&tid=97cb202a-4113-417d-b62e-5c3088083543&pid=651320dc-9cba-4888-bed8-98f998f99edc&dtm=1664990805081&qnm=_matherq&visible=1&tabid=eb8517b6-cd40-4ca3-b07a-af1525b76c02&url=https%3A%2F%2Fwww.spokesman.com%2F&vp=1600x1200&ds=1600x10311&tofa=1664990805&vid=1&lvidt=1664990805&duid=498c985d-d08b-4d5c-8f28-32b10ba9b678&fp=2509661442&cid=ma20153&mrk=575681700&cx=eyJwZXJmIjp7InN0YXJ0IjoiMTY2NDk5MDgwMTEwOSIsInJlZGlyQ250IjoiMCIsIm5hdlR5cGUiOiJsaW5rIiwiaGVhcFUiOiIxMG1iIiwiaGVhcFQiOiIxMG1iIiwiZnN0UGFpbnQiOiIzMjc0IiwiZmV0Y2hTIjoiMjc0OCIsImRvbWFpblMiOiIyNzQ5IiwiZG9tYWluRSI6IjI3ODciLCJjb25uUyI6IjI3ODciLCJjb25uRSI6IjI4NjYiLCJzc2xTIjoiMjgyMyIsInJlcXVTIjoiMjg2NiIsInJlc3BTIjoiMjkxNSIsInJlc3BFIjoiMjk1MSIsImRvbUxvYWQiOiIyOTMxIiwiZG9tSW50ZXIiOiIzMzc1In0sImlkZW50aXRpZXMiOlt7InR5cGUiOiJnYSIsImlkIjoiMTU2NDY0NjI0OSIsInJlZlRpbWUiOiIxNjY0OTkwODA1MDgxIn1dfQ
Requested by: Host: www.spokesman.com
URL: https://www.spokesman.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.219.38.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-219-38-131.compute-1.amazonaws.com
Software: /
Resource Hash: d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Date: Wed, 05 Oct 2022 17:26:45 GMT
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 data.json Show response
h.cloudengage.com/widget/ 2 B
755 B 613ms
203ms XHR
application/json 54.218.91.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://h.cloudengage.com/widget/data.json?time=1664990805148&url=https%3A%2F%2Fwww.spokesman.com%2F&referrer=
Requested by: Host: h.cloudengage.com
URL: https://h.cloudengage.com/get-ce.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.218.91.113 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-218-91-113.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 17:26:45 GMT
server: nginx
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 2
expires: Thu, 05 Oct 2023 17:26:45 GMT

GET
H3 200 pubads_impl_2022092901.js Show response
securepubads.g.doubleclick.net/gpt/ 376 KB
127 KB 157ms
53ms Script
text/javascript 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54a6606bed93bee86d6763cdc2f435c3501de5b129044f7896fda2080e9d5caa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Thu, 29 Sep 2022 11:05:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 541267
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 130415
x-xss-protection: 0
last-modified: Thu, 29 Sep 2022 08:35:48 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 29 Sep 2023 11:05:38 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 95 B
113 B 186ms
80ms XHR
application/json 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.spokesman.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e15f20e9ef9afb2d807e387e719bf1e183ac72a1ff378d2b28f79cc33efd9ae5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 17:26:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 88
x-xss-protection: 0
expires: Wed, 05 Oct 2022 17:26:45 GMT

GET
H2 200 noncritical.min.21be32a1957d.js Show response
static.spokesman.com/sv3/js/ 1 MB
376 KB 41ms
40ms Script
application/javascript 2600:9000:223e:ae00:1e:dc88:cb00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.spokesman.com/sv3/js/noncritical.min.21be32a1957d.js
Requested by: Host: www.spokesman.com
URL: https://www.spokesman.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:ae00:1e:dc88:cb00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5a2aee262821f014d61d9949b24dd6e194a702ae23c9e3661824e512e550ec09

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 08 Jun 2022 08:42:48 GMT
content-encoding: gzip
via: 1.1 f2c65205154aaf89a2c7bbc8fe8fdaba.cloudfront.net (CloudFront)
last-modified: Tue, 07 Jun 2022 21:13:26 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 10313038
etag: W/"21be32a1957dfe9740992b69551e2dbc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000,public
x-amz-cf-id: 4NPR1rgwm1Sn8zwi0ASqaqwHxwnwYB-Xb8U4ESrtWBDLW6yDxvpk7A==

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 215ms
89ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-230256-14&cid=1564646249.1664990805&jid=666054464&_u=YCDAiEABBAAAAEACI~&z=684303189

Requested by

Host: www.spokesman.com
URL: https://www.spokesman.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 157ms
74ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-230256-14&cid=1564646249.1664990805&jid=666054464&_u=YCDAiEABBAAAAEACI~&z=684303189

Requested by

Host: www.spokesman.com
URL: https://www.spokesman.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 loader.min.js Show response
loader-cdn.azureedge.net/prod/spokesman/ 42 KB
12 KB 207ms
39ms Script
application/javascript 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://loader-cdn.azureedge.net/prod/spokesman/loader.min.js
Requested by: Host: static.spokesman.com
URL: https://static.spokesman.com/sv3/js/noncritical.min.21be32a1957d.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CA5) /
Resource Hash: 9938ce63ddec630645e903bede29aacb1541c88fa2179097ae2513502cd0c8a1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 05 Oct 2022 17:26:45 GMT
content-encoding: gzip
content-md5: NLGw43qr7RAjJbL7IjQ5SQ==
age: 42754
x-cache: HIT
content-length: 11867
x-ms-lease-status: unlocked
last-modified: Tue, 07 Dec 2021 09:14:53 GMT
server: ECAcc (frc/4CA5)
etag: 0x8D9B96207AD07FC
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: b2abf79a-901e-007e-027c-d867f9000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: max-age=43200
x-ms-version: 2009-09-19

GET
H2 200 homepage.ba1889af7be1.json Show response
static.spokesman.com/ads/spokesman/ 5 KB
1 KB 39ms
39ms XHR
application/json 2600:9000:223e:ae00:1e:dc88:cb00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.spokesman.com/ads/spokesman/homepage.ba1889af7be1.json
Requested by: Host: static.spokesman.com
URL: https://static.spokesman.com/ads/spokesman/base_ads.b6d5845dec51.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:ae00:1e:dc88:cb00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 79fc30a3a4b255c915bba01c0691a5653ec71151821aedb5147898821927e362

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 00:34:09 GMT
content-encoding: gzip
via: 1.1 a89f27dcb39a061266ddc18ab5416cba.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 3775957
x-cache: Hit from cloudfront
last-modified: Tue, 23 Aug 2022 00:24:45 GMT
server: AmazonS3
etag: W/"ba1889af7be1a2a7e8f93d1af49b39ef"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/json
access-control-allow-origin: https://www.spokesman.com
cache-control: max-age=31536000,public
access-control-allow-credentials: true
vary: Accept-Encoding,Origin
x-amz-cf-id: hITWCA4_FdEl7dRiYTrF8E8dOjcHfk3Zw3gBIQWfJB5oeeidP00K_A==

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 197ms
74ms Script
application/javascript 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.spokesman.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 17:26:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 129ms
46ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.spokesman.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 17:26:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 205 KB
52 KB 751ms
751ms XHR
text/plain 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3220758875595984&correlator=3229786982452927&eid=31068457%2C31069354&output=ldjh&gdfp_req=1&vrg=2022092901&ptt=17&impl=fifs&iu_parts=1009641%2CSpokesmanDesktop_SuperLeaderBoard_HomePage_1280x100%2CSpokesmanDesktop_Homepage_Anchor_729x90%2CSpokesman_homepage_top_300x250%2CSpokesmanDesktop_Homepage_Dashboard_300x250%2CSpokesman_homepage_728x90%2CSpokesmanDesktop_homepage_1_728x90%2CSpokesmanDesktop_homepage_2_728x90%2CSpokesmanDesktop_homepage_3_728x90&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7%2C%2F0%2F8&prev_iu_szs=1280x100%2C728x90%2C300x600%7C300x250%2C300x250%2C728x90%2C728x90%2C728x90%2C728x90&ifi=1&adks=2404035854%2C1337061979%2C3725654123%2C811898262%2C883754903%2C3635373852%2C2447737946%2C2531107668&sfv=1-0-38&fsapi=false&sc=1&cookie_enabled=1&abxe=1&dt=1664990805538&lmt=1664990805&dlt=1664990804040&idt=1409&adxs=160%2C436%2C1220%2C1146%2C436%2C244%2C244%2C244&adys=223%2C1110%2C356%2C1748%2C8203%2C4503%2C5844%2C6521&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0%7C0%7C1%7C2%7C3%7C4%7C5&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.spokesman.com%2F&frm=20&vis=1&psz=1600x101%7C1600x-1%7C300x0%7C300x0%7C1600x0%7C1088x0%7C1088x0%7C1088x0&msz=1600x101%7C1600x-1%7C300x0%7C300x0%7C1600x0%7C1088x0%7C1088x0%7C1088x0&fws=4%2C516%2C4%2C4%2C4%2C4%2C4%2C4&ohw=1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600&ga_vid=1564646249.1664990805&ga_sid=1664990806&ga_hid=1524495148&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3973caca10e2c08ee9c73991340be3a2f59bda3a36624eb7f978b4e93f376201

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 17:26:46 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53307
x-xss-protection: 0
google-lineitem-id: 5239133665,-2,6099587497,-1,-1,-1,-1,-1
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138402100549,-2,138404938195,-1,-1,-1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.spokesman.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame CA26 6 KB
4 KB 263ms
84ms Document
text/html 2a00:1450:400d:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 17:26:45 GMT
expires: Thu, 05 Oct 2023 17:26:45 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 polyfill.min.js Show response
polyfill.io/v3/ 101 B
578 B 517ms
171ms Script
text/javascript 2a04:4e42:a00::282
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://polyfill.io/v3/polyfill.min.js?flags=gated&features=es5%2CCustomEvent%2CArray.from%2CArray.isArray%2CArray.prototype.filter%2CArray.prototype.find%2CArray.prototype.findIndex%2CArray.prototype.forEach%2CArray.prototype.indexOf%2CArray.prototype.keys%2CArray.prototype.lastIndexOf%2CArray.prototype.map%2CArray.prototype.reduce%2CDate.prototype.toISOString%2CDocumentFragment%2CDocumentFragment.prototype.append%2CDocumentFragment.prototype.prepend%2CElement%2CElement.prototype.after%2CElement.prototype.append%2CElement.prototype.before%2CElement.prototype.classList%2CElement.prototype.cloneNode%2CElement.prototype.closest%2CElement.prototype.dataset%2CElement.prototype.matches%2CElement.prototype.placeholder%2CElement.prototype.prepend%2CElement.prototype.remove%2CElement.prototype.replaceWith%2CElement.prototype.toggleAttribute%2CEvent%2CJSON%2CMap%2CNumber.parseInt%2CNumber.parseFloat%2CObject.assign%2CObject.create%2CObject.defineProperties%2CObject.defineProperty%2CObject.entries%2CObject.getOwnPropertyDescriptor%2CObject.getOwnPropertyNames%2CObject.is%2CObject.keys%2CObject.values%2CPromise%2CPromise.prototype.finally%2CSet%2CString.prototype.trim%2CXMLHttpRequest%2Cdocument.getElementsByClassName%2Cdocument.currentScript%2Cdocument.querySelector%2Cfetch%2CgetComputedStyle%2ClocalStorage%2CArray.prototype.some%2CDate.now%2CEvent.focusin%2CEventSource%2CFunction.prototype.bind%2CFunction.prototype.name%2CHTMLDocument%2CNodeList.prototype.forEach%2CNodeList.prototype.%40%40iterator%2CNode.prototype.contains%2CObject.getPrototypeOf%2CObject.setPrototypeOf%2CRegExp.prototype.flags%2CString.prototype.%40%40iterator%2CString.prototype.startsWith%2CString.prototype.endsWith%2Cconsole%2Cconsole.debug%2Cconsole.error%2Cconsole.info%2Cconsole.log%2Cdocument%2Cdocument.head%2Cdocument.visibilityState%2Clocation.origin%2CrequestIdleCallback%2Cscreen.orientation%2CmatchMedia%2CURL

Requested by

Host: loader-cdn.azureedge.net
URL: https://loader-cdn.azureedge.net/prod/spokesman/loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:a00::282 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.spokesman.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Wed, 05 Oct 2022 17:26:46 GMT
age: 1380339
detected-user-agent: Chrome/106.0.0
server-timing: HIT-CLUSTER, fastly;desc="Edge time";dur=2, HIT, fastly;desc="Edge time";dur=1
content-length: 94
referrer-policy: origin-when-cross-origin
last-modified: Mon, 19 Sep 2022 17:16:08 GMT
vary: User-Agent, Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/javascript; charset=utf-8
normalized-user-agent: chrome/106.0.0
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
timing-allow-origin: *

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7639 0
0 85ms
85ms Fetch
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssEmS9AJh11bOE4D35VFhvh3srrX07V3kFSmj_Z9OMqyVT9Pw-YYYYQKsd7u6Vfw61FppUIgQP6d9RTzmyo71RwrVFqivI4Oz9Dibm5-ZYlO_uJrkUbU9kf_t9oCVbqxmnk3OD2CCTHGeBnfJmHh7rXQDWS4EJoUNbm6V2-hXECxI_DjUZWotRUuFsFbHrh2p3vr25Yfl3jZ_0oNBovwn6OnHZrGY7gmkffWrOoeSR8CnYB9pGSYllXDCXy805ol4z51PC219LSPR_j_gHNmJ-QweTyQxWaur_8oz1swAezg-ehBDfOe4pW5iWkdol-YpXgWjAkR2BoO8weWwkp-8_IB9LYCu2FnCHGRX9MpAr01f6lqiiUYi43Tw&sai=AMfl-YRFx5AA9AnX_b7hVemhNKFKl-aYjNjMSNvGP7m0xwPF0v3aQ2k1n-2o_7lHRukO4q0qasdLGWTkZ6VeAl3u40LMCGhyHlclxwvbRHmt9RFNy_OqYXS6MuP6uu-whHNaqaM9&sig=Cg0ArKJSzC5u4cnF5ySyEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.spokesman.com
URL: https://www.spokesman.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 17:26:46 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 05 Oct 2022 17:26:46 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/ Frame 7639 23 KB
10 KB 187ms
50ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dd080c89636f8576e3364bea0867f18be3a32daa72d766da336cbb80ba5fb407

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 16:28:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3511
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9561
x-xss-protection: 0
server: cafe
etag: 483224313611802536
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 16:28:15 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame 7639 3 KB
1 KB 235ms
98ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 17:24:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 114
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 17:24:52 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 7639 0
0 177ms
72ms Image
text/html 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ6zVB702YNrbijEJfKGwtLyGK6eb3IZCVXpBIoC3gWuSg0kbMgO2VznT6JZgiom526RKog4MhBVLEcRNbKrLhfkcyc2w
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7639 141 KB
44 KB 291ms
140ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91102e383130cb1a9faf348bd83bd3c7e0744900eed75eae7587cf6bf32c47f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 17:26:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44883
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1664796838458510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 05 Oct 2022 17:26:46 GMT

GET
H2 200 1517069204994984100
tpc.googlesyndication.com/simgad/ Frame 7639 148 KB
149 KB 363ms
227ms Image
image/jpeg 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1517069204994984100

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f6c0dbcaf88a35fc2b45ddb62ae6824b1a53bad764a305876df47f0eed5a724

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 17:26:46 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 152025
x-xss-protection: 0
last-modified: Thu, 18 Aug 2022 18:32:32 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 05 Oct 2023 17:26:46 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012209142312000/ Frame E143 220 KB
61 KB 226ms
51ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012209142312000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff325c328985ef8a083bc155e6fa6b5cf2182d7d3174d43c9e8e077f4a1576b9

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spokesman.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 03 Oct 2022 17:07:16 GMT
age: 173970
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61591
x-xss-protection: 0
server: sffe
etag: "e54f9754f7fcb5b6"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 03 Oct 2023 17:07:16 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012209142312000/v0/ Frame E143 14 KB
5 KB 316ms
141ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012209142312000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ccca58c9fa219fa65853a7398d935b56ce1fcdaab4787294b3f444ddf7d1036

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spokesman.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 30 Sep 2022 23:16:56 GMT
age: 410990
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5187
x-xss-protection: 0
server: sffe
etag: "59737ceedde8bf1d"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 30 Sep 2023 23:16:56 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012209142312000/v0/ Frame E143 94 KB
28 KB 324ms
149ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012209142312000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ddcba88db922f967fd78e15a055bfeb5088c7c58500ca2b7f08b74eb3736189b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spokesman.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 30 Sep 2022 23:16:16 GMT
age: 411030
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28888
x-xss-protection: 0
server: sffe
etag: "e2dd099ef3a2ca02"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 30 Sep 2023 23:16:16 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012209142312000/v0/ Frame E143 5 KB
2 KB 343ms
169ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012209142312000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d5e6919b2460cd051d50b47942408d3b3dbf0470fdaec473a7ca6b928d7ae4e3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spokesman.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 30 Sep 2022 23:16:56 GMT
age: 410990
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1900
x-xss-protection: 0
server: sffe
etag: "01e154329648e832"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 30 Sep 2023 23:16:56 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012209142312000/v0/ Frame E143 40 KB
13 KB 345ms
170ms Script
text/javascript 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012209142312000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25ae07afb30f4156fa035a5ffc7f14945c8863ef79772f062d3d04fd97c25391

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spokesman.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 30 Sep 2022 23:16:16 GMT
age: 411030
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12955
x-xss-protection: 0
server: sffe
etag: "45d7f146b93052d9"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 30 Sep 2023 23:16:16 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame E143 6 KB
1 KB 129ms
47ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spokesman.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 05 Oct 2022 17:26:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 05 Oct 2022 16:06:31 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 05 Oct 2022 17:26:46 GMT

GET
H3 200 container.html Show response
f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B791 6 KB
3 KB 154ms
51ms Document
text/html 2a00:1450:400d:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 17:26:45 GMT
expires: Thu, 05 Oct 2023 17:26:45 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4807 6 KB
3 KB 154ms
55ms Document
text/html 2a00:1450:400d:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 17:26:45 GMT
expires: Thu, 05 Oct 2023 17:26:45 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D59D 6 KB
3 KB 153ms
59ms Document
text/html 2a00:1450:400d:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 17:26:45 GMT
expires: Thu, 05 Oct 2023 17:26:45 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 74A2 6 KB
3 KB 154ms
64ms Document
text/html 2a00:1450:400d:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 17:26:45 GMT
expires: Thu, 05 Oct 2023 17:26:45 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame E143 2 KB
3 KB 174ms
68ms Image
image/png 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.spokesman.com
URL: https://www.spokesman.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spokesman.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 10:58:38 GMT
x-content-type-options: nosniff
server: cafe
age: 23288
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 06 Oct 2022 10:58:38 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame E143 295 B
424 B 173ms
68ms Image
image/png 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.spokesman.com
URL: https://www.spokesman.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spokesman.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 10:58:38 GMT
x-content-type-options: nosniff
server: cafe
age: 23288
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 06 Oct 2022 10:58:38 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 5B7C 0
0 86ms
86ms Fetch
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv64Fbn61RfY-bGCNcOBLZt3x5fXADr_ifIuh5ca2NJYa09VDG1AXvPraa5Z1DnSzcsBchkf7er4buoZBor1A-awpfSSf9u_CCIHo-g8DKxOQ7Pk0OcmmqsXJwBy-rG0MzNpLF3xZ6e99YliSfIXn2T6W4NB59eQS2YAQRtX4qgZWiT2z0nkbHI4OvCy3Y2QT8bFdD64krmmK6Kw792WQomwoCBdfydj8mBbxum-1cdt-82xyW4hnpitR5jw1p87s3G14kNESb5iXWv49Dj2QG2ELSNqPyTwc6qOE4aEOvpIbQODkvVwJCDtzLxrOLUZJMClIJDTdmqpPI1rGtgLbSCYXss6w&sai=AMfl-YR8F5LBzaBpCHSUXcy4OUyne4yZOfvcXSxZkLBRhpolDeufW6wciaR2Bv6lEK7HfHRbEJSgxXZwh3JMAaTc_oLdCHF7L5cE15UFXUtyHC7DM5vTMslEQltEaLjub9TvAAmX&sig=Cg0ArKJSzNulqpmZoimkEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.spokesman.com
URL: https://www.spokesman.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 17:26:46 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 05 Oct 2022 17:26:46 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/ Frame 5B7C 23 KB
9 KB 152ms
58ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dd080c89636f8576e3364bea0867f18be3a32daa72d766da336cbb80ba5fb407

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 16:28:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3511
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9561
x-xss-protection: 0
server: cafe
etag: 483224313611802536
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 16:28:15 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame 5B7C 3 KB
1 KB 221ms
221ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 17:24:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 114
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 17:24:52 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 5B7C 0
0 135ms
73ms Image
text/html 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQFWxIEuwHQzAk-DA0pqjMckga6SCPZSY8HPoO-zclzP5lwCKDNTs_cn28xFVY8oIvElvTxtDVO-lXx7C60sBBUJNlebw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5B7C 141 KB
44 KB 407ms
299ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91102e383130cb1a9faf348bd83bd3c7e0744900eed75eae7587cf6bf32c47f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 17:26:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44883
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1664796838458510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 05 Oct 2022 17:26:46 GMT

GET
H2 200 16102043042530689800
tpc.googlesyndication.com/simgad/ Frame 5B7C 141 KB
142 KB 233ms
155ms Image
image/jpeg 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16102043042530689800

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022092901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66d5bffe2cb30605e302a6f535fc7c286f02becaa84007a8e982778a3bfadc31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Sun, 02 Oct 2022 11:49:33 GMT
x-content-type-options: nosniff
age: 279433
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 144891
x-xss-protection: 0
last-modified: Tue, 13 Sep 2022 16:36:47 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 02 Oct 2023 11:49:33 GMT

GET
H/1.1 200
OK i
www.i.matheranalytics.com/ 43 B
245 B 129ms
129ms Image
image/gif 3.219.38.131
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.i.matheranalytics.com/i?e=ue&ue_na=Ad%20Impression&ue_px=eyJlYWlkIjoiNTIzOTEzMzY2NSIsImVidXkiOiIyMzEzNzk1NzgxIiwiZWFkdiI6IjQ1NzEwODI5NDAiLCJlY2lkIjoiMTM4NDAyMTAwNTQ5IiwiZWVudiI6ImoiLCJlcGlkIjoiLzEwMDk2NDEvU3Bva2VzbWFuRGVza3RvcF9TdXBlckxlYWRlckJvYXJkX0hvbWVQYWdlXzEyODB4MTAwIiwiZXNpZCI6bnVsbCwic2l6ZSI6IjEyODB4MTAwIiwicmVuZGVyZWQiOiIxIn0&tv=js-3.0.155&tna=Mather&aid=v1&p=web&tz=Etc%2FUnknown&tzoff=0&lang=en-US&cs=UTF-8&navt=link&f_pdf=1&res=1600x1200&cd=24&cookie=1&f_jquery=1&f_es6=1&f_gears=2&tvltm=20&tid=095ceb8b-dce9-40a0-be91-03fa374da432&pid=651320dc-9cba-4888-bed8-98f998f99edc&dtm=1664990806396&qnm=_matherq&visible=1&tabid=eb8517b6-cd40-4ca3-b07a-af1525b76c02&url=https%3A%2F%2Fwww.spokesman.com%2F&vp=1600x1200&ds=1600x10788&tofa=1664990805&vid=1&lvidt=1664990805&duid=498c985d-d08b-4d5c-8f28-32b10ba9b678&fp=2509661442&cid=ma20153&mrk=575681700
Requested by: Host: www.spokesman.com
URL: https://www.spokesman.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.219.38.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-219-38-131.compute-1.amazonaws.com
Software: /
Resource Hash: d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Date: Wed, 05 Oct 2022 17:26:46 GMT
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 2076313506083323656
tpc.googlesyndication.com/simgad/787446515677529299/ Frame E143 51 KB
51 KB 178ms
100ms Image
image/jpeg 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/787446515677529299/2076313506083323656

Requested by

Host: www.spokesman.com
URL: https://www.spokesman.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ba1e9f88829b0c441f028e3052bc3721ff43b6cce6031735e3eb8e05223abb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spokesman.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Mon, 03 Oct 2022 08:47:28 GMT
x-content-type-options: nosniff
age: 203958
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51859
x-xss-protection: 0
last-modified: Mon, 03 Oct 2022 03:38:39 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 03 Oct 2023 08:47:28 GMT

GET
DATA 200
OK truncated
/ Frame E143 218 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5da1f62682f45cf089b9fe471b2c8a8dad9da3b51686f9d6234a0db7228f354f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame E143 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1af4562d18d693835bcd6d0af22bb439748a1b02e31e589dbdf9bd1d8bf6315b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 loader-config.json Show response
cdn.sbgsodufuosmmvsdf.info/prod/spokesman/ 4 KB
2 KB 194ms
37ms Fetch
application/json 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.sbgsodufuosmmvsdf.info/prod/spokesman/loader-config.json
Requested by: Host: loader-cdn.azureedge.net
URL: https://loader-cdn.azureedge.net/prod/spokesman/loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CAE) /
Resource Hash: 9c05f3e7a99522d6cba125b8dd46ce8ed64068a1d08dcec309c56a58ec85cf3e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 05 Oct 2022 17:26:46 GMT
content-encoding: gzip
content-md5: M5nFg6NY90vziLv0N+HY4Q==
age: 42754
x-cache: HIT
content-length: 1259
x-ms-lease-status: unlocked
last-modified: Tue, 07 Dec 2021 09:18:33 GMT
server: ECAcc (frc/4CAE)
etag: 0x8D9B9628AA68761
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: f322e385-b01e-0034-697c-d8c476000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: max-age=43200
x-ms-version: 2009-09-19

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame E143 15 KB
16 KB 133ms
48ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.spokesman.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Mon, 03 Oct 2022 16:44:52 GMT
x-content-type-options: nosniff
age: 175314
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 03 Oct 2023 16:44:52 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame E143 15 KB
16 KB 118ms
37ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.spokesman.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Mon, 03 Oct 2022 16:39:45 GMT
x-content-type-options: nosniff
age: 175621
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 03 Oct 2023 16:39:45 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame A070 624 B
733 B 162ms
50ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNWH1tWhmFGuPzP2RrkmnOQXmhyNP3f4pBp3jjvhP--MwF53G-zeuP4bi62nR03Vnj4tn8VN9ZKi1Wpi1Cxv-CAeB7meV2jrQjtSQ1K5ZXcSAxmXQmV2-uFvIud3YEcsXUVlr_GuV84fhQ2hLo9BIoG2L02V8akIrl8P2dflsVLWSuTCrfQ

Requested by

Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 17:26:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B791 15 KB
11 KB 181ms
70ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D_kIuZH4OD7h6nfRZx3fDC4nESjb6Wbi4hECKQ8VmR0Bch3jIvUOe6BKiNywrlk0CeztVbJ52DcNghXLN2JCPnObNfgmGClzcQ1Nf_ADZ4gs98TE_z-ea1d-jjlQJqGck5XcqbebABFjHb9luxoyA3sw7_y5G7KB86dmm2vZ1eMtXdylc&cry=1&dbm_d=AKAmf-AfrRoy9YqGAvpTMCKa-WVnIHMbdKQN3jTYU55b8q30nKMguEcB-2y1LE49kzBgDCnhG-iEtfvsjN_7vIVWGhHPgcBPaY3CdmCuDLVUjrE8h-ZEl342D3BzjUlLRC_cfNbhsgFuTvakyu51l6dQlxD1-eY2U6F9JKd-yUjA5kniIayP5XTmoDzHRH_ocVvdvJ94ELYEFmkjMO-bZiWIuS2I7g7sOx1724LuhApfDRnvQUgwoPubu6WA0pNnyeBYdZwMGz3TbqBqoxjTnQDmNLc1cbMqdFc4BI13H3zaVxUkMU4MSWCfO0sNCELvi4iX5EVxUdyXq1WIRaHrZy1dNxMjOTtSMLvQ-WgSRrRFkEwdz72CCASwvwEVduuGT49I168jHKmcVTGOE6lnDqSpXGII7DJQO0Hnxnp0Au9Ts5E4RXlGELplZwGTqzRledrcZbIf7F9IKoDJ_cmNE3TryV1O8N4j0tBGuOfGmbQgYfH39JPpRdEjLxR6kziozz6u8nCm0-7m_jSmsA1a8cvmBH6-q-URAHHAsHIvPpUjAyNQaCCitz0gJDDni9tQLz0BfJqDRXlHSnw4KrQ58fn7edzKinN5nShwNNwA6DLqnAfwYJSlfe0RUErhK3JuMqp5MfsSKvVBNnwP4nS5WHzl9iBLMezwUnHVCjkLbB614WKNz44mDJMfxBIqLjzzRCA-_mIQdOc3YIykIus9xiIuK0UzgrjEmU4svNCs6PXJ8Kd281ZbZ4PSfWHDR_QJNYYbu41SVjNr4k0dVmo28zZQxkGpt9t9qYYPyoScqAG79OKqRR4eqHSqe6ZrgHzBE_g8MdFuxEsvTZ0rOrt75AooH_jlr7Hym_K2sYor1dCGbfhYMwS7CpO278QN43xxFpmtgbJQPTAoYVLRkxKXkEvm15agFohYd0zzUpriRLfrT6MFM3XQrmVN4GhQ9BnPmOv52nspCOX4Nr7a0gGB3ibf7Kq3DE4FN2eZpcKKpF1yMhdOjftFyfyXJREc1u8p2Da0VdIti39FUsY_z6TJyRoHCcdFa5l7MFUEgaOTi-F6wQn4achLtzS5gPdgNPLQJSTqDumzad5rbHKBKc6i1cdNJtlPftqmLD0cuA9UjcgiDuDDtQSxOlpBNhN865jErQaYFthJRgNLQxzq8wu_Q0D3i0VqinnRabzllo8X4D_rpsU0U-TdAwAGZkgx8EJxKlqp7NU5IIoDtg6VMBmxF-smC7O1KQyCOfngt_C5Jbe-E6XHQYdc36hLovcli5P6WsYobwXg0XYwc-g_s8piltqXLjvCvDBq2faC7ggbUPqAcQ3UfOpQ70Um66jNP79oWm-aO9N3KGNoF0uWGHdDslJiaqBmwZwb04aEw2sZekrZqMwp_MJkAt-VmMSFkqRpMgy2iwUTdDWvq12OhB0ojcshOC2_M2QTLs8AfFBNKbTwpHPsYcHP4bA-gGONB-cWMiht95o1Y9w9wZ_NR4x4lbL0OMhyyTq91FB5SU3EKoUnYK-0MKssASfnE48Nj-Zw17USMdHY1ZfBfHUA-f_PGkc49X7WpTMz_X4bNTAMZ_2rSn3IqgPDp1nuXrj3BGaSpyJSFUHBpNxkAkdw_rLCM8gPcG0l9CAEa29cR116eGH57icRf7_9a8IsIJBCQEQWFifQ3mIdAsjsewKPJcjmSU8cnCj394QIXj5cpIl9e-fPH-JTXkjEYIg3Tu6yo8-gubvROzGHlscuTto34KEal0IQfNrsEBJ-Nx6c_u9l_xL5Fq_E_hmZtPHD_mHxFFjIbX9xvzunsVnvkDZ-BkZ7V_kNjV-DIhuvKMTJm_OgMr1EUnv2dOIOdiJgDhbv_TU17QVON0d7P8o5cCx_6rjhrFvT_gUTiWXzIXTM7vnekP98gChfe4Z2diAOwVB2tB80NPxxp7E2AjJIC7JxAKTi76gbJmpvGb49uQqeKwc1hk_Ryg9o1mJqO07-oMeefk5F3_CkayJLRGR4QJuZj0vKq993Ha-sdvuivX3EkdwAAQZH4Kv3P90O5VEuN74tt3nbVz11B4rx4s12-4P_ewAQk76WYYo6uXzQoURrRBdN9rmyJqyqVLl-N-EQMNZZf3gcPzYqTPrNWNofksFyYuse1FzVQpwRUgpNLgGeCREUpnj3wvFo3oNI1OvFow-sv93bgfRR4xS2VP6lsJp9mKHLYTtKybAtMhhNLwW0P41-tHxEpFQkHcf8dq6bYk7-vBJLvzBXRKDUmNdxI2SQxCIJ2xuu4e6nMnkLOojDX5hS5V5cc6udYaMaMhBdbdvuiThG95drSCPrTyO2ZiWWa1LYjErHEdF-bPYY2EVdmfrG3Hbgmruf4Hshy0eNum58K30gKxuZ33gbrBk4h_ttFZIn4oHzFSBCHtznLrW_F6VEunps6WnhMwMmGUH1090E5nSoiV_12_xBw2WWoTCbGZTSrJ6pl0Jptyn2h_p2xMIzKV5Zm-jb2v6JpYgcf_vT_S8brwhO6iOriFgtyC3lrQ8V7qZf_RIb9izm3Hexjwn17yfIn09L8TR1oivGqNz8hYVSPP86N2gXBwpJZ_IBcZGfkJyGl2reo4h0snQZU14u5BpzH-QlqY6VZP_CjKyyOrvmSMPhEfkS7iu5sy3bNZ1YgolpFv1eyIf_I0Lm0_QW_h9FR3NXM2u3o6kHwIlj5_yWBs5LKkKsxBQ3Wx07f3JQfrrDCciVZABnX44BMX4Wn4GM8UE9_YLJ8fQTRSKbD532LHLkLiqbr4TqtXI7dOq-0YfVorU0Yp-16uKrV8hxpFe4LP54jgWrSu6ZBoIqA-ZhPFPoS_jTSAYZRzEIEyHk92kH-XcFpvyQESilM4wSxWRrdulaTrGOiRwPaacppRto5gHrXDGG8ALl27VMYgUebiPPWKsj4I9gbQSClQd7DFUcfib3qX9rTW54AG714xAkayZFJVwq5ORMQ4sid65wuMPe0dblVqzEhWqOAt82h7FPPVJK1GNg680xmEG1WcTSp8D2TJW0eMdi3HC7xDmgB5D4VWsVOHPP4gAAB-g7qwc4pLH7SkIshQDaGUN-4Bs6NKGUpL4Ft3e04184cELhta6FdkxMOpDi_R44Yq1QeHlBMDC8x_L4YW7l8WGY1sCzvF5Aj1-AJw1nTg0q0OfwgFJ7BW8S2H2qoB2p2ReUQRHyQlKsY9RMCADcuTXetF55biuXheX_zJtK55YJY6o5n8_23-xnsRrSbr-kuPFKFe6kB1BOUclpS1bHrGHrlIFzZutsJG9jw0p-16asWeLTx_nLRgznDj5zQomkMSDs9X9qCWEVUDLJwlDnplPMlYqeTdGdYpEvzM0XA-yTHsGfoYDtuPZhZLHWiztArJvqy9zE6YJNM68EbPAi0sOvAanA197JLuu2KxGtWHHJHZntn4sBmeYBO5VJkacgdaTutE2uWMWqN1Cr9OdF-uWkhwCft3mcK6AkS1s3sDq3sBmH9GY3TAHnyoG8kA&cid=CAASJ-RoaV9WdBcS4RNT3XF_raxIyj-qF73AY3bEFP1Y4xfyLMldCoK9gg&rfl=1%2Chttps%253A%252F%252Fwww.spokesman.com%242%2Chttps%253A%252F%252Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%252Fsafeframe%252F1-0-38%252Fhtml%252Fcontainer.html%240

Requested by

Host: www.spokesman.com
URL: https://www.spokesman.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

23f308e71aaffdd7fff1950313065841bca9ad63540e07a4978984251a067533

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11218
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B791 42 B
494 B 169ms
71ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BygZmrOBf2im8XEbBGZ_3pz8CKCHNnbaqfyCL2myBlZzFoeTHnt2yJEM_-YB5o3u5wM_qf8yyn5hiUZPOKZzoQf2BcxVEV0gmQ0ZD4K7d3vXcEqDs

Requested by

Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame B791 3 KB
1 KB 192ms
86ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/window_focus_fy2021.js

Requested by

Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 16:43:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2612
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 16:43:14 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame B791 17 KB
7 KB 172ms
67ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86d8e892ceacd8c8a7e7125c68dd0e1b311f8399871b6d64b8b6795f0235c1d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 17:20:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 392
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7559
x-xss-protection: 0
server: cafe
etag: 15289875785628835784
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 17:20:14 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame B791 0
0 72ms
71ms Image
text/html 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSoM6H6CQgOmVOy2wFv_9WamxSVFzlHR5Jc3Dsl1ZmYHBTCzXdidfDualVIT2FxQg3uv-Fow8qoLqW8jopNFq0LQ4wdEw
Requested by: Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B791 141 KB
44 KB 183ms
182ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91102e383130cb1a9faf348bd83bd3c7e0744900eed75eae7587cf6bf32c47f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 17:26:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44883
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1664796838458510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 05 Oct 2022 17:26:46 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame EF0E 624 B
340 B 152ms
53ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXX9tqFJ9tb84iX0eFQJUFRhuQrBfTIBY9pk0n-MGRY54_CCitQdmVBElPkG7DAhB21cRRHK2DR19jPgVyAGzSVCBATdAZVEY3rAdYmcnMj4UFHRjB_LVwvbkoNx93CwlH7efdkDHO53sTacX9laQpti6RR1qs7Wp2EwFNLfMykOjP3-Tc

Requested by

Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 17:26:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 4807 15 KB
11 KB 212ms
113ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D3n7oUGhnFjUib0A3c4Vq_LBrf7bxEQRmCf1_5RhfMyCsqhR_RivhN-jdRSgdojdfydgdT9MM_70HizllxLSQuSwnqCza9RC2VvaUEC8l5V_pSSOuszxBwa2lKYUrwRXPzR-M4SGTGvp8GYzEIHdGd0rqlZBzoLEfxYt0mlAcG7_VqeR8&cry=1&dbm_d=AKAmf-BEwxy5u_zqgaZZ99Opp-dDNXNgNHYHlUQmjphHB6QGQiUoN_mOWMP-4PXs4I7AKSFNVVgWBAe1DThYjNasoUA7wPYnGIrVVNNVs31L0atgJcgBbFa-xSO1jxH6o300aiNaLAGcGrJX9_YLHDmeSJHJPkm4CzIpispmqdTpTBcuqH2HilIs7_9AAj0A7XOPZd6Kqh_b3gF3WCr_wQmikWUBHilk0HpSBo-5BmMjBuNW5Ve7YeqA-_lpjS2cCq0haHqzh6NArsL2MZFv6icGTrCX1CYYnOh8Iaf82dJgp2OlPgyUKNk_wcYfcnagS-5qi1lIdrkroBIkndF4vyDU1z1T4rz610imvMnt7LqLz5v1GcbtQRSJ738ffCd29fNdmQRA8EDLhJpf4U03SLIOdJkz4eDrGUylEy85xRApQsnknxvXpTT9CRhykw78URxpFvW8w3aICnurJaXDoBOoY3vE_Q2WhLKynix4ASStSi9czubzSQodU4TbwnX4MSEeuQE5lIwe-xkNAYO3Me_pmKSQ4FzdGwjIP9aoeZzJjiFOguC0klN_fzYfDNljBSnlAnOf-BmLCxeY_quypx3OMcu2tiE-ThuAfFB6gkCeqN7tf4VIV-RgoN_w00Zyg1jjM9KdQqUdGCoM3RaVvBzWstPiurbQuiRDkWcJ27F2iiasGTr21vDqKmi3CtBDjYUsAFZdqNBXoqOwWN2b9frRNYZ14OkT94Us9Xo0ako_IdkuTrAjyEz3IAxqK2_bWvEUMlLcD2OcFgondz-MiTfzHAb0KlPfBJ94JTywQEIgcsAbfr2E7DRVyr4nVuG_ysY0wWGh3eQGC3Z7MJ-L56uuRVdmIPX6jRiyUegUwfnE5DuUMFJo2rucG38AWpEdgnnZMAd9vORXH9BL88aY_Ph1_Mw-ubONEpn1R_JSprYJSt1k6Xm1kcPbZK-XOZQ-tJduyeeVn5lOE4JU9zKVVyH0DG_xXkUKuJVDmxJAjyi_7kUUiiFA3_X7qG8OKwG7iWTFC0PKr9wRrSuj_colRpfjiWZNbEc2AcGgBF-ygGo6PG2pS9aqa6EXjOlaxF5pZs54d3nwvUsQgtfOD9MrdCntO4rBxzWxmNGeRmkd-ZHHmg6anu92d7UcBOLqB7QAdQsM0mpCN_wQrNeTQFSjUgK7ZorFIiYuhzd9VKo84SpZVsI5xJXF-O-mM9xxFlGyRthMeFyUR6mXxAyjGpcqz0beWgLre2puguYkqCL8qSpj7kbu_SDjN-34ZI7li11aOVAl2m10q6QaxKpxjOTCUkptEvc1nZbDxbvHRB_ye3SQwxjWHaAuMpEKehVGxUSLgb75HKc4b1pqKe5bA1oRrF5Z8H1470N0EUFh8Yjc8Ps4ZB-nFoq8SnaCfdLcngg_lMbKzqtwfMCiO9fNlOqAUZzOHi4sty6KzNWXrpgM5PfetLa2gcYKhwoavHY_lMCdt2B8k9ufsk1nBFQNmWDXdoOJ1bmcZX_ZjVVbJWQNRPnik-g7tEeSWDXcsq_U_PCFavnxQUstA0EN9z3_cB1IJNgHWxW--7UaNe2VUU22Zw4qbRvTmIEE05oylmUUx1YHmCGEdii8Yec5OiL73Elymkhsd7Bty03wYSQ1wzYg1XPKESn4cAYYGBKjUdE22HN-QDirevXz9nlUNMvpiJ_k7oujY90eBxPrVy90KOc9np0gdGyEMwNICOpK9uJddcq-yhcL_sd26cnFuDVggNp0moJprwKHL0oKPNOTLvF-Hh8alrbFndm4wJtK5QNA0ZixQtNz0wKx2d2VjzzabaR-CmcaSPiwWxIhcLaSq6vAF2zktnjJaWSQIgPrHVkOUY_BOvO3cOTQbVRo_3gZeLe4h5Brd-9msFMulYQ6uWuaXsUZrv54DL9m5G66go2tPIhvGThcRpA2XrvIcgPiA0BwQGYi8X7483eq8k7dwmfMsBoLLMXbCYOoLECx2E3wEU0rcfuzkviZOpD0mopyxRcrrmisP9AATY_AJYj0FCRc_IRxThWJ8nELGmKBBHKXH2I6_O8MkOebGzMLQIFgOz41oYnjX8QdPJ6wKqNokQyg1TrPbNiMSw_xpFZhX_CpSbV4GCAjyokrYfnZ6JhVhe1JD0h6hUwUxF6m7qsofzuudYBr2PvffoU69FkjyZIxl3ADJ1S_Bx_uUWV1deAmFUpOBhA2HakBx5pksN-I7Fr8T3dqSnBAUQzabYD9DzjBuNgD-YH54v26a67eM5k7La5s3_TYpxzShIubXZ_pPejDQCYvdfyWAdXyVG10R8p9dEmLbTDxsKEiVqP5xphN9qGOU96caN3lF64AOBTfZd4pttZ8T8J2IGkJ5ueFCuknilmQkya5nUm5Q-xjZc7X_DfYQnLjCvoEAiTfpufBY3BCOhO2SOQ1fqvIQls19s_-1s7LKc2ws24ISLv1UR1IVWkk7nDzrAMSZrc_i9bkBxbd6iQ4HRkI8U6BaKPxkSAcf2go7hM-NWuf_cxSMyRS9fwXYKKjTd_do3T4sI7BgP5sar5q1kONP09V4Mmzw96WMGwHQOXZ9arYacrMbvmCEe8UJlTHN1kZHt5KPxfcBtDGhS8SLIlEMX5zzQxZT2emOJyyZqPrAfxPEVV7T-OQkZtEIOgqaBlANeylYJH5B_-C5h5VzdeLwoTOyXr6TGMngtizkpKAw0ufBmIekLqbaldlHMLlhTtkUh42Hey3_YcC4mOq3LccCpHsOnFelvakgd-aWPgpw0suhJNuLA0k6RXNREdNtgptu2IJTUW2r_W6VTF4LJicrqaFIO1aRvU2oXbN9XEFe0kpupl7qA5CtPJ-Xk4jMGirIeKgUiG6zo3X8A__32PiKvMJ7MsVQkVEazeQFpZ9BfEMg-RKmeB_59HVd69UwwwpoxO6pIkrwoxlJeDSsFfvOKTM3mNON7zHUc5jjnX7lM1gZNnYjNX9urAKHui5EcqEmhj33bBxJuYiERirbq-TkqR7_TdzWXaRIFSB9vgJj57ofiezg_pCAOtoxVqvZOi0noVN6-R6o_QlUHeXJhA0DjL4c2D_VyNFlB5Yhn3LbZKqnXBebEPxQvp_c6md6YIvtq_1h1RXCzNcOdqrtyNFjRLREpiFrYtaZ9Qg6yMHo1ZaFNzUKUYETVHedi-GwFXKvZETG_9CgtUapVCYXhLTlz63V7XtjoeftgSjLzXrx1QHnBMVRRRT-tIDON474zvCy3Q7g9S2RxQJ0qvKINr86N3f-Y4hJxqsnXkJNWgcOl5MT59EF4mr__kitUvkgdmbkmKJDaEKmDA5b6lrlFsAw2pSlUakdhywWv8bT8GWQhjuuH0R7Nn_Q5PPPNCTZ-xsIOeEUHl3Y0SO-iXhEkO45O3QUc1QARS-_KnStc_iOrH9xtvIybFuyg0_toP5Z-pOYvR7QXGFb_IyWzsrdBLnQ2bexkBkItHzt--zXprr5dusretKZ16gfZaEPGHm90jt2lwn3A&cid=CAASJ-RoOaCvLnHkAdzNSxChlQs0J__pngqv9GC7Vyzvz_DNhfLvZ6Yazg&rfl=1%2Chttps%253A%252F%252Fwww.spokesman.com%242%2Chttps%253A%252F%252Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%252Fsafeframe%252F1-0-38%252Fhtml%252Fcontainer.html%240

Requested by

Host: www.spokesman.com
URL: https://www.spokesman.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e5ddfc8b3bcaa3ba6e4f417dfaa9a0c73ff60a596c2932f0385131548a1e1188

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11152
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4807 42 B
107 B 158ms
71ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A7f3mFuWErA697rb9zYnzOWY61WxaLfqXuemLECRzHURl1V1c4hvujiqsWGKTCX5lV2FIvQ21RX3L0x1hVLrZvwLD4rY5m9ULYff2kqXACeN6ESTU

Requested by

Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame 4807 3 KB
1 KB 177ms
84ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/window_focus_fy2021.js

Requested by

Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 16:43:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2612
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 16:43:14 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame 4807 17 KB
7 KB 154ms
61ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86d8e892ceacd8c8a7e7125c68dd0e1b311f8399871b6d64b8b6795f0235c1d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 17:20:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 392
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7559
x-xss-protection: 0
server: cafe
etag: 15289875785628835784
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 17:20:14 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 4807 0
0 72ms
71ms Image
text/html 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTcCj0SXM_6ybxgfdrc412r3YHe5MHsgrHoCvq7MGnljcuAh2RmSnH8sDb5oZMv_cKxpPakQO43yW4te1WYgc3NmqR4ug
Requested by: Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4807 141 KB
44 KB 218ms
217ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91102e383130cb1a9faf348bd83bd3c7e0744900eed75eae7587cf6bf32c47f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 17:26:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44883
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1664796838458510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 05 Oct 2022 17:26:46 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 540E 624 B
340 B 149ms
54ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj5yrvGATAB&v=APEucNUQmv-5ZQiOlyzvWkznuNCWqPb0qq35UeHYdnmAIn-OIoNprGwPS2l_WR-vn6n4cR2a8w6WOJxMI-y8GDRqth55OifTQMpdsuR0dDz4ZNqEBhtvUdPldSTUmY7TtTNGsOVmKx7UaB9lmlPWMIAcyxibWg0YeukRyRebi8gvCB3WnYicu5Q

Requested by

Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 17:26:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame D59D 15 KB
11 KB 200ms
105ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D_mubJAJ2EZN4YSDE60jjs1pmY2bWhSTn9uOFYloeMIsnoPwrwwpYtPbCTmImkUJ0TmabXrl9_5bCMt2RpQCzcsfE287KkgLxXQE0hFT5XiWj1DfmnVX3lf3lDYdk2vx2owHn7iVhN83pAGTmNVcrsEEX9xMzhAakqDyJ7DJL1CoUyIQs&cry=1&dbm_d=AKAmf-D3ZyNboqh4JmNSKvpWyEa4R31j2xbi2SXI6ocmnfQjQF57_R_NJKLsiFVzS2Fz-8RBZIELmFe2cezumpynBaGGUjNGq_yprYVqhF9hX9C-xxHISYYEbGs-6Rt9nWC8b0zVLqB7P8jk5RBRvdeK4AYg2PumK0J7-lbxYNRjvCg_62RwOztdusWQyjHY4teUjmoqoSwfD0QvAzNsS_u7dCoo1oaQPW_8w8jw5sA4pKX-Lm0RafKC9EJWvAdLR73C1Isx4kQ93Dge41XJ0bN-VAucSA4O96I0CY4vn0WdFc-WQRAYZ3dFtivvpOHITFpN85pmCQHyDsmSDsA_Ao1ooPgMoSSzR8ADv_aRfi-khstfkb5eu-sU2FEXfRGk8JgK4PxXiNFu9dN_KJ0ijE5K7WwUPMRDPX3YpWe4SJ2LjDSVclKp_YH349F5bOSJasUj7H4SDSyd7WXdeT30L58O8QiYqJE0aVTrpbU8cakxZgitcFuoGwv5AcA0Wqw2UKSg3MUxGFvAWbq4MXGyt_KEc-EFqezx5zq9dR_W56lQMP2KCvLopp0Mcl-_HDuWeEoij793_iCUJ9tSC-UFgej15v5Q4nqQuDD_Tv9pM8U4z9cymwJbIcih6rO3C9dPnq719b924hNj9p1-xZPotgVJuHTT7mHeA2XFGnryxISlmIPKkDqPbK8NHnEZ7Mb5hZndBEBg26jsLQsh0kDL-pxUcn7K3oJSBdIi36jlRhiir_vGsSTepD3Zz35l6GBvSKTz4Mk0PxDCS2tnjY51TKcXAk3Dqs1optgDgcJQSkdciD5wU_9pXl-ovD5BNOQaNendV2m6Fj8dnWQQsmWcpasWWo3djCf--2xATrTE_h9efw16I0LfCTxthQefCxjfgiDgw-eNe_5TnMnjACmyHCWnAz2mDIwkAbwdrK5OeI356BSXaoLcXzBOQW5XeZM_f6fGNSCyILjlr2G2VV8_tWAu4yfWUKzWdfPI7_85uo3VdWdA7TuQlw9mFmmxHyaf2XEw2eSabBd8ag0yLeHXedl3dkbp2lJnJxvOlQQSCgNhVCP6MGf_C-dDdvlluJTbDFHWUM94HeVOuQUQMwSt77HjGFlag1yvsDd6oswn6HMbQkf9Jg8cyaeq6TCe664ppwphkcELX3MqXb5dkqqD9aYva9EGEfOaJ64wEimP9dbRY9v2qpbc2XLPrf9uKzRi2eJIg09SiiD4lfJNp2V07q87zK8B36VvL7M1P6a6RhSFpt61VvK2YGqW5JHHGqEsoK9cLN6PjCmkADLYysDsG1zf9crn6IiJ1dGcYSKV336B1KMenxciPp5AQYUMxBgrZfBQPbE_VunAaZ3xz7_Ig-RAD0Bo0MsQ5eIA91huLdISxTEjTKXB4BDwY_Sv9DYsvsew1rEZToW1WlKfABA0rsdGhy3bDtyYOTn7UrmPJuoIoVue1j8wDaYwRKXgKKaN4R3JV_JQylJDwLrPXYYp1DzzdWZPR5fdWlZErGwoYmb6HeCUhlot0ZjPvq5miGtK6xcswhuQipv96pMALf-BYqfYg1FSuJmTeNpZRMbU2zIOhBFuqDSuRlcx04ovxfs2xRULP2Cp-MpCeqqtvpdfgCPAJe5WhkGPk8nOBW0VTuL11FSKYvWRJe01E8dEsPH1YWaG9xiXfYs5hHpuiWPmurRARHKdqbwRCwGoT8PW3KSdEuqU_rF0VHqRyuRw1k4960Nb_JlfEhUQi1MtI8n_PTEG8hUf6vzjrDoYQMwBHmqUUYQY4jVm6ju2iBUJoCXnGSzNrZ26vDTyuZC3Ieu5FtfvKgZ1vZjr1sFi0ueaI-fIbKy_wRY27x1PN5NTkiqeIwSMi6Q4ykuVKAAyXGZsdoGl--LavcgBjOBAIQ3vmdGW4usXj6xjbsiZp35Jg8vcL3bsWXlRD8nfkP5oZ0xopr97fJnklXnZKaG3h5n6nTOf3c1Wt6lu0RnEErzMJfwKX1aDceHmFYmTXIE7Ye-L14vWqQgoAEB3D1GM5N1B8kJ3ziyGByUoKIFPSNHeVC3XRlDQrpnTbH-LhO2IXcZc9dHQ1RqGZqlvMMqQ9xbZYogXejsNDnrFdjruYDhbxo2VH_ChDoxec7OrMw54_0wyJpz-77xuOqhBvN75iKav7Ep2ULfFmPDEat5KKa7c-ZNfl-SyrlVZ3_FeDUeIjNq3W6r4zaH95cJu3VyZQQy3fEQ1ix1X2jHgUwN8juJ6F1t2AO9r3vs7KBH1D6TLg5jwuju_0wZKzzLt5gzCyI6cCrZ1Ei8EJYChMp251tHyV9i6ovKw2eEzyi3_PSv3T1FCkr2xOAp-DBUf4clKEu-o_Jf5osjH7rHoi1kN2DOfdkypvdlIs0OGTYkERDn0ZJzwfYvdYClqJTYpgtVN7RqEPsvu8qBWJsjnn05_U-4wVhYADfncAeAFnQ8HDmvFpGhTY9Tgm3XEDffadcGBTv_IqiQb_iLSmD05d3KxovNoixhtgJtUhG-ARTVFr_4SnNmGFBX9S_qNKUS3jgOL6apYaEQJtAnxbldE23LX3FTQWDDPfNDJ-Q2mOIrJsWqYKOisKrruA5_TLJqjrYwg-yaKWAjm1qbQ4-UjN3nt9KUWWZ7NKyPl1w3WSXZNr7GD2fwslJgcYYqGs0q22FzEb2whSSRzIr2GHOp4WgJQe9fyPsdGCKj3P7bKYR3ezPF0i2gpNlzUzYcQyGLuKdFdgjKI1_8fGkRGkVLULjPW8BkXm4jkPhAUls8zmtxDz4juif42yRo6C2XhImb3O5bOufvEWNXiPLXLQ7ve7zpdONYvXV-3f01MSgKLdQdP6GuJO-S255YDQ7zxqMqV4WvdBtx1-72vjRHFN5w6RdSgMP5rT7pZyx1-iMKapKQ7aXbu-hjtG6lQ6BH87FrqibvpWq7P0fMTOsfz5xc3X11I9B_il44qKxd-PvwOnoR4ZYvNWQjnULVsoAWWmL3BQJj6E5avhBlkNPHwgXdNTEaMPeqx6CydpNUZGg_iQvwgkt3o6htyBxaK_aa9ubjkJ6RTmBrMYbILnl-_PnfpLzJbWpuml3SEJ-ytsT15d0Tc7o8O72-6PdPyC7H5l1er7DIHAU3IOTbEZASPDcxeHrHLACPfdQjmJCY9vPi10hM0zZClxuw2RcMkGHPR7p7mDfTeHxALSQq7YTMh2e0hINAG6ow3ChzaDTMZwJhCqZKIonzDOPcKKexKgkfBIWgUbQoyDXyVkqcATqNOLG4fKrZ0tQBVhLZOp6WEVwY9vc0p064tBGXZsmSCemDg4gj-jDS2M4mpldl2cl6QFgKBt4A079MHV0Ig3jQE-YEAr-VDMxgaucW8jVTwIeus4rr4NByyRixvftl8Pl9Veadw_1uqeG73Fo89EiooaDeYsm_tJ2Kt9Buv5r_Qt7vag2tOYBG7ZoCGcY3VWEqRu-JqtbvMqH3HfAv7K1LMWwdsFcyFUwYa-wa-Gecvm7JZgFa03w&cid=CAASJ-Roue-oXw2VK9Z5LH8wCA-0EW9wfIUnGWl9gsIGGOVgaTP6N-WXfQ&rfl=1%2Chttps%253A%252F%252Fwww.spokesman.com%242%2Chttps%253A%252F%252Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%252Fsafeframe%252F1-0-38%252Fhtml%252Fcontainer.html%240

Requested by

Host: www.spokesman.com
URL: https://www.spokesman.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0550561bc5248593e8486b189f6a222aa91a2081e5b0b1fbee69869b31015068

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11327
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame D59D 42 B
107 B 154ms
72ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BSdV9IAPJuVEy7dh9HZybIjoIa6q5WwcGErjLpHXsPosvWpGvyBY9tlTi5j4-tLgh4zlzPxmZpgd8AG536oOAjLiHzcbt--iXBVz5dAIo-tc-Rm1c

Requested by

Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame D59D 3 KB
1 KB 140ms
52ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/window_focus_fy2021.js

Requested by

Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 16:43:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2612
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 16:43:14 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame D59D 17 KB
7 KB 140ms
52ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86d8e892ceacd8c8a7e7125c68dd0e1b311f8399871b6d64b8b6795f0235c1d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 17:20:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 392
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7559
x-xss-protection: 0
server: cafe
etag: 15289875785628835784
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 17:20:14 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame D59D 0
0 72ms
71ms Image
text/html 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSkSEcQEELTon-SEjw1IQTqL5rFeN_YUmsTrSWccF3eLlbWZx9Kt-nr1F1JRTpieqhTfCHIrUcKEmmHu1o9RxVvWpuWOg
Requested by: Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D59D 141 KB
44 KB 134ms
134ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91102e383130cb1a9faf348bd83bd3c7e0744900eed75eae7587cf6bf32c47f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 17:26:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44883
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1664796838458510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 05 Oct 2022 17:26:46 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame FBF5 624 B
340 B 142ms
52ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj5yrvGATAB&v=APEucNVhRQq8qqsci4p_gfsjx1ovlc6l-FLMtGCUu4C7GTaGDOXt3yaLvM0J0MjFzqF06_PFxvwATUVRzYMI-_d7c16nqoa90m_TGGp4ByBLw_20mR-tROAcrzKKrnS9cYaxXemdcAIKAmUNbcafl3A1TqLWAmivtLf--lHdL66vdmmn0TI9PGM

Requested by

Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 17:26:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 74A2 15 KB
11 KB 424ms
334ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D9NEOy4fhwba-4kFc0_Fg1TIB1got8cCsDZkQ_H-5UxPFYv2dVu-FJxHvf-LwvhMQ4_mNWaIVxwXHVDqL_nubaTk1zmjaMKv7YWYHKESTfFcUMUwLX2XjuxeZGHmfv3FlVuI7WGXdVKi9vce9V72vIkm4-nCDaxKELtYxmgL_-JG7oj0M&cry=1&dbm_d=AKAmf-B3kf-97BYo61MrLnBEknDeG67Bpvj3e59Zi08y9DCJbVvqmB9d-nZHITIxbceJ0gT8qGCZjCkrcQoYmwlv6Gh7K2g3Ht4MtpbmtjEgAss_Aky4B9hhlRHMgTiW7ph6H5Hwxqhh828sqbPbubHi4g9XEq5nchdWRM8PRF4wkqOjRn5NtTUVhUI7CRiUf8ySdSaJfpWJGDKNo1kqzWqvy0VwEaud3X3Jj1cP7598uBxzMmM0cQfwfskJnmOOodfEf3wnZBHfsKm95ndZdmiKMJrd2s4gE1epQXPYSZqZkD0upUoIjz7VNaebl0XbLNLfNJoBDK4Mk4QSTCNoPW8DSeH2q7Buh76JkvsLQUd_RUzerI-aiUsJp78DoIaIEolv0yhEk57UpNSdw98zzenih7pQICqkMINebxuPuSJRx67sdIYl-BcUwhX6vkJRlhXfMsnFJ3S9Ti4amIcjG5-dwAQvtRC6Y6jWo5LAeZfClb5mPzJHd4AVq0k0aN6DPtgjvvcHU6R_mHCZRxaXpksXE7VGpWMkwTUybCIcmF-o1RWhJaiX8rTsyicC9zFs6ueX8yaC_anvzq2uaQtTEvcn0QK03nh6Wooi5_p6rmRgrKZtreqiiX7RYr38K833KnvLgoQ699UE8rZ2dBOewqOZbd4dwHpI71ljFchtS_5gSyZuX275HjxHJKE2hbE10fnvGURVfCIhoTL6hQNeIHxZYy-y5HnfhPJoKwUJj1n8f8sa49S91HMN3K-Gn7u9DwoWE0Ai46AqEQWGcGmvloOh63w3LPYan9Aphy9qLLDtJI4lx6CZRa2o04j-xB7Sf1busGVqrTSdMz-Zoenn6JdH3L1OqZE4Wy2qycFAnqgRVfakZ13lzD92iaAW2hdVTNKZy0YZ4AFxVjzDP-sl9siaduYl1nAQg6fu2_W5NJDRlkOcvOsc-5xs01iXVYTJ6HLGyzbPwojWagSxhE8qFo0LKlQkLHqkERPTjlizsqD1xSyK1WBRuQW7xIpCVyAFA_HDAlZiSUMlx2oGbY4YqtZshtlDLySLKeVB8WHt0vSAcG9UeEK72T6-AbWFlzEBzZp0xhO47ks8dMcUVIE38WVL76qWByme_wNUGIc7-mv3YiDsqmAtGliPzln6Yhewam4WM4HaIP3-X_htaBI0ckMx7Jzu_awnfaBlsUqPkvEmOrVyYqCbT988jTAwdseN7miMszYEPDn2a3FTq-GJ8wvie7Kh8QXGhOoVhLXdKVwGhCfnyE3vDtNwElQnK22bbQbo86iCZnBM8R5jy4hM9kZkGSOv3Pv2Uy7IRPkh2TXhYoW0IdgjtqoiH5N99NEZyPgAJq8AMBFeO-hGJmckobeoiRrHujOmfKPH_tBM1h1WlmkLNQjLZjYeUXK3gEmxUhJV8535ubK66EPoPMzkNqJpF-ToOT4rvoCf4Lwx2KI-7MwtufQiFs0Rt8JkCPUcN0PW1Np8bND5octzmV1R3pmJ45yOoxrSZD7ZuJpvTXJjxDdYIoTT1O3t5XBgHSgtiEP9IYpYdIZE41KIJhb_wRppzsSfILhOiEmRGfdeV0uSJoGRquvg8Yi1U4x4PfJwGo-3tRhTDElDJL46nXRij92oDteiETOrscPL9NaGo1jIITXKqAkq4RAHTYs9n2fWpq2Jc1ogAGwnTntrL0tcUmpMqOt-Q56f9N4RW3By8d5ZSOoDCKIvUOxa9bLtpgqbY-_n3PvYXa3DICxr1KO30Tzx-BQaws6SMnGR0yClUvFA85uvnCsFOXQ00zpLy31LzpK1y2wF9SxGygK8bvnQjcxqaDjePwGYbXksVotSl1JLBp8oG42Fjr1PKlpAhEpKA5Eh-YcCpMGnq7UI7OlmrJOS3wVhPfMZlj_UWcOvFgvBLYLmRICPen7i_YdrEtXdn-sGQjgayG-OLSmo3jXgcdnYJ4Xcne-lOlHePZpWI9y8cXGqES63h078gQ1Da55YR_TGgQOOAkariR6VseJo7E-sZ3hXzk1W1Qn2mTWEvPKM1-wdV3fYWYFS_w0xTi73VA6e7xg1q7mh2M5hobCOySd-OpA8KM88B2dNp0sohvvPmlkgAW8IyIdamnuj1ZbMuyhSuEmzkwHhjHQcH2LPh-G87sNXqtcst7Eulb1av17vB_bvk3qyF2sBLP4gcV3AAgZC9erN2nnBByIWdHfp-l20qk6voje65sDNg__sDFJLq1SkZ5bgS0j9ZzGZZDCC8AkjS-gWkAUqXVDX7gX1ckPg9JLeahbyCQQCjNOUJQRmcix8n5CnrFxKqik8QvkienYDMa4NvRJ42AcObyQFc8cpsfIJj3W0Zr7WgUQlDEuR8H97UKA_vq7W6v_o-963J2rihnklpjEdivygNLeEbTLPf1lAuJCssAGqo5fl8UDq6XVL8qt1HY3aCPVNIcC1YSw8x1FXTgoAUgx5tUh6voCJpdf2sNfbDkMDyUYTvQS5av8z3XyN4vT6b2GavsHT8tL7POLnaYFTS90Ak1VppvtPmSL4twmQYrDv3j0yEt8_Sptmg06PSViqrcSsvOK0V_YhAvlCSur2JRoP3kLL2U7gQwbt_JYsnlRxYjt7wIaki8OJmj_QwoVXVnYC2yDhL-ohjaATz4hbDVjpYt5cKsUuOdQwl-n7BczpUZc5NY9cgv29cHm-acIKrqrvwyflVFfjfFlfyRJDjJpBqdCKutY7oKghoXKo_A5fJRiyagkpNkjCt637UJersxFmNSao5K2B7QxzMZg4U6BokqtF9pnMne9WjDpm1Qbr6730XsMy5Rq2daaOXajtsNmzEmQU29L1ggpmKHeHhg6vmzMqDwXXlBEbl5ZR0BfQjna9AH0468P9_Akah6WvxiadyRNb36zjggMLwfOqMFa7Ny4TmbCRat0uetxNPEgKnDcIZBdilGjwAsURKHYg2RDjgybL7qdd3ge70bILwW9DJ-92QqFz30QZbjgLKs4sui3DisgdZAV8D4cIU3vHX1ZXYlSThriYCUvMzvcam3haJL_VlMr8g3aTA0W6Lr5ZU3XegmkcFPX7CbHP2DnvVWVf9TKdaYHc_QUrvOWxQD_Uxml5eWQnKb8B9svMjWgd2M9xpDNBJq0U5_mELVgx5BKKHh0u0M7nn4GzmBLEnzRS2BpFIcf5sOLj6dnV3FnA6al_11ga2EDcGBN-6WsruTiC5hp4rJZ7gmRnYCwmhDWlrJIi6fstkEwRwm6VJQ5HtVLOTuY-CFvUlThS2LkeMLwl8XI5aU5zFmiJV5tNZYRTME6vLyU-gtctPAXurX_DgeOhzj1uWITjAiWCCO2FrsGKzhT8nIjyRK0YzzlfvLS9fNuNypQQUgDtyHq8niDJVPvVSKwm8d0O1jVRCnDwA0sRKZggW-KZw41JJEggdFjCSxjFXsuDpt5S4YOW_sF8x5CuOoOhT6fpLDQjlChcjmPO6CpimlbOjomX6XJbp0KytSuDI5sFQkJqGS0jHg&cid=CAASJ-RoztSVctY6nukEGOwNbnke81Edjc4TdBWxQh1TyTU1eMSUETZKiQ&rfl=1%2Chttps%253A%252F%252Fwww.spokesman.com%242%2Chttps%253A%252F%252Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%252Fsafeframe%252F1-0-38%252Fhtml%252Fcontainer.html%240

Requested by

Host: www.spokesman.com
URL: https://www.spokesman.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f05c419b5ca6a1d9afbf15f414474eeb93aa520871f721e27fc4a36a4bbbc5bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11308
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 74A2 42 B
107 B 149ms
71ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DhaMbWzQVHyxc8LjGFQNBOZCefhzeoasOpdk66RuwmQnacokQkXt0anDj8kUCH7YLaPijSfxcOttlWHnXZiV66QqmTLEIMUvzsVTcTH_N_AAnf1xw

Requested by

Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame 74A2 3 KB
1 KB 172ms
85ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/window_focus_fy2021.js

Requested by

Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 16:43:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2612
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 16:43:14 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/ Frame 74A2 17 KB
7 KB 159ms
71ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220928/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86d8e892ceacd8c8a7e7125c68dd0e1b311f8399871b6d64b8b6795f0235c1d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 17:20:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 392
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7559
x-xss-protection: 0
server: cafe
etag: 15289875785628835784
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 17:20:14 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 74A2 0
0 72ms
71ms Image
text/html 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQefD0REQ7SZ_RW8EEuRp6mLiCGLwtnpFHcb1md5G0xt9SbvJAKN6QfsHave55VKWhkKtIrnZIjAxqTdQrys7ccklf9yA
Requested by: Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 74A2 141 KB
44 KB 201ms
200ms Script
text/javascript 2a00:1450:400d:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91102e383130cb1a9faf348bd83bd3c7e0744900eed75eae7587cf6bf32c47f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 17:26:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44883
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1664796838458510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 05 Oct 2022 17:26:46 GMT

GET
H/1.1 200
OK i
www.i.matheranalytics.com/ 43 B
245 B 129ms
129ms Image
image/gif 3.219.38.131
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.i.matheranalytics.com/i?e=ue&ue_na=Ad%20Impression&ue_px=eyJlYWlkIjpudWxsLCJlYnV5IjoiMCIsImVhZHYiOiIwIiwiZWNpZCI6bnVsbCwiZWVudiI6ImoiLCJlcGlkIjoiLzEwMDk2NDEvU3Bva2VzbWFuRGVza3RvcF9Ib21lcGFnZV9EYXNoYm9hcmRfMzAweDI1MCIsImVzaWQiOm51bGwsInNpemUiOiIzMDB4MjUwIiwicmVuZGVyZWQiOiIxIn0&tv=js-3.0.155&tna=Mather&aid=v1&p=web&tz=Etc%2FUnknown&tzoff=0&lang=en-US&cs=UTF-8&navt=link&f_pdf=1&res=1600x1200&cd=24&cookie=1&f_jquery=1&f_es6=1&f_gears=2&tvltm=20&tid=dc2874fe-1bf5-4587-bedf-b6db6d12c666&pid=651320dc-9cba-4888-bed8-98f998f99edc&dtm=1664990806408&qnm=_matherq&visible=1&tabid=eb8517b6-cd40-4ca3-b07a-af1525b76c02&url=https%3A%2F%2Fwww.spokesman.com%2F&vp=1600x1200&ds=1600x10788&tofa=1664990805&vid=1&lvidt=1664990805&duid=498c985d-d08b-4d5c-8f28-32b10ba9b678&fp=2509661442&cid=ma20153&mrk=575681700
Requested by: Host: www.spokesman.com
URL: https://www.spokesman.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.219.38.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-219-38-131.compute-1.amazonaws.com
Software: /
Resource Hash: d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Date: Wed, 05 Oct 2022 17:26:46 GMT
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
DATA 200
OK truncated
/ Frame 7639 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eeca6805f13ea45543106fc100a9e1d4fc389a0ffa8a0d9c0d12ce28f1d1c0a1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 5B7C 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95dec14c1b8a6150efd54d314b1407654d0deedf6daadb1381485588fcab6912

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 ai.0.js Show response
az416426.vo.msecnd.net/scripts/a/ 94 KB
22 KB 165ms
37ms Script
application/x-javascript 2606:2800:133:206e:1315:22a5:2006:24fd
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Requested by: Host: loader-cdn.azureedge.net
URL: https://loader-cdn.azureedge.net/prod/spokesman/loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CD6) /
Resource Hash: 5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 05 Oct 2022 17:26:46 GMT
content-encoding: gzip
x-ms-meta-lastmodified: 2020-10-01 19:31:04
content-md5: HdY95yzx9wIyQkVEGES+Ew==
age: 700
x-cache: HIT
content-length: 22495
x-ms-lease-status: unlocked
last-modified: Thu, 11 Mar 2021 07:46:59 GMT
server: ECAcc (frc/4CD6)
etag: 0x8D8E461DA1A5889
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: a8aeaec7-601e-0021-11de-d8cc0e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=1800
x-ms-version: 2009-09-19
expires: Wed, 05 Oct 2022 17:56:46 GMT

GET
H2 200 fp.min.js Show response
fp-cdn.azureedge.net/prod/spokesman/ 63 KB
21 KB 198ms
37ms Script
application/javascript 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://fp-cdn.azureedge.net/prod/spokesman/fp.min.js
Requested by: Host: loader-cdn.azureedge.net
URL: https://loader-cdn.azureedge.net/prod/spokesman/loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CA7) /
Resource Hash: af44b91aee646d43b9687c2f00450dd0ade50f4b8c7a78e6b99257f1d5e8984c

Request headers

Referer
Origin: https://www.spokesman.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 05 Oct 2022 17:26:46 GMT
content-encoding: gzip
content-md5: lgzPoyz75nle9SCu4zir4w==
age: 39098
x-cache: HIT
content-length: 21083
x-ms-lease-status: unlocked
last-modified: Tue, 07 Dec 2021 09:14:15 GMT
server: ECAcc (frc/4CA7)
etag: 0x8D9B961F0D7C8FB
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 443fd07f-201e-009f-3e84-d8bbbc000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: max-age=43200
x-ms-version: 2009-09-19

GET
H2 200 g2i.min.js Show response
g2insights-cdn.azureedge.net/prod/spokesman/ 527 KB
75 KB 184ms
39ms Script
application/x-javascript 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://g2insights-cdn.azureedge.net/prod/spokesman/g2i.min.js
Requested by: Host: loader-cdn.azureedge.net
URL: https://loader-cdn.azureedge.net/prod/spokesman/loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4C8D) /
Resource Hash: 9437490e4f56c98a9918b0e8f8f077f9e83f27ee69c1547ac1f229fcb4470fae

Request headers

Referer
Origin: https://www.spokesman.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 05 Oct 2022 17:26:46 GMT
content-encoding: gzip
content-md5: hWVpf+tV9C2V7tkaq/lTzA==
age: 42754
x-cache: HIT
content-length: 75960
x-ms-lease-status: unlocked
last-modified: Tue, 07 Dec 2021 09:14:45 GMT
server: ECAcc (frc/4C8D)
etag: 0x8D9B96202A01F05
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 45bfa487-a01e-0007-617c-d89bdd000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: max-age=43200
x-ms-version: 2009-09-19

GET
H2 200 t8y9347t.min.js Show response
cdn.ayc0zsm69431gfebd.xyz/prod/spokesman/ 853 KB
198 KB 212ms
37ms Script
text/javascript 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ayc0zsm69431gfebd.xyz/prod/spokesman/t8y9347t.min.js
Requested by: Host: loader-cdn.azureedge.net
URL: https://loader-cdn.azureedge.net/prod/spokesman/loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4C86) /
Resource Hash: 5a0ab648e06a71046651d509fc6e3201f8a7875fb19edfabc4e2955b383fca16

Request headers

Referer
Origin: https://www.spokesman.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 05 Oct 2022 17:26:46 GMT
content-encoding: gzip
content-md5: Jb+gGXPvjosL/lZesASgSw==
age: 202468
x-cache: HIT
content-length: 202029
x-ms-lease-status: unlocked
last-modified: Mon, 20 Jun 2022 06:56:38 GMT
server: ECAcc (frc/4C86)
etag: 0x8DA528A05F484DE
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
x-ms-request-id: 4c89bddd-f01e-001a-6808-d79661000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19

GET
H2 200 t8y9347t.min.css
cdn.ayc0zsm69431gfebd.xyz/prod/spokesman/ 348 KB
35 KB 211ms
37ms Stylesheet
text/css 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ayc0zsm69431gfebd.xyz/prod/spokesman/t8y9347t.min.css
Requested by: Host: loader-cdn.azureedge.net
URL: https://loader-cdn.azureedge.net/prod/spokesman/loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CD1) /
Resource Hash: c1577ba94752b8302f8a5518b1ccd8b21507a7da67cd613dc990e8fd10f8ab5e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 05 Oct 2022 17:26:46 GMT
content-encoding: gzip
content-md5: HBagnSR9fGL2/9/2zSnVqw==
age: 28747
x-cache: HIT
content-length: 35356
x-ms-lease-status: unlocked
last-modified: Tue, 07 Dec 2021 09:15:10 GMT
server: ECAcc (frc/4CD1)
etag: 0x8D9B96211AC9D6C
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: e4a0acca-e01e-0016-089c-d80169000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: max-age=43200
x-ms-version: 2009-09-19

GET
H/1.1 200
OK i
www.i.matheranalytics.com/ 43 B
245 B 129ms
129ms Image
image/gif 3.219.38.131
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.i.matheranalytics.com/i?e=ue&ue_na=Ad%20Impression&ue_px=eyJlYWlkIjpudWxsLCJlYnV5IjoiMCIsImVhZHYiOiIwIiwiZWNpZCI6bnVsbCwiZWVudiI6ImoiLCJlcGlkIjoiLzEwMDk2NDEvU3Bva2VzbWFuX2hvbWVwYWdlXzcyOHg5MCIsImVzaWQiOm51bGwsInNpemUiOiI3Mjh4OTAiLCJyZW5kZXJlZCI6IjEifQ&tv=js-3.0.155&tna=Mather&aid=v1&p=web&tz=Etc%2FUnknown&tzoff=0&lang=en-US&cs=UTF-8&navt=link&f_pdf=1&res=1600x1200&cd=24&cookie=1&f_jquery=1&f_es6=1&f_gears=2&tvltm=20&tid=0266db41-79e0-4f4d-a43f-f24bc9cfefb4&pid=651320dc-9cba-4888-bed8-98f998f99edc&dtm=1664990806409&qnm=_matherq&visible=1&tabid=eb8517b6-cd40-4ca3-b07a-af1525b76c02&url=https%3A%2F%2Fwww.spokesman.com%2F&vp=1600x1200&ds=1600x10788&tofa=1664990805&vid=1&lvidt=1664990805&duid=498c985d-d08b-4d5c-8f28-32b10ba9b678&fp=2509661442&cid=ma20153&mrk=575681700
Requested by: Host: www.spokesman.com
URL: https://www.spokesman.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.219.38.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-219-38-131.compute-1.amazonaws.com
Software: /
Resource Hash: d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Date: Wed, 05 Oct 2022 17:26:46 GMT
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame A070
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1&C=1

43 B
766 B

40ms
40ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNWH1tWhmFGuPzP2RrkmnOQXmhyNP3f4pBp3jjvhP--MwF53G-zeuP4bi62nR03Vnj4tn8VN9ZKi1Wpi1Cxv-CAeB7meV2jrQjtSQ1K5ZXcSAxmXQmV2-uFvIud3YEcsXUVlr_GuV84fhQ2hLo9BIoG2L02V8akIrl8P2dflsVLWSuTCrfQ
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 17:26:47 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 17:26:47 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame A070
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yz2.Vx.QEXTgafgTu6zb.wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1&google_hm=2

43 B
766 B

48ms
39ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNWH1tWhmFGuPzP2RrkmnOQXmhyNP3f4pBp3jjvhP--MwF53G-zeuP4bi62nR03Vnj4tn8VN9ZKi1Wpi1Cxv-CAeB7meV2jrQjtSQ1K5ZXcSAxmXQmV2-uFvIud3YEcsXUVlr_GuV84fhQ2hLo9BIoG2L02V8akIrl8P2dflsVLWSuTCrfQ
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 17:26:47 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:47 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame A070
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEPIc7Fvkw54WMRpVbtCqbMQ&google_cver=1

43 B
1014 B

125ms
44ms

Image
image/gif

185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEPIc7Fvkw54WMRpVbtCqbMQ&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNWH1tWhmFGuPzP2RrkmnOQXmhyNP3f4pBp3jjvhP--MwF53G-zeuP4bi62nR03Vnj4tn8VN9ZKi1Wpi1Cxv-CAeB7meV2jrQjtSQ1K5ZXcSAxmXQmV2-uFvIud3YEcsXUVlr_GuV84fhQ2hLo9BIoG2L02V8akIrl8P2dflsVLWSuTCrfQ

Protocol

HTTP/1.1

Server

185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 17:26:47 GMT
AN-X-Request-Uuid: 139c47a8-e9f2-452f-8134-9012dbdb542f
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 80.255.7.107; 80.255.7.107; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:46 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEPIc7Fvkw54WMRpVbtCqbMQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A070
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE5NDA5MTYyNzIyNTAwNDk4MQ%3D%3D

170 B
188 B

183ms
79ms

Image
image/png

142.251.39.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE5NDA5MTYyNzIyNTAwNDk4MQ%3D%3D

Requested by

Protocol

Server

142.251.39.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s39-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 17:26:47 GMT
AN-X-Request-Uuid: 3931cea9-0531-46aa-bbd4-37be969c6a7c
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE5NDA5MTYyNzIyNTAwNDk4MQ%3D%3D
Connection: keep-alive
X-Proxy-Origin: 80.255.7.107; 80.255.7.107; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame FBF5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1

43 B
766 B

38ms
37ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj5yrvGATAB&v=APEucNVhRQq8qqsci4p_gfsjx1ovlc6l-FLMtGCUu4C7GTaGDOXt3yaLvM0J0MjFzqF06_PFxvwATUVRzYMI-_d7c16nqoa90m_TGGp4ByBLw_20mR-tROAcrzKKrnS9cYaxXemdcAIKAmUNbcafl3A1TqLWAmivtLf--lHdL66vdmmn0TI9PGM
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 17:26:47 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:46 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame FBF5
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yz2.Vx.QEXTgafgTu6zb.wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1&google_hm=2

43 B
766 B

46ms
39ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj5yrvGATAB&v=APEucNVhRQq8qqsci4p_gfsjx1ovlc6l-FLMtGCUu4C7GTaGDOXt3yaLvM0J0MjFzqF06_PFxvwATUVRzYMI-_d7c16nqoa90m_TGGp4ByBLw_20mR-tROAcrzKKrnS9cYaxXemdcAIKAmUNbcafl3A1TqLWAmivtLf--lHdL66vdmmn0TI9PGM
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 17:26:47 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=496
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:47 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame FBF5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEPIc7Fvkw54WMRpVbtCqbMQ&google_cver=1

43 B
1014 B

129ms
47ms

Image
image/gif

185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEPIc7Fvkw54WMRpVbtCqbMQ&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj5yrvGATAB&v=APEucNVhRQq8qqsci4p_gfsjx1ovlc6l-FLMtGCUu4C7GTaGDOXt3yaLvM0J0MjFzqF06_PFxvwATUVRzYMI-_d7c16nqoa90m_TGGp4ByBLw_20mR-tROAcrzKKrnS9cYaxXemdcAIKAmUNbcafl3A1TqLWAmivtLf--lHdL66vdmmn0TI9PGM

Protocol

HTTP/1.1

Server

185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 17:26:47 GMT
AN-X-Request-Uuid: 0a54ce81-4688-403a-af49-87bdc9467ad6
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 80.255.7.107; 80.255.7.107; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:46 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEPIc7Fvkw54WMRpVbtCqbMQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame FBF5
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE5NDA5MTYyNzIyNTAwNDk4MQ%3D%3D

170 B
188 B

185ms
81ms

Image
image/png

142.251.39.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE5NDA5MTYyNzIyNTAwNDk4MQ%3D%3D

Requested by

Protocol

Server

142.251.39.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s39-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 17:26:47 GMT
AN-X-Request-Uuid: d3ab0ce1-726d-481f-860b-e43008718600
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE5NDA5MTYyNzIyNTAwNDk4MQ%3D%3D
Connection: keep-alive
X-Proxy-Origin: 80.255.7.107; 80.255.7.107; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame EF0E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1&C=1

43 B
766 B

73ms
37ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXX9tqFJ9tb84iX0eFQJUFRhuQrBfTIBY9pk0n-MGRY54_CCitQdmVBElPkG7DAhB21cRRHK2DR19jPgVyAGzSVCBATdAZVEY3rAdYmcnMj4UFHRjB_LVwvbkoNx93CwlH7efdkDHO53sTacX9laQpti6RR1qs7Wp2EwFNLfMykOjP3-Tc
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 17:26:47 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 17:26:47 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame EF0E
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yz2.Vx.QEXTgafgTu6zb.wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1&google_hm=2

43 B
894 B

48ms
38ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXX9tqFJ9tb84iX0eFQJUFRhuQrBfTIBY9pk0n-MGRY54_CCitQdmVBElPkG7DAhB21cRRHK2DR19jPgVyAGzSVCBATdAZVEY3rAdYmcnMj4UFHRjB_LVwvbkoNx93CwlH7efdkDHO53sTacX9laQpti6RR1qs7Wp2EwFNLfMykOjP3-Tc
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 17:26:47 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=496
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:47 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame EF0E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEPIc7Fvkw54WMRpVbtCqbMQ&google_cver=1

43 B
1014 B

55ms
43ms

Image
image/gif

185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEPIc7Fvkw54WMRpVbtCqbMQ&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXX9tqFJ9tb84iX0eFQJUFRhuQrBfTIBY9pk0n-MGRY54_CCitQdmVBElPkG7DAhB21cRRHK2DR19jPgVyAGzSVCBATdAZVEY3rAdYmcnMj4UFHRjB_LVwvbkoNx93CwlH7efdkDHO53sTacX9laQpti6RR1qs7Wp2EwFNLfMykOjP3-Tc

Protocol

HTTP/1.1

Server

185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 17:26:47 GMT
AN-X-Request-Uuid: 9f1282ad-b12b-48a3-b17c-da2d9ecaf9ee
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 80.255.7.107; 80.255.7.107; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:46 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEPIc7Fvkw54WMRpVbtCqbMQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EF0E
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE5NDA5MTYyNzIyNTAwNDk4MQ%3D%3D

170 B
188 B

187ms
83ms

Image
image/png

142.251.39.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE5NDA5MTYyNzIyNTAwNDk4MQ%3D%3D

Requested by

Protocol

Server

142.251.39.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s39-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 17:26:47 GMT
AN-X-Request-Uuid: 9e36a9d1-3560-45c2-abec-3580932d1b45
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE5NDA5MTYyNzIyNTAwNDk4MQ%3D%3D
Connection: keep-alive
X-Proxy-Origin: 80.255.7.107; 80.255.7.107; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 540E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1&C=1

43 B
766 B

65ms
38ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj5yrvGATAB&v=APEucNUQmv-5ZQiOlyzvWkznuNCWqPb0qq35UeHYdnmAIn-OIoNprGwPS2l_WR-vn6n4cR2a8w6WOJxMI-y8GDRqth55OifTQMpdsuR0dDz4ZNqEBhtvUdPldSTUmY7TtTNGsOVmKx7UaB9lmlPWMIAcyxibWg0YeukRyRebi8gvCB3WnYicu5Q
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 17:26:47 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 17:26:47 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 540E
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yz2.Vx.QEXTgafgTu6zb.wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1&google_hm=2

43 B
766 B

48ms
40ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj5yrvGATAB&v=APEucNUQmv-5ZQiOlyzvWkznuNCWqPb0qq35UeHYdnmAIn-OIoNprGwPS2l_WR-vn6n4cR2a8w6WOJxMI-y8GDRqth55OifTQMpdsuR0dDz4ZNqEBhtvUdPldSTUmY7TtTNGsOVmKx7UaB9lmlPWMIAcyxibWg0YeukRyRebi8gvCB3WnYicu5Q
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 17:26:47 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:47 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMXjutj6TG1lwCd9TRyxoDA&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 540E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEPIc7Fvkw54WMRpVbtCqbMQ&google_cver=1

43 B
1014 B

127ms
46ms

Image
image/gif

185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEPIc7Fvkw54WMRpVbtCqbMQ&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj5yrvGATAB&v=APEucNUQmv-5ZQiOlyzvWkznuNCWqPb0qq35UeHYdnmAIn-OIoNprGwPS2l_WR-vn6n4cR2a8w6WOJxMI-y8GDRqth55OifTQMpdsuR0dDz4ZNqEBhtvUdPldSTUmY7TtTNGsOVmKx7UaB9lmlPWMIAcyxibWg0YeukRyRebi8gvCB3WnYicu5Q

Protocol

HTTP/1.1

Server

185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 17:26:47 GMT
AN-X-Request-Uuid: 1bfe4146-4219-4dd1-b475-5706548ab46c
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 80.255.7.107; 80.255.7.107; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:46 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEPIc7Fvkw54WMRpVbtCqbMQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 540E
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE5NDA5MTYyNzIyNTAwNDk4MQ%3D%3D

170 B
188 B

179ms
76ms

Image
image/png

142.251.39.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE5NDA5MTYyNzIyNTAwNDk4MQ%3D%3D

Requested by

Protocol

Server

142.251.39.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s39-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 17:26:47 GMT
AN-X-Request-Uuid: 4af16fe4-3094-4410-aab6-83c7d7ca4487
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTE5NDA5MTYyNzIyNTAwNDk4MQ%3D%3D
Connection: keep-alive
X-Proxy-Origin: 80.255.7.107; 80.255.7.107; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7639 0
0 87ms
87ms Fetch
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuFkNwHOhIXNUxOHPNqUWqStgVF62tihAtFY0vNR3RBHcojWR3W6wYKnpdUI3xarhPT65U485AZnJwaqW7baXFOeJJa8mfIqst2gtyBKKcWDZ56nc41wmeN9RaqN8WyVOyUH2sYFzCQ2r10SrC60EqvcSbiU6jFIAdWGKxadoOxQ5Ai2p0rOJMmTGk2qk0IG4c_VXB23_qdTmXAvCFdTEVW2pdxDV7tIbl7cagTfbMu2lq_c2TKyxZGT_6iex-zI0OFVGX2jyjoAQfzMJp3PIyb8zA_KyxkF7cwoOsUQpBJFkCL6W7n0nTQwi5GGvH6x11yDULkKqVv-6Ye2z_21o7p02jOFikBqZy9QMuPJma1wZnUSzMeY-Z6E-3W&sai=AMfl-YRdZmQfKbNVTyuHjP0et9NjLygoFAkm3E38IIk4nhLijSoe8cmF-4OVtIpd-SqpHOQ63WEvGu9Y6H6wfH-gWgVO2J7fmmYR2d682j6V5D6YMIGob6vqLd1CRaRFawErwsWB&sig=Cg0ArKJSzMU788sCRTX3EAE&uach_m=[UACH]&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 17:26:46 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 05 Oct 2022 17:26:46 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B791 41 KB
15 KB 51ms
50ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D_kIuZH4OD7h6nfRZx3fDC4nESjb6Wbi4hECKQ8VmR0Bch3jIvUOe6BKiNywrlk0CeztVbJ52DcNghXLN2JCPnObNfgmGClzcQ1Nf_ADZ4gs98TE_z-ea1d-jjlQJqGck5XcqbebABFjHb9luxoyA3sw7_y5G7KB86dmm2vZ1eMtXdylc&cry=1&dbm_d=AKAmf-AfrRoy9YqGAvpTMCKa-WVnIHMbdKQN3jTYU55b8q30nKMguEcB-2y1LE49kzBgDCnhG-iEtfvsjN_7vIVWGhHPgcBPaY3CdmCuDLVUjrE8h-ZEl342D3BzjUlLRC_cfNbhsgFuTvakyu51l6dQlxD1-eY2U6F9JKd-yUjA5kniIayP5XTmoDzHRH_ocVvdvJ94ELYEFmkjMO-bZiWIuS2I7g7sOx1724LuhApfDRnvQUgwoPubu6WA0pNnyeBYdZwMGz3TbqBqoxjTnQDmNLc1cbMqdFc4BI13H3zaVxUkMU4MSWCfO0sNCELvi4iX5EVxUdyXq1WIRaHrZy1dNxMjOTtSMLvQ-WgSRrRFkEwdz72CCASwvwEVduuGT49I168jHKmcVTGOE6lnDqSpXGII7DJQO0Hnxnp0Au9Ts5E4RXlGELplZwGTqzRledrcZbIf7F9IKoDJ_cmNE3TryV1O8N4j0tBGuOfGmbQgYfH39JPpRdEjLxR6kziozz6u8nCm0-7m_jSmsA1a8cvmBH6-q-URAHHAsHIvPpUjAyNQaCCitz0gJDDni9tQLz0BfJqDRXlHSnw4KrQ58fn7edzKinN5nShwNNwA6DLqnAfwYJSlfe0RUErhK3JuMqp5MfsSKvVBNnwP4nS5WHzl9iBLMezwUnHVCjkLbB614WKNz44mDJMfxBIqLjzzRCA-_mIQdOc3YIykIus9xiIuK0UzgrjEmU4svNCs6PXJ8Kd281ZbZ4PSfWHDR_QJNYYbu41SVjNr4k0dVmo28zZQxkGpt9t9qYYPyoScqAG79OKqRR4eqHSqe6ZrgHzBE_g8MdFuxEsvTZ0rOrt75AooH_jlr7Hym_K2sYor1dCGbfhYMwS7CpO278QN43xxFpmtgbJQPTAoYVLRkxKXkEvm15agFohYd0zzUpriRLfrT6MFM3XQrmVN4GhQ9BnPmOv52nspCOX4Nr7a0gGB3ibf7Kq3DE4FN2eZpcKKpF1yMhdOjftFyfyXJREc1u8p2Da0VdIti39FUsY_z6TJyRoHCcdFa5l7MFUEgaOTi-F6wQn4achLtzS5gPdgNPLQJSTqDumzad5rbHKBKc6i1cdNJtlPftqmLD0cuA9UjcgiDuDDtQSxOlpBNhN865jErQaYFthJRgNLQxzq8wu_Q0D3i0VqinnRabzllo8X4D_rpsU0U-TdAwAGZkgx8EJxKlqp7NU5IIoDtg6VMBmxF-smC7O1KQyCOfngt_C5Jbe-E6XHQYdc36hLovcli5P6WsYobwXg0XYwc-g_s8piltqXLjvCvDBq2faC7ggbUPqAcQ3UfOpQ70Um66jNP79oWm-aO9N3KGNoF0uWGHdDslJiaqBmwZwb04aEw2sZekrZqMwp_MJkAt-VmMSFkqRpMgy2iwUTdDWvq12OhB0ojcshOC2_M2QTLs8AfFBNKbTwpHPsYcHP4bA-gGONB-cWMiht95o1Y9w9wZ_NR4x4lbL0OMhyyTq91FB5SU3EKoUnYK-0MKssASfnE48Nj-Zw17USMdHY1ZfBfHUA-f_PGkc49X7WpTMz_X4bNTAMZ_2rSn3IqgPDp1nuXrj3BGaSpyJSFUHBpNxkAkdw_rLCM8gPcG0l9CAEa29cR116eGH57icRf7_9a8IsIJBCQEQWFifQ3mIdAsjsewKPJcjmSU8cnCj394QIXj5cpIl9e-fPH-JTXkjEYIg3Tu6yo8-gubvROzGHlscuTto34KEal0IQfNrsEBJ-Nx6c_u9l_xL5Fq_E_hmZtPHD_mHxFFjIbX9xvzunsVnvkDZ-BkZ7V_kNjV-DIhuvKMTJm_OgMr1EUnv2dOIOdiJgDhbv_TU17QVON0d7P8o5cCx_6rjhrFvT_gUTiWXzIXTM7vnekP98gChfe4Z2diAOwVB2tB80NPxxp7E2AjJIC7JxAKTi76gbJmpvGb49uQqeKwc1hk_Ryg9o1mJqO07-oMeefk5F3_CkayJLRGR4QJuZj0vKq993Ha-sdvuivX3EkdwAAQZH4Kv3P90O5VEuN74tt3nbVz11B4rx4s12-4P_ewAQk76WYYo6uXzQoURrRBdN9rmyJqyqVLl-N-EQMNZZf3gcPzYqTPrNWNofksFyYuse1FzVQpwRUgpNLgGeCREUpnj3wvFo3oNI1OvFow-sv93bgfRR4xS2VP6lsJp9mKHLYTtKybAtMhhNLwW0P41-tHxEpFQkHcf8dq6bYk7-vBJLvzBXRKDUmNdxI2SQxCIJ2xuu4e6nMnkLOojDX5hS5V5cc6udYaMaMhBdbdvuiThG95drSCPrTyO2ZiWWa1LYjErHEdF-bPYY2EVdmfrG3Hbgmruf4Hshy0eNum58K30gKxuZ33gbrBk4h_ttFZIn4oHzFSBCHtznLrW_F6VEunps6WnhMwMmGUH1090E5nSoiV_12_xBw2WWoTCbGZTSrJ6pl0Jptyn2h_p2xMIzKV5Zm-jb2v6JpYgcf_vT_S8brwhO6iOriFgtyC3lrQ8V7qZf_RIb9izm3Hexjwn17yfIn09L8TR1oivGqNz8hYVSPP86N2gXBwpJZ_IBcZGfkJyGl2reo4h0snQZU14u5BpzH-QlqY6VZP_CjKyyOrvmSMPhEfkS7iu5sy3bNZ1YgolpFv1eyIf_I0Lm0_QW_h9FR3NXM2u3o6kHwIlj5_yWBs5LKkKsxBQ3Wx07f3JQfrrDCciVZABnX44BMX4Wn4GM8UE9_YLJ8fQTRSKbD532LHLkLiqbr4TqtXI7dOq-0YfVorU0Yp-16uKrV8hxpFe4LP54jgWrSu6ZBoIqA-ZhPFPoS_jTSAYZRzEIEyHk92kH-XcFpvyQESilM4wSxWRrdulaTrGOiRwPaacppRto5gHrXDGG8ALl27VMYgUebiPPWKsj4I9gbQSClQd7DFUcfib3qX9rTW54AG714xAkayZFJVwq5ORMQ4sid65wuMPe0dblVqzEhWqOAt82h7FPPVJK1GNg680xmEG1WcTSp8D2TJW0eMdi3HC7xDmgB5D4VWsVOHPP4gAAB-g7qwc4pLH7SkIshQDaGUN-4Bs6NKGUpL4Ft3e04184cELhta6FdkxMOpDi_R44Yq1QeHlBMDC8x_L4YW7l8WGY1sCzvF5Aj1-AJw1nTg0q0OfwgFJ7BW8S2H2qoB2p2ReUQRHyQlKsY9RMCADcuTXetF55biuXheX_zJtK55YJY6o5n8_23-xnsRrSbr-kuPFKFe6kB1BOUclpS1bHrGHrlIFzZutsJG9jw0p-16asWeLTx_nLRgznDj5zQomkMSDs9X9qCWEVUDLJwlDnplPMlYqeTdGdYpEvzM0XA-yTHsGfoYDtuPZhZLHWiztArJvqy9zE6YJNM68EbPAi0sOvAanA197JLuu2KxGtWHHJHZntn4sBmeYBO5VJkacgdaTutE2uWMWqN1Cr9OdF-uWkhwCft3mcK6AkS1s3sDq3sBmH9GY3TAHnyoG8kA&cid=CAASJ-RoaV9WdBcS4RNT3XF_raxIyj-qF73AY3bEFP1Y4xfyLMldCoK9gg&rfl=1%2Chttps%253A%252F%252Fwww.spokesman.com%242%2Chttps%253A%252F%252Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%252Fsafeframe%252F1-0-38%252Fhtml%252Fcontainer.html%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 18:03:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84215
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Oct 2023 18:03:11 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame D59D 41 KB
15 KB 51ms
51ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D_mubJAJ2EZN4YSDE60jjs1pmY2bWhSTn9uOFYloeMIsnoPwrwwpYtPbCTmImkUJ0TmabXrl9_5bCMt2RpQCzcsfE287KkgLxXQE0hFT5XiWj1DfmnVX3lf3lDYdk2vx2owHn7iVhN83pAGTmNVcrsEEX9xMzhAakqDyJ7DJL1CoUyIQs&cry=1&dbm_d=AKAmf-D3ZyNboqh4JmNSKvpWyEa4R31j2xbi2SXI6ocmnfQjQF57_R_NJKLsiFVzS2Fz-8RBZIELmFe2cezumpynBaGGUjNGq_yprYVqhF9hX9C-xxHISYYEbGs-6Rt9nWC8b0zVLqB7P8jk5RBRvdeK4AYg2PumK0J7-lbxYNRjvCg_62RwOztdusWQyjHY4teUjmoqoSwfD0QvAzNsS_u7dCoo1oaQPW_8w8jw5sA4pKX-Lm0RafKC9EJWvAdLR73C1Isx4kQ93Dge41XJ0bN-VAucSA4O96I0CY4vn0WdFc-WQRAYZ3dFtivvpOHITFpN85pmCQHyDsmSDsA_Ao1ooPgMoSSzR8ADv_aRfi-khstfkb5eu-sU2FEXfRGk8JgK4PxXiNFu9dN_KJ0ijE5K7WwUPMRDPX3YpWe4SJ2LjDSVclKp_YH349F5bOSJasUj7H4SDSyd7WXdeT30L58O8QiYqJE0aVTrpbU8cakxZgitcFuoGwv5AcA0Wqw2UKSg3MUxGFvAWbq4MXGyt_KEc-EFqezx5zq9dR_W56lQMP2KCvLopp0Mcl-_HDuWeEoij793_iCUJ9tSC-UFgej15v5Q4nqQuDD_Tv9pM8U4z9cymwJbIcih6rO3C9dPnq719b924hNj9p1-xZPotgVJuHTT7mHeA2XFGnryxISlmIPKkDqPbK8NHnEZ7Mb5hZndBEBg26jsLQsh0kDL-pxUcn7K3oJSBdIi36jlRhiir_vGsSTepD3Zz35l6GBvSKTz4Mk0PxDCS2tnjY51TKcXAk3Dqs1optgDgcJQSkdciD5wU_9pXl-ovD5BNOQaNendV2m6Fj8dnWQQsmWcpasWWo3djCf--2xATrTE_h9efw16I0LfCTxthQefCxjfgiDgw-eNe_5TnMnjACmyHCWnAz2mDIwkAbwdrK5OeI356BSXaoLcXzBOQW5XeZM_f6fGNSCyILjlr2G2VV8_tWAu4yfWUKzWdfPI7_85uo3VdWdA7TuQlw9mFmmxHyaf2XEw2eSabBd8ag0yLeHXedl3dkbp2lJnJxvOlQQSCgNhVCP6MGf_C-dDdvlluJTbDFHWUM94HeVOuQUQMwSt77HjGFlag1yvsDd6oswn6HMbQkf9Jg8cyaeq6TCe664ppwphkcELX3MqXb5dkqqD9aYva9EGEfOaJ64wEimP9dbRY9v2qpbc2XLPrf9uKzRi2eJIg09SiiD4lfJNp2V07q87zK8B36VvL7M1P6a6RhSFpt61VvK2YGqW5JHHGqEsoK9cLN6PjCmkADLYysDsG1zf9crn6IiJ1dGcYSKV336B1KMenxciPp5AQYUMxBgrZfBQPbE_VunAaZ3xz7_Ig-RAD0Bo0MsQ5eIA91huLdISxTEjTKXB4BDwY_Sv9DYsvsew1rEZToW1WlKfABA0rsdGhy3bDtyYOTn7UrmPJuoIoVue1j8wDaYwRKXgKKaN4R3JV_JQylJDwLrPXYYp1DzzdWZPR5fdWlZErGwoYmb6HeCUhlot0ZjPvq5miGtK6xcswhuQipv96pMALf-BYqfYg1FSuJmTeNpZRMbU2zIOhBFuqDSuRlcx04ovxfs2xRULP2Cp-MpCeqqtvpdfgCPAJe5WhkGPk8nOBW0VTuL11FSKYvWRJe01E8dEsPH1YWaG9xiXfYs5hHpuiWPmurRARHKdqbwRCwGoT8PW3KSdEuqU_rF0VHqRyuRw1k4960Nb_JlfEhUQi1MtI8n_PTEG8hUf6vzjrDoYQMwBHmqUUYQY4jVm6ju2iBUJoCXnGSzNrZ26vDTyuZC3Ieu5FtfvKgZ1vZjr1sFi0ueaI-fIbKy_wRY27x1PN5NTkiqeIwSMi6Q4ykuVKAAyXGZsdoGl--LavcgBjOBAIQ3vmdGW4usXj6xjbsiZp35Jg8vcL3bsWXlRD8nfkP5oZ0xopr97fJnklXnZKaG3h5n6nTOf3c1Wt6lu0RnEErzMJfwKX1aDceHmFYmTXIE7Ye-L14vWqQgoAEB3D1GM5N1B8kJ3ziyGByUoKIFPSNHeVC3XRlDQrpnTbH-LhO2IXcZc9dHQ1RqGZqlvMMqQ9xbZYogXejsNDnrFdjruYDhbxo2VH_ChDoxec7OrMw54_0wyJpz-77xuOqhBvN75iKav7Ep2ULfFmPDEat5KKa7c-ZNfl-SyrlVZ3_FeDUeIjNq3W6r4zaH95cJu3VyZQQy3fEQ1ix1X2jHgUwN8juJ6F1t2AO9r3vs7KBH1D6TLg5jwuju_0wZKzzLt5gzCyI6cCrZ1Ei8EJYChMp251tHyV9i6ovKw2eEzyi3_PSv3T1FCkr2xOAp-DBUf4clKEu-o_Jf5osjH7rHoi1kN2DOfdkypvdlIs0OGTYkERDn0ZJzwfYvdYClqJTYpgtVN7RqEPsvu8qBWJsjnn05_U-4wVhYADfncAeAFnQ8HDmvFpGhTY9Tgm3XEDffadcGBTv_IqiQb_iLSmD05d3KxovNoixhtgJtUhG-ARTVFr_4SnNmGFBX9S_qNKUS3jgOL6apYaEQJtAnxbldE23LX3FTQWDDPfNDJ-Q2mOIrJsWqYKOisKrruA5_TLJqjrYwg-yaKWAjm1qbQ4-UjN3nt9KUWWZ7NKyPl1w3WSXZNr7GD2fwslJgcYYqGs0q22FzEb2whSSRzIr2GHOp4WgJQe9fyPsdGCKj3P7bKYR3ezPF0i2gpNlzUzYcQyGLuKdFdgjKI1_8fGkRGkVLULjPW8BkXm4jkPhAUls8zmtxDz4juif42yRo6C2XhImb3O5bOufvEWNXiPLXLQ7ve7zpdONYvXV-3f01MSgKLdQdP6GuJO-S255YDQ7zxqMqV4WvdBtx1-72vjRHFN5w6RdSgMP5rT7pZyx1-iMKapKQ7aXbu-hjtG6lQ6BH87FrqibvpWq7P0fMTOsfz5xc3X11I9B_il44qKxd-PvwOnoR4ZYvNWQjnULVsoAWWmL3BQJj6E5avhBlkNPHwgXdNTEaMPeqx6CydpNUZGg_iQvwgkt3o6htyBxaK_aa9ubjkJ6RTmBrMYbILnl-_PnfpLzJbWpuml3SEJ-ytsT15d0Tc7o8O72-6PdPyC7H5l1er7DIHAU3IOTbEZASPDcxeHrHLACPfdQjmJCY9vPi10hM0zZClxuw2RcMkGHPR7p7mDfTeHxALSQq7YTMh2e0hINAG6ow3ChzaDTMZwJhCqZKIonzDOPcKKexKgkfBIWgUbQoyDXyVkqcATqNOLG4fKrZ0tQBVhLZOp6WEVwY9vc0p064tBGXZsmSCemDg4gj-jDS2M4mpldl2cl6QFgKBt4A079MHV0Ig3jQE-YEAr-VDMxgaucW8jVTwIeus4rr4NByyRixvftl8Pl9Veadw_1uqeG73Fo89EiooaDeYsm_tJ2Kt9Buv5r_Qt7vag2tOYBG7ZoCGcY3VWEqRu-JqtbvMqH3HfAv7K1LMWwdsFcyFUwYa-wa-Gecvm7JZgFa03w&cid=CAASJ-Roue-oXw2VK9Z5LH8wCA-0EW9wfIUnGWl9gsIGGOVgaTP6N-WXfQ&rfl=1%2Chttps%253A%252F%252Fwww.spokesman.com%242%2Chttps%253A%252F%252Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%252Fsafeframe%252F1-0-38%252Fhtml%252Fcontainer.html%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 18:03:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84215
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Oct 2023 18:03:11 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 4807 41 KB
15 KB 62ms
62ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D3n7oUGhnFjUib0A3c4Vq_LBrf7bxEQRmCf1_5RhfMyCsqhR_RivhN-jdRSgdojdfydgdT9MM_70HizllxLSQuSwnqCza9RC2VvaUEC8l5V_pSSOuszxBwa2lKYUrwRXPzR-M4SGTGvp8GYzEIHdGd0rqlZBzoLEfxYt0mlAcG7_VqeR8&cry=1&dbm_d=AKAmf-BEwxy5u_zqgaZZ99Opp-dDNXNgNHYHlUQmjphHB6QGQiUoN_mOWMP-4PXs4I7AKSFNVVgWBAe1DThYjNasoUA7wPYnGIrVVNNVs31L0atgJcgBbFa-xSO1jxH6o300aiNaLAGcGrJX9_YLHDmeSJHJPkm4CzIpispmqdTpTBcuqH2HilIs7_9AAj0A7XOPZd6Kqh_b3gF3WCr_wQmikWUBHilk0HpSBo-5BmMjBuNW5Ve7YeqA-_lpjS2cCq0haHqzh6NArsL2MZFv6icGTrCX1CYYnOh8Iaf82dJgp2OlPgyUKNk_wcYfcnagS-5qi1lIdrkroBIkndF4vyDU1z1T4rz610imvMnt7LqLz5v1GcbtQRSJ738ffCd29fNdmQRA8EDLhJpf4U03SLIOdJkz4eDrGUylEy85xRApQsnknxvXpTT9CRhykw78URxpFvW8w3aICnurJaXDoBOoY3vE_Q2WhLKynix4ASStSi9czubzSQodU4TbwnX4MSEeuQE5lIwe-xkNAYO3Me_pmKSQ4FzdGwjIP9aoeZzJjiFOguC0klN_fzYfDNljBSnlAnOf-BmLCxeY_quypx3OMcu2tiE-ThuAfFB6gkCeqN7tf4VIV-RgoN_w00Zyg1jjM9KdQqUdGCoM3RaVvBzWstPiurbQuiRDkWcJ27F2iiasGTr21vDqKmi3CtBDjYUsAFZdqNBXoqOwWN2b9frRNYZ14OkT94Us9Xo0ako_IdkuTrAjyEz3IAxqK2_bWvEUMlLcD2OcFgondz-MiTfzHAb0KlPfBJ94JTywQEIgcsAbfr2E7DRVyr4nVuG_ysY0wWGh3eQGC3Z7MJ-L56uuRVdmIPX6jRiyUegUwfnE5DuUMFJo2rucG38AWpEdgnnZMAd9vORXH9BL88aY_Ph1_Mw-ubONEpn1R_JSprYJSt1k6Xm1kcPbZK-XOZQ-tJduyeeVn5lOE4JU9zKVVyH0DG_xXkUKuJVDmxJAjyi_7kUUiiFA3_X7qG8OKwG7iWTFC0PKr9wRrSuj_colRpfjiWZNbEc2AcGgBF-ygGo6PG2pS9aqa6EXjOlaxF5pZs54d3nwvUsQgtfOD9MrdCntO4rBxzWxmNGeRmkd-ZHHmg6anu92d7UcBOLqB7QAdQsM0mpCN_wQrNeTQFSjUgK7ZorFIiYuhzd9VKo84SpZVsI5xJXF-O-mM9xxFlGyRthMeFyUR6mXxAyjGpcqz0beWgLre2puguYkqCL8qSpj7kbu_SDjN-34ZI7li11aOVAl2m10q6QaxKpxjOTCUkptEvc1nZbDxbvHRB_ye3SQwxjWHaAuMpEKehVGxUSLgb75HKc4b1pqKe5bA1oRrF5Z8H1470N0EUFh8Yjc8Ps4ZB-nFoq8SnaCfdLcngg_lMbKzqtwfMCiO9fNlOqAUZzOHi4sty6KzNWXrpgM5PfetLa2gcYKhwoavHY_lMCdt2B8k9ufsk1nBFQNmWDXdoOJ1bmcZX_ZjVVbJWQNRPnik-g7tEeSWDXcsq_U_PCFavnxQUstA0EN9z3_cB1IJNgHWxW--7UaNe2VUU22Zw4qbRvTmIEE05oylmUUx1YHmCGEdii8Yec5OiL73Elymkhsd7Bty03wYSQ1wzYg1XPKESn4cAYYGBKjUdE22HN-QDirevXz9nlUNMvpiJ_k7oujY90eBxPrVy90KOc9np0gdGyEMwNICOpK9uJddcq-yhcL_sd26cnFuDVggNp0moJprwKHL0oKPNOTLvF-Hh8alrbFndm4wJtK5QNA0ZixQtNz0wKx2d2VjzzabaR-CmcaSPiwWxIhcLaSq6vAF2zktnjJaWSQIgPrHVkOUY_BOvO3cOTQbVRo_3gZeLe4h5Brd-9msFMulYQ6uWuaXsUZrv54DL9m5G66go2tPIhvGThcRpA2XrvIcgPiA0BwQGYi8X7483eq8k7dwmfMsBoLLMXbCYOoLECx2E3wEU0rcfuzkviZOpD0mopyxRcrrmisP9AATY_AJYj0FCRc_IRxThWJ8nELGmKBBHKXH2I6_O8MkOebGzMLQIFgOz41oYnjX8QdPJ6wKqNokQyg1TrPbNiMSw_xpFZhX_CpSbV4GCAjyokrYfnZ6JhVhe1JD0h6hUwUxF6m7qsofzuudYBr2PvffoU69FkjyZIxl3ADJ1S_Bx_uUWV1deAmFUpOBhA2HakBx5pksN-I7Fr8T3dqSnBAUQzabYD9DzjBuNgD-YH54v26a67eM5k7La5s3_TYpxzShIubXZ_pPejDQCYvdfyWAdXyVG10R8p9dEmLbTDxsKEiVqP5xphN9qGOU96caN3lF64AOBTfZd4pttZ8T8J2IGkJ5ueFCuknilmQkya5nUm5Q-xjZc7X_DfYQnLjCvoEAiTfpufBY3BCOhO2SOQ1fqvIQls19s_-1s7LKc2ws24ISLv1UR1IVWkk7nDzrAMSZrc_i9bkBxbd6iQ4HRkI8U6BaKPxkSAcf2go7hM-NWuf_cxSMyRS9fwXYKKjTd_do3T4sI7BgP5sar5q1kONP09V4Mmzw96WMGwHQOXZ9arYacrMbvmCEe8UJlTHN1kZHt5KPxfcBtDGhS8SLIlEMX5zzQxZT2emOJyyZqPrAfxPEVV7T-OQkZtEIOgqaBlANeylYJH5B_-C5h5VzdeLwoTOyXr6TGMngtizkpKAw0ufBmIekLqbaldlHMLlhTtkUh42Hey3_YcC4mOq3LccCpHsOnFelvakgd-aWPgpw0suhJNuLA0k6RXNREdNtgptu2IJTUW2r_W6VTF4LJicrqaFIO1aRvU2oXbN9XEFe0kpupl7qA5CtPJ-Xk4jMGirIeKgUiG6zo3X8A__32PiKvMJ7MsVQkVEazeQFpZ9BfEMg-RKmeB_59HVd69UwwwpoxO6pIkrwoxlJeDSsFfvOKTM3mNON7zHUc5jjnX7lM1gZNnYjNX9urAKHui5EcqEmhj33bBxJuYiERirbq-TkqR7_TdzWXaRIFSB9vgJj57ofiezg_pCAOtoxVqvZOi0noVN6-R6o_QlUHeXJhA0DjL4c2D_VyNFlB5Yhn3LbZKqnXBebEPxQvp_c6md6YIvtq_1h1RXCzNcOdqrtyNFjRLREpiFrYtaZ9Qg6yMHo1ZaFNzUKUYETVHedi-GwFXKvZETG_9CgtUapVCYXhLTlz63V7XtjoeftgSjLzXrx1QHnBMVRRRT-tIDON474zvCy3Q7g9S2RxQJ0qvKINr86N3f-Y4hJxqsnXkJNWgcOl5MT59EF4mr__kitUvkgdmbkmKJDaEKmDA5b6lrlFsAw2pSlUakdhywWv8bT8GWQhjuuH0R7Nn_Q5PPPNCTZ-xsIOeEUHl3Y0SO-iXhEkO45O3QUc1QARS-_KnStc_iOrH9xtvIybFuyg0_toP5Z-pOYvR7QXGFb_IyWzsrdBLnQ2bexkBkItHzt--zXprr5dusretKZ16gfZaEPGHm90jt2lwn3A&cid=CAASJ-RoOaCvLnHkAdzNSxChlQs0J__pngqv9GC7Vyzvz_DNhfLvZ6Yazg&rfl=1%2Chttps%253A%252F%252Fwww.spokesman.com%242%2Chttps%253A%252F%252Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%252Fsafeframe%252F1-0-38%252Fhtml%252Fcontainer.html%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 18:03:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84215
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Oct 2023 18:03:11 GMT

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame B791 11 KB
4 KB 135ms
45ms Script
text/html 138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCaEDzVb49Y6GNKIql6wSmnpKoBqblvaBphZWcp8kP8C4QASDDoPwBYJXSrIK0B8gBCakCFWYpWrahsD6oAwGqBJgCT9Ddk5hBnlTsys039HDlfSAEQrHzFXrU7c1yd-8jvaB6XUVjW-7wGJkbi1TDoe239LtZc7PZ-4SsJTPBRa1TR6oDT0-bDiQNawvL-EsQl1RJb4zv-momT6o4p6GYrEmf92hS0p8SxMnu1L53WJfwH3-qRPe9-r91GnD-mLlEuUcUSusj4sChKbhSeUtfbuMwh6xixN8Z3GCiUasvUarw-Mi2VvXZtyyJw_r6ObsNIQ_yKdaAcOuMSwxTDWxfYe04gt7RnIpDXlWyCwz9_KJ7llaxyJg5sv1KgHAH3S4hRN-s-CLpA2dc3CdxvUfPsX-xFyAdylgKxX4ydOap2Q4rYHsOJLD4fMA-3zPt6Pc0by29K3cbTAMgs8AE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgGYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoaV9WdBcS4RNT3XF_raxIyj-qF73AY3bEFP1Y4xfyLMldCoK9gg%26sig%3DAOD64_36FlgpOQlv-N2TrTGUIJA5mOHPWw%26client%3Dca-pub-9779652122014728%26dbm_c%3DAKAmf-Aaf3Cuh2UJkMCk23DSUZgMbJhYoapck1ASTYy9nZqqT58X-dcQlhi3Ubra1xEyNBHxf286KWypRm1g_d8vbZ13SqyE7zIteIrUCecV9c5PkpxwZ9MwsFcXenGaOu-6I9lHMnvY9g2FzNrH0ktEt1CiQLkE0mvYd0ga5kemTVGG24vlHpM%26cry%3D1%26dbm_d%3DAKAmf-CRXrg3zFGlMk-SKGbGiV2_oVWJE7uixKOlr8bIbgob1mVDYOYASQN1xAj6x6E2WK_qWoe6-v2oNkLZoDb0BPWiDWcAW2jiCsnGEbkA6EZ32mhwn2qHfg4MakTFxcCqaVqYetOpFCMOsKqbbc9jUsyRu4x58lAmdUNxBDNIpFxZnEtCIo7EC2EN8drZ-uAkWASnT0Bx3H8lnBzJYwQbckVvtsbKs3G8vdl072c0KZoVwIvQ_1FNUkrPnesmLqDfo2FmOk8Hkbmr9W4HeKrYvw5vmHZIU2KHyL2pbWKuhLC4N1igruGA0N7c484i0XInIGkBGzADUYcWxu3XOzVjwrHSMUONA7DY6w428c_xlSYsreYbEgjhSqRvVNJ031UnWva1wp9N912jMi5iCjQX9vJYoxu0e0k4CSScQfZnpBUfeaE6dgB7UdcLw6nWuCi-2z0_nzu7y4d-Ct0n5GW1qaOylY_8FGUMokqegsaoSI5zswh5OIRgVdJNgqx0jqsvgz3AbNq-s299NP5aCB75LYxwPzTo4Q-HRn-7YDwnI-qf-JSiSgY%26adurl%3D
Requested by: Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 Nagold, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 818f85f8e03c3a63b8f5aebc35d64bc3c51c2b689ab046349919d8d5309eb43a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 17:26:46 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4091
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK encwumjulb0v Show response
hal9000.redintelligence.net/zone/ Frame D59D 11 KB
4 KB 125ms
43ms Script
text/html 138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/encwumjulb0v?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCSFqSVb49Y6ONKIql6wSmnpKoBpumgKJp1ZLqi84P8C4QASDDoPwBYJXSrIK0B8gBCakCFWYpWrahsD6oAwGqBJgCT9DUl2Auzqi1Ls4Z8fTVoVX14c9TB24qVt4DNNH2-B2ZTIGO_uvqB4tXmzg84dDPlOOiAGVWJeN-JJuK1Gay-RKYjOk3il0o0ZWfOoc1CTOXJR9PV928MHzVj9wxXbVWnHQE1pTTrgPqxk_8a2LGAsviwo7FGNWsrS7vlhnLs-_RhORbOCVuDMIG_FWSYD0xlQRUKLofzZm69dOrmkqRJM7oQY_XokJIrvV8Ttm5IgCGfhgiGOnouRFRpME7NKRLSFIgHIrj8qdgUs9CtwwJZ3GKuApBVDpGuW3vVp9f9UdLxLCkmi7ZT5XbIYvmyfS3KUG8Tudbgw06XPMy9iFmsAeotW2jETaMCAMxeK-DOoLCNKOdkG6azMAE0aLP1IAE4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgGYCwHICwGADAGwE5Go0Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-Roue-oXw2VK9Z5LH8wCA-0EW9wfIUnGWl9gsIGGOVgaTP6N-WXfQ%26sig%3DAOD64_1gaDwoyfOoX9nzEPmrIx_zXsBY0Q%26client%3Dca-pub-9779652122014728%26dbm_c%3DAKAmf-BBnbBjUTH5JvEDXh3UoK0rMS1iC7T_DPfzN7EC4fxiTe0tdxMEwxh50Ern32WUItsybcjDU2dW72KUb5Kmnaj3cDAlxPAbTJ-lrAGB2doOer0P9ivqhppAzqJhqSKWN0AnXYHWiOHKqSk4oV04XRRzmSqbHMgOqytEw9AbfeeUNaediyI%26cry%3D1%26dbm_d%3DAKAmf-DJy44eZ-9vNq2dNAfBTIgW1P3swjcax0jcmU2CJ8vUo4JbzRQBhdn_kNTrBdUmkXQKN-S8ZWHHdCXanDIlDg4P5XCnhB9bJpt2MGGEeExGDhssoz35_S9Q4wtn4q71reutYPzCzXzCO5UaquxvAxdHbTFAaKFgpyJ296GLBqFXJyuwQqkFpCD2ihvKsXmVwciLf738DCv0OKZSBEYLDaiaLwcVViV0FA9f_t0OcoMSUXbwJwV0wy4vGoObZH36oy0FZpnQtSR_-iTSETL6XVgBFp5xwfWEJT2N1yqIXAHSDIR8Pt4bNfiMk4Zydxl6Vjgqvkeq82wqovgNQgXHPXaVNVz51S9bMAKDYkN5fB9ohvcu-Z3Q0yZQeMtQAVqFzSpsUxzYs5QoqeoI5jQ-NJOIhmjnSq4Qs65mY3HeKAo6aooD2kfvi6YNmbr3LzsGRMx3126a1VMYRmyUNL95yZ4d-neQ2z5l-0pTOuZkg3vRtbAX0J9RHo0ZNkVLbXUftD1WxAd8eTk_AJ9uGVnYkfKqH_hvHIiwNwAKSjGvdSDULmDfEkU%26adurl%3D
Requested by: Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 Nagold, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 7858cd02c55e6829ec9c053edc778d07e510be80bb0440e8c7b9c8941b4d0b51

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 17:26:46 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4094
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame 4807 11 KB
4 KB 126ms
43ms Script
text/html 138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCp03jVb49Y6KNKIql6wSmnpKoBqblvaBphZWcp8kP8C4QASDDoPwBYJXSrIK0B8gBCakCFWYpWrahsD6oAwGqBJgCT9As6Ugkb754LpuylAQz2EBqWRiCzXNJn4w0d5_l4JC6SB9x_7efvz6_DyuSxTD2eTaUZa2xhco78XBc22ktCi27aBqxnc-1W1F3XWp6Dnp31Bs1WqxlECVVz-ro_KAnXlHcO8Fva45FizmOdzausY3iPqYE3DxrCcWYX6TcqB0HFv2xTdFIY6Glnu1lM3k2e6M-E8MsktJ944lC9QLJgiSAAab8ubxfapk6W7Um43uAdFg96vOIHiOVs509GQGXymw5Zf0hyN0oh-A18Oxajc9tUmtWxXN0p5NhyaydNOimhYQ1SuH1Z0zqzXRVZvtHbll0IeJzsCG504yYFbH8FJGuI2MdHF7eWox5ZLA6ICV83CTBJZ9fWcAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgGYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoOaCvLnHkAdzNSxChlQs0J__pngqv9GC7Vyzvz_DNhfLvZ6Yazg%26sig%3DAOD64_2xSlP29NQcuycbjNB4kNLftg2-MA%26client%3Dca-pub-9779652122014728%26dbm_c%3DAKAmf-DYe33dKbz1vrt7RmtIKqpzO8tEURjZ8QnSjd_yjV5EWBkRb9-JonZWoqktiM-DNhubLlBDjAfqejgriYOGg2nGOaz99Ova17Fx5Eo6Dvgbb2rPqhqtjg_OrC-3zmMID5gl5dLGcpEOfFflIGNA5dCkClr7u2HVvnHlOEMo5hwn-ZzXPMg%26cry%3D1%26dbm_d%3DAKAmf-AbAgrjXTxYUt5xnm4Jx4vFCDfYVZCZ0vwGEgmcXwyJuiqyDBdrPUHEqVJlZm8qpWLet8JuP867M5ATb3VFHSIIiQmnbP5oAdzISkbBjRlJ4MvamRe3E4qxWsmZw-hZd9kpwEK8Gplhm7CitAHcY6otvPRwaGu2-pprnEhcFZH6tGTpLNbk9O5usZMPPgMXaXEUEOkhBIE7Y6GiFiKl43_zq78uwNvg9h_mNpEgzlZkHIbdPRFOI_tWD9hz7WXmBLAZIpgJMAtyFmmfPq_FNgqQ9YpNsrw3td99FI-TkJjDRCj28G4vivPdAliGOGl71FytFnCYfZ8wX7tHplkQrcTg9-99uEiE6dDh1AtTf7BaVp95uIIvs2T0leLNHoTrE7UlY3lL1cezxOb49KV3XqVvzVQ2xIjjdPSxrZCCQjjTGOzVI_NXQL7oVRSn3ztbII3LW9ScxY0pLcpklgrCCZrpqT3pKQe5I38OM29NWjreDMWduii_apQE4LaIK0k9F1lgTkfz6dOOVczMGVH9yVk0a-iPLxzSx4-k92psblmjthMx7EA%26adurl%3D
Requested by: Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 Nagold, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 6ecbcee49e8515405f968f8b76905d58880af434dd7fcb7d84baca85a734bcfb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 17:26:46 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4091
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 5B7C 0
0 88ms
87ms Fetch
image/gif 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvr68qCwqlLWCdfi28hGBA-_-fLnmarr0YjLQgC-KUTL8lEz4ZBQv17AUVkMmtRu7XfEYD7sAqv-hdl7kBES-SXDk5n6WcPgE5RCmapDAV1ES_n8Dl9felJtwHXHfTi5484qxMQ2qM9j-v0Y1ccQjDNx8DTXgx89FcVqFI8O7YCL1RTatGGYERgUbzUgHseUyez93qDgJmycMmVRkPue0jwEXJ9oP3Lyu-2em9957h7BSeG-pGeXfWD_5h6R2pZrdFA8U_WBzF8E3x483Fjwg0kYD2Pd3pJolZVbGJfTA1dj9ZmXb_5jENvFi2OA7qsnpNd9Jb6_w7_ScvLkahFe0CudH9DqzTZ&sai=AMfl-YRzlE0B6_PCOSVv8w9-sxonh-fR-x-Re5cnUKdthl5yVR_SAoJzznLGE2917fwBtSSCGpI1n0RUvQDO1WZqjvqSAvFHeJBvN17W72b3FCqmw_3yKYv3fPvBMTmZXgMekZS6&sig=Cg0ArKJSzAjjemEb0m9JEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 17:26:46 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 05 Oct 2022 17:26:46 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame E143 0
0 93ms
93ms Image
text/html 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CiG8RVb49Y6CNKIql6wSmnpKoBtD2p-JsqsepytEQ3NkeEAEgw6D8AWCV0qyCtAegAaDG1NoDyAEJ4AIAqAMByAMKqgS_Ak_QfK9Kz1KL5mykg0PCPelZNKecwtgGXTaMYTmKO8DvuHpMvfA-sr8ZFd20t8ocSDKxikozN-wM60dCE_Fk8Mj2-xG21Rbp0fo989hbAN_QCbQ2HMuKYfiuHMKS9_PiGWqJMFqYtpxzEGKPPK2GRWchw2XukluSs2q7qe60PiH1LpGKJsrmANAC7-LAz8zj5BrcfTtTZi5YlQZ4Xg9K-CQWRHdtK_2EDBZ5JeMVVA1MQtUc7Cvc-_rk4lv9kessLK7AWOJ-Ep9APHU6gAnplN3IBhkANyDIV0qBAiCVZY1nDV0OOaRPX1vp8ka9HoyykWX1M7PTiZ1pw4i7j0WJZwb-_f2EuRKzCokZPl51L8Q9MhalUwehIegMcBiKRcpeo6zzryINKSEcyw7y0YVZtjx_6K2cSCFovUuVQisJBJLABP7blJj-A-AEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAfIuaslqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQ45IO0ggSCIjhgBAQARgdMgOqggE6AoBAgAoByAsBuBPkA9gTDYgUAdAVAZgWAYAXAbIXHgocCAASFHB1Yi05Nzc5NjUyMTIyMDE0NzI4GLmKBg&sigh=7R5pFf2IFpo&uach_m=[]&template_id=484&cbvp=2
Requested by: Host: www.spokesman.com
URL: https://www.spokesman.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.spokesman.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

GET
H/1.1 200
OK i
www.i.matheranalytics.com/ 43 B
245 B 130ms
130ms Image
image/gif 3.219.38.131
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.i.matheranalytics.com/i?e=ue&ue_na=Ad%20Impression&ue_px=eyJlYWlkIjpudWxsLCJlYnV5IjoiMCIsImVhZHYiOiIwIiwiZWNpZCI6bnVsbCwiZWVudiI6ImoiLCJlcGlkIjoiLzEwMDk2NDEvU3Bva2VzbWFuRGVza3RvcF9ob21lcGFnZV8xXzcyOHg5MCIsImVzaWQiOm51bGwsInNpemUiOiI3Mjh4OTAiLCJyZW5kZXJlZCI6IjEifQ&tv=js-3.0.155&tna=Mather&aid=v1&p=web&tz=Etc%2FUnknown&tzoff=0&lang=en-US&cs=UTF-8&navt=link&f_pdf=1&res=1600x1200&cd=24&cookie=1&f_jquery=1&f_es6=1&f_gears=2&tvltm=20&tid=a75459a3-b8b1-4951-9da8-3a1e5561cc51&pid=651320dc-9cba-4888-bed8-98f998f99edc&dtm=1664990806410&qnm=_matherq&visible=1&tabid=eb8517b6-cd40-4ca3-b07a-af1525b76c02&url=https%3A%2F%2Fwww.spokesman.com%2F&vp=1600x1200&ds=1600x10788&tofa=1664990805&vid=1&lvidt=1664990805&duid=498c985d-d08b-4d5c-8f28-32b10ba9b678&fp=2509661442&cid=ma20153&mrk=575681700
Requested by: Host: www.spokesman.com
URL: https://www.spokesman.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.219.38.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-219-38-131.compute-1.amazonaws.com
Software: /
Resource Hash: d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Date: Wed, 05 Oct 2022 17:26:47 GMT
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 self Show response
api-mg2.db-ip.com/v2/p14891b727f063924f0d86d8a8e5063678abd2ac/ 523 B
763 B 349ms
246ms XHR
application/json 104.26.5.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api-mg2.db-ip.com/v2/p14891b727f063924f0d86d8a8e5063678abd2ac/self?_=1664990807084
Requested by: Host: fp-cdn.azureedge.net
URL: https://fp-cdn.azureedge.net/prod/spokesman/fp.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.5.15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: da035830fbe22886eef2808b96a726c01b3cd3da25c72e1d76d03b62d942dd45

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 17:26:47 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 05 Oct 2022 17:26:47 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=czAVvTwWkCrwxh8k9yAXuhZQspKeIjI6GUbZN3sNYHZAq7jLYiE%2Ft1KSpB71R0TOMaC%2B3iJzhEiZNf5gQQSJ4ve9d6yBrq10AJRH7%2F3H9GC0Ld3gtZBk6oQxKZHj6mjx2tTi"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=1800
cf-ray: 7557dd410a08690d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 172C 22 KB
8 KB 52ms
51ms Document
text/html 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 170859
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 03 Oct 2022 17:59:08 GMT
expires: Tue, 03 Oct 2023 17:59:08 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 2E27 22 KB
8 KB 51ms
51ms Document
text/html 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 170859
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 03 Oct 2022 17:59:08 GMT
expires: Tue, 03 Oct 2023 17:59:08 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 7637 22 KB
8 KB 53ms
52ms Document
text/html 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 170859
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 03 Oct 2022 17:59:08 GMT
expires: Tue, 03 Oct 2023 17:59:08 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

request.php Show response
hal900018.redintelligence.net/ Frame B791
Redirect Chain

https://hal900018.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=553823f321&subid=&uid=60f081687295c436&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900018.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=553823f321&subid=&uid=60f081687295c436&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

3 KB
2 KB

189ms
102ms

Script
application/x-javascript

144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900018.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=553823f321&subid=&uid=60f081687295c436&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCaEDzVb49Y6GNKIql6wSmnpKoBqblvaBphZWcp8kP8C4QASDDoPwBYJXSrIK0B8gBCakCFWYpWrahsD6oAwGqBJgCT9Ddk5hBnlTsys039HDlfSAEQrHzFXrU7c1yd-8jvaB6XUVjW-7wGJkbi1TDoe239LtZc7PZ-4SsJTPBRa1TR6oDT0-bDiQNawvL-EsQl1RJb4zv-momT6o4p6GYrEmf92hS0p8SxMnu1L53WJfwH3-qRPe9-r91GnD-mLlEuUcUSusj4sChKbhSeUtfbuMwh6xixN8Z3GCiUasvUarw-Mi2VvXZtyyJw_r6ObsNIQ_yKdaAcOuMSwxTDWxfYe04gt7RnIpDXlWyCwz9_KJ7llaxyJg5sv1KgHAH3S4hRN-s-CLpA2dc3CdxvUfPsX-xFyAdylgKxX4ydOap2Q4rYHsOJLD4fMA-3zPt6Pc0by29K3cbTAMgs8AE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgGYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoaV9WdBcS4RNT3XF_raxIyj-qF73AY3bEFP1Y4xfyLMldCoK9gg%26sig%3DAOD64_36FlgpOQlv-N2TrTGUIJA5mOHPWw%26client%3Dca-pub-9779652122014728%26dbm_c%3DAKAmf-Aaf3Cuh2UJkMCk23DSUZgMbJhYoapck1ASTYy9nZqqT58X-dcQlhi3Ubra1xEyNBHxf286KWypRm1g_d8vbZ13SqyE7zIteIrUCecV9c5PkpxwZ9MwsFcXenGaOu-6I9lHMnvY9g2FzNrH0ktEt1CiQLkE0mvYd0ga5kemTVGG24vlHpM%26cry%3D1%26dbm_d%3DAKAmf-CRXrg3zFGlMk-SKGbGiV2_oVWJE7uixKOlr8bIbgob1mVDYOYASQN1xAj6x6E2WK_qWoe6-v2oNkLZoDb0BPWiDWcAW2jiCsnGEbkA6EZ32mhwn2qHfg4MakTFxcCqaVqYetOpFCMOsKqbbc9jUsyRu4x58lAmdUNxBDNIpFxZnEtCIo7EC2EN8drZ-uAkWASnT0Bx3H8lnBzJYwQbckVvtsbKs3G8vdl072c0KZoVwIvQ_1FNUkrPnesmLqDfo2FmOk8Hkbmr9W4HeKrYvw5vmHZIU2KHyL2pbWKuhLC4N1igruGA0N7c484i0XInIGkBGzADUYcWxu3XOzVjwrHSMUONA7DY6w428c_xlSYsreYbEgjhSqRvVNJ031UnWva1wp9N912jMi5iCjQX9vJYoxu0e0k4CSScQfZnpBUfeaE6dgB7UdcLw6nWuCi-2z0_nzu7y4d-Ct0n5GW1qaOylY_8FGUMokqegsaoSI5zswh5OIRgVdJNgqx0jqsvgz3AbNq-s299NP5aCB75LYxwPzTo4Q-HRn-7YDwnI-qf-JSiSgY%26adurl%3D&documentReferer=https%3A%2F%2Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fwww.spokesman.com&random=1301926900008&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: c4a205c4284531843a218cb075843ac2e5d2dbdefcca69e3466241fb121163f4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 17:26:47 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 18400000093881204444550012103018
Connection: close
Content-Length: 972
Expires: Wed, 05 Oct 2022 18:26:47 +0200

Redirect headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 17:26:47 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=553823f321&subid=&uid=60f081687295c436&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCaEDzVb49Y6GNKIql6wSmnpKoBqblvaBphZWcp8kP8C4QASDDoPwBYJXSrIK0B8gBCakCFWYpWrahsD6oAwGqBJgCT9Ddk5hBnlTsys039HDlfSAEQrHzFXrU7c1yd-8jvaB6XUVjW-7wGJkbi1TDoe239LtZc7PZ-4SsJTPBRa1TR6oDT0-bDiQNawvL-EsQl1RJb4zv-momT6o4p6GYrEmf92hS0p8SxMnu1L53WJfwH3-qRPe9-r91GnD-mLlEuUcUSusj4sChKbhSeUtfbuMwh6xixN8Z3GCiUasvUarw-Mi2VvXZtyyJw_r6ObsNIQ_yKdaAcOuMSwxTDWxfYe04gt7RnIpDXlWyCwz9_KJ7llaxyJg5sv1KgHAH3S4hRN-s-CLpA2dc3CdxvUfPsX-xFyAdylgKxX4ydOap2Q4rYHsOJLD4fMA-3zPt6Pc0by29K3cbTAMgs8AE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgGYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoaV9WdBcS4RNT3XF_raxIyj-qF73AY3bEFP1Y4xfyLMldCoK9gg%26sig%3DAOD64_36FlgpOQlv-N2TrTGUIJA5mOHPWw%26client%3Dca-pub-9779652122014728%26dbm_c%3DAKAmf-Aaf3Cuh2UJkMCk23DSUZgMbJhYoapck1ASTYy9nZqqT58X-dcQlhi3Ubra1xEyNBHxf286KWypRm1g_d8vbZ13SqyE7zIteIrUCecV9c5PkpxwZ9MwsFcXenGaOu-6I9lHMnvY9g2FzNrH0ktEt1CiQLkE0mvYd0ga5kemTVGG24vlHpM%26cry%3D1%26dbm_d%3DAKAmf-CRXrg3zFGlMk-SKGbGiV2_oVWJE7uixKOlr8bIbgob1mVDYOYASQN1xAj6x6E2WK_qWoe6-v2oNkLZoDb0BPWiDWcAW2jiCsnGEbkA6EZ32mhwn2qHfg4MakTFxcCqaVqYetOpFCMOsKqbbc9jUsyRu4x58lAmdUNxBDNIpFxZnEtCIo7EC2EN8drZ-uAkWASnT0Bx3H8lnBzJYwQbckVvtsbKs3G8vdl072c0KZoVwIvQ_1FNUkrPnesmLqDfo2FmOk8Hkbmr9W4HeKrYvw5vmHZIU2KHyL2pbWKuhLC4N1igruGA0N7c484i0XInIGkBGzADUYcWxu3XOzVjwrHSMUONA7DY6w428c_xlSYsreYbEgjhSqRvVNJ031UnWva1wp9N912jMi5iCjQX9vJYoxu0e0k4CSScQfZnpBUfeaE6dgB7UdcLw6nWuCi-2z0_nzu7y4d-Ct0n5GW1qaOylY_8FGUMokqegsaoSI5zswh5OIRgVdJNgqx0jqsvgz3AbNq-s299NP5aCB75LYxwPzTo4Q-HRn-7YDwnI-qf-JSiSgY%26adurl%3D&documentReferer=https%3A%2F%2Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fwww.spokesman.com&random=1301926900008&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Wed, 05 Oct 2022 18:26:47 +0200

GET
H/1.1

200
OK

request.php Show response
hal900028.redintelligence.net/ Frame D59D
Redirect Chain

https://hal900028.redintelligence.net/request.php?zone=encwumjulb0v&nw=20&renderingType=javascript&namespace=9bed4930a3&subid=&uid=929da6ebac121ae3&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900028.redintelligence.net/request.php?zone=encwumjulb0v&nw=20&renderingType=javascript&namespace=9bed4930a3&subid=&uid=929da6ebac121ae3&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

3 KB
2 KB

187ms
106ms

Script
application/x-javascript

88.99.165.19
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900028.redintelligence.net/request.php?zone=encwumjulb0v&nw=20&renderingType=javascript&namespace=9bed4930a3&subid=&uid=929da6ebac121ae3&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCSFqSVb49Y6ONKIql6wSmnpKoBpumgKJp1ZLqi84P8C4QASDDoPwBYJXSrIK0B8gBCakCFWYpWrahsD6oAwGqBJgCT9DUl2Auzqi1Ls4Z8fTVoVX14c9TB24qVt4DNNH2-B2ZTIGO_uvqB4tXmzg84dDPlOOiAGVWJeN-JJuK1Gay-RKYjOk3il0o0ZWfOoc1CTOXJR9PV928MHzVj9wxXbVWnHQE1pTTrgPqxk_8a2LGAsviwo7FGNWsrS7vlhnLs-_RhORbOCVuDMIG_FWSYD0xlQRUKLofzZm69dOrmkqRJM7oQY_XokJIrvV8Ttm5IgCGfhgiGOnouRFRpME7NKRLSFIgHIrj8qdgUs9CtwwJZ3GKuApBVDpGuW3vVp9f9UdLxLCkmi7ZT5XbIYvmyfS3KUG8Tudbgw06XPMy9iFmsAeotW2jETaMCAMxeK-DOoLCNKOdkG6azMAE0aLP1IAE4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgGYCwHICwGADAGwE5Go0Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-Roue-oXw2VK9Z5LH8wCA-0EW9wfIUnGWl9gsIGGOVgaTP6N-WXfQ%26sig%3DAOD64_1gaDwoyfOoX9nzEPmrIx_zXsBY0Q%26client%3Dca-pub-9779652122014728%26dbm_c%3DAKAmf-BBnbBjUTH5JvEDXh3UoK0rMS1iC7T_DPfzN7EC4fxiTe0tdxMEwxh50Ern32WUItsybcjDU2dW72KUb5Kmnaj3cDAlxPAbTJ-lrAGB2doOer0P9ivqhppAzqJhqSKWN0AnXYHWiOHKqSk4oV04XRRzmSqbHMgOqytEw9AbfeeUNaediyI%26cry%3D1%26dbm_d%3DAKAmf-DJy44eZ-9vNq2dNAfBTIgW1P3swjcax0jcmU2CJ8vUo4JbzRQBhdn_kNTrBdUmkXQKN-S8ZWHHdCXanDIlDg4P5XCnhB9bJpt2MGGEeExGDhssoz35_S9Q4wtn4q71reutYPzCzXzCO5UaquxvAxdHbTFAaKFgpyJ296GLBqFXJyuwQqkFpCD2ihvKsXmVwciLf738DCv0OKZSBEYLDaiaLwcVViV0FA9f_t0OcoMSUXbwJwV0wy4vGoObZH36oy0FZpnQtSR_-iTSETL6XVgBFp5xwfWEJT2N1yqIXAHSDIR8Pt4bNfiMk4Zydxl6Vjgqvkeq82wqovgNQgXHPXaVNVz51S9bMAKDYkN5fB9ohvcu-Z3Q0yZQeMtQAVqFzSpsUxzYs5QoqeoI5jQ-NJOIhmjnSq4Qs65mY3HeKAo6aooD2kfvi6YNmbr3LzsGRMx3126a1VMYRmyUNL95yZ4d-neQ2z5l-0pTOuZkg3vRtbAX0J9RHo0ZNkVLbXUftD1WxAd8eTk_AJ9uGVnYkfKqH_hvHIiwNwAKSjGvdSDULmDfEkU%26adurl%3D&documentReferer=https%3A%2F%2Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fwww.spokesman.com&random=5312428883050&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Server: 88.99.165.19 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.19.165.99.88.clients.your-server.de
Software: Apache /
Resource Hash: 4a360cc63f6efbf32adba73f248924ae14f975270a408094a822b46ca71abd99

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 17:26:47 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 10246800099425704444640012103028
Connection: close
Content-Length: 1102
Expires: Wed, 05 Oct 2022 18:26:47 +0200

Redirect headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 17:26:47 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=encwumjulb0v&nw=20&renderingType=javascript&namespace=9bed4930a3&subid=&uid=929da6ebac121ae3&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCSFqSVb49Y6ONKIql6wSmnpKoBpumgKJp1ZLqi84P8C4QASDDoPwBYJXSrIK0B8gBCakCFWYpWrahsD6oAwGqBJgCT9DUl2Auzqi1Ls4Z8fTVoVX14c9TB24qVt4DNNH2-B2ZTIGO_uvqB4tXmzg84dDPlOOiAGVWJeN-JJuK1Gay-RKYjOk3il0o0ZWfOoc1CTOXJR9PV928MHzVj9wxXbVWnHQE1pTTrgPqxk_8a2LGAsviwo7FGNWsrS7vlhnLs-_RhORbOCVuDMIG_FWSYD0xlQRUKLofzZm69dOrmkqRJM7oQY_XokJIrvV8Ttm5IgCGfhgiGOnouRFRpME7NKRLSFIgHIrj8qdgUs9CtwwJZ3GKuApBVDpGuW3vVp9f9UdLxLCkmi7ZT5XbIYvmyfS3KUG8Tudbgw06XPMy9iFmsAeotW2jETaMCAMxeK-DOoLCNKOdkG6azMAE0aLP1IAE4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgGYCwHICwGADAGwE5Go0Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-Roue-oXw2VK9Z5LH8wCA-0EW9wfIUnGWl9gsIGGOVgaTP6N-WXfQ%26sig%3DAOD64_1gaDwoyfOoX9nzEPmrIx_zXsBY0Q%26client%3Dca-pub-9779652122014728%26dbm_c%3DAKAmf-BBnbBjUTH5JvEDXh3UoK0rMS1iC7T_DPfzN7EC4fxiTe0tdxMEwxh50Ern32WUItsybcjDU2dW72KUb5Kmnaj3cDAlxPAbTJ-lrAGB2doOer0P9ivqhppAzqJhqSKWN0AnXYHWiOHKqSk4oV04XRRzmSqbHMgOqytEw9AbfeeUNaediyI%26cry%3D1%26dbm_d%3DAKAmf-DJy44eZ-9vNq2dNAfBTIgW1P3swjcax0jcmU2CJ8vUo4JbzRQBhdn_kNTrBdUmkXQKN-S8ZWHHdCXanDIlDg4P5XCnhB9bJpt2MGGEeExGDhssoz35_S9Q4wtn4q71reutYPzCzXzCO5UaquxvAxdHbTFAaKFgpyJ296GLBqFXJyuwQqkFpCD2ihvKsXmVwciLf738DCv0OKZSBEYLDaiaLwcVViV0FA9f_t0OcoMSUXbwJwV0wy4vGoObZH36oy0FZpnQtSR_-iTSETL6XVgBFp5xwfWEJT2N1yqIXAHSDIR8Pt4bNfiMk4Zydxl6Vjgqvkeq82wqovgNQgXHPXaVNVz51S9bMAKDYkN5fB9ohvcu-Z3Q0yZQeMtQAVqFzSpsUxzYs5QoqeoI5jQ-NJOIhmjnSq4Qs65mY3HeKAo6aooD2kfvi6YNmbr3LzsGRMx3126a1VMYRmyUNL95yZ4d-neQ2z5l-0pTOuZkg3vRtbAX0J9RHo0ZNkVLbXUftD1WxAd8eTk_AJ9uGVnYkfKqH_hvHIiwNwAKSjGvdSDULmDfEkU%26adurl%3D&documentReferer=https%3A%2F%2Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fwww.spokesman.com&random=5312428883050&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Wed, 05 Oct 2022 18:26:47 +0200

GET
H/1.1

200
OK

request.php Show response
hal900012.redintelligence.net/ Frame 4807
Redirect Chain

https://hal900012.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=37821aae2f&subid=&uid=401ba4250938a6c6&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900012.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=37821aae2f&subid=&uid=401ba4250938a6c6&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

3 KB
2 KB

185ms
100ms

Script
application/x-javascript

94.130.102.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900012.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=37821aae2f&subid=&uid=401ba4250938a6c6&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCp03jVb49Y6KNKIql6wSmnpKoBqblvaBphZWcp8kP8C4QASDDoPwBYJXSrIK0B8gBCakCFWYpWrahsD6oAwGqBJgCT9As6Ugkb754LpuylAQz2EBqWRiCzXNJn4w0d5_l4JC6SB9x_7efvz6_DyuSxTD2eTaUZa2xhco78XBc22ktCi27aBqxnc-1W1F3XWp6Dnp31Bs1WqxlECVVz-ro_KAnXlHcO8Fva45FizmOdzausY3iPqYE3DxrCcWYX6TcqB0HFv2xTdFIY6Glnu1lM3k2e6M-E8MsktJ944lC9QLJgiSAAab8ubxfapk6W7Um43uAdFg96vOIHiOVs509GQGXymw5Zf0hyN0oh-A18Oxajc9tUmtWxXN0p5NhyaydNOimhYQ1SuH1Z0zqzXRVZvtHbll0IeJzsCG504yYFbH8FJGuI2MdHF7eWox5ZLA6ICV83CTBJZ9fWcAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgGYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoOaCvLnHkAdzNSxChlQs0J__pngqv9GC7Vyzvz_DNhfLvZ6Yazg%26sig%3DAOD64_2xSlP29NQcuycbjNB4kNLftg2-MA%26client%3Dca-pub-9779652122014728%26dbm_c%3DAKAmf-DYe33dKbz1vrt7RmtIKqpzO8tEURjZ8QnSjd_yjV5EWBkRb9-JonZWoqktiM-DNhubLlBDjAfqejgriYOGg2nGOaz99Ova17Fx5Eo6Dvgbb2rPqhqtjg_OrC-3zmMID5gl5dLGcpEOfFflIGNA5dCkClr7u2HVvnHlOEMo5hwn-ZzXPMg%26cry%3D1%26dbm_d%3DAKAmf-AbAgrjXTxYUt5xnm4Jx4vFCDfYVZCZ0vwGEgmcXwyJuiqyDBdrPUHEqVJlZm8qpWLet8JuP867M5ATb3VFHSIIiQmnbP5oAdzISkbBjRlJ4MvamRe3E4qxWsmZw-hZd9kpwEK8Gplhm7CitAHcY6otvPRwaGu2-pprnEhcFZH6tGTpLNbk9O5usZMPPgMXaXEUEOkhBIE7Y6GiFiKl43_zq78uwNvg9h_mNpEgzlZkHIbdPRFOI_tWD9hz7WXmBLAZIpgJMAtyFmmfPq_FNgqQ9YpNsrw3td99FI-TkJjDRCj28G4vivPdAliGOGl71FytFnCYfZ8wX7tHplkQrcTg9-99uEiE6dDh1AtTf7BaVp95uIIvs2T0leLNHoTrE7UlY3lL1cezxOb49KV3XqVvzVQ2xIjjdPSxrZCCQjjTGOzVI_NXQL7oVRSn3ztbII3LW9ScxY0pLcpklgrCCZrpqT3pKQe5I38OM29NWjreDMWduii_apQE4LaIK0k9F1lgTkfz6dOOVczMGVH9yVk0a-iPLxzSx4-k92psblmjthMx7EA%26adurl%3D&documentReferer=https%3A%2F%2Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fwww.spokesman.com&random=5927973057915&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Server: 94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.102.130.94.clients.your-server.de
Software: Apache /
Resource Hash: ca03c9a7f1b2bbdd2e1407ea5279311f5dd4ef760730015e9fa5956ec73b269d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 17:26:47 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 21285700095016004444550012103012
Connection: close
Content-Length: 972
Expires: Wed, 05 Oct 2022 18:26:47 +0200

Redirect headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 17:26:47 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=37821aae2f&subid=&uid=401ba4250938a6c6&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCp03jVb49Y6KNKIql6wSmnpKoBqblvaBphZWcp8kP8C4QASDDoPwBYJXSrIK0B8gBCakCFWYpWrahsD6oAwGqBJgCT9As6Ugkb754LpuylAQz2EBqWRiCzXNJn4w0d5_l4JC6SB9x_7efvz6_DyuSxTD2eTaUZa2xhco78XBc22ktCi27aBqxnc-1W1F3XWp6Dnp31Bs1WqxlECVVz-ro_KAnXlHcO8Fva45FizmOdzausY3iPqYE3DxrCcWYX6TcqB0HFv2xTdFIY6Glnu1lM3k2e6M-E8MsktJ944lC9QLJgiSAAab8ubxfapk6W7Um43uAdFg96vOIHiOVs509GQGXymw5Zf0hyN0oh-A18Oxajc9tUmtWxXN0p5NhyaydNOimhYQ1SuH1Z0zqzXRVZvtHbll0IeJzsCG504yYFbH8FJGuI2MdHF7eWox5ZLA6ICV83CTBJZ9fWcAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgGYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoOaCvLnHkAdzNSxChlQs0J__pngqv9GC7Vyzvz_DNhfLvZ6Yazg%26sig%3DAOD64_2xSlP29NQcuycbjNB4kNLftg2-MA%26client%3Dca-pub-9779652122014728%26dbm_c%3DAKAmf-DYe33dKbz1vrt7RmtIKqpzO8tEURjZ8QnSjd_yjV5EWBkRb9-JonZWoqktiM-DNhubLlBDjAfqejgriYOGg2nGOaz99Ova17Fx5Eo6Dvgbb2rPqhqtjg_OrC-3zmMID5gl5dLGcpEOfFflIGNA5dCkClr7u2HVvnHlOEMo5hwn-ZzXPMg%26cry%3D1%26dbm_d%3DAKAmf-AbAgrjXTxYUt5xnm4Jx4vFCDfYVZCZ0vwGEgmcXwyJuiqyDBdrPUHEqVJlZm8qpWLet8JuP867M5ATb3VFHSIIiQmnbP5oAdzISkbBjRlJ4MvamRe3E4qxWsmZw-hZd9kpwEK8Gplhm7CitAHcY6otvPRwaGu2-pprnEhcFZH6tGTpLNbk9O5usZMPPgMXaXEUEOkhBIE7Y6GiFiKl43_zq78uwNvg9h_mNpEgzlZkHIbdPRFOI_tWD9hz7WXmBLAZIpgJMAtyFmmfPq_FNgqQ9YpNsrw3td99FI-TkJjDRCj28G4vivPdAliGOGl71FytFnCYfZ8wX7tHplkQrcTg9-99uEiE6dDh1AtTf7BaVp95uIIvs2T0leLNHoTrE7UlY3lL1cezxOb49KV3XqVvzVQ2xIjjdPSxrZCCQjjTGOzVI_NXQL7oVRSn3ztbII3LW9ScxY0pLcpklgrCCZrpqT3pKQe5I38OM29NWjreDMWduii_apQE4LaIK0k9F1lgTkfz6dOOVczMGVH9yVk0a-iPLxzSx4-k92psblmjthMx7EA%26adurl%3D&documentReferer=https%3A%2F%2Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fwww.spokesman.com&random=5927973057915&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Wed, 05 Oct 2022 18:26:47 +0200

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 74A2 41 KB
15 KB 51ms
51ms Script
text/javascript 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D9NEOy4fhwba-4kFc0_Fg1TIB1got8cCsDZkQ_H-5UxPFYv2dVu-FJxHvf-LwvhMQ4_mNWaIVxwXHVDqL_nubaTk1zmjaMKv7YWYHKESTfFcUMUwLX2XjuxeZGHmfv3FlVuI7WGXdVKi9vce9V72vIkm4-nCDaxKELtYxmgL_-JG7oj0M&cry=1&dbm_d=AKAmf-B3kf-97BYo61MrLnBEknDeG67Bpvj3e59Zi08y9DCJbVvqmB9d-nZHITIxbceJ0gT8qGCZjCkrcQoYmwlv6Gh7K2g3Ht4MtpbmtjEgAss_Aky4B9hhlRHMgTiW7ph6H5Hwxqhh828sqbPbubHi4g9XEq5nchdWRM8PRF4wkqOjRn5NtTUVhUI7CRiUf8ySdSaJfpWJGDKNo1kqzWqvy0VwEaud3X3Jj1cP7598uBxzMmM0cQfwfskJnmOOodfEf3wnZBHfsKm95ndZdmiKMJrd2s4gE1epQXPYSZqZkD0upUoIjz7VNaebl0XbLNLfNJoBDK4Mk4QSTCNoPW8DSeH2q7Buh76JkvsLQUd_RUzerI-aiUsJp78DoIaIEolv0yhEk57UpNSdw98zzenih7pQICqkMINebxuPuSJRx67sdIYl-BcUwhX6vkJRlhXfMsnFJ3S9Ti4amIcjG5-dwAQvtRC6Y6jWo5LAeZfClb5mPzJHd4AVq0k0aN6DPtgjvvcHU6R_mHCZRxaXpksXE7VGpWMkwTUybCIcmF-o1RWhJaiX8rTsyicC9zFs6ueX8yaC_anvzq2uaQtTEvcn0QK03nh6Wooi5_p6rmRgrKZtreqiiX7RYr38K833KnvLgoQ699UE8rZ2dBOewqOZbd4dwHpI71ljFchtS_5gSyZuX275HjxHJKE2hbE10fnvGURVfCIhoTL6hQNeIHxZYy-y5HnfhPJoKwUJj1n8f8sa49S91HMN3K-Gn7u9DwoWE0Ai46AqEQWGcGmvloOh63w3LPYan9Aphy9qLLDtJI4lx6CZRa2o04j-xB7Sf1busGVqrTSdMz-Zoenn6JdH3L1OqZE4Wy2qycFAnqgRVfakZ13lzD92iaAW2hdVTNKZy0YZ4AFxVjzDP-sl9siaduYl1nAQg6fu2_W5NJDRlkOcvOsc-5xs01iXVYTJ6HLGyzbPwojWagSxhE8qFo0LKlQkLHqkERPTjlizsqD1xSyK1WBRuQW7xIpCVyAFA_HDAlZiSUMlx2oGbY4YqtZshtlDLySLKeVB8WHt0vSAcG9UeEK72T6-AbWFlzEBzZp0xhO47ks8dMcUVIE38WVL76qWByme_wNUGIc7-mv3YiDsqmAtGliPzln6Yhewam4WM4HaIP3-X_htaBI0ckMx7Jzu_awnfaBlsUqPkvEmOrVyYqCbT988jTAwdseN7miMszYEPDn2a3FTq-GJ8wvie7Kh8QXGhOoVhLXdKVwGhCfnyE3vDtNwElQnK22bbQbo86iCZnBM8R5jy4hM9kZkGSOv3Pv2Uy7IRPkh2TXhYoW0IdgjtqoiH5N99NEZyPgAJq8AMBFeO-hGJmckobeoiRrHujOmfKPH_tBM1h1WlmkLNQjLZjYeUXK3gEmxUhJV8535ubK66EPoPMzkNqJpF-ToOT4rvoCf4Lwx2KI-7MwtufQiFs0Rt8JkCPUcN0PW1Np8bND5octzmV1R3pmJ45yOoxrSZD7ZuJpvTXJjxDdYIoTT1O3t5XBgHSgtiEP9IYpYdIZE41KIJhb_wRppzsSfILhOiEmRGfdeV0uSJoGRquvg8Yi1U4x4PfJwGo-3tRhTDElDJL46nXRij92oDteiETOrscPL9NaGo1jIITXKqAkq4RAHTYs9n2fWpq2Jc1ogAGwnTntrL0tcUmpMqOt-Q56f9N4RW3By8d5ZSOoDCKIvUOxa9bLtpgqbY-_n3PvYXa3DICxr1KO30Tzx-BQaws6SMnGR0yClUvFA85uvnCsFOXQ00zpLy31LzpK1y2wF9SxGygK8bvnQjcxqaDjePwGYbXksVotSl1JLBp8oG42Fjr1PKlpAhEpKA5Eh-YcCpMGnq7UI7OlmrJOS3wVhPfMZlj_UWcOvFgvBLYLmRICPen7i_YdrEtXdn-sGQjgayG-OLSmo3jXgcdnYJ4Xcne-lOlHePZpWI9y8cXGqES63h078gQ1Da55YR_TGgQOOAkariR6VseJo7E-sZ3hXzk1W1Qn2mTWEvPKM1-wdV3fYWYFS_w0xTi73VA6e7xg1q7mh2M5hobCOySd-OpA8KM88B2dNp0sohvvPmlkgAW8IyIdamnuj1ZbMuyhSuEmzkwHhjHQcH2LPh-G87sNXqtcst7Eulb1av17vB_bvk3qyF2sBLP4gcV3AAgZC9erN2nnBByIWdHfp-l20qk6voje65sDNg__sDFJLq1SkZ5bgS0j9ZzGZZDCC8AkjS-gWkAUqXVDX7gX1ckPg9JLeahbyCQQCjNOUJQRmcix8n5CnrFxKqik8QvkienYDMa4NvRJ42AcObyQFc8cpsfIJj3W0Zr7WgUQlDEuR8H97UKA_vq7W6v_o-963J2rihnklpjEdivygNLeEbTLPf1lAuJCssAGqo5fl8UDq6XVL8qt1HY3aCPVNIcC1YSw8x1FXTgoAUgx5tUh6voCJpdf2sNfbDkMDyUYTvQS5av8z3XyN4vT6b2GavsHT8tL7POLnaYFTS90Ak1VppvtPmSL4twmQYrDv3j0yEt8_Sptmg06PSViqrcSsvOK0V_YhAvlCSur2JRoP3kLL2U7gQwbt_JYsnlRxYjt7wIaki8OJmj_QwoVXVnYC2yDhL-ohjaATz4hbDVjpYt5cKsUuOdQwl-n7BczpUZc5NY9cgv29cHm-acIKrqrvwyflVFfjfFlfyRJDjJpBqdCKutY7oKghoXKo_A5fJRiyagkpNkjCt637UJersxFmNSao5K2B7QxzMZg4U6BokqtF9pnMne9WjDpm1Qbr6730XsMy5Rq2daaOXajtsNmzEmQU29L1ggpmKHeHhg6vmzMqDwXXlBEbl5ZR0BfQjna9AH0468P9_Akah6WvxiadyRNb36zjggMLwfOqMFa7Ny4TmbCRat0uetxNPEgKnDcIZBdilGjwAsURKHYg2RDjgybL7qdd3ge70bILwW9DJ-92QqFz30QZbjgLKs4sui3DisgdZAV8D4cIU3vHX1ZXYlSThriYCUvMzvcam3haJL_VlMr8g3aTA0W6Lr5ZU3XegmkcFPX7CbHP2DnvVWVf9TKdaYHc_QUrvOWxQD_Uxml5eWQnKb8B9svMjWgd2M9xpDNBJq0U5_mELVgx5BKKHh0u0M7nn4GzmBLEnzRS2BpFIcf5sOLj6dnV3FnA6al_11ga2EDcGBN-6WsruTiC5hp4rJZ7gmRnYCwmhDWlrJIi6fstkEwRwm6VJQ5HtVLOTuY-CFvUlThS2LkeMLwl8XI5aU5zFmiJV5tNZYRTME6vLyU-gtctPAXurX_DgeOhzj1uWITjAiWCCO2FrsGKzhT8nIjyRK0YzzlfvLS9fNuNypQQUgDtyHq8niDJVPvVSKwm8d0O1jVRCnDwA0sRKZggW-KZw41JJEggdFjCSxjFXsuDpt5S4YOW_sF8x5CuOoOhT6fpLDQjlChcjmPO6CpimlbOjomX6XJbp0KytSuDI5sFQkJqGS0jHg&cid=CAASJ-RoztSVctY6nukEGOwNbnke81Edjc4TdBWxQh1TyTU1eMSUETZKiQ&rfl=1%2Chttps%253A%252F%252Fwww.spokesman.com%242%2Chttps%253A%252F%252Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%252Fsafeframe%252F1-0-38%252Fhtml%252Fcontainer.html%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 18:03:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84216
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Oct 2023 18:03:11 GMT

GET
H/1.1 200
OK encwumjulb0v Show response
hal9000.redintelligence.net/zone/ Frame 74A2 11 KB
4 KB 119ms
40ms Script
text/html 138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/encwumjulb0v?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC8IqfVb49Y6SNKIql6wSmnpKoBpumgKJp1ZLqi84P8C4QASDDoPwBYJXSrIK0B8gBCakCFWYpWrahsD6oAwGqBJgCT9C9qSqu9RQpgSDo8MrnsQ0SJB4pBXUPSCgxKUncKX9Dv-wpkDS6f5DtcknEu1jxPb4tjiT6GZDQ11xWttAiyse6BNYrzEwkSM7JcxxlxU3axTWbT_Eu3WGxvWxvwXi8GueBMp54YeruJq_fC0zmYK9M7pI2x9YUZwFHMuVFihONfWhve7diLKEQxfN8rVNzxplz-G1RuqcR907Y7geM35Vnhh-CsLcPhI6ifpKqpzEQrmkTYFF0b5eoQ2jrW4lt4FOoaQfeiuYpBfLtChSrtfT4r0ukPJEvxzbqV54rcL3wfCmrxF92Uh8Z9DS5-Gv6b2RrUfOyIIMmtst-4ih94fXfayeQXF2H0sKVr5vugPf6Upv2cLBgeMAE0aLP1IAE4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgGYCwHICwGADAGwE5Go0Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoztSVctY6nukEGOwNbnke81Edjc4TdBWxQh1TyTU1eMSUETZKiQ%26sig%3DAOD64_0Y7c1ExoqRc9-WwDMa1wh_TA-2pw%26client%3Dca-pub-9779652122014728%26dbm_c%3DAKAmf-A3hH11qucAFQMO39rNy8sq0b5N38FObZ_bv4l4jl4AjjDlsY3vuw6vkIbQ67phnoRWf2YN6F-2F6iaIjtKUD-GIlURHIyZALbXbitY4QaQfOt7qm-n27YT_hwHPQFu8QZVZrhw0INH3OCNPNkBv52ajP4cFKekv_y0jMttpMXuQyzZln4%26cry%3D1%26dbm_d%3DAKAmf-CuTJCeGarzit_1-jwJZfxAxA_U0LcxjEpN1D4HZ8XHzvjB-h1MSbKMjFBDF6Jt9G6tHiPRVKXLcfwqaa95iB8aLEKL6qIQnpp1umzltmTNPn8DEk2qb_nN3ZX_s0vNoG9UPO4mu8zsavcYYPPc6jbFDcW6T9gZBn6wJl1lbh0O8z3Zu9c3M8n4kcNGmgtlPO-plMRcONOIEqrQuZg0mIJ7KqYJqUBPjLO9aVt9JwLl-cQY-Lc3VjfTEsaYuCbSvfhwTYDjJ0hk0IhHr1RjrEKgvi-1anM8_X__n7F-sxCmHABI-UaFg4RHdw1eVt11pqPIMrV98CPQUTTdL6E7CdFaof1BOOJD8uQ_olclg8kmbM4Rv4OPvzW_I-e2qqeoJn22-fx-AjzHh0tJyKAeX6INENiHPWAV73rZNGoVSBzH1NESwTYuGgYQWDQKYqmYEj_pc-FBNbQ1BmjL1kIsBYPhalQQ-K1ssOnEKIkvWgmJwHhYIfD2HzE_ZIeXzou_6RiCZVWvPoQCSWrgvhDpX7B8cAj9ARxBpVxugKDvPwRghVbUuI0%26adurl%3D
Requested by: Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 Nagold, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: d23368c62442103a86b05668d59a2e8ed797210df4158a8dd61c41e84381b424

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 17:26:47 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4092
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK i
www.i.matheranalytics.com/ 43 B
245 B 128ms
128ms Image
image/gif 3.219.38.131
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.i.matheranalytics.com/i?e=ue&ue_na=Ad%20Impression&ue_px=eyJlYWlkIjpudWxsLCJlYnV5IjoiMCIsImVhZHYiOiIwIiwiZWNpZCI6bnVsbCwiZWVudiI6ImoiLCJlcGlkIjoiLzEwMDk2NDEvU3Bva2VzbWFuRGVza3RvcF9ob21lcGFnZV8yXzcyOHg5MCIsImVzaWQiOm51bGwsInNpemUiOiI3Mjh4OTAiLCJyZW5kZXJlZCI6IjEifQ&tv=js-3.0.155&tna=Mather&aid=v1&p=web&tz=Etc%2FUnknown&tzoff=0&lang=en-US&cs=UTF-8&navt=link&f_pdf=1&res=1600x1200&cd=24&cookie=1&f_jquery=1&f_es6=1&f_gears=2&tvltm=20&tid=d0e2b86e-cd50-42fa-aa1b-ba9139ff402a&pid=651320dc-9cba-4888-bed8-98f998f99edc&dtm=1664990806410&qnm=_matherq&visible=1&tabid=eb8517b6-cd40-4ca3-b07a-af1525b76c02&url=https%3A%2F%2Fwww.spokesman.com%2F&vp=1600x1200&ds=1600x10788&tofa=1664990805&vid=1&lvidt=1664990805&duid=498c985d-d08b-4d5c-8f28-32b10ba9b678&fp=2509661442&cid=ma20153&mrk=575681700
Requested by: Host: www.spokesman.com
URL: https://www.spokesman.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.219.38.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-219-38-131.compute-1.amazonaws.com
Software: /
Resource Hash: d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Date: Wed, 05 Oct 2022 17:26:47 GMT
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H3 200 b4aq_x9zMiku-4ayY0gQrcEuJNMSghrM2Nuaea2nyAg.js Show response
pagead2.googlesyndication.com/bg/ Frame 172C 36 KB
16 KB 118ms
40ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/b4aq_x9zMiku-4ayY0gQrcEuJNMSghrM2Nuaea2nyAg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f86aaff1f7332292efb86b2634810adc12e24d312821accd8db9a79ada7c808

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 15:01:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8747
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15966
x-xss-protection: 0
last-modified: Tue, 27 Sep 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 05 Oct 2023 15:01:00 GMT

GET
H3 200 b4aq_x9zMiku-4ayY0gQrcEuJNMSghrM2Nuaea2nyAg.js Show response
pagead2.googlesyndication.com/bg/ Frame 2E27 36 KB
16 KB 141ms
62ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/b4aq_x9zMiku-4ayY0gQrcEuJNMSghrM2Nuaea2nyAg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f86aaff1f7332292efb86b2634810adc12e24d312821accd8db9a79ada7c808

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 15:01:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8747
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15966
x-xss-protection: 0
last-modified: Tue, 27 Sep 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 05 Oct 2023 15:01:00 GMT

GET
H3 200 b4aq_x9zMiku-4ayY0gQrcEuJNMSghrM2Nuaea2nyAg.js Show response
pagead2.googlesyndication.com/bg/ Frame 7637 36 KB
16 KB 119ms
43ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/b4aq_x9zMiku-4ayY0gQrcEuJNMSghrM2Nuaea2nyAg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f86aaff1f7332292efb86b2634810adc12e24d312821accd8db9a79ada7c808

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 15:01:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8747
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15966
x-xss-protection: 0
last-modified: Tue, 27 Sep 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 05 Oct 2023 15:01:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame BFA6 22 KB
8 KB 51ms
51ms Document
text/html 2a00:1450:400d:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 170859
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 03 Oct 2022 17:59:08 GMT
expires: Tue, 03 Oct 2023 17:59:08 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

request.php Show response
hal90009.redintelligence.net/ Frame 74A2
Redirect Chain

https://hal90009.redintelligence.net/request.php?zone=encwumjulb0v&nw=20&renderingType=javascript&namespace=1318f269a2&subid=&uid=e0296ce1c2bdb8d7&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90009.redintelligence.net/request.php?zone=encwumjulb0v&nw=20&renderingType=javascript&namespace=1318f269a2&subid=&uid=e0296ce1c2bdb8d7&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

4 KB
2 KB

184ms
104ms

Script
application/x-javascript

138.201.63.149
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90009.redintelligence.net/request.php?zone=encwumjulb0v&nw=20&renderingType=javascript&namespace=1318f269a2&subid=&uid=e0296ce1c2bdb8d7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC8IqfVb49Y6SNKIql6wSmnpKoBpumgKJp1ZLqi84P8C4QASDDoPwBYJXSrIK0B8gBCakCFWYpWrahsD6oAwGqBJgCT9C9qSqu9RQpgSDo8MrnsQ0SJB4pBXUPSCgxKUncKX9Dv-wpkDS6f5DtcknEu1jxPb4tjiT6GZDQ11xWttAiyse6BNYrzEwkSM7JcxxlxU3axTWbT_Eu3WGxvWxvwXi8GueBMp54YeruJq_fC0zmYK9M7pI2x9YUZwFHMuVFihONfWhve7diLKEQxfN8rVNzxplz-G1RuqcR907Y7geM35Vnhh-CsLcPhI6ifpKqpzEQrmkTYFF0b5eoQ2jrW4lt4FOoaQfeiuYpBfLtChSrtfT4r0ukPJEvxzbqV54rcL3wfCmrxF92Uh8Z9DS5-Gv6b2RrUfOyIIMmtst-4ih94fXfayeQXF2H0sKVr5vugPf6Upv2cLBgeMAE0aLP1IAE4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgGYCwHICwGADAGwE5Go0Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoztSVctY6nukEGOwNbnke81Edjc4TdBWxQh1TyTU1eMSUETZKiQ%26sig%3DAOD64_0Y7c1ExoqRc9-WwDMa1wh_TA-2pw%26client%3Dca-pub-9779652122014728%26dbm_c%3DAKAmf-A3hH11qucAFQMO39rNy8sq0b5N38FObZ_bv4l4jl4AjjDlsY3vuw6vkIbQ67phnoRWf2YN6F-2F6iaIjtKUD-GIlURHIyZALbXbitY4QaQfOt7qm-n27YT_hwHPQFu8QZVZrhw0INH3OCNPNkBv52ajP4cFKekv_y0jMttpMXuQyzZln4%26cry%3D1%26dbm_d%3DAKAmf-CuTJCeGarzit_1-jwJZfxAxA_U0LcxjEpN1D4HZ8XHzvjB-h1MSbKMjFBDF6Jt9G6tHiPRVKXLcfwqaa95iB8aLEKL6qIQnpp1umzltmTNPn8DEk2qb_nN3ZX_s0vNoG9UPO4mu8zsavcYYPPc6jbFDcW6T9gZBn6wJl1lbh0O8z3Zu9c3M8n4kcNGmgtlPO-plMRcONOIEqrQuZg0mIJ7KqYJqUBPjLO9aVt9JwLl-cQY-Lc3VjfTEsaYuCbSvfhwTYDjJ0hk0IhHr1RjrEKgvi-1anM8_X__n7F-sxCmHABI-UaFg4RHdw1eVt11pqPIMrV98CPQUTTdL6E7CdFaof1BOOJD8uQ_olclg8kmbM4Rv4OPvzW_I-e2qqeoJn22-fx-AjzHh0tJyKAeX6INENiHPWAV73rZNGoVSBzH1NESwTYuGgYQWDQKYqmYEj_pc-FBNbQ1BmjL1kIsBYPhalQQ-K1ssOnEKIkvWgmJwHhYIfD2HzE_ZIeXzou_6RiCZVWvPoQCSWrgvhDpX7B8cAj9ARxBpVxugKDvPwRghVbUuI0%26adurl%3D&documentReferer=https%3A%2F%2Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fwww.spokesman.com&random=8439432972346&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Server: 138.201.63.149 Nagold, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.149.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 965d50bc546fa12497b529618f3f1845a214cabba5599da790e0bfe7a65a5d42

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 17:26:47 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 89355200088708204444640012103009
Connection: close
Content-Length: 1266
Expires: Wed, 05 Oct 2022 18:26:47 +0200

Redirect headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 17:26:47 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=encwumjulb0v&nw=20&renderingType=javascript&namespace=1318f269a2&subid=&uid=e0296ce1c2bdb8d7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC8IqfVb49Y6SNKIql6wSmnpKoBpumgKJp1ZLqi84P8C4QASDDoPwBYJXSrIK0B8gBCakCFWYpWrahsD6oAwGqBJgCT9C9qSqu9RQpgSDo8MrnsQ0SJB4pBXUPSCgxKUncKX9Dv-wpkDS6f5DtcknEu1jxPb4tjiT6GZDQ11xWttAiyse6BNYrzEwkSM7JcxxlxU3axTWbT_Eu3WGxvWxvwXi8GueBMp54YeruJq_fC0zmYK9M7pI2x9YUZwFHMuVFihONfWhve7diLKEQxfN8rVNzxplz-G1RuqcR907Y7geM35Vnhh-CsLcPhI6ifpKqpzEQrmkTYFF0b5eoQ2jrW4lt4FOoaQfeiuYpBfLtChSrtfT4r0ukPJEvxzbqV54rcL3wfCmrxF92Uh8Z9DS5-Gv6b2RrUfOyIIMmtst-4ih94fXfayeQXF2H0sKVr5vugPf6Upv2cLBgeMAE0aLP1IAE4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgGYCwHICwGADAGwE5Go0Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoztSVctY6nukEGOwNbnke81Edjc4TdBWxQh1TyTU1eMSUETZKiQ%26sig%3DAOD64_0Y7c1ExoqRc9-WwDMa1wh_TA-2pw%26client%3Dca-pub-9779652122014728%26dbm_c%3DAKAmf-A3hH11qucAFQMO39rNy8sq0b5N38FObZ_bv4l4jl4AjjDlsY3vuw6vkIbQ67phnoRWf2YN6F-2F6iaIjtKUD-GIlURHIyZALbXbitY4QaQfOt7qm-n27YT_hwHPQFu8QZVZrhw0INH3OCNPNkBv52ajP4cFKekv_y0jMttpMXuQyzZln4%26cry%3D1%26dbm_d%3DAKAmf-CuTJCeGarzit_1-jwJZfxAxA_U0LcxjEpN1D4HZ8XHzvjB-h1MSbKMjFBDF6Jt9G6tHiPRVKXLcfwqaa95iB8aLEKL6qIQnpp1umzltmTNPn8DEk2qb_nN3ZX_s0vNoG9UPO4mu8zsavcYYPPc6jbFDcW6T9gZBn6wJl1lbh0O8z3Zu9c3M8n4kcNGmgtlPO-plMRcONOIEqrQuZg0mIJ7KqYJqUBPjLO9aVt9JwLl-cQY-Lc3VjfTEsaYuCbSvfhwTYDjJ0hk0IhHr1RjrEKgvi-1anM8_X__n7F-sxCmHABI-UaFg4RHdw1eVt11pqPIMrV98CPQUTTdL6E7CdFaof1BOOJD8uQ_olclg8kmbM4Rv4OPvzW_I-e2qqeoJn22-fx-AjzHh0tJyKAeX6INENiHPWAV73rZNGoVSBzH1NESwTYuGgYQWDQKYqmYEj_pc-FBNbQ1BmjL1kIsBYPhalQQ-K1ssOnEKIkvWgmJwHhYIfD2HzE_ZIeXzou_6RiCZVWvPoQCSWrgvhDpX7B8cAj9ARxBpVxugKDvPwRghVbUuI0%26adurl%3D&documentReferer=https%3A%2F%2Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fwww.spokesman.com&random=8439432972346&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Wed, 05 Oct 2022 18:26:47 +0200

GET
H/1.1 200
OK i
www.i.matheranalytics.com/ 43 B
245 B 129ms
128ms Image
image/gif 3.219.38.131
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.i.matheranalytics.com/i?e=ue&ue_na=Ad%20Impression&ue_px=eyJlYWlkIjpudWxsLCJlYnV5IjoiMCIsImVhZHYiOiIwIiwiZWNpZCI6bnVsbCwiZWVudiI6ImoiLCJlcGlkIjoiLzEwMDk2NDEvU3Bva2VzbWFuRGVza3RvcF9ob21lcGFnZV8zXzcyOHg5MCIsImVzaWQiOm51bGwsInNpemUiOiI3Mjh4OTAiLCJyZW5kZXJlZCI6IjEifQ&tv=js-3.0.155&tna=Mather&aid=v1&p=web&tz=Etc%2FUnknown&tzoff=0&lang=en-US&cs=UTF-8&navt=link&f_pdf=1&res=1600x1200&cd=24&cookie=1&f_jquery=1&f_es6=1&f_gears=2&tvltm=20&tid=5e1861fa-efa9-4aa8-a593-eaed18e170a6&pid=651320dc-9cba-4888-bed8-98f998f99edc&dtm=1664990806411&qnm=_matherq&visible=1&tabid=eb8517b6-cd40-4ca3-b07a-af1525b76c02&url=https%3A%2F%2Fwww.spokesman.com%2F&vp=1600x1200&ds=1600x10788&tofa=1664990805&vid=1&lvidt=1664990805&duid=498c985d-d08b-4d5c-8f28-32b10ba9b678&fp=2509661442&cid=ma20153&mrk=575681700
Requested by: Host: www.spokesman.com
URL: https://www.spokesman.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.219.38.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-219-38-131.compute-1.amazonaws.com
Software: /
Resource Hash: d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Date: Wed, 05 Oct 2022 17:26:47 GMT
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H3 200 b4aq_x9zMiku-4ayY0gQrcEuJNMSghrM2Nuaea2nyAg.js Show response
pagead2.googlesyndication.com/bg/ Frame BFA6 36 KB
16 KB 63ms
63ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/b4aq_x9zMiku-4ayY0gQrcEuJNMSghrM2Nuaea2nyAg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f86aaff1f7332292efb86b2634810adc12e24d312821accd8db9a79ada7c808

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 15:01:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8747
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15966
x-xss-protection: 0
last-modified: Tue, 27 Sep 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 05 Oct 2023 15:01:00 GMT

GET
H/1.1 200
OK i
www.i.matheranalytics.com/ 43 B
245 B 128ms
128ms Image
image/gif 3.219.38.131
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.i.matheranalytics.com/i?e=ue&ue_na=Ad%20Impression&ue_px=eyJlYWlkIjoiNjA5OTU4NzQ5NyIsImVidXkiOiIzMDc0MzM0NDYxIiwiZWFkdiI6IjQ0MzA1MzIxMSIsImVjaWQiOiIxMzg0MDQ5MzgxOTUiLCJlZW52IjoiaiIsImVwaWQiOiIvMTAwOTY0MS9TcG9rZXNtYW5faG9tZXBhZ2VfdG9wXzMwMHgyNTAiLCJlc2lkIjpudWxsLCJzaXplIjoiMzAweDI1MCIsInJlbmRlcmVkIjoiMSJ9&tv=js-3.0.155&tna=Mather&aid=v1&p=web&tz=Etc%2FUnknown&tzoff=0&lang=en-US&cs=UTF-8&navt=link&f_pdf=1&res=1600x1200&cd=24&cookie=1&f_jquery=1&f_es6=1&f_gears=2&tvltm=20&tid=04002115-61b9-4844-8362-d2b89f5fd1bf&pid=651320dc-9cba-4888-bed8-98f998f99edc&dtm=1664990806412&qnm=_matherq&visible=1&tabid=eb8517b6-cd40-4ca3-b07a-af1525b76c02&url=https%3A%2F%2Fwww.spokesman.com%2F&vp=1600x1200&ds=1600x10788&tofa=1664990805&vid=1&lvidt=1664990805&duid=498c985d-d08b-4d5c-8f28-32b10ba9b678&fp=2509661442&cid=ma20153&mrk=575681700
Requested by: Host: www.spokesman.com
URL: https://www.spokesman.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.219.38.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-219-38-131.compute-1.amazonaws.com
Software: /
Resource Hash: d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Date: Wed, 05 Oct 2022 17:26:47 GMT
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H/1.1 200
OK cshow.php Show response
www.awin1.com/ Frame EEC0 43 B
704 B 367ms
107ms Document
image/gif 92.123.17.141
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.awin1.com/cshow.php?s=3202027&v=11601&q=357526&r=113440&pref1=21285700095016004444550012103012&pv=1

Requested by

Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=37821aae2f&subid=&uid=401ba4250938a6c6&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCp03jVb49Y6KNKIql6wSmnpKoBqblvaBphZWcp8kP8C4QASDDoPwBYJXSrIK0B8gBCakCFWYpWrahsD6oAwGqBJgCT9As6Ugkb754LpuylAQz2EBqWRiCzXNJn4w0d5_l4JC6SB9x_7efvz6_DyuSxTD2eTaUZa2xhco78XBc22ktCi27aBqxnc-1W1F3XWp6Dnp31Bs1WqxlECVVz-ro_KAnXlHcO8Fva45FizmOdzausY3iPqYE3DxrCcWYX6TcqB0HFv2xTdFIY6Glnu1lM3k2e6M-E8MsktJ944lC9QLJgiSAAab8ubxfapk6W7Um43uAdFg96vOIHiOVs509GQGXymw5Zf0hyN0oh-A18Oxajc9tUmtWxXN0p5NhyaydNOimhYQ1SuH1Z0zqzXRVZvtHbll0IeJzsCG504yYFbH8FJGuI2MdHF7eWox5ZLA6ICV83CTBJZ9fWcAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgGYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoOaCvLnHkAdzNSxChlQs0J__pngqv9GC7Vyzvz_DNhfLvZ6Yazg%26sig%3DAOD64_2xSlP29NQcuycbjNB4kNLftg2-MA%26client%3Dca-pub-9779652122014728%26dbm_c%3DAKAmf-DYe33dKbz1vrt7RmtIKqpzO8tEURjZ8QnSjd_yjV5EWBkRb9-JonZWoqktiM-DNhubLlBDjAfqejgriYOGg2nGOaz99Ova17Fx5Eo6Dvgbb2rPqhqtjg_OrC-3zmMID5gl5dLGcpEOfFflIGNA5dCkClr7u2HVvnHlOEMo5hwn-ZzXPMg%26cry%3D1%26dbm_d%3DAKAmf-AbAgrjXTxYUt5xnm4Jx4vFCDfYVZCZ0vwGEgmcXwyJuiqyDBdrPUHEqVJlZm8qpWLet8JuP867M5ATb3VFHSIIiQmnbP5oAdzISkbBjRlJ4MvamRe3E4qxWsmZw-hZd9kpwEK8Gplhm7CitAHcY6otvPRwaGu2-pprnEhcFZH6tGTpLNbk9O5usZMPPgMXaXEUEOkhBIE7Y6GiFiKl43_zq78uwNvg9h_mNpEgzlZkHIbdPRFOI_tWD9hz7WXmBLAZIpgJMAtyFmmfPq_FNgqQ9YpNsrw3td99FI-TkJjDRCj28G4vivPdAliGOGl71FytFnCYfZ8wX7tHplkQrcTg9-99uEiE6dDh1AtTf7BaVp95uIIvs2T0leLNHoTrE7UlY3lL1cezxOb49KV3XqVvzVQ2xIjjdPSxrZCCQjjTGOzVI_NXQL7oVRSn3ztbII3LW9ScxY0pLcpklgrCCZrpqT3pKQe5I38OM29NWjreDMWduii_apQE4LaIK0k9F1lgTkfz6dOOVczMGVH9yVk0a-iPLxzSx4-k92psblmjthMx7EA%26adurl%3D&documentReferer=https%3A%2F%2Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fwww.spokesman.com&random=5927973057915&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

92.123.17.141 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-17-141.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Awin-Akamai-Rule-Set: default
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Wed, 05 Oct 2022 17:26:47 GMT
Expires: 0
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Pragma: no-cache
Strict-Transport-Security: max-age=86400

GET
H3

200

activityi;dc_pre=CMqinI3OyfoCFQ5rFQgdtX0IuA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=867838597139.0768 Show response
5994599.fls.doubleclick.net/ Frame 3997
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=867838597139.0768?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CMqinI3OyfoCFQ5rFQgdtX0IuA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=867838597139.0768?

391 B
346 B

147ms
70ms

Document
text/html

172.217.18.6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CMqinI3OyfoCFQ5rFQgdtX0IuA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=867838597139.0768?

Requested by

Host: www.spokesman.com
URL: https://www.spokesman.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.6 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f6.1e100.net

Software

cafe /

Resource Hash

07d28cffbf7864901470c6f8f49c4c52fd9f693596a9f4dd4c22da19e97ce174

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: gzip
content-length: 323
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 17:26:47 GMT
expires: Wed, 05 Oct 2022 17:26:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 17:26:47 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CMqinI3OyfoCFQ5rFQgdtX0IuA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=867838597139.0768?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900012.redintelligence.net/ Frame 4A49 7 KB
3 KB 117ms
40ms Document
text/html 94.130.102.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900012.redintelligence.net/request_content.php?s=21285700095016004444550012103012&a=96cc4dae
Requested by: Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=37821aae2f&subid=&uid=401ba4250938a6c6&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCp03jVb49Y6KNKIql6wSmnpKoBqblvaBphZWcp8kP8C4QASDDoPwBYJXSrIK0B8gBCakCFWYpWrahsD6oAwGqBJgCT9As6Ugkb754LpuylAQz2EBqWRiCzXNJn4w0d5_l4JC6SB9x_7efvz6_DyuSxTD2eTaUZa2xhco78XBc22ktCi27aBqxnc-1W1F3XWp6Dnp31Bs1WqxlECVVz-ro_KAnXlHcO8Fva45FizmOdzausY3iPqYE3DxrCcWYX6TcqB0HFv2xTdFIY6Glnu1lM3k2e6M-E8MsktJ944lC9QLJgiSAAab8ubxfapk6W7Um43uAdFg96vOIHiOVs509GQGXymw5Zf0hyN0oh-A18Oxajc9tUmtWxXN0p5NhyaydNOimhYQ1SuH1Z0zqzXRVZvtHbll0IeJzsCG504yYFbH8FJGuI2MdHF7eWox5ZLA6ICV83CTBJZ9fWcAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgGYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoOaCvLnHkAdzNSxChlQs0J__pngqv9GC7Vyzvz_DNhfLvZ6Yazg%26sig%3DAOD64_2xSlP29NQcuycbjNB4kNLftg2-MA%26client%3Dca-pub-9779652122014728%26dbm_c%3DAKAmf-DYe33dKbz1vrt7RmtIKqpzO8tEURjZ8QnSjd_yjV5EWBkRb9-JonZWoqktiM-DNhubLlBDjAfqejgriYOGg2nGOaz99Ova17Fx5Eo6Dvgbb2rPqhqtjg_OrC-3zmMID5gl5dLGcpEOfFflIGNA5dCkClr7u2HVvnHlOEMo5hwn-ZzXPMg%26cry%3D1%26dbm_d%3DAKAmf-AbAgrjXTxYUt5xnm4Jx4vFCDfYVZCZ0vwGEgmcXwyJuiqyDBdrPUHEqVJlZm8qpWLet8JuP867M5ATb3VFHSIIiQmnbP5oAdzISkbBjRlJ4MvamRe3E4qxWsmZw-hZd9kpwEK8Gplhm7CitAHcY6otvPRwaGu2-pprnEhcFZH6tGTpLNbk9O5usZMPPgMXaXEUEOkhBIE7Y6GiFiKl43_zq78uwNvg9h_mNpEgzlZkHIbdPRFOI_tWD9hz7WXmBLAZIpgJMAtyFmmfPq_FNgqQ9YpNsrw3td99FI-TkJjDRCj28G4vivPdAliGOGl71FytFnCYfZ8wX7tHplkQrcTg9-99uEiE6dDh1AtTf7BaVp95uIIvs2T0leLNHoTrE7UlY3lL1cezxOb49KV3XqVvzVQ2xIjjdPSxrZCCQjjTGOzVI_NXQL7oVRSn3ztbII3LW9ScxY0pLcpklgrCCZrpqT3pKQe5I38OM29NWjreDMWduii_apQE4LaIK0k9F1lgTkfz6dOOVczMGVH9yVk0a-iPLxzSx4-k92psblmjthMx7EA%26adurl%3D&documentReferer=https%3A%2F%2Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fwww.spokesman.com&random=5927973057915&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.102.130.94.clients.your-server.de
Software: Apache /
Resource Hash: d250e1d0956c247b74a74db4c24fe5f2ea0d50e771c9ed893fe12a4181caf627

Request headers

Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2308
Content-Type: text/html; charset=utf-8
Date: Wed, 05 Oct 2022 17:26:47 GMT
Expires: Wed, 05 Oct 2022 18:26:47 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK cshow.php Show response
www.awin1.com/ Frame 852B 43 B
704 B 361ms
108ms Document
image/gif 92.123.17.141
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.awin1.com/cshow.php?s=3202027&v=11601&q=357526&r=113440&pref1=18400000093881204444550012103018&pv=1

Requested by

Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=553823f321&subid=&uid=60f081687295c436&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCaEDzVb49Y6GNKIql6wSmnpKoBqblvaBphZWcp8kP8C4QASDDoPwBYJXSrIK0B8gBCakCFWYpWrahsD6oAwGqBJgCT9Ddk5hBnlTsys039HDlfSAEQrHzFXrU7c1yd-8jvaB6XUVjW-7wGJkbi1TDoe239LtZc7PZ-4SsJTPBRa1TR6oDT0-bDiQNawvL-EsQl1RJb4zv-momT6o4p6GYrEmf92hS0p8SxMnu1L53WJfwH3-qRPe9-r91GnD-mLlEuUcUSusj4sChKbhSeUtfbuMwh6xixN8Z3GCiUasvUarw-Mi2VvXZtyyJw_r6ObsNIQ_yKdaAcOuMSwxTDWxfYe04gt7RnIpDXlWyCwz9_KJ7llaxyJg5sv1KgHAH3S4hRN-s-CLpA2dc3CdxvUfPsX-xFyAdylgKxX4ydOap2Q4rYHsOJLD4fMA-3zPt6Pc0by29K3cbTAMgs8AE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgGYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoaV9WdBcS4RNT3XF_raxIyj-qF73AY3bEFP1Y4xfyLMldCoK9gg%26sig%3DAOD64_36FlgpOQlv-N2TrTGUIJA5mOHPWw%26client%3Dca-pub-9779652122014728%26dbm_c%3DAKAmf-Aaf3Cuh2UJkMCk23DSUZgMbJhYoapck1ASTYy9nZqqT58X-dcQlhi3Ubra1xEyNBHxf286KWypRm1g_d8vbZ13SqyE7zIteIrUCecV9c5PkpxwZ9MwsFcXenGaOu-6I9lHMnvY9g2FzNrH0ktEt1CiQLkE0mvYd0ga5kemTVGG24vlHpM%26cry%3D1%26dbm_d%3DAKAmf-CRXrg3zFGlMk-SKGbGiV2_oVWJE7uixKOlr8bIbgob1mVDYOYASQN1xAj6x6E2WK_qWoe6-v2oNkLZoDb0BPWiDWcAW2jiCsnGEbkA6EZ32mhwn2qHfg4MakTFxcCqaVqYetOpFCMOsKqbbc9jUsyRu4x58lAmdUNxBDNIpFxZnEtCIo7EC2EN8drZ-uAkWASnT0Bx3H8lnBzJYwQbckVvtsbKs3G8vdl072c0KZoVwIvQ_1FNUkrPnesmLqDfo2FmOk8Hkbmr9W4HeKrYvw5vmHZIU2KHyL2pbWKuhLC4N1igruGA0N7c484i0XInIGkBGzADUYcWxu3XOzVjwrHSMUONA7DY6w428c_xlSYsreYbEgjhSqRvVNJ031UnWva1wp9N912jMi5iCjQX9vJYoxu0e0k4CSScQfZnpBUfeaE6dgB7UdcLw6nWuCi-2z0_nzu7y4d-Ct0n5GW1qaOylY_8FGUMokqegsaoSI5zswh5OIRgVdJNgqx0jqsvgz3AbNq-s299NP5aCB75LYxwPzTo4Q-HRn-7YDwnI-qf-JSiSgY%26adurl%3D&documentReferer=https%3A%2F%2Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fwww.spokesman.com&random=1301926900008&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

92.123.17.141 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-17-141.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Awin-Akamai-Rule-Set: default
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Wed, 05 Oct 2022 17:26:47 GMT
Expires: 0
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Pragma: no-cache
Strict-Transport-Security: max-age=86400

GET
H3

200

activityi;dc_pre=CIuonI3OyfoCFT9EFQgdNAMFrg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7679962268217.612 Show response
5994599.fls.doubleclick.net/ Frame F650
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7679962268217.612?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CIuonI3OyfoCFT9EFQgdNAMFrg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7679962268217.612?

391 B
346 B

153ms
78ms

Document
text/html

172.217.18.6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CIuonI3OyfoCFT9EFQgdNAMFrg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7679962268217.612?

Requested by

Host: www.spokesman.com
URL: https://www.spokesman.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.6 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f6.1e100.net

Software

cafe /

Resource Hash

6d7f126cef8d6742ad601ea73ee7e24d916553250ad25afd8ed4d36de8835d8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: gzip
content-length: 323
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 17:26:47 GMT
expires: Wed, 05 Oct 2022 17:26:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 17:26:47 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CIuonI3OyfoCFT9EFQgdNAMFrg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7679962268217.612?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900018.redintelligence.net/ Frame DA79 4 KB
2 KB 124ms
46ms Document
text/html 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900018.redintelligence.net/request_content.php?s=18400000093881204444550012103018&a=784e42c2
Requested by: Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=553823f321&subid=&uid=60f081687295c436&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCaEDzVb49Y6GNKIql6wSmnpKoBqblvaBphZWcp8kP8C4QASDDoPwBYJXSrIK0B8gBCakCFWYpWrahsD6oAwGqBJgCT9Ddk5hBnlTsys039HDlfSAEQrHzFXrU7c1yd-8jvaB6XUVjW-7wGJkbi1TDoe239LtZc7PZ-4SsJTPBRa1TR6oDT0-bDiQNawvL-EsQl1RJb4zv-momT6o4p6GYrEmf92hS0p8SxMnu1L53WJfwH3-qRPe9-r91GnD-mLlEuUcUSusj4sChKbhSeUtfbuMwh6xixN8Z3GCiUasvUarw-Mi2VvXZtyyJw_r6ObsNIQ_yKdaAcOuMSwxTDWxfYe04gt7RnIpDXlWyCwz9_KJ7llaxyJg5sv1KgHAH3S4hRN-s-CLpA2dc3CdxvUfPsX-xFyAdylgKxX4ydOap2Q4rYHsOJLD4fMA-3zPt6Pc0by29K3cbTAMgs8AE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgGYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoaV9WdBcS4RNT3XF_raxIyj-qF73AY3bEFP1Y4xfyLMldCoK9gg%26sig%3DAOD64_36FlgpOQlv-N2TrTGUIJA5mOHPWw%26client%3Dca-pub-9779652122014728%26dbm_c%3DAKAmf-Aaf3Cuh2UJkMCk23DSUZgMbJhYoapck1ASTYy9nZqqT58X-dcQlhi3Ubra1xEyNBHxf286KWypRm1g_d8vbZ13SqyE7zIteIrUCecV9c5PkpxwZ9MwsFcXenGaOu-6I9lHMnvY9g2FzNrH0ktEt1CiQLkE0mvYd0ga5kemTVGG24vlHpM%26cry%3D1%26dbm_d%3DAKAmf-CRXrg3zFGlMk-SKGbGiV2_oVWJE7uixKOlr8bIbgob1mVDYOYASQN1xAj6x6E2WK_qWoe6-v2oNkLZoDb0BPWiDWcAW2jiCsnGEbkA6EZ32mhwn2qHfg4MakTFxcCqaVqYetOpFCMOsKqbbc9jUsyRu4x58lAmdUNxBDNIpFxZnEtCIo7EC2EN8drZ-uAkWASnT0Bx3H8lnBzJYwQbckVvtsbKs3G8vdl072c0KZoVwIvQ_1FNUkrPnesmLqDfo2FmOk8Hkbmr9W4HeKrYvw5vmHZIU2KHyL2pbWKuhLC4N1igruGA0N7c484i0XInIGkBGzADUYcWxu3XOzVjwrHSMUONA7DY6w428c_xlSYsreYbEgjhSqRvVNJ031UnWva1wp9N912jMi5iCjQX9vJYoxu0e0k4CSScQfZnpBUfeaE6dgB7UdcLw6nWuCi-2z0_nzu7y4d-Ct0n5GW1qaOylY_8FGUMokqegsaoSI5zswh5OIRgVdJNgqx0jqsvgz3AbNq-s299NP5aCB75LYxwPzTo4Q-HRn-7YDwnI-qf-JSiSgY%26adurl%3D&documentReferer=https%3A%2F%2Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fwww.spokesman.com&random=1301926900008&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 315f0da30ec4e05e267477892da301896020a014dc73173a73175c468d069542

Request headers

Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 1529
Content-Type: text/html; charset=utf-8
Date: Wed, 05 Oct 2022 17:26:47 GMT
Expires: Wed, 05 Oct 2022 18:26:47 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET e99aace94e6e5873830a7df8deda4aa6
pv.medialead.de/trck/epv/ Frame FF38 0
0

GET
H3

200

activityi;dc_pre=CPypnI3OyfoCFZlWFQgdmcwJfA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6295717159827.03 Show response
5994599.fls.doubleclick.net/ Frame 297E
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6295717159827.03?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CPypnI3OyfoCFZlWFQgdmcwJfA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6295717159827.03?

390 B
345 B

151ms
76ms

Document
text/html

172.217.18.6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CPypnI3OyfoCFZlWFQgdmcwJfA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6295717159827.03?

Requested by

Host: www.spokesman.com
URL: https://www.spokesman.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.6 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f6.1e100.net

Software

cafe /

Resource Hash

d4d5a7df30ac9186c10a151e65e061f56c89ef8122bfca672b581bacecc78d62

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: gzip
content-length: 322
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 17:26:47 GMT
expires: Wed, 05 Oct 2022 17:26:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 17:26:47 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CPypnI3OyfoCFZlWFQgdmcwJfA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6295717159827.03?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900028.redintelligence.net/ Frame 0BA4 7 KB
2 KB 122ms
40ms Document
text/html 88.99.165.19
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900028.redintelligence.net/request_content.php?s=10246800099425704444640012103028&a=47fc22c8
Requested by: Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request.php?zone=encwumjulb0v&nw=20&renderingType=javascript&namespace=9bed4930a3&subid=&uid=929da6ebac121ae3&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCSFqSVb49Y6ONKIql6wSmnpKoBpumgKJp1ZLqi84P8C4QASDDoPwBYJXSrIK0B8gBCakCFWYpWrahsD6oAwGqBJgCT9DUl2Auzqi1Ls4Z8fTVoVX14c9TB24qVt4DNNH2-B2ZTIGO_uvqB4tXmzg84dDPlOOiAGVWJeN-JJuK1Gay-RKYjOk3il0o0ZWfOoc1CTOXJR9PV928MHzVj9wxXbVWnHQE1pTTrgPqxk_8a2LGAsviwo7FGNWsrS7vlhnLs-_RhORbOCVuDMIG_FWSYD0xlQRUKLofzZm69dOrmkqRJM7oQY_XokJIrvV8Ttm5IgCGfhgiGOnouRFRpME7NKRLSFIgHIrj8qdgUs9CtwwJZ3GKuApBVDpGuW3vVp9f9UdLxLCkmi7ZT5XbIYvmyfS3KUG8Tudbgw06XPMy9iFmsAeotW2jETaMCAMxeK-DOoLCNKOdkG6azMAE0aLP1IAE4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgGYCwHICwGADAGwE5Go0Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-Roue-oXw2VK9Z5LH8wCA-0EW9wfIUnGWl9gsIGGOVgaTP6N-WXfQ%26sig%3DAOD64_1gaDwoyfOoX9nzEPmrIx_zXsBY0Q%26client%3Dca-pub-9779652122014728%26dbm_c%3DAKAmf-BBnbBjUTH5JvEDXh3UoK0rMS1iC7T_DPfzN7EC4fxiTe0tdxMEwxh50Ern32WUItsybcjDU2dW72KUb5Kmnaj3cDAlxPAbTJ-lrAGB2doOer0P9ivqhppAzqJhqSKWN0AnXYHWiOHKqSk4oV04XRRzmSqbHMgOqytEw9AbfeeUNaediyI%26cry%3D1%26dbm_d%3DAKAmf-DJy44eZ-9vNq2dNAfBTIgW1P3swjcax0jcmU2CJ8vUo4JbzRQBhdn_kNTrBdUmkXQKN-S8ZWHHdCXanDIlDg4P5XCnhB9bJpt2MGGEeExGDhssoz35_S9Q4wtn4q71reutYPzCzXzCO5UaquxvAxdHbTFAaKFgpyJ296GLBqFXJyuwQqkFpCD2ihvKsXmVwciLf738DCv0OKZSBEYLDaiaLwcVViV0FA9f_t0OcoMSUXbwJwV0wy4vGoObZH36oy0FZpnQtSR_-iTSETL6XVgBFp5xwfWEJT2N1yqIXAHSDIR8Pt4bNfiMk4Zydxl6Vjgqvkeq82wqovgNQgXHPXaVNVz51S9bMAKDYkN5fB9ohvcu-Z3Q0yZQeMtQAVqFzSpsUxzYs5QoqeoI5jQ-NJOIhmjnSq4Qs65mY3HeKAo6aooD2kfvi6YNmbr3LzsGRMx3126a1VMYRmyUNL95yZ4d-neQ2z5l-0pTOuZkg3vRtbAX0J9RHo0ZNkVLbXUftD1WxAd8eTk_AJ9uGVnYkfKqH_hvHIiwNwAKSjGvdSDULmDfEkU%26adurl%3D&documentReferer=https%3A%2F%2Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fwww.spokesman.com&random=5312428883050&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.165.19 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.19.165.99.88.clients.your-server.de
Software: Apache /
Resource Hash: 570dfe41703eba6f0ed55845cc34e3b281f2eaf3991ec148914407103eb97c41

Request headers

Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2067
Content-Type: text/html; charset=utf-8
Date: Wed, 05 Oct 2022 17:26:47 GMT
Expires: Wed, 05 Oct 2022 18:26:47 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET e99aace94e6e5873830a7df8deda4aa6
pv.medialead.de/trck/eview/ Frame D59D 0
0

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame D59D 43 B
705 B 350ms
103ms Image
image/gif 92.123.17.141
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519595&v=14098&q=379097&r=296283&pref1=10246800099425704444640012103028&pv=1

Requested by

Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

92.123.17.141 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-17-141.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 17:26:47 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame D59D 43 B
702 B 351ms
105ms Image
image/gif 92.123.17.141
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2874697&v=22610&q=408799&r=296283&pref1=10246800099425704444640012103028&pv=1

Requested by

Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

92.123.17.141 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-17-141.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 05 Oct 2022 17:26:47 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 154 KB
52 KB 65ms
65ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WQTQTTW&l=MG2DL

Requested by

Host: g2insights-cdn.azureedge.net
URL: https://g2insights-cdn.azureedge.net/prod/spokesman/g2i.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c84d2aa4198e5e2d48681be491029110c10cf8ad9344bfdeddc2c74de3d370b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 17:26:47 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52747
x-xss-protection: 0
last-modified: Wed, 05 Oct 2022 16:43:07 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 05 Oct 2022 17:26:47 GMT

GET
H2 200 ai.0.js Show response
az416426.vo.msecnd.net/scripts/a/ 94 KB
22 KB 37ms
37ms Script
application/x-javascript 2606:2800:133:206e:1315:22a5:2006:24fd
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Requested by: Host: cdn.ayc0zsm69431gfebd.xyz
URL: https://cdn.ayc0zsm69431gfebd.xyz/prod/spokesman/t8y9347t.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CD6) /
Resource Hash: 5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 05 Oct 2022 17:26:47 GMT
content-encoding: gzip
x-ms-meta-lastmodified: 2020-10-01 19:31:04
content-md5: HdY95yzx9wIyQkVEGES+Ew==
age: 701
x-cache: HIT
content-length: 22495
x-ms-lease-status: unlocked
last-modified: Thu, 11 Mar 2021 07:46:59 GMT
server: ECAcc (frc/4CD6)
etag: 0x8D8E461DA1A5889
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: a8aeaec7-601e-0021-11de-d8cc0e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=1800
x-ms-version: 2009-09-19
expires: Wed, 05 Oct 2022 17:56:47 GMT

GET
H2 200 index.js Show response
cdn.czx5eyk0exbhwp43ya.biz/ 7 KB
3 KB 179ms
38ms Script
text/javascript 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.czx5eyk0exbhwp43ya.biz/index.js
Requested by: Host: cdn.ayc0zsm69431gfebd.xyz
URL: https://cdn.ayc0zsm69431gfebd.xyz/prod/spokesman/t8y9347t.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CBD) /
Resource Hash: 6941d870c4bac732a6ed7718c594a73cc27000379eaaf241c9e47d982e44f407

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 05 Oct 2022 17:26:47 GMT
content-encoding: gzip
content-md5: nynBpfvYghYqzIzsvfssRw==
age: 580524
x-cache: HIT
content-length: 2382
x-ms-lease-status: unlocked
last-modified: Fri, 17 Jun 2022 17:08:13 GMT
server: ECAcc (frc/4CBD)
etag: 0x8DA5083F65AD9E0
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
x-ms-request-id: 9c5f0b40-201e-0026-5298-d3bfa6000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19

GET
H2 200 SR__SPOKESMAN.json Show response
cdn.ayc0zsm69431gfebd.xyz/prod/data/spokesman/ 1 MB
1 MB 394ms
394ms Fetch
application/octet-stream 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ayc0zsm69431gfebd.xyz/prod/data/spokesman/SR__SPOKESMAN.json?_=1664990807666
Requested by: Host: cdn.ayc0zsm69431gfebd.xyz
URL: https://cdn.ayc0zsm69431gfebd.xyz/prod/spokesman/t8y9347t.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 452f22cc08aebf054ba1b12b89a89c947b3926ae4f14ae40977e166ff53b9b59

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: AppendBlob
date: Wed, 05 Oct 2022 17:26:47 GMT
last-modified: Fri, 30 Sep 2022 23:55:26 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-committed-block-count: 1
etag: 0x8DAA33F3F58696E
content-type: application/octet-stream
access-control-allow-origin: *
x-ms-request-id: 8410b32a-d01e-007f-19df-d83825000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,x-ms-blob-committed-block-count,Content-Length,Date,Transfer-Encoding
cache-control: no-cache
x-ms-version: 2009-09-19
content-length: 1458787

GET
H/1.1 200
OK ad_300_250.jpg
paywall-ad-bucket.s3.amazonaws.com/ 631 B
1 KB 477ms
161ms Image
image/jpeg 54.231.133.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paywall-ad-bucket.s3.amazonaws.com/ad_300_250.jpg
Requested by: Host: www.spokesman.com
URL: https://www.spokesman.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.231.133.137 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 0859f5f9bf49348ef81d01f953d520c10a2a857961ef1bfad4a7903609889de5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 17:26:49 GMT
Last-Modified: Tue, 15 Oct 2019 13:44:16 GMT
Server: AmazonS3
x-amz-request-id: SE11J9828YJZY5BN
ETag: "ef2cc7f55b7ab677b023e36033e26471"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 631
x-amz-id-2: VJJR24tM8AUERX7CaoXC3+OZRszAhi7ic9tlRgmZgOBBrS/Z7AXxRHYhciUxckPKOfVvkzr/WhA=
x-amz-meta-s3b-last-modified: 20191015T134358Z

GET
DATA 200
OK truncated
/ Frame 4807 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3ae3ab1492cf8fe1dae7efef5a64cec147831b76075d98a042c95586931b4683

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame B791 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 209a7ea0130f3ba6094350ccada860686d241a9525178bf3f2f0d9ae0c26532c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame D59D 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 54c158662fb77f3b1576d649acd4e721eded3f379820a1e6449a076c710c9aa0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.6.2/ Frame 4A49 89 KB
32 KB 129ms
40ms Script
text/javascript 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js

Requested by

Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request_content.php?s=21285700095016004444550012103012&a=96cc4dae

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900012.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Tue, 04 Oct 2022 08:08:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 119884
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32245
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Oct 2023 08:08:43 GMT

GET
H2

200

imgbanneraktion-728x90-1661866463961.jpg
a1.awin1.com/ads/awin/11601/ Frame 4A49
Redirect Chain

https://www.awin1.com/cshow.php?s=3202027&v=11601&q=357526&r=113440&pref1=21285700095016004444550012103012&pv=0
https://ui2.awin.com/ads/awin/11601/imgbanneraktion-728x90-1661866463961.jpg
https://a1.awin1.com/ads/awin/11601/imgbanneraktion-728x90-1661866463961.jpg

56 KB
56 KB

166ms
51ms

Image
image/jpeg

52.222.139.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a1.awin1.com/ads/awin/11601/imgbanneraktion-728x90-1661866463961.jpg
Requested by: Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request_content.php?s=21285700095016004444550012103012&a=96cc4dae
Protocol: H2
Server: 52.222.139.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-139-41.ams50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 77122445148cd33c1bc1d6c5ada95aa9953d4c574a003778700c2d9bf9d39907

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900012.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 00:40:27 GMT
x-amz-version-id: 7Wbwm1tdRd5v2jX4ZBCt9Ki9bsHrWcKR
via: 1.1 d8c5e23736c47a3e5184b0a78042898e.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS50-C1
age: 60382
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 57141
last-modified: Tue, 30 Aug 2022 13:34:25 GMT
server: AmazonS3
etag: "51bcefd6a4c401e2295592f089314e33"
content-type: image/jpeg
cache-control: max-age=43200
accept-ranges: bytes
x-amz-cf-id: 6IsROQl8xsrDEPZUW9pRZAXGxEAnLWd4wLD0x_TdJHmiig_vwGDvJw==

Redirect headers

location: https://a1.awin1.com/ads/awin/11601/imgbanneraktion-728x90-1661866463961.jpg
date: Wed, 05 Oct 2022 17:26:48 GMT
content-length: 0

GET
H2

200

imgbanneraktion-728x90-1661866463961.jpg
a1.awin1.com/ads/awin/11601/ Frame DA79
Redirect Chain

https://www.awin1.com/cshow.php?s=3202027&v=11601&q=357526&r=113440&pref1=18400000093881204444550012103018&pv=0
https://ui2.awin.com/ads/awin/11601/imgbanneraktion-728x90-1661866463961.jpg
https://a1.awin1.com/ads/awin/11601/imgbanneraktion-728x90-1661866463961.jpg

56 KB
56 KB

171ms
50ms

Image
image/jpeg

52.222.139.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a1.awin1.com/ads/awin/11601/imgbanneraktion-728x90-1661866463961.jpg
Requested by: Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=18400000093881204444550012103018&a=784e42c2
Protocol: H2
Server: 52.222.139.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-139-41.ams50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 77122445148cd33c1bc1d6c5ada95aa9953d4c574a003778700c2d9bf9d39907

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900018.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 00:40:27 GMT
x-amz-version-id: 7Wbwm1tdRd5v2jX4ZBCt9Ki9bsHrWcKR
via: 1.1 d8c5e23736c47a3e5184b0a78042898e.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS50-C1
age: 60382
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 57141
last-modified: Tue, 30 Aug 2022 13:34:25 GMT
server: AmazonS3
etag: "51bcefd6a4c401e2295592f089314e33"
content-type: image/jpeg
cache-control: max-age=43200
accept-ranges: bytes
x-amz-cf-id: POZDmTa6e7IiMbfc3mNjWLCgz3B7_uux0xWh74A0CMqoCe-gKcb5Bw==

Redirect headers

location: https://a1.awin1.com/ads/awin/11601/imgbanneraktion-728x90-1661866463961.jpg
date: Wed, 05 Oct 2022 17:26:48 GMT
content-length: 0

GET
H3 200 css
fonts.googleapis.com/ Frame 0BA4 1 KB
419 B 125ms
46ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request_content.php?s=10246800099425704444640012103028&a=47fc22c8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7f24d5e431e274a8d8c196752f7ab87ff9c636de1a7bc3d9c44729c1a87570a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900028.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 05 Oct 2022 17:26:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 05 Oct 2022 17:00:11 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 05 Oct 2022 17:26:47 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 0BA4 16 KB
16 KB 120ms
40ms Image
image/png 138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/pb_goldschmied_1200x627.jpg
Requested by: Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request_content.php?s=10246800099425704444640012103028&a=47fc22c8
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 Nagold, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: d7f4e885aac22043ffa6aac1809df28affb23f23ce5abfdb44ad09358ed291a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900028.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 17:26:47 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16465
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 0BA4 17 KB
17 KB 125ms
40ms Image
image/png 138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/3839/creativesup/father_daughter_1200x627.jpg
Requested by: Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request_content.php?s=10246800099425704444640012103028&a=47fc22c8
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 Nagold, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: d9cf9561789dca204c2975205114b37fdd97aa92f83535e560e2eebe9b4b549a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900028.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 17:26:47 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16857
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 0BA4 17 KB
17 KB 125ms
41ms Image
image/png 138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/59171/creativesup/vega-1200x627.jpg
Requested by: Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request_content.php?s=10246800099425704444640012103028&a=47fc22c8
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 Nagold, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 858ae4b28fc1227dc4bc3934bcc7fea20e1d737b32d0f6a2e571d7b666cc7768

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900028.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 17:26:47 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16817
Vary: Accept-Encoding
Content-Type: image/png

GET
H2

200

htlp Show response
futalis.de/ Frame AA42
Redirect Chain

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=89355200088708204444640012103009&ra_cnt_active=1&ra_cnt=1
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1622406773

350 B
409 B

193ms
44ms

Document
text/html

49.12.22.42
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1622406773
Requested by: Host: hal90009.redintelligence.net
URL: https://hal90009.redintelligence.net/request.php?zone=encwumjulb0v&nw=20&renderingType=javascript&namespace=1318f269a2&subid=&uid=e0296ce1c2bdb8d7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC8IqfVb49Y6SNKIql6wSmnpKoBpumgKJp1ZLqi84P8C4QASDDoPwBYJXSrIK0B8gBCakCFWYpWrahsD6oAwGqBJgCT9C9qSqu9RQpgSDo8MrnsQ0SJB4pBXUPSCgxKUncKX9Dv-wpkDS6f5DtcknEu1jxPb4tjiT6GZDQ11xWttAiyse6BNYrzEwkSM7JcxxlxU3axTWbT_Eu3WGxvWxvwXi8GueBMp54YeruJq_fC0zmYK9M7pI2x9YUZwFHMuVFihONfWhve7diLKEQxfN8rVNzxplz-G1RuqcR907Y7geM35Vnhh-CsLcPhI6ifpKqpzEQrmkTYFF0b5eoQ2jrW4lt4FOoaQfeiuYpBfLtChSrtfT4r0ukPJEvxzbqV54rcL3wfCmrxF92Uh8Z9DS5-Gv6b2RrUfOyIIMmtst-4ih94fXfayeQXF2H0sKVr5vugPf6Upv2cLBgeMAE0aLP1IAE4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgGYCwHICwGADAGwE5Go0Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoztSVctY6nukEGOwNbnke81Edjc4TdBWxQh1TyTU1eMSUETZKiQ%26sig%3DAOD64_0Y7c1ExoqRc9-WwDMa1wh_TA-2pw%26client%3Dca-pub-9779652122014728%26dbm_c%3DAKAmf-A3hH11qucAFQMO39rNy8sq0b5N38FObZ_bv4l4jl4AjjDlsY3vuw6vkIbQ67phnoRWf2YN6F-2F6iaIjtKUD-GIlURHIyZALbXbitY4QaQfOt7qm-n27YT_hwHPQFu8QZVZrhw0INH3OCNPNkBv52ajP4cFKekv_y0jMttpMXuQyzZln4%26cry%3D1%26dbm_d%3DAKAmf-CuTJCeGarzit_1-jwJZfxAxA_U0LcxjEpN1D4HZ8XHzvjB-h1MSbKMjFBDF6Jt9G6tHiPRVKXLcfwqaa95iB8aLEKL6qIQnpp1umzltmTNPn8DEk2qb_nN3ZX_s0vNoG9UPO4mu8zsavcYYPPc6jbFDcW6T9gZBn6wJl1lbh0O8z3Zu9c3M8n4kcNGmgtlPO-plMRcONOIEqrQuZg0mIJ7KqYJqUBPjLO9aVt9JwLl-cQY-Lc3VjfTEsaYuCbSvfhwTYDjJ0hk0IhHr1RjrEKgvi-1anM8_X__n7F-sxCmHABI-UaFg4RHdw1eVt11pqPIMrV98CPQUTTdL6E7CdFaof1BOOJD8uQ_olclg8kmbM4Rv4OPvzW_I-e2qqeoJn22-fx-AjzHh0tJyKAeX6INENiHPWAV73rZNGoVSBzH1NESwTYuGgYQWDQKYqmYEj_pc-FBNbQ1BmjL1kIsBYPhalQQ-K1ssOnEKIkvWgmJwHhYIfD2HzE_ZIeXzou_6RiCZVWvPoQCSWrgvhDpX7B8cAj9ARxBpVxugKDvPwRghVbUuI0%26adurl%3D&documentReferer=https%3A%2F%2Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fwww.spokesman.com&random=8439432972346&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 49.12.22.42 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: lb-3.futalis.de
Software: /
Resource Hash: 582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd

Request headers

Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 350
content-type: text/html; charset=utf-8

Redirect headers

content-length: 0
content-type: text/html; charset=utf-8
date: Wed, 05 Oct 2022 17:26:48 GMT
location: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1622406773
p3p: policyref="https://www.retailads.net//w3c/p3p.xml",CP="NOI CUR OUR STP"
server: Apache

GET
H2 403 / Show response
adv.office-partner.de/ Frame 9842 1 KB
728 B 254ms
48ms Document
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal90009.redintelligence.net
URL: https://hal90009.redintelligence.net/request.php?zone=encwumjulb0v&nw=20&renderingType=javascript&namespace=1318f269a2&subid=&uid=e0296ce1c2bdb8d7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC8IqfVb49Y6SNKIql6wSmnpKoBpumgKJp1ZLqi84P8C4QASDDoPwBYJXSrIK0B8gBCakCFWYpWrahsD6oAwGqBJgCT9C9qSqu9RQpgSDo8MrnsQ0SJB4pBXUPSCgxKUncKX9Dv-wpkDS6f5DtcknEu1jxPb4tjiT6GZDQ11xWttAiyse6BNYrzEwkSM7JcxxlxU3axTWbT_Eu3WGxvWxvwXi8GueBMp54YeruJq_fC0zmYK9M7pI2x9YUZwFHMuVFihONfWhve7diLKEQxfN8rVNzxplz-G1RuqcR907Y7geM35Vnhh-CsLcPhI6ifpKqpzEQrmkTYFF0b5eoQ2jrW4lt4FOoaQfeiuYpBfLtChSrtfT4r0ukPJEvxzbqV54rcL3wfCmrxF92Uh8Z9DS5-Gv6b2RrUfOyIIMmtst-4ih94fXfayeQXF2H0sKVr5vugPf6Upv2cLBgeMAE0aLP1IAE4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgGYCwHICwGADAGwE5Go0Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoztSVctY6nukEGOwNbnke81Edjc4TdBWxQh1TyTU1eMSUETZKiQ%26sig%3DAOD64_0Y7c1ExoqRc9-WwDMa1wh_TA-2pw%26client%3Dca-pub-9779652122014728%26dbm_c%3DAKAmf-A3hH11qucAFQMO39rNy8sq0b5N38FObZ_bv4l4jl4AjjDlsY3vuw6vkIbQ67phnoRWf2YN6F-2F6iaIjtKUD-GIlURHIyZALbXbitY4QaQfOt7qm-n27YT_hwHPQFu8QZVZrhw0INH3OCNPNkBv52ajP4cFKekv_y0jMttpMXuQyzZln4%26cry%3D1%26dbm_d%3DAKAmf-CuTJCeGarzit_1-jwJZfxAxA_U0LcxjEpN1D4HZ8XHzvjB-h1MSbKMjFBDF6Jt9G6tHiPRVKXLcfwqaa95iB8aLEKL6qIQnpp1umzltmTNPn8DEk2qb_nN3ZX_s0vNoG9UPO4mu8zsavcYYPPc6jbFDcW6T9gZBn6wJl1lbh0O8z3Zu9c3M8n4kcNGmgtlPO-plMRcONOIEqrQuZg0mIJ7KqYJqUBPjLO9aVt9JwLl-cQY-Lc3VjfTEsaYuCbSvfhwTYDjJ0hk0IhHr1RjrEKgvi-1anM8_X__n7F-sxCmHABI-UaFg4RHdw1eVt11pqPIMrV98CPQUTTdL6E7CdFaof1BOOJD8uQ_olclg8kmbM4Rv4OPvzW_I-e2qqeoJn22-fx-AjzHh0tJyKAeX6INENiHPWAV73rZNGoVSBzH1NESwTYuGgYQWDQKYqmYEj_pc-FBNbQ1BmjL1kIsBYPhalQQ-K1ssOnEKIkvWgmJwHhYIfD2HzE_ZIeXzou_6RiCZVWvPoQCSWrgvhDpX7B8cAj9ARxBpVxugKDvPwRghVbUuI0%26adurl%3D&documentReferer=https%3A%2F%2Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fwww.spokesman.com&random=8439432972346&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 1d2009e4aea51a8e6a0f6404f282d8948f473e26f80e45c7ed9bbb12e470d661

Request headers

Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html
date: Wed, 05 Oct 2022 17:26:48 GMT
etag: W/"5ca0a75f-59f"
server: keycdn-engine
x-edge-location: defr

GET
H2 200 link.html Show response
track.webgains.com/ Frame 74A2 2 KB
2 KB 276ms
90ms Script
text/html 3.11.195.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=89355200088708204444640012103009&nw=1
Requested by: Host: www.spokesman.com
URL: https://www.spokesman.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.11.195.34 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-11-195-34.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 7af6a731cd4553f7e92098f81f05651ce4c5eb1eb860da2126cb89110a2de29f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 17:26:48 GMT
last-modified: Wed, 05 Oct 2022 17:26:48 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Wed, 05 Oct 2022 17:27:48 GMT

GET
H3

200

activityi;dc_pre=COvFp43OyfoCFUXE5godkIICmQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6921589444593.454 Show response
8019191.fls.doubleclick.net/ Frame F93E
Redirect Chain

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6921589444593.454?
https://8019191.fls.doubleclick.net/activityi;dc_pre=COvFp43OyfoCFUXE5godkIICmQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6921589444593.454?

391 B
345 B

72ms
71ms

Document
text/html

172.217.18.6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8019191.fls.doubleclick.net/activityi;dc_pre=COvFp43OyfoCFUXE5godkIICmQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6921589444593.454?

Requested by

Host: www.spokesman.com
URL: https://www.spokesman.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.6 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f6.1e100.net

Software

cafe /

Resource Hash

94a4d4c605ada7d8ffe735feb1607007eff7e164a04d8bed360d89b816886a6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: gzip
content-length: 322
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 17:26:48 GMT
expires: Wed, 05 Oct 2022 17:26:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 17:26:47 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://8019191.fls.doubleclick.net/activityi;dc_pre=COvFp43OyfoCFUXE5godkIICmQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6921589444593.454?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal90009.redintelligence.net/ Frame 978D 7 KB
2 KB 125ms
39ms Document
text/html 138.201.63.149
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90009.redintelligence.net/request_content.php?s=89355200088708204444640012103009&a=bac1c318
Requested by: Host: hal90009.redintelligence.net
URL: https://hal90009.redintelligence.net/request.php?zone=encwumjulb0v&nw=20&renderingType=javascript&namespace=1318f269a2&subid=&uid=e0296ce1c2bdb8d7&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC8IqfVb49Y6SNKIql6wSmnpKoBpumgKJp1ZLqi84P8C4QASDDoPwBYJXSrIK0B8gBCakCFWYpWrahsD6oAwGqBJgCT9C9qSqu9RQpgSDo8MrnsQ0SJB4pBXUPSCgxKUncKX9Dv-wpkDS6f5DtcknEu1jxPb4tjiT6GZDQ11xWttAiyse6BNYrzEwkSM7JcxxlxU3axTWbT_Eu3WGxvWxvwXi8GueBMp54YeruJq_fC0zmYK9M7pI2x9YUZwFHMuVFihONfWhve7diLKEQxfN8rVNzxplz-G1RuqcR907Y7geM35Vnhh-CsLcPhI6ifpKqpzEQrmkTYFF0b5eoQ2jrW4lt4FOoaQfeiuYpBfLtChSrtfT4r0ukPJEvxzbqV54rcL3wfCmrxF92Uh8Z9DS5-Gv6b2RrUfOyIIMmtst-4ih94fXfayeQXF2H0sKVr5vugPf6Upv2cLBgeMAE0aLP1IAE4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBIIiOGAEBABGB0yA6qCAToCgECACgGYCwHICwGADAGwE5Go0Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASJ-RoztSVctY6nukEGOwNbnke81Edjc4TdBWxQh1TyTU1eMSUETZKiQ%26sig%3DAOD64_0Y7c1ExoqRc9-WwDMa1wh_TA-2pw%26client%3Dca-pub-9779652122014728%26dbm_c%3DAKAmf-A3hH11qucAFQMO39rNy8sq0b5N38FObZ_bv4l4jl4AjjDlsY3vuw6vkIbQ67phnoRWf2YN6F-2F6iaIjtKUD-GIlURHIyZALbXbitY4QaQfOt7qm-n27YT_hwHPQFu8QZVZrhw0INH3OCNPNkBv52ajP4cFKekv_y0jMttpMXuQyzZln4%26cry%3D1%26dbm_d%3DAKAmf-CuTJCeGarzit_1-jwJZfxAxA_U0LcxjEpN1D4HZ8XHzvjB-h1MSbKMjFBDF6Jt9G6tHiPRVKXLcfwqaa95iB8aLEKL6qIQnpp1umzltmTNPn8DEk2qb_nN3ZX_s0vNoG9UPO4mu8zsavcYYPPc6jbFDcW6T9gZBn6wJl1lbh0O8z3Zu9c3M8n4kcNGmgtlPO-plMRcONOIEqrQuZg0mIJ7KqYJqUBPjLO9aVt9JwLl-cQY-Lc3VjfTEsaYuCbSvfhwTYDjJ0hk0IhHr1RjrEKgvi-1anM8_X__n7F-sxCmHABI-UaFg4RHdw1eVt11pqPIMrV98CPQUTTdL6E7CdFaof1BOOJD8uQ_olclg8kmbM4Rv4OPvzW_I-e2qqeoJn22-fx-AjzHh0tJyKAeX6INENiHPWAV73rZNGoVSBzH1NESwTYuGgYQWDQKYqmYEj_pc-FBNbQ1BmjL1kIsBYPhalQQ-K1ssOnEKIkvWgmJwHhYIfD2HzE_ZIeXzou_6RiCZVWvPoQCSWrgvhDpX7B8cAj9ARxBpVxugKDvPwRghVbUuI0%26adurl%3D&documentReferer=https%3A%2F%2Ff9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fwww.spokesman.com&random=8439432972346&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.149 Nagold, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.149.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: ce7234da9000fc177c1166a7a65f5d9efaace6d8fc18d51fc7b40dcdb3705048

Request headers

Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2091
Content-Type: text/html; charset=utf-8
Date: Wed, 05 Oct 2022 17:26:47 GMT
Expires: Wed, 05 Oct 2022 18:26:47 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame 74A2 43 B
1 KB 217ms
47ms Image
image/gif 85.14.248.91
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?tc=ce02f64282534558b88ece024409f414

Requested by

Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

85.14.248.91 Kamp-Lintfort, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Date: Wed, 05 Oct 2022 17:26:47 GMT
X-Content-Type-Options: nosniff
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Mi, 05 Okt 2022 05:26:48 GMT
X-ET-Code: 0
Accept-CH: sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 1199
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900018.redintelligence.net/ Frame DA79 0
150 B 124ms
40ms Script
text/html 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900018.redintelligence.net/viewability?s=18400000093881204444550012103018&a=d6a2b366&vb=m
Requested by: Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=18400000093881204444550012103018&a=784e42c2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900018.redintelligence.net/request_content.php?s=18400000093881204444550012103018&a=784e42c2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 17:26:47 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame DA79 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7639 42 B
64 B 151ms
72ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu9vSRgK4POKC1B8Sg9U6gz5EN5_ngeDnEYUzljRwNv6lnHd4V6h4SWSHdAYDbwKDZD23-uDEeiENS_PaOrNPQRqIjzyaWSwaziGYmr7BgXi92j7Loj&sig=Cg0ArKJSzHFSQePdAqklEAE&id=lidar2&mcvt=1056&p=223,160,323,1440&mtos=1056,1056,1056,1056,1056&tos=1056,0,0,0,0&v=20221003&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=2404035854&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1664990806353&rpt=475&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 74A2 220 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8830bb8f67bb662ee45a102889ef5dc2f5905bf38a443da682215ab3cf591173

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 45ms
45ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=1524495148&t=pageview&_s=1&dl=https%3A%2F%2Fwww.spokesman.com%2F&ul=en-us&de=UTF-8&dt=The%20Spokesman-Review%20%7C%20Local%20News%2C%20Business%2C%20Entertainment%2C%20Sports%20%26%20Weather%20for%20Eastern%20Washington&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCDACEABBAAAAGACI~&jid=1067964385&gjid=505050756&cid=1564646249.1664990805&tid=UA-230256-42&_gid=1399729544.1664990805&_r=1&gtm=2wga30WQTQTTW&cd1=1664990807974.eqt5ayh&cd2=Not%20Set&cd5=Not%20Set&cd6=Not%20Set&cd7=Not%20Set&cd8=Not%20Set&cd9=Not%20Set&cd3=Not%20Set&cd4=Not%20Set&cd10=Not%20Set&cd11=Not%20Set&cd12=Not%20Set&cd13=Not%20Set&cd14=Not%20Set&cd15=Not%20Set&cd16=homepage&cd17=Not%20Set&cd18=Default&z=1081059921

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.spokesman.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WQTQTTW&l=MG2DL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 05 Oct 2022 17:15:57 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 651
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Wed, 05 Oct 2022 19:15:57 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 41ms
40ms Image
image/gif 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=1524495148&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.spokesman.com%2F&ul=en-us&de=UTF-8&dt=The%20Spokesman-Review%20%7C%20Local%20News%2C%20Business%2C%20Entertainment%2C%20Sports%20%26%20Weather%20for%20Eastern%20Washington&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=G2I.Connext&ea=MetaTagsCollected&el=Not%20Set&_u=aCDACEABBAAAAGACI~&jid=&gjid=&cid=1564646249.1664990805&tid=UA-230256-42&_gid=1399729544.1664990805&gtm=2wga30WQTQTTW&cd1=1664990807986.7yevzm0n&cd2=7f6c72289794755fb414001b02f1273b&cd5=Not%20Set&cd6=Not%20Set&cd7=Not%20Set&cd8=Not%20Set&cd9=Not%20Set&cd3=Not%20Set&cd4=Not%20Set&cd10=Not%20Set&cd11=Not%20Set&cd12=Not%20Set&cd13=Not%20Set&cd14=Not%20Set&cd15=Not%20Set&cd16=homepage&cd17=Not%20Set&cd18=Default&z=76558346

Requested by

Host: www.spokesman.com
URL: https://www.spokesman.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 14:47:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 9552
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dc_pre=CMqinI3OyfoCFQ5rFQgdtX0IuA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=867838597139.0768
adservice.google.com/ddm/fls/z/ Frame 3997 42 B
63 B 158ms
81ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CMqinI3OyfoCFQ5rFQgdtX0IuA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=867838597139.0768

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CMqinI3OyfoCFQ5rFQgdtX0IuA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=867838597139.0768?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dc_pre=CPypnI3OyfoCFZlWFQgdmcwJfA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6295717159827.03
adservice.google.com/ddm/fls/z/ Frame 297E 42 B
63 B 143ms
82ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CPypnI3OyfoCFZlWFQgdmcwJfA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6295717159827.03

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CPypnI3OyfoCFZlWFQgdmcwJfA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6295717159827.03?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dc_pre=CIuonI3OyfoCFT9EFQgdNAMFrg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7679962268217.612
adservice.google.com/ddm/fls/z/ Frame F650 42 B
63 B 119ms
77ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CIuonI3OyfoCFT9EFQgdNAMFrg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7679962268217.612

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CIuonI3OyfoCFT9EFQgdNAMFrg;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7679962268217.612?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5B7C 42 B
64 B 72ms
71ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvJnd78m_bGkukI1Jh2yTBqYmFEMfXEJlfW0m6giaKChgRj-VGDFm4cbATSrfMIZ87dzOG3OjCzM0lk0TCYGZUGKf91k0aPYpWpHSlqbTOgCIosvkbV&sig=Cg0ArKJSzO5ZgleNW49MEAE&id=lidar2&mcvt=1088&p=340,1220,590,1520&mtos=1088,1088,1088,1088,1088&tos=1088,0,0,0,0&v=20221003&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=3725654123&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1664990806398&rpt=511&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900028.redintelligence.net/ Frame 0BA4 0
150 B 127ms
40ms Script
text/html 88.99.165.19
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900028.redintelligence.net/viewability?s=10246800099425704444640012103028&a=6c2db22c&vb=m
Requested by: Host: hal900028.redintelligence.net
URL: https://hal900028.redintelligence.net/request_content.php?s=10246800099425704444640012103028&a=47fc22c8
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.165.19 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.19.165.99.88.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900028.redintelligence.net/request_content.php?s=10246800099425704444640012103028&a=47fc22c8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 17:26:48 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 css
fonts.googleapis.com/ Frame 978D 1 KB
419 B 46ms
45ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal90009.redintelligence.net
URL: https://hal90009.redintelligence.net/request_content.php?s=89355200088708204444640012103009&a=bac1c318

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7f24d5e431e274a8d8c196752f7ab87ff9c636de1a7bc3d9c44729c1a87570a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90009.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 05 Oct 2022 17:26:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 05 Oct 2022 16:39:13 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 05 Oct 2022 17:26:48 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 978D 13 KB
13 KB 120ms
39ms Image
image/png 138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/55487/creativesup/1200x627.jpg
Requested by: Host: hal90009.redintelligence.net
URL: https://hal90009.redintelligence.net/request_content.php?s=89355200088708204444640012103009&a=bac1c318
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 Nagold, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: c3aac23d0062012638c8dc4eda0ac96ffa5b8f9453511f67c3a13f5b8df04a44

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90009.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 17:26:48 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 12988
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 978D 16 KB
16 KB 119ms
41ms Image
image/png 138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal90009.redintelligence.net
URL: https://hal90009.redintelligence.net/request_content.php?s=89355200088708204444640012103009&a=bac1c318
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 Nagold, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: a185a1c5ee5d4704e3939a3b7f2bc22f1541fe43f30d694b686fce0c22e5141c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90009.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 17:26:48 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16531
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 978D 18 KB
18 KB 118ms
40ms Image
image/png 138.201.63.117
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/44904/creativesup/Generic_TakkoFashion-1200x627-KW31.jpg
Requested by: Host: hal90009.redintelligence.net
URL: https://hal90009.redintelligence.net/request_content.php?s=89355200088708204444640012103009&a=bac1c318
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.117 Nagold, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.117.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 2dc7c0bfb91165e70a600e13cb0bdc8bd64e02ea563d3c38c29ce7ea22e79690

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90009.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 17:26:48 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 17770
Vary: Accept-Encoding
Content-Type: image/png

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
22 B 145ms
47ms XHR
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-230256-42&cid=1564646249.1664990805&jid=1067964385&gjid=505050756&_gid=1399729544.1664990805&_u=aCDACEABBAAAAGACI~&z=1042209599

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 05 Oct 2022 17:26:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.spokesman.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900012.redintelligence.net/ Frame 4A49 0
150 B 119ms
40ms Script
text/html 94.130.102.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900012.redintelligence.net/viewability?s=21285700095016004444550012103012&a=a730fa10&vb=m
Requested by: Host: hal900012.redintelligence.net
URL: https://hal900012.redintelligence.net/request_content.php?s=21285700095016004444550012103012&a=96cc4dae
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 94.130.102.164 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.102.130.94.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900012.redintelligence.net/request_content.php?s=21285700095016004444550012103012&a=96cc4dae
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 17:26:48 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 4A49 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 dc_pre=COvFp43OyfoCFUXE5godkIICmQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6921589444593.454
adservice.google.com/ddm/fls/z/ Frame F93E 42 B
63 B 75ms
75ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=COvFp43OyfoCFUXE5godkIICmQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6921589444593.454

Requested by

Host: 8019191.fls.doubleclick.net
URL: https://8019191.fls.doubleclick.net/activityi;dc_pre=COvFp43OyfoCFUXE5godkIICmQ;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6921589444593.454?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8019191.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal90009.redintelligence.net/ Frame 978D 0
150 B 118ms
40ms Script
text/html 138.201.63.149
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90009.redintelligence.net/viewability?s=89355200088708204444640012103009&a=7e97c098&vb=m
Requested by: Host: hal90009.redintelligence.net
URL: https://hal90009.redintelligence.net/request_content.php?s=89355200088708204444640012103009&a=bac1c318
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.149 Nagold, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.149.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90009.redintelligence.net/request_content.php?s=89355200088708204444640012103009&a=bac1c318
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Date: Wed, 05 Oct 2022 17:26:48 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7637 0
20 B 75ms
74ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bi-xmVr49Y_rKLfSS9u8P986H4AkAAAAAOAHgBAI&bg=!r6ylrOjNAAYQgTJdMIE7ACkAdvg8WiG6HvqJumDO1-0HRN1VFITgNyV9S8KGLzJd51ObB0x23m0XoQIAAAMBUgAAAANoAQcKAAqJfX_BTwUnyjVdmQLwGtSMqytAd19EXy7aZz6w5AuI7MEsDM-DIiyP9_rSYcJeyQYyKYtdb0gqiWMRQ4rwAz90ml62eXqkZ37tjAngpKHVKb-m5ZfV92gfAGobDIVVFDaJ_s0bM4iWAOzHwthTDNGGDtSWTa-pUrKLu8cO0biL-fXJPlNRcKVIuxXVjNLoWPNnZVHnA47l_QunOP9G0yL-AIVOQhGUWGhcD-rlr5PrZhJBBxhVlzFW741tBI9SrbKI_CzVAefukaCCqWNipupsINhFbmEWTOrCeVlLP6uwH6WdA7VlvJ06FYFM4C8XWlLVv9glJTb1GJ4Rtvm-9Du7BLj-ze2D5VoZ231Op_2h_M9Eougp57iQ8vT6vpfDf-rmXInCJXCzsnbSFS2M4NnlPOHLQOfM72Ce7PlvGsmVDg7mcnMfKaJpEociPk7GVdf6gLn2feohqEEiLAohigtjp74LCCa8J-EU0dd6SwYdoiajvh556ekufdltWsT2VZtqn0Ftwlk5NBIvbRCvlPLy5z2MEPA4Uoq2YR5g2gypLKmmXi1phybV3PUp47UhearNEUCpQCW81udqCs0KLmLwHIgHD3XAjuIziIfKMV1pPb1zWKuWLr30eno_p8NK6uYkZjoYCEpHfkz9lvL7p3Z8OntkkYsrpqOXJNC_ljfk7movNoiYZGr0joabUUSTiPcqfnB3j64Jupm98IeKg2jM7Vlogr2qcq53--azRbFTke0FfaNhBnQ7U82RwbaRpYTZJ1422CW7bLgDQrAeD3TARoa8d5ioC4EOjCuhAR8BQDRl2cQnADMxhk8UZisqWrkksbP1bxKw3ZA17dxZRg2GhXzTmH1ZRwtI_Z-3rifQe25xap-YO9wdgPLR-8nl0hNOFsVhgOWrVPQI-JzaKEZ3pKHgvUwR0EwZGXGt_KsbBEnnDFixCdY93KdDomd3R_o39_19T38Id4FHE5PjXzOStMjOfHdnUDReeEE0P5K0eFNmPzhz6cSR9XqpFgo

Requested by

Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2E27 0
20 B 75ms
75ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BpCe9Vr49Y47cLf-99u8Pz--coAUAAAAAOAHgBAI&bg=!kJOlk9fNAAYQgTJdMIE7ACkAdvg8Ws0sdpsBC4q78IQcPEQZasaeu6sTnh1rz9MD5UFasel7akgX-wIAAALvUgAAAAJoAQcKAAKySJkC7WikQDW6d0M8XEMEvSl25hAIS8Fpf6RUqetFRtOQ1nWYtBUA9KnjsAr8lzw1T5HlNs5qvdp9w9hXiXGl1v-uzURhCYGXZStPl96DTua-pIqwooxjsoqfUNLhQHe3_w4adookfW_8yp8ZweHeZxfkyaD5GbzJqQ22Pho7ywdhtcQhESCRTv4VRVCTpWEWUe5I4kRIPImwcI8SWHaRN789_BbUt3J1jKRGOJPdTCpWpKWgPcD3p4JgPbWpCQVKEQf5WQLovk9vd6mD-YMFTYCV3SkbuBFUz6rNtlaiNrRUyMsZIRbhR5Gx8dRGTw6TWMPsq2qqerI8lrVYuS5QaycJDpmeqKUFE2Z3VVFZWJLiYeFVRJKHMGjw13HRbeDVLcpvcksZd0J0tDM7nCjmFX5UdoKZ_b356RincKta1d6W_AxA6Y7lpWocLcddSdMJsLN0vw-KKpom7Q2bAr_n1DYy65OO7PvjHUe-cx2fhmR8eOZH4EA6kDbea6HS4fVaL8yxgWwDQlOwo3WtxHd2e15quIQT40UcB7V9fYn46dW9mP7I3xCJRgq3iIjI5tlUKWTIaFbKcUBed04wjQ4RC2PmZXf5GAATF7rX5fE8dq8IWPQv3Pf7u9q_sgwJTWQGKx9Y4Qzsw_udUz9RMMFFFpZxrhYEMoNKjqOQRxkJ1s9eQU7gONQ3gOY2nCnIIHwjAawwdA-YrhC8vWyFvSXDfQ5eX-R79tEbiQDB10bGNnnZ0m8PQkXnq59YF-LDFiNCcxrxXMeiute7xE1b7Sq7MC-6hC3_WcFElI79B213zpo5ZM8PDBkc3bdx9yme0iHOdLv_O7-b4xN7k84cIm5PQlBRMOFRO98gJUUaAX1wo4UkKu2OKAwbk2Kaa6GKf61pUcHqoenS8UhhobU8yqtlfYfFEVRfRhlgVpZAQggP0QzRwqP7XuyDKZ_128rWQjp3RMMxT77rCvHXI7W482fJEKgjZDjhTV9IcylIdGT6Uyiz

Requested by

Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 172C 0
20 B 77ms
76ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BkStRVr49Y-_FK_q59u8PxPajyAgAAAAAOAHgBAI&bg=!BwSlBEDNAAYQgTJdMIE7ACkAdvg8Wvo0z1yj1rILNLmwWPlefWi3S2lRpz4uUvXG7mm1hLwbK17QYAIAAAMiUgAAAAJoAQcKAFJGNBSWOIWXDy4H4EuVFCJ6w3RtQ2upU-2QR9V-8LF4ozglPmhD3zop-sis9T0zJ7uFOQ80jIvhe2mje27QXyiGY0-E1kTb_m31YDzrZvim5fCUmQLqVC7m7AHGjUzF3iCRNpjfUrVTHZHkkfAEvMcMOGpBCyE--c5lANXJ-MLHVeyIFW-feOsa_a68oSiOIXMLpmB35b0W9Q3DOJZJ2XNB2KU0hti-op9YGgMA8IuzW7PZS2kZNBkni3Ncn9eDYNVdaBuMOaM5ZSXcFfIOm4An104acw20sFILJi0qGKfHHkglKfKlX2RYyD5-mi93a39iRIvrT0VSDSmv7QK_vmXdNtKH5c9jjDMUotzY6QqVVkmhb30MeGp1G8udXwSyn0gsHrFeKku2gdMChmr8C6VbPFe6KOjWeozs_9XYBLYawhpPZJGpYvphEfMC6jU4Xp6nWvHGPamLQh4yFoCITIljsxyMWzOdrzqibmLPj7VywJl6Au39vzHPhf6PVF1jC_30HkSYzEm0AhPgM8d_4xnpiW8j9qujfgg9iyXA4XPf6eY1nhud3fYKmYTlbuRP-Q8xxXiirrrKxTol5pxo3bvdwUMNT8KXqk5XV_cA8waFzeuI_Sev6FG7CF0mMEEFWhgMChmZUPlZ2w8UCGgKvANz3cjpL6W3wW6Q57XKvZQOkrjLNl7dVdRLQ05_14RBbuKdg14_7IBVoHKVl5RFkJxpTHRtaxZ31pZofEWLqdPhYbr5_OqmUQ1-RJUtaQqAPfeLRuDmcocvE1tV_oLnM79BbXcXThblGUtYQmn0IC5DaFNU3fyNG_F4VWyRm9tdu0aurlj7DVufR0OeunN4RYsFZYxsMZqJrENyU767uZE9f1Ab7vbHmS3Hzh4DmS3ePz72mXUEqKNUYplmQAfscTDpeRc5KvAtpcnIxmuWnm1-zRa2b_-xjYhwv4w_0F8phxVFSa7hbmk4QlYFRtTFE8lPGBDjvqJPJ6KCxms_9Js6-xtlg9TahUIDCqge7anwhGVZAEM7fUo0ipzYHPkGFFHVZ9HY_eFXfRoNB_zOClgALU0EjJgeAiwGFPEr-lVmHwR540yybWUZpGS7PGwIqpI

Requested by

Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 74A2 85 KB
31 KB 163ms
44ms Script
application/javascript 18.66.147.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=89355200088708204444640012103009&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-98.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5f0e58e4c8d23cb8d1453aa9d362f102a4676085ab517acfd34aba74f982d3db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 15:27:46 GMT
content-encoding: gzip
via: 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront)
last-modified: Thu, 29 Sep 2022 15:27:30 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 7143
etag: W/"faa933973c404f8cfedacd4b67a60b85"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: AuXxm6DtUchetlNN-WhB7oc193r9qDO2rKutxrZZKZjkyhxODEawWA==

GET
H2 200 1x1_0.png
cdn.track.production.webgains.team/7121/ Frame 74A2 3 KB
3 KB 125ms
37ms Image
image/png 18.66.147.44
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1_0.png?Expires=1664991108&Signature=lxYJj11Y-CxhEOmB6t2bUqLuNSv5911c6I9gHf0oZaxI2bz7r09OPHDAkQ4JX0JPUBA1w48wffu~05LPwm4xJIeDaaRAaDad841x5IXkmgNnPlVSF39BTQ00YHgclB6Vddc-yzyLo0WQ13JEC6~BSBNvwfYH4hs6SixNj98k-TElBY2V-sEBkltY-c6bunWq8QjawyiVg6hQWRiUE7FyIYZCVOO6h3SPXQYiyaOkggzgk0WHCIs91zhEFHccBrenungkrkdJXyGnij~7cLHfr6ZnmtJuQRj0ZF-TPzmIm1fsztIvN5mrJTbJMrcnhlAFXIQWaUuJG~EWW67a5ktq9A__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-44.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-amz-version-id: null
date: Wed, 05 Oct 2022 07:05:27 GMT
via: 1.1 da392114e7046bd9720a70f40c796f62.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 75876
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: 8SjCeKUIlacK9fTaGpQcV9SSOw_0umxZ3nkyVlrKiTCbRTPWdp6AUg==

GET
H2 200 ts.js Show response
cdn.retailads.net/ Frame AA42 5 KB
5 KB 37ms
37ms Script
application/javascript 2a01:4f8:d0a:2321::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.retailads.net/ts.js
Requested by: Host: futalis.de
URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=1622406773
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 2a01:4f8:d0a:2321::2 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: Apache /
Resource Hash: c45a84e5e0ff6ed83afd426788be38a5cbc442dc6cce4631bfd5c22fdd1fc8df

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://futalis.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 17:26:48 GMT
last-modified: Fri, 21 Jan 2022 14:35:51 GMT
server: Apache
accept-ranges: bytes
etag: "14aa-5d6188919baaa"
content-length: 5290
content-type: application/javascript

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BFA6 0
20 B 74ms
74ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BLwIRVr49Y77QNtTl7_UP1-yy4AgAAAAAOAHgBAI&bg=!-fql-r7NAAYQgTJdMIE7ACkAdvg8WlDGXVm2yfY4sWtIu7IULtK2cavVKnBdhwLJ8DX5ZEG9vZ7gUgIAAAMXUgAAAANoAQeZAvP2XRruXLWDpQiLZhdA3pqQxG_XziIUCIERAg7sYmrU_iDIgM2umE1XZ1ixvDohYo-DMo0W-qqFgzNWFcPSu5ccteYDZhD6PTgHvdgOy4698n9iQHbKjuRfmQyqAldJCWahOhKMVQZFrg19VoUQlk8wOvdtouSXDR2zhx4Wg6fr3q8H6EoaikY9jpBfjTxKwArjvTmhsApoHmMBi4XC9zgRl9268RCCedTK1wp17qz2PeGLMxsFAFj9uOh_y-9kRJ6OUmjksxq4YKkCVJCMCs5dTLY-KwJV_nukIfOEte2kv2FZUDkbIEe9odoxBAG4O1paSVoIYAhgAHmu3ntY730cQfwp_Y7-ltS3_oX-cidZ_Q7Ev3FSExW0wSFBch3Rsyc1uF_Q8vOQ1wTOHvQ8v6MX0sHDidIgb6qos34bFdKs0hCK3GQ-34vQ5HHPIFe7a888iAf8xva-ObvfFo5pS_nZeWlnI6IjK-oaeDKKKfrDJKLbsFDxwAMx01T5nyGF0vzX2BOsZHa8IJY6xy0FlafpGfNfeM0hIwslObrA5zPEIjLE8Unw3A7NVL7tv6jfvFOMT9ho7EELcpyhg1eYN-v1LLXfo30rQqwlUzJQGT0PTVRX4qGTZ8nRQ70Kez3AktrRQjDvvit2dKHHscj9qerIO7okRJbAEMDEkX0OuB6SCickK2gEhssADeCW5lR-sJEW3yprNBE70M1QYj07LFGjHbcsRhPLXX196tUOc2mV3I15koaZFeA4Ukk634vPGNZs1nbO0O9EFSJ7_o-0ie_gfYqR5CervsdPMZ9VGnY4F762DGf2AWfqIWdJo1OGClph7zeyQ-3qwvKjz74KDe9dzKkbQ3hv6tEG43KzVFnr5580X6rVn9ENojXd9W3T1pF_gEVPjFKpqDXGC0kZH_A652djhKWApOsfy0pv7_S09EVadg_t1eMEGII-ilDIDFaTQr8UFVJNA_RwYc9wWf3ViCoSH1Zo53lNneQwAQjX0HmlJA

Requested by

Host: f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
URL: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 05 Oct 2022 17:26:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 74A2 16 B
232 B 115ms
115ms Fetch
application/json 18.135.86.50

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.135.86.50 -, , ASN (),

Reverse DNS

Software

nginx / PHP/7.4.26

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 05 Oct 2022 17:26:49 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.26
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 445ms
45ms Preflight 18.135.86.50

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.135.86.50 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Wed, 05 Oct 2022 17:26:49 GMT
server: nginx

GET views
prod-spokesman-proxy-connext.azurewebsites.net/api/ 0
0

OPTIONS views
prod-spokesman-proxy-connext.azurewebsites.net/api/ Frame 0
0

GET
H2 200 index.js Show response
cdn.czx5eyk0exbhwp43ya.biz/ 7 KB
2 KB 37ms
37ms Script
text/javascript 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.czx5eyk0exbhwp43ya.biz/index.js
Requested by: Host: cdn.ayc0zsm69431gfebd.xyz
URL: https://cdn.ayc0zsm69431gfebd.xyz/prod/spokesman/t8y9347t.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CBD) /
Resource Hash: 6941d870c4bac732a6ed7718c594a73cc27000379eaaf241c9e47d982e44f407

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 05 Oct 2022 17:26:51 GMT
content-encoding: gzip
content-md5: nynBpfvYghYqzIzsvfssRw==
age: 580528
x-cache: HIT
content-length: 2382
x-ms-lease-status: unlocked
last-modified: Fri, 17 Jun 2022 17:08:13 GMT
server: ECAcc (frc/4CBD)
etag: 0x8DA5083F65AD9E0
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
x-ms-request-id: 9c5f0b40-201e-0026-5298-d3bfa6000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pv.medialead.de
URL: https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=10246800099425704444640012103028&t=htlp

Domain: pv.medialead.de
URL: https://pv.medialead.de/trck/eview/e99aace94e6e5873830a7df8deda4aa6?subid=10246800099425704444640012103028

Domain: prod-spokesman-proxy-connext.azurewebsites.net
URL: https://prod-spokesman-proxy-connext.azurewebsites.net/api/views?UserId=7f6c72289794755fb414001b02f1273b&ConfigCode=SPOKESMAN&SiteCode=SR

Domain: prod-spokesman-proxy-connext.azurewebsites.net
URL: https://prod-spokesman-proxy-connext.azurewebsites.net/api/views?UserId=7f6c72289794755fb414001b02f1273b&ConfigCode=SPOKESMAN&SiteCode=SR

Verdicts & Comments Add Verdict or Comment

121 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

30 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.pyplusersafe.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 18263c7e0f95bc1f8c4851e8fe46101f
.spokesman.com/	1970-01-20 16:05:50	Name: _ga_G3BY0LGVDL Value: GS1.1.1664990804.1.0.1664990804.0.0.0
.spokesman.com/	1970-01-20 16:05:50	Name: _ga Value: GA1.2.1564646249.1664990805
.spokesman.com/	1970-01-20 06:31:17	Name: _gid Value: GA1.2.1399729544.1664990805
.spokesman.com/	1970-01-20 06:29:50	Name: _dc_gtm_UA-230256-14 Value: 1
.spokesman.com/	1970-01-20 06:29:52	Name: _sp_ses.53c5 Value: *
h.cloudengage.com/	1970-01-20 06:39:55	Name: AWSALBTGCORS Value: AeaaBDBGAqPcRzrc7FGSa/4iol18+HQjLwluISWqqbQdegAlz1BsoZGwl7vFPfve8VHwKbqww7AKSy819uwLCGmF3Vw+AV0gpYpGDneqBXzapPnEbcygNx5jv54GOYu9FtxEXk3D+asITdigWxvICJBtST9hFj6YkGSkyAa6GFqQyeyw3UI=
.spokesman.com/	1970-01-20 15:51:26	Name: __gads Value: ID=6cfdb994b260879e-22cd4c673ace009d:T=1664990805:S=ALNI_MbslbiaYptivfKMKSQyiLHLbNACWQ
.spokesman.com/	1970-01-20 16:05:50	Name: _sp_id.53c5 Value: 498c985d-d08b-4d5c-8f28-32b10ba9b678.1664990805.1.1664990806.1664990805
.doubleclick.net/	1970-01-20 15:51:26	Name: IDE Value: AHWqTUllmAuTnJNU11Ux10POt50cZbGFY565Lko7hx6Po9tZzwBxLa1958Qd8BXe4Cw
www.spokesman.com/	1970-01-20 15:15:26	Name: ai_user Value: jgu7T\|2022-10-05T17:26:46.877Z
.adnxs.com/	1970-01-20 08:39:26	Name: uuid2 Value: 1194091627225004981
.casalemedia.com/	1970-01-20 15:15:26	Name: CMID Value: Yz2.Vx.QEXTgafgTu6zb.wAA
.casalemedia.com/	1970-01-20 08:39:26	Name: CMPS Value: 1136
.casalemedia.com/	1970-01-20 08:39:26	Name: CMPRO Value: 1136
.adnxs.com/	1970-01-20 08:39:26	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GVUpQ.9H!]tbPl1M>e)ZlrFUfJ+tGXvX+F@t)TAf'CX<`wa<9!1%EJ**8QX^Y7gmj)2h3If)y3KL9D3I?+q@^ugw
.casalemedia.com/	1970-01-20 08:39:26	Name: CMTS Value: 5249
.redintelligence.net/	1970-01-20 08:39:26	Name: 8lcfmzhxc8d6_uid Value: 18ff94d9c18e3a6e
.spokesman.com/	1970-01-20 16:05:50	Name: anonDeviceId Value: 7f6c72289794755fb414001b02f1273b
.awin1.com/	1970-01-20 06:39:55	Name: awpv14098 Value: 296283\|1664990807\|e41c6340-44d2-11ed-85db-22335d251430
.awin1.com/	1970-01-20 06:32:43	Name: awpv22610 Value: 296283\|1664990807\|e41cd870-44d2-11ed-bf79-22313f494a88
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 357526:3202027
.awin1.com/	1970-01-20 06:31:17	Name: awpv11601 Value: 113440\|1664990807\|e41d4da0-44d2-11ed-96b9-2237162cbb98
.spokesman.com/	1970-01-20 06:29:50	Name: _gat_UA-230256-42 Value: 1
.retailads.net/	1970-01-20 07:13:02	Name: ppb2172 Value: 1622406773
m.exactag.com/	1970-01-20 08:39:26	Name: exactag_new_gk Value: 26f6dde56e5041c3a67854d5478496b8%7c04.12.2022+17%3a26%3a48
m.exactag.com/	1970-01-20 10:49:02	Name: exactag_new_uk Value: 5b6034d652064761a11c0be095f3c929%7c
m.exactag.com/	1969-12-31 23:59:59	Name: session_session Value: 385ff005fa9e49adb324c649
www.spokesman.com/	1970-01-20 06:29:52	Name: ai_session Value: vESoz\|1664990808271.4\|1664990808271.4
.futalis.de/	1970-01-20 07:56:14	Name: raSIDb Value: 1622406773

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js(Line 9) Message: Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
other	warning	URL: https://cdn.ampproject.org/rtv/012209142312000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
network	error	URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5994599.fls.doubleclick.net
8019191.fls.doubleclick.net
a1.awin1.com
adservice.google.com
adservice.google.de
adv.office-partner.de
ajax.googleapis.com
analytics.webgains.io
api-mg2.db-ip.com
api.webgains.io
az416426.vo.msecnd.net
cdn.ampproject.org
cdn.ayc0zsm69431gfebd.xyz
cdn.czx5eyk0exbhwp43ya.biz
cdn.retailads.net
cdn.sbgsodufuosmmvsdf.info
cdn.track.production.webgains.team
cm.g.doubleclick.net
dsum-sec.casalemedia.com
f9be22821b5c1f89e3cbd15b320a349f.safeframe.googlesyndication.com
fonts.googleapis.com
fonts.gstatic.com
fp-cdn.azureedge.net
futalis.de
g2insights-cdn.azureedge.net
googleads.g.doubleclick.net
h.cloudengage.com
hal9000.redintelligence.net
hal900012.redintelligence.net
hal900018.redintelligence.net
hal900028.redintelligence.net
hal90009.redintelligence.net
ib.adnxs.com
js.matheranalytics.com
loader-cdn.azureedge.net
m.exactag.com
media.spokesman.com
pagead2.googlesyndication.com
paywall-ad-bucket.s3.amazonaws.com
polyfill.io
prod-spokesman-proxy-connext.azurewebsites.net
pv.medialead.de
region1.google-analytics.com
securepubads.g.doubleclick.net
spokesman.com
static.spokesman.com
stats.g.doubleclick.net
thumb.spokesman.com
tpc.googlesyndication.com
track.webgains.com
ui2.awin.com
www.awin1.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.i.matheranalytics.com
www.pyplusersafe.com
www.spokesman.com
prod-spokesman-proxy-connext.azurewebsites.net
pv.medialead.de
104.26.5.15
107.178.250.234
138.201.63.117
138.201.63.149
142.251.39.66
144.76.91.199
172.217.18.6
18.135.86.50
18.66.147.44
18.66.147.98
185.80.39.216
185.89.210.46
199.188.205.64
2001:4860:4802:32::36
2600:9000:223c:fa00:0:b5fb:e6c0:93a1
2600:9000:223e:7600:2:4597:5e80:93a1
2600:9000:223e:ae00:1e:dc88:cb00:93a1
2600:9000:2250:4a00:13:3ce1:5800:93a1
2600:9000:2250:9400:18:730a:3f00:93a1
2606:2800:133:206e:1315:22a5:2006:24fd
2606:2800:233:1cb7:261b:1f9c:2074:3c
2a00:1450:4001:806::200a
2a00:1450:4001:80f::2002
2a00:1450:4001:812::200a
2a00:1450:4001:827::2003
2a00:1450:4001:829::2002
2a00:1450:4001:82a::200e
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::2008
2a00:1450:400c:c00::9c
2a00:1450:400d:806::2001
2a00:1450:400d:807::2001
2a00:1450:400d:807::2002
2a00:1450:400d:80a::2001
2a00:1450:400d:80a::2004
2a00:1450:400d:80c::2002
2a00:1450:400d:80e::2002
2a01:4f8:d0a:2321::2
2a04:4e42:a00::282
2a0b:4d07:102::1
3.11.195.34
3.219.38.131
49.12.22.42
52.222.139.41
54.218.91.113
54.231.133.137
85.14.248.91
88.99.165.19
92.123.17.141
94.130.102.164
95.101.23.184
0550561bc5248593e8486b189f6a222aa91a2081e5b0b1fbee69869b31015068
07d28cffbf7864901470c6f8f49c4c52fd9f693596a9f4dd4c22da19e97ce174
0859f5f9bf49348ef81d01f953d520c10a2a857961ef1bfad4a7903609889de5
0888431df272a1593635c4157066af8273ff10d89aa6d50c723463f7dd72902a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0f6c0dbcaf88a35fc2b45ddb62ae6824b1a53bad764a305876df47f0eed5a724
103336c754fde9c2c7fc565bc5385b94409c0d5480cd8564c25f18f6cced5a85
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1af4562d18d693835bcd6d0af22bb439748a1b02e31e589dbdf9bd1d8bf6315b
1d2009e4aea51a8e6a0f6404f282d8948f473e26f80e45c7ed9bbb12e470d661
209a7ea0130f3ba6094350ccada860686d241a9525178bf3f2f0d9ae0c26532c
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98
23f308e71aaffdd7fff1950313065841bca9ad63540e07a4978984251a067533
25ae07afb30f4156fa035a5ffc7f14945c8863ef79772f062d3d04fd97c25391
2dc7c0bfb91165e70a600e13cb0bdc8bd64e02ea563d3c38c29ce7ea22e79690
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
315f0da30ec4e05e267477892da301896020a014dc73173a73175c468d069542
32c86d3116e89cb6ec9b89c61273bc15611e11e21f3cdf503ee49baaa6a775c4
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3973caca10e2c08ee9c73991340be3a2f59bda3a36624eb7f978b4e93f376201
3ae3ab1492cf8fe1dae7efef5a64cec147831b76075d98a042c95586931b4683
44c448205f15c4f82a4dfe267d5a2efac45224543d44a7c073b167813d449fce
452f22cc08aebf054ba1b12b89a89c947b3926ae4f14ae40977e166ff53b9b59
4a360cc63f6efbf32adba73f248924ae14f975270a408094a822b46ca71abd99
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e
52f2de276addcda9caef66a9b142d93cc1766e3a6a62fdc40490ee4bafa2dd43
54a6606bed93bee86d6763cdc2f435c3501de5b129044f7896fda2080e9d5caa
54c158662fb77f3b1576d649acd4e721eded3f379820a1e6449a076c710c9aa0
567b1dd8dad42894a9af59a5a830c252357caefb211cecc8813b646cf9cdb4ea
570dfe41703eba6f0ed55845cc34e3b281f2eaf3991ec148914407103eb97c41
582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd
5a0ab648e06a71046651d509fc6e3201f8a7875fb19edfabc4e2955b383fca16
5a2aee262821f014d61d9949b24dd6e194a702ae23c9e3661824e512e550ec09
5ba65148259568967389d182b434f97e0da7b6cd83abf926a602433a340ca9d0
5d1cdb667208a5acc5f27477b0ee54c3a99d57f25f342826cf90e5a74189f375
5da1f62682f45cf089b9fe471b2c8a8dad9da3b51686f9d6234a0db7228f354f
5f0e58e4c8d23cb8d1453aa9d362f102a4676085ab517acfd34aba74f982d3db
6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f
66d5bffe2cb30605e302a6f535fc7c286f02becaa84007a8e982778a3bfadc31
6941d870c4bac732a6ed7718c594a73cc27000379eaaf241c9e47d982e44f407
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bd2129efbd578f51e47df2c54bd1ff73c84d6457ea02dc652632ad3a207533d
6d7f126cef8d6742ad601ea73ee7e24d916553250ad25afd8ed4d36de8835d8d
6dfc02a8e6f295102871d721f23120a13077e491345a93614fcbb43867de3301
6ecbcee49e8515405f968f8b76905d58880af434dd7fcb7d84baca85a734bcfb
6f86aaff1f7332292efb86b2634810adc12e24d312821accd8db9a79ada7c808
77122445148cd33c1bc1d6c5ada95aa9953d4c574a003778700c2d9bf9d39907
7858cd02c55e6829ec9c053edc778d07e510be80bb0440e8c7b9c8941b4d0b51
79fc30a3a4b255c915bba01c0691a5653ec71151821aedb5147898821927e362
7af6a731cd4553f7e92098f81f05651ce4c5eb1eb860da2126cb89110a2de29f
7dce527399393dc3ad9b311a552545d55d6be11c3b553968ae40a67b7837d6c1
7e8a2df0a2bfa41c3f84eea48a42a970f0aa9cee858c5625c1122ddcca646ef3
7f24d5e431e274a8d8c196752f7ab87ff9c636de1a7bc3d9c44729c1a87570a2
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
818f85f8e03c3a63b8f5aebc35d64bc3c51c2b689ab046349919d8d5309eb43a
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
858ae4b28fc1227dc4bc3934bcc7fea20e1d737b32d0f6a2e571d7b666cc7768
86d8e892ceacd8c8a7e7125c68dd0e1b311f8399871b6d64b8b6795f0235c1d4
8830bb8f67bb662ee45a102889ef5dc2f5905bf38a443da682215ab3cf591173
88bbe9fd3846136c4a172ccff8b1cd6d3b1c707d3bb92a3d93370a64ac49f95b
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8ccca58c9fa219fa65853a7398d935b56ce1fcdaab4787294b3f444ddf7d1036
909dcbc0fbce9d65c02162604422a2b6d6dba5898bd668b2ed375c29ee195271
91102e383130cb1a9faf348bd83bd3c7e0744900eed75eae7587cf6bf32c47f8
9437490e4f56c98a9918b0e8f8f077f9e83f27ee69c1547ac1f229fcb4470fae
94a4d4c605ada7d8ffe735feb1607007eff7e164a04d8bed360d89b816886a6f
95dec14c1b8a6150efd54d314b1407654d0deedf6daadb1381485588fcab6912
965d50bc546fa12497b529618f3f1845a214cabba5599da790e0bfe7a65a5d42
9938ce63ddec630645e903bede29aacb1541c88fa2179097ae2513502cd0c8a1
9ba1e9f88829b0c441f028e3052bc3721ff43b6cce6031735e3eb8e05223abb8
9c05f3e7a99522d6cba125b8dd46ce8ed64068a1d08dcec309c56a58ec85cf3e
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a185a1c5ee5d4704e3939a3b7f2bc22f1541fe43f30d694b686fce0c22e5141c
a454e96b225aff308d324ffb298f2eb4dc27c84346cc5e95e45ac02292010b6f
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a77ccf47a61b8eb1d83a4101826726c3b2b0e5b34eb9f2601785b4d1e513932c
ab2e65cd767ab27b65e3bd2f97ffa0163af196c8a0eceb292f5d57527c9adce8
af44b91aee646d43b9687c2f00450dd0ade50f4b8c7a78e6b99257f1d5e8984c
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
ba5f531e9092034a7dc4b3b0fa2b0175e16e4e0b073cd0ee4d93bbb8347b1e45
c1577ba94752b8302f8a5518b1ccd8b21507a7da67cd613dc990e8fd10f8ab5e
c3aac23d0062012638c8dc4eda0ac96ffa5b8f9453511f67c3a13f5b8df04a44
c45a84e5e0ff6ed83afd426788be38a5cbc442dc6cce4631bfd5c22fdd1fc8df
c4a205c4284531843a218cb075843ac2e5d2dbdefcca69e3466241fb121163f4
c84d2aa4198e5e2d48681be491029110c10cf8ad9344bfdeddc2c74de3d370b0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ca03c9a7f1b2bbdd2e1407ea5279311f5dd4ef760730015e9fa5956ec73b269d
ce7234da9000fc177c1166a7a65f5d9efaace6d8fc18d51fc7b40dcdb3705048
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
d23368c62442103a86b05668d59a2e8ed797210df4158a8dd61c41e84381b424
d250e1d0956c247b74a74db4c24fe5f2ea0d50e771c9ed893fe12a4181caf627
d4890a3c7a6d70985e71fb7178c58b8c3ff183e6edbb3f07a41affe5b897d3ae
d4d5a7df30ac9186c10a151e65e061f56c89ef8122bfca672b581bacecc78d62
d5e6919b2460cd051d50b47942408d3b3dbf0470fdaec473a7ca6b928d7ae4e3
d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc
d7f4e885aac22043ffa6aac1809df28affb23f23ce5abfdb44ad09358ed291a3
d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72
d9cf9561789dca204c2975205114b37fdd97aa92f83535e560e2eebe9b4b549a
da035830fbe22886eef2808b96a726c01b3cd3da25c72e1d76d03b62d942dd45
dd080c89636f8576e3364bea0867f18be3a32daa72d766da336cbb80ba5fb407
ddcaf590d0e68d2011304a4e99f5bb6e3b1651ce9b106d49d0d514ac0cc83251
ddcba88db922f967fd78e15a055bfeb5088c7c58500ca2b7f08b74eb3736189b
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd
e15f20e9ef9afb2d807e387e719bf1e183ac72a1ff378d2b28f79cc33efd9ae5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5ddfc8b3bcaa3ba6e4f417dfaa9a0c73ff60a596c2932f0385131548a1e1188
e93c85341a48fbccd80f6d316b0d45b3b951169f4390adfb5cf81609f4160d45
eeca6805f13ea45543106fc100a9e1d4fc389a0ffa8a0d9c0d12ce28f1d1c0a1
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f05c419b5ca6a1d9afbf15f414474eeb93aa520871f721e27fc4a36a4bbbc5bd
f4dc42a6b195c6e3d2a4955142c46343982f6b195e281e73487298d5ecd6bde3
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
ff325c328985ef8a083bc155e6fa6b5cf2182d7d3174d43c9e8e077f4a1576b9

www.spokesman.com Open in urlscan Pro 2600:9000:223c:fa00:0:b5fb:e6c0:93a1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

207 Requests

87 %HTTPS

54 %IPv6

36 Domains

60 Subdomains

50 IPs

8 Countries

9919 kBTransfer

15056 kBSize

30 Cookies

31 Outgoing links

Page URL History

Redirected requests

207 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 12 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.spokesman.com Open in urlscan Pro
2600:9000:223c:fa00:0:b5fb:e6c0:93a1 Public Scan

Screenshot
Live screenshot

Full Image

207
Requests

87 %
HTTPS

54 %
IPv6

36
Domains

60
Subdomains

50
IPs

8
Countries

9919 kB
Transfer

15056 kB
Size

30
Cookies

207 HTTP transactions
12 data transactions